You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by dj...@apache.org on 2009/07/16 19:03:51 UTC
svn commit: r794752 [2/3] - in /geronimo/server/trunk/plugins/tomcat:
geronimo-tomcat6-builder/src/test/java/org/apache/geronimo/tomcat/deployment/
geronimo-tomcat6-builder/src/test/resources/deployables/war4/WEB-INF/
geronimo-tomcat6/src/main/java/org...
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/ServerAuthException.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/ServerAuthException.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/ServerAuthException.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/TomcatAuthStatus.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/TomcatAuthStatus.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/TomcatAuthStatus.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/TomcatAuthStatus.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,30 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat.security;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public enum TomcatAuthStatus {
+
+ SUCCESS, SEND_SUCCESS, SEND_CONTINUE, SEND_FAILURE, FAILURE
+
+}
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/TomcatAuthStatus.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/TomcatAuthStatus.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/TomcatAuthStatus.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/UserIdentity.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/UserIdentity.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/UserIdentity.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/UserIdentity.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,32 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat.security;
+
+import javax.security.auth.Subject;
+import java.security.Principal;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public interface UserIdentity {
+ Principal getUserPrincipal();
+ Subject getSubject();
+}
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/UserIdentity.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/UserIdentity.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/UserIdentity.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/BasicAuthenticator.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/BasicAuthenticator.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/BasicAuthenticator.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/BasicAuthenticator.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,142 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat.security.authentication;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.apache.catalina.util.Base64;
+import org.apache.geronimo.tomcat.security.AuthResult;
+import org.apache.geronimo.tomcat.security.TomcatAuthStatus;
+import org.apache.geronimo.tomcat.security.Authenticator;
+import org.apache.geronimo.tomcat.security.LoginService;
+import org.apache.geronimo.tomcat.security.ServerAuthException;
+import org.apache.geronimo.tomcat.security.UserIdentity;
+import org.apache.tomcat.util.buf.ByteChunk;
+import org.apache.tomcat.util.buf.CharChunk;
+import org.apache.tomcat.util.buf.MessageBytes;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class BasicAuthenticator implements Authenticator {
+ private static final byte[] AUTHENTICATE_BYTES = {
+ (byte) 'W',
+ (byte) 'W',
+ (byte) 'W',
+ (byte) '-',
+ (byte) 'A',
+ (byte) 'u',
+ (byte) 't',
+ (byte) 'h',
+ (byte) 'e',
+ (byte) 'n',
+ (byte) 't',
+ (byte) 'i',
+ (byte) 'c',
+ (byte) 'a',
+ (byte) 't',
+ (byte) 'e'
+ };
+
+
+ private final LoginService loginService;
+ private final String realmName;
+ private final UserIdentity unauthenticatedIdentity;
+
+ public BasicAuthenticator(LoginService loginService, String realmName, UserIdentity unauthenticatedIdentity) {
+ this.loginService = loginService;
+ this.realmName = realmName;
+ this.unauthenticatedIdentity = unauthenticatedIdentity;
+ }
+
+ public AuthResult validateRequest(Request request, Response response, boolean isAuthMandatory) throws ServerAuthException {
+ // Validate any credentials already included with this request
+ String username = null;
+ String password = null;
+
+ MessageBytes authorization =
+ request.getCoyoteRequest().getMimeHeaders()
+ .getValue("authorization");
+
+ if (authorization != null) {
+ authorization.toBytes();
+ ByteChunk authorizationBC = authorization.getByteChunk();
