You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by ju...@apache.org on 2006/03/16 19:54:32 UTC
svn commit: r386415 - in /incubator/jackrabbit/trunk/jackrabbit:
applications/test/ src/main/java/org/apache/jackrabbit/core/
src/main/java/org/apache/jackrabbit/core/security/
Author: jukka
Date: Thu Mar 16 10:54:29 2006
New Revision: 386415
URL: http://svn.apache.org/viewcvs?rev=386415&view=rev
Log:
JCR-351: Better handling of null Credentials when JAAS is not configured.
Modified:
incubator/jackrabbit/trunk/jackrabbit/applications/test/repository.xml
incubator/jackrabbit/trunk/jackrabbit/src/main/java/org/apache/jackrabbit/core/RepositoryImpl.java
incubator/jackrabbit/trunk/jackrabbit/src/main/java/org/apache/jackrabbit/core/repository.xml
incubator/jackrabbit/trunk/jackrabbit/src/main/java/org/apache/jackrabbit/core/security/SimpleLoginModule.java
Modified: incubator/jackrabbit/trunk/jackrabbit/applications/test/repository.xml
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/jackrabbit/applications/test/repository.xml?rev=386415&r1=386414&r2=386415&view=diff
==============================================================================
--- incubator/jackrabbit/trunk/jackrabbit/applications/test/repository.xml (original)
+++ incubator/jackrabbit/trunk/jackrabbit/applications/test/repository.xml Thu Mar 16 10:54:29 2006
@@ -149,6 +149,11 @@
<LoginModule class="org.apache.jackrabbit.core.security.SimpleLoginModule">
<!-- anonymous user name ('anonymous' is the default value) -->
<param name="anonymousId" value="anonymous"/>
+ <!--
+ default user name to be used instead of the anonymous user
+ when no login credentials are provided (unset by default)
+ -->
+ <!-- <param name="defaultUserId" value="superuser"/> -->
</LoginModule>
</Security>
Modified: incubator/jackrabbit/trunk/jackrabbit/src/main/java/org/apache/jackrabbit/core/RepositoryImpl.java
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/jackrabbit/src/main/java/org/apache/jackrabbit/core/RepositoryImpl.java?rev=386415&r1=386414&r2=386415&view=diff
==============================================================================
--- incubator/jackrabbit/trunk/jackrabbit/src/main/java/org/apache/jackrabbit/core/RepositoryImpl.java (original)
+++ incubator/jackrabbit/trunk/jackrabbit/src/main/java/org/apache/jackrabbit/core/RepositoryImpl.java Thu Mar 16 10:54:29 2006
@@ -1052,22 +1052,17 @@
getWorkspaceInfo(workspaceName);
if (credentials == null) {
- // null credentials, obtain the identity of the already-authenticated
- // subject from access control context
- AccessControlContext acc = AccessController.getContext();
- Subject subject;
try {
- subject = Subject.getSubject(acc);
+ // null credentials, obtain the identity of the already-authenticated
+ // subject from access control context
+ AccessControlContext acc = AccessController.getContext();
+ Subject subject = Subject.getSubject(acc);
+ if (subject != null) {
+ return createSession(subject, workspaceName);
+ }
} catch (SecurityException se) {
throw new LoginException(
"Unable to access authentication information", se);
- }
- if (subject == null) {
- throw new LoginException("No Subject associated with AccessControlContext");
- }
- // create session
- try {
- return createSession(subject, workspaceName);
} catch (AccessDeniedException ade) {
// authenticated subject is not authorized for the specified workspace
throw new LoginException("Workspace access denied", ade);
@@ -1086,7 +1081,7 @@
}
authCtx.login();
} catch (javax.security.auth.login.LoginException le) {
- throw new LoginException(le.getMessage());
+ throw new LoginException(le.getMessage(), le);
}
// create session
Modified: incubator/jackrabbit/trunk/jackrabbit/src/main/java/org/apache/jackrabbit/core/repository.xml
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/jackrabbit/src/main/java/org/apache/jackrabbit/core/repository.xml?rev=386415&r1=386414&r2=386415&view=diff