+ if (authorizationBC.startsWithIgnoreCase("basic ", 0)) {
+ authorizationBC.setOffset(authorizationBC.getOffset() + 6);
+ // FIXME: Add trimming
+ // authorizationBC.trim();
+
+ CharChunk authorizationCC = authorization.getCharChunk();
+ Base64.decode(authorizationBC, authorizationCC);
+
+ // Get username and password
+ int colon = authorizationCC.indexOf(':');
+ if (colon < 0) {
+ username = authorizationCC.toString();
+ } else {
+ char[] buf = authorizationCC.getBuffer();
+ username = new String(buf, 0, colon);
+ password = new String(buf, colon + 1,
+ authorizationCC.getEnd() - colon - 1);
+ }
+
+ authorizationBC.setOffset(authorizationBC.getOffset() - 6);
+ }
+
+ UserIdentity userIdentity = loginService.login(username, password);
+ if (userIdentity != null) {
+ return new AuthResult(TomcatAuthStatus.SUCCESS, userIdentity);
+ }
+ }
+
+
+ // Send an "unauthorized" response and an appropriate challenge
+ if (isAuthMandatory) {
+ try {
+ MessageBytes authenticate =
+ response.getCoyoteResponse().getMimeHeaders()
+ .addValue(AUTHENTICATE_BYTES, 0, AUTHENTICATE_BYTES.length);
+ CharChunk authenticateCC = authenticate.getCharChunk();
+ authenticateCC.append("Basic realm=\"");
+ authenticateCC.append(realmName);
+ authenticateCC.append('\"');
+ authenticate.toChars();
+ response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+ return new AuthResult(TomcatAuthStatus.SEND_CONTINUE, null);
+ } catch (IOException e) {
+ throw new ServerAuthException(e);
+ }
+ }
+ return new AuthResult(TomcatAuthStatus.SUCCESS, unauthenticatedIdentity);
+ }
+
+ public boolean secureResponse(Request request, Response response, AuthResult authResult) {
+ return true;
+ }
+
+ public String getAuthType() {
+ return "BASIC";
+ }
+}
\ No newline at end of file
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/BasicAuthenticator.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/BasicAuthenticator.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/BasicAuthenticator.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/ClientCertAuthenticator.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/ClientCertAuthenticator.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/ClientCertAuthenticator.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/ClientCertAuthenticator.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,106 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat.security.authentication;
+
+import java.security.cert.X509Certificate;
+import java.security.Principal;
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.geronimo.tomcat.security.Authenticator;
+import org.apache.geronimo.tomcat.security.AuthResult;
+import org.apache.geronimo.tomcat.security.ServerAuthException;
+import org.apache.geronimo.tomcat.security.UserIdentity;
+import org.apache.geronimo.tomcat.security.LoginService;
+import org.apache.geronimo.tomcat.security.TomcatAuthStatus;
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.apache.catalina.Globals;
+import org.apache.catalina.authenticator.Constants;
+import org.apache.catalina.util.StringManager;
+import org.apache.catalina.util.Base64;
+import org.apache.coyote.ActionCode;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class ClientCertAuthenticator implements Authenticator {
+
+ protected static final StringManager sm =
+ StringManager.getManager(Constants.Package);
+
+ private final LoginService loginService;
+ private final UserIdentity unauthenticatedIdentity;
+
+ public ClientCertAuthenticator(LoginService loginService, UserIdentity unauthenticatedIdentity) {
+ this.loginService = loginService;
+ this.unauthenticatedIdentity = unauthenticatedIdentity;
+ }
+
+ public AuthResult validateRequest(Request request, Response response, boolean isAuthMandatory) throws ServerAuthException {
+ X509Certificate certs[] = (X509Certificate[])
+ request.getAttribute(Globals.CERTIFICATES_ATTR);
+ if ((certs == null) || (certs.length < 1)) {
+ request.getCoyoteRequest().action
+ (ActionCode.ACTION_REQ_SSL_CERTIFICATE, null);
+ certs = (X509Certificate[])
+ request.getAttribute(Globals.CERTIFICATES_ATTR);
+ }
+ try {
+ if ((certs == null) || (certs.length < 1)) {
+ if (isAuthMandatory) {
+ response.sendError(HttpServletResponse.SC_BAD_REQUEST,
+ sm.getString("authenticator.certificates"));
+ return new AuthResult(TomcatAuthStatus.SEND_FAILURE, null);
+ } else {
+ return new AuthResult(TomcatAuthStatus.SUCCESS, unauthenticatedIdentity);
+ }
+ }
+
+ // Authenticate the specified certificate chain
+ //TODO almost certainly wrong
+ Principal p = certs[0].getSubjectDN();
+ byte[] sig = certs[0].getSignature();
+ String cred = new String(Base64.encode(sig));
+ UserIdentity userIdentity = loginService.login(p.getName(), cred);
+ if (userIdentity != null) {
+ return new AuthResult(TomcatAuthStatus.SUCCESS, userIdentity);
+ }
+ if (isAuthMandatory) {
+ response.sendError(HttpServletResponse.SC_UNAUTHORIZED,
+ sm.getString("authenticator.unauthorized"));
+ return new AuthResult(TomcatAuthStatus.SEND_CONTINUE, null);
+ }
+ } catch (IOException e) {
+ throw new ServerAuthException(e);
+ }
+ return new AuthResult(TomcatAuthStatus.SUCCESS, unauthenticatedIdentity);
+ }
+
+ public boolean secureResponse(Request request, Response response, AuthResult authResult) throws ServerAuthException {
+ return true;
+ }
+
+ public String getAuthType() {
+ return "CLIENT-CERT";
+ }
+}
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/ClientCertAuthenticator.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/ClientCertAuthenticator.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/ClientCertAuthenticator.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/DigestAuthenticator.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/DigestAuthenticator.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/DigestAuthenticator.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/DigestAuthenticator.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,323 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat.security.authentication;
+
+import java.io.IOException;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.StringTokenizer;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.apache.catalina.util.MD5Encoder;
+import org.apache.geronimo.tomcat.security.AuthResult;
+import org.apache.geronimo.tomcat.security.TomcatAuthStatus;
+import org.apache.geronimo.tomcat.security.Authenticator;
+import org.apache.geronimo.tomcat.security.LoginService;
+import org.apache.geronimo.tomcat.security.ServerAuthException;
+import org.apache.geronimo.tomcat.security.UserIdentity;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class DigestAuthenticator implements Authenticator {
+
+ private static final MD5Encoder md5Encoder = new MD5Encoder();
+ /**
+ * MD5 message digest provider.
+ */
+ private static final MessageDigest md5Helper;
+
+ static {
+ try {
+ md5Helper = MessageDigest.getInstance("MD5");
+ } catch (NoSuchAlgorithmException e) {
+ throw new IllegalStateException(e);
+ }
+
+ }
+
+ /**
+ * Private key.
+ */
+ private static final String key = "Catalina";
+
+ private final LoginService loginService;
+ private final String realmName;
+ private final UserIdentity unauthenticatedIdentity;
+
+ public DigestAuthenticator(LoginService loginService, String realmName, UserIdentity unauthenticatedIdentity) {
+ this.loginService = loginService;
+ this.realmName = realmName;
+ this.unauthenticatedIdentity = unauthenticatedIdentity;
+ }
+
+ public AuthResult validateRequest(Request request, Response response, boolean isAuthMandatory) throws ServerAuthException {
+ String authorization = request.getHeader("authorization");
+ if (authorization != null) {
+ UserIdentity userIdentity = findPrincipal(request, authorization);
+ if (userIdentity != null) {
+ return new AuthResult(TomcatAuthStatus.SUCCESS, userIdentity);
+ }
+ }
+
+
+
+ // Send an "unauthorized" response and an appropriate challenge
+
+ // Next, generate a nOnce token (that is a token which is supposed
+ // to be unique).
+ if (isAuthMandatory) {
+ String nOnce = generateNOnce(request);
+
+ setAuthenticateHeader(response, nOnce);
+ try {
+ response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+ } catch (IOException e) {
+ throw new ServerAuthException(e);
+ }
+ return new AuthResult(TomcatAuthStatus.SEND_CONTINUE, null);
+ }
+ return new AuthResult(TomcatAuthStatus.SUCCESS, unauthenticatedIdentity);
+
+ }
+
+ public boolean secureResponse(Request request, Response response, AuthResult authResult) throws ServerAuthException {
+ return true;
+ }
+
+ public String getAuthType() {
+ return "DIGEST";
+ }
+
+ /**
+ * Parse the specified authorization credentials, and return the
+ * associated Principal that these credentials authenticate (if any)
+ * from the specified Realm. If there is no such Principal, return
+ * <code>null</code>.