==============================================================================
--- incubator/jackrabbit/trunk/jackrabbit/src/main/java/org/apache/jackrabbit/core/repository.xml (original)
+++ incubator/jackrabbit/trunk/jackrabbit/src/main/java/org/apache/jackrabbit/core/repository.xml Thu Mar 16 10:54:29 2006
@@ -149,6 +149,11 @@
<LoginModule class="org.apache.jackrabbit.core.security.SimpleLoginModule">
<!-- anonymous user name ('anonymous' is the default value) -->
<param name="anonymousId" value="anonymous"/>
+ <!--
+ default user name to be used instead of the anonymous user
+ when no login credentials are provided (unset by default)
+ -->
+ <!-- <param name="defaultUserId" value="superuser"/> -->
</LoginModule>
</Security>
Modified: incubator/jackrabbit/trunk/jackrabbit/src/main/java/org/apache/jackrabbit/core/security/SimpleLoginModule.java
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/jackrabbit/src/main/java/org/apache/jackrabbit/core/security/SimpleLoginModule.java?rev=386415&r1=386414&r2=386415&view=diff
==============================================================================
--- incubator/jackrabbit/trunk/jackrabbit/src/main/java/org/apache/jackrabbit/core/security/SimpleLoginModule.java (original)
+++ incubator/jackrabbit/trunk/jackrabbit/src/main/java/org/apache/jackrabbit/core/security/SimpleLoginModule.java Thu Mar 16 10:54:29 2006
@@ -45,6 +45,11 @@
private static final String OPT_ANONYMOUS = "anonymousId";
/**
+ * Name of the default user id option in the LoginModule configuration
+ */
+ private static final String OPT_DEFAULT = "defaultUserId";
+
+ /**
* The default user id for anonymous login
*/
private static final String DEFAULT_ANONYMOUS_ID = "anonymous";
@@ -68,11 +73,54 @@
private String anonymousUserId = DEFAULT_ANONYMOUS_ID;
/**
+ * The default user id. Only used when not <code>null</code>.
+ */
+ private String defaultUserId = null;
+
+ /**
* Constructor
*/
public SimpleLoginModule() {
}
+ /**
+ * Returns the anonymous user id.
+ *
+ * @return anonymous user id
+ */
+ public String getAnonymousId() {
+ return anonymousUserId;
+ }
+
+ /**
+ * Sets the default user id to be used when no login credentials
+ * are presented.
+ *
+ * @param defaultUserId default user id
+ */
+ public void setAnonymousId(String anonymousId) {
+ this.anonymousUserId = anonymousId;
+ }
+
+ /**
+ * Returns the default user id.
+ *
+ * @return default user id
+ */
+ public String getDefaultUserId() {
+ return defaultUserId;
+ }
+
+ /**
+ * Sets the default user id to be used when no login credentials
+ * are presented.
+ *
+ * @param defaultUserId default user id
+ */
+ public void setDefaultUserId(String defaultUserId) {
+ this.defaultUserId = defaultUserId;
+ }
+
//----------------------------------------------------------< LoginModule >
/**
* {@inheritDoc}
@@ -90,6 +138,9 @@
if (userId != null) {
anonymousUserId = userId;
}
+ if (options.containsKey(OPT_DEFAULT)) {
+ defaultUserId = (String) options.get(OPT_DEFAULT);
+ }
}
/**
@@ -101,17 +152,14 @@
throw new LoginException("no CallbackHandler available");
}
- Callback[] callbacks = new Callback[]{
- new CredentialsCallback()
- };
-
boolean authenticated = false;
principals.clear();
try {
- callbackHandler.handle(callbacks);
- // credentials
- CredentialsCallback ccb = (CredentialsCallback) callbacks[0];
+ // Get credentials using a JAAS callback
+ CredentialsCallback ccb = new CredentialsCallback();
+ callbackHandler.handle(new Callback[] { ccb });
Credentials creds = ccb.getCredentials();
+ // Use the credentials to set up principals
if (creds != null) {
if (creds instanceof SimpleCredentials) {
SimpleCredentials sc = (SimpleCredentials) creds;
@@ -133,6 +181,12 @@
}
authenticated = true;
}
+ } else if (defaultUserId != null) {
+ principals.add(new UserPrincipal(defaultUserId));
+ authenticated = true;
+ } else {
+ principals.add(new AnonymousPrincipal());
+ authenticated = true;
}
} catch (java.io.IOException ioe) {
throw new LoginException(ioe.toString());