+ *
+ * @param request HTTP servlet request
+ * @param authorization Authorization credentials from this request
+ */
+ protected UserIdentity findPrincipal(Request request,
+ String authorization) {
+
+ //System.out.println("Authorization token : " + authorization);
+ // Validate the authorization credentials format
+ if (authorization == null)
+ return (null);
+ if (!authorization.startsWith("Digest "))
+ return (null);
+ authorization = authorization.substring(7).trim();
+
+ // Bugzilla 37132: http://issues.apache.org/bugzilla/show_bug.cgi?id=37132
+ String[] tokens = authorization.split(",(?=(?:[^\"]*\"[^\"]*\")+$)");
+
+ String userName = null;
+ String realmName = null;
+ String nOnce = null;
+ String nc = null;
+ String cnonce = null;
+ String qop = null;
+ String uri = null;
+ String response = null;
+ String method = request.getMethod();
+
+ for (int i = 0; i < tokens.length; i++) {
+ String currentToken = tokens[i];
+ if (currentToken.length() == 0)
+ continue;
+
+ int equalSign = currentToken.indexOf('=');
+ if (equalSign < 0)
+ return null;
+ String currentTokenName =
+ currentToken.substring(0, equalSign).trim();
+ String currentTokenValue =
+ currentToken.substring(equalSign + 1).trim();
+ if ("username".equals(currentTokenName))
+ userName = removeQuotes(currentTokenValue);
+ if ("realm".equals(currentTokenName))
+ realmName = removeQuotes(currentTokenValue, true);
+ if ("nonce".equals(currentTokenName))
+ nOnce = removeQuotes(currentTokenValue);
+ if ("nc".equals(currentTokenName))
+ nc = removeQuotes(currentTokenValue);
+ if ("cnonce".equals(currentTokenName))
+ cnonce = removeQuotes(currentTokenValue);
+ if ("qop".equals(currentTokenName))
+ qop = removeQuotes(currentTokenValue);
+ if ("uri".equals(currentTokenName))
+ uri = removeQuotes(currentTokenValue);
+ if ("response".equals(currentTokenName))
+ response = removeQuotes(currentTokenValue);
+ }
+
+ if ((userName == null) || (realmName == null) || (nOnce == null)
+ || (uri == null) || (response == null))
+ return null;
+
+ // Second MD5 digest used to calculate the digest :
+ // MD5(Method + ":" + uri)
+ String a2 = method + ":" + uri;
+ //System.out.println("A2:" + a2);
+
+ byte[] buffer = null;
+ synchronized (md5Helper) {
+ buffer = md5Helper.digest(a2.getBytes());
+ }
+ String md5a2 = md5Encoder.encode(buffer);
+
+ //TODO this is totally wrong
+ return loginService.login(userName, md5a2);
+
+ }
+
+
+ /**
+ * Parse the username from the specified authorization string. If none
+ * can be identified, return <code>null</code>
+ *
+ * @param authorization Authorization string to be parsed
+ */
+ protected String parseUsername(String authorization) {
+
+ //System.out.println("Authorization token : " + authorization);
+ // Validate the authorization credentials format
+ if (authorization == null)
+ return (null);
+ if (!authorization.startsWith("Digest "))
+ return (null);
+ authorization = authorization.substring(7).trim();
+
+ StringTokenizer commaTokenizer =
+ new StringTokenizer(authorization, ",");
+
+ while (commaTokenizer.hasMoreTokens()) {
+ String currentToken = commaTokenizer.nextToken();
+ int equalSign = currentToken.indexOf('=');
+ if (equalSign < 0)
+ return null;
+ String currentTokenName =
+ currentToken.substring(0, equalSign).trim();
+ String currentTokenValue =
+ currentToken.substring(equalSign + 1).trim();
+ if ("username".equals(currentTokenName))
+ return (removeQuotes(currentTokenValue));
+ }
+
+ return (null);
+
+ }
+
+
+ /**
+ * Removes the quotes on a string. RFC2617 states quotes are optional for
+ * all parameters except realm.
+ */
+ protected static String removeQuotes(String quotedString,
+ boolean quotesRequired) {
+ //support both quoted and non-quoted
+ if (quotedString.length() > 0 && quotedString.charAt(0) != '"' &&
+ !quotesRequired) {
+ return quotedString;
+ } else if (quotedString.length() > 2) {
+ return quotedString.substring(1, quotedString.length() - 1);
+ } else {
+ return new String();
+ }
+ }
+
+ /**
+ * Removes the quotes on a string.
+ */
+ protected static String removeQuotes(String quotedString) {
+ return removeQuotes(quotedString, false);
+ }
+
+ /**
+ * Generate a unique token. The token is generated according to the
+ * following pattern. NOnceToken = Base64 ( MD5 ( client-IP ":"
+ * time-stamp ":" private-key ) ).
+ *
+ * @param request HTTP Servlet request
+ */
+ protected String generateNOnce(Request request) {
+
+ long currentTime = System.currentTimeMillis();
+
+ String nOnceValue = request.getRemoteAddr() + ":" +
+ currentTime + ":" + key;
+
+ byte[] buffer = null;
+ synchronized (md5Helper) {
+ buffer = md5Helper.digest(nOnceValue.getBytes());
+ }
+ nOnceValue = md5Encoder.encode(buffer);
+
+ return nOnceValue;
+ }
+
+
+ /**
+ * Generates the WWW-Authenticate header.
+ * <p/>
+ * The header MUST follow this template :
+ * <pre>
+ * WWW-Authenticate = "WWW-Authenticate" ":" "Digest"
+ * digest-challenge
+ * <p/>
+ * digest-challenge = 1#( realm | [ domain ] | nOnce |
+ * [ digest-opaque ] |[ stale ] | [ algorithm ] )
+ * <p/>
+ * realm = "realm" "=" realm-value
+ * realm-value = quoted-string
+ * domain = "domain" "=" <"> 1#URI <">
+ * nonce = "nonce" "=" nonce-value
+ * nonce-value = quoted-string
+ * opaque = "opaque" "=" quoted-string
+ * stale = "stale" "=" ( "true" | "false" )
+ * algorithm = "algorithm" "=" ( "MD5" | token )
+ * </pre>
+ *
+ * @param response HTTP Servlet response
+ * @param nOnce nonce token
+ */
+ protected void setAuthenticateHeader(
+ Response response,
+ String nOnce) {
+
+ // Get the realm name
+ byte[] buffer;
+ synchronized (md5Helper) {
+ buffer = md5Helper.digest(nOnce.getBytes());
+ }
+
+ String authenticateHeader = "Digest realm=\"" + realmName + "\", "
+ + "qop=\"auth\", nonce=\"" + nOnce + "\", " + "opaque=\""
+ + md5Encoder.encode(buffer) + "\"";
+ response.setHeader("WWW-Authenticate", authenticateHeader);
+
+ }
+
+}
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/DigestAuthenticator.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/DigestAuthenticator.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/DigestAuthenticator.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/FormAuthenticator.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/FormAuthenticator.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/FormAuthenticator.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/FormAuthenticator.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,437 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat.security.authentication;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Iterator;
+import java.util.Locale;
+import java.util.Enumeration;
+
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.Cookie;
+import javax.servlet.RequestDispatcher;
+
+import org.apache.geronimo.tomcat.security.Authenticator;
+import org.apache.geronimo.tomcat.security.AuthResult;
+import org.apache.geronimo.tomcat.security.ServerAuthException;
+import org.apache.geronimo.tomcat.security.LoginService;
+import org.apache.geronimo.tomcat.security.UserIdentity;
+import org.apache.geronimo.tomcat.security.TomcatAuthStatus;
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.apache.catalina.authenticator.Constants;
+import org.apache.catalina.authenticator.SavedRequest;
+import org.apache.catalina.Session;
+import org.apache.catalina.util.StringManager;
+import org.apache.tomcat.util.buf.MessageBytes;
+import org.apache.tomcat.util.buf.CharChunk;
+import org.apache.tomcat.util.buf.ByteChunk;
+import org.apache.tomcat.util.http.MimeHeaders;
+import org.apache.coyote.ActionCode;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class FormAuthenticator implements Authenticator {
+ protected static final StringManager sm =
+ StringManager.getManager(Constants.Package);
+
+ private final LoginService loginService;
+ private final UserIdentity unauthenticatedIdentity;
+ private final String loginPage;
+ private final String erroryPage;
+
+ public FormAuthenticator(LoginService loginService, UserIdentity unauthenticatedIdentity, String loginPage, String erroryPage) {
+ this.loginService = loginService;
+ this.unauthenticatedIdentity = unauthenticatedIdentity;
+ this.loginPage = loginPage;
+ this.erroryPage = erroryPage;
+ }
+
+ public AuthResult validateRequest(Request request, Response response, boolean isAuthMandatory) throws ServerAuthException {
+ try {
+ Session session = request.getSessionInternal(isAuthMandatory);
+ if (session == null) {
+ //default identity??
+ return new AuthResult(TomcatAuthStatus.SUCCESS, null);
+ }
+ if (matchRequest(request, session)) {
+ // if (log.isDebugEnabled())
+ // log.debug("Restore request from session '"
+ // + session.getIdInternal()
+ // + "'");
+// UserIdentity userIdentity = (UserIdentity)
+// session.getNote(Constants.FORM_PRINCIPAL_NOTE);
+ // register(request, response, principal, Constants.FORM_METHOD,
+ // (String) session.getNote(Constants.SESS_USERNAME_NOTE),
+ // (String) session.getNote(Constants.SESS_PASSWORD_NOTE));
+ // If we're caching principals we no longer need the username
+ // and password in the session, so remove them
+ // if (cache) {
+ // session.removeNote(Constants.SESS_USERNAME_NOTE);
+ // session.removeNote(Constants.SESS_PASSWORD_NOTE);
+ // }
+ if (!restoreRequest(request, session)) {
+// if (log.isDebugEnabled())
+// log.debug("Proceed to restored request");
+// return new AuthResult(TomcatAuthStatus.SUCCESS, userIdentity);
+// } else {
+// if (log.isDebugEnabled())
+// log.debug("Restore of original request failed");
+ response.sendError(HttpServletResponse.SC_BAD_REQUEST);
+ return new AuthResult(TomcatAuthStatus.SEND_FAILURE, null);
+ }
+ }
+ UserIdentity userIdentity = (UserIdentity) session.getNote(Constants.FORM_PRINCIPAL_NOTE);
+ if (userIdentity != null) {
+ return new AuthResult(TomcatAuthStatus.SUCCESS, userIdentity);
+ }
+
+ //we have not yet completed authentication.
+ // Acquire references to objects we will need to evaluate
+ MessageBytes uriMB = MessageBytes.newInstance();
+ CharChunk uriCC = uriMB.getCharChunk();
+ uriCC.setLimit(-1);
+ String contextPath = request.getContextPath();
+ String requestURI = request.getDecodedRequestURI();
+ response.setContext(request.getContext());
+
+ // Is this the action request from the login page?
+ boolean loginAction =
+ requestURI.startsWith(contextPath) &&
+ requestURI.endsWith(Constants.FORM_ACTION);
+
+ // No -- Save this request and redirect to the form login page
+ if (!loginAction) {
+// session = request.getSessionInternal(true);
+// if (log.isDebugEnabled())
+// log.debug("Save request in session '" + session.getIdInternal() + "'");
+ if (!isAuthMandatory) {
+ return new AuthResult(TomcatAuthStatus.SUCCESS, null);
+ }
+ try {
+ saveRequest(request, session);
+ } catch (IOException ioe) {
+// log.debug("Request body too big to save during authentication");
+ response.sendError(HttpServletResponse.SC_BAD_REQUEST,
+ sm.getString("authenticator.requestBodyTooBig"));
+ return new AuthResult(TomcatAuthStatus.SEND_FAILURE, null);
+ }
+ forwardToLoginPage(request, response);
+ return new AuthResult(TomcatAuthStatus.SEND_CONTINUE, unauthenticatedIdentity);
+ }
+
+ // Yes -- Validate the specified credentials and redirect
+ // to the error page if they are not correct
+// if (characterEncoding != null) {
+// request.setCharacterEncoding(characterEncoding);
+// }
+ String username = request.getParameter(Constants.FORM_USERNAME);
+ String password = request.getParameter(Constants.FORM_PASSWORD);
+// if (log.isDebugEnabled())
+// log.debug("Authenticating username '" + username + "'");
+ userIdentity = loginService.login(username, password);
+ if (userIdentity == null) {
+// if (isAuthMandatory) {
+ forwardToErrorPage(request, response);
+ //TODO right status?
+ return new AuthResult(TomcatAuthStatus.SEND_FAILURE, unauthenticatedIdentity);
+// } else {
+// userIdentity = unauthenticatedIdentity;
+// }
+ }
+
+// if (log.isDebugEnabled())
+// log.debug("Authentication of '" + username + "' was successful");
+
+ if (session == null)
+ session = request.getSessionInternal(false);
+ if (session == null) {
+// if (containerLog.isDebugEnabled())
+// containerLog.debug
+// ("User took so long to log on the session expired");
+ response.sendError(HttpServletResponse.SC_REQUEST_TIMEOUT,
+ sm.getString("authenticator.sessionExpired"));
+ return new AuthResult(TomcatAuthStatus.SEND_FAILURE, unauthenticatedIdentity);
+ }
+
+ // Save the authenticated Principal in our session
+ session.setNote(Constants.FORM_PRINCIPAL_NOTE, userIdentity);
+
+ // Save the username and password as well
+ session.setNote(Constants.SESS_USERNAME_NOTE, username);
+ session.setNote(Constants.SESS_PASSWORD_NOTE, password);
+
+ // Redirect the user to the original request URI (which will cause
+ // the original request to be restored)
+ requestURI = savedRequestURL(session);
+// if (log.isDebugEnabled())
+// log.debug("Redirecting to original '" + requestURI + "'");
+ if (requestURI == null) {
+ response.sendError(HttpServletResponse.SC_BAD_REQUEST,
+ sm.getString("authenticator.formlogin"));
+ return new AuthResult(TomcatAuthStatus.SEND_FAILURE, null);
+ } else {
+ response.sendRedirect(response.encodeRedirectURL(requestURI));
+ return new AuthResult(TomcatAuthStatus.SEND_CONTINUE, userIdentity);
+ }
+ } catch (IOException e) {
+ throw new ServerAuthException(e);
+ }
+
+ }
+
+ public boolean secureResponse(Request request, Response response, AuthResult authResult) throws ServerAuthException {
+ return true;
+ }
+
+ public String getAuthType() {
+ return "FORM";
+ }
+
+ /**
+ * Called to forward to the login page
+ *
+ * @param request Request we are processing
+ * @param response Response we are creating
+ */
+ protected void forwardToLoginPage(Request request, Response response) {
+ RequestDispatcher disp = request.getRequestDispatcher(loginPage);
+ try {
+ disp.forward(request.getRequest(), response.getResponse());
+ response.finishResponse();
+ } catch (Throwable t) {
+// log.warn("Unexpected error forwarding to login page", t);
+ }
+ }
+
+
+ /**
+ * Called to forward to the error page
+ *
+ * @param request Request we are processing
+ * @param response Response we are creating
+ */
+ protected void forwardToErrorPage(Request request, Response response) {
+ RequestDispatcher disp = request.getRequestDispatcher(erroryPage);
+ try {
+ disp.forward(request.getRequest(), response.getResponse());
+ response.finishResponse();
+ } catch (Throwable t) {
+// log.warn("Unexpected error forwarding to error page", t);
+ }
+ }
+
+
+ /**
+ * Does this request match the saved one (so that it must be the redirect
+ * we signalled after successful authentication?
+ *
+ * @param request The request to be verified
+ * @param session
+ */
+ protected boolean matchRequest(Request request, Session session) {
+
+ // Is there a saved request?
+ SavedRequest sreq = (SavedRequest)
+ session.getNote(Constants.FORM_REQUEST_NOTE);
+ if (sreq == null)
+ return (false);
+
+ // Is there a saved principal?
+ if (session.getNote(Constants.FORM_PRINCIPAL_NOTE) == null)
+ return (false);
+
+ // Does the request URI match?
+ String requestURI = request.getRequestURI();
+ if (requestURI == null)
+ return (false);
+ return (requestURI.equals(sreq.getRequestURI()));
+
+ }
+
+
+ /**
+ * Restore the original request from information stored in our session.
+ * If the original request is no longer present (because the session
+ * timed out), return <code>false</code>; otherwise, return
+ * <code>true</code>.
+ *
+ * @param request The request to be restored
+ * @param session The session containing the saved information
+ */
+ protected boolean restoreRequest(Request request, Session session)
+ throws IOException {
+
+ // Retrieve and remove the SavedRequest object from our session
+ SavedRequest saved = (SavedRequest)
+ session.getNote(Constants.FORM_REQUEST_NOTE);
+ session.removeNote(Constants.FORM_REQUEST_NOTE);
+// session.removeNote(Constants.FORM_PRINCIPAL_NOTE);
+ if (saved == null)
+ return (false);
+
+ // Modify our current request to reflect the original one
+ request.clearCookies();
+ Iterator cookies = saved.getCookies();
+ while (cookies.hasNext()) {
+ request.addCookie((Cookie) cookies.next());
+ }
+
+ MimeHeaders rmh = request.getCoyoteRequest().getMimeHeaders();
+ rmh.recycle();
+ boolean cachable = "GET".equalsIgnoreCase(saved.getMethod()) ||
+ "HEAD".equalsIgnoreCase(saved.getMethod());
+ Iterator names = saved.getHeaderNames();
+ while (names.hasNext()) {
+ String name = (String) names.next();
+ // The browser isn't expecting this conditional response now.
+ // Assuming that it can quietly recover from an unexpected 412.
+ // BZ 43687
+ if (!("If-Modified-Since".equalsIgnoreCase(name) ||
+ (cachable && "If-None-Match".equalsIgnoreCase(name)))) {
+ Iterator values = saved.getHeaderValues(name);
+ while (values.hasNext()) {
+ rmh.addValue(name).setString((String) values.next());
+ }
+ }
+ }
+
+ request.clearLocales();
+ Iterator locales = saved.getLocales();
+ while (locales.hasNext()) {
+ request.addLocale((Locale) locales.next());
+ }
+
+ request.getCoyoteRequest().getParameters().recycle();
+
+ if ("POST".equalsIgnoreCase(saved.getMethod())) {
+ ByteChunk body = saved.getBody();
+
+ if (body != null) {
+ request.getCoyoteRequest().action
+ (ActionCode.ACTION_REQ_SET_BODY_REPLAY, body);
+
+ // Set content type
+ MessageBytes contentType = MessageBytes.newInstance();
+
+ //If no content type specified, use default for POST
+ String savedContentType = saved.getContentType();
+ if (savedContentType == null) {
+ savedContentType = "application/x-www-form-urlencoded";
+ }
+
+ contentType.setString(savedContentType);
+ request.getCoyoteRequest().setContentType(contentType);
+ }
+ }
+ request.getCoyoteRequest().method().setString(saved.getMethod());
+
+ request.getCoyoteRequest().queryString().setString
+ (saved.getQueryString());
+
+ request.getCoyoteRequest().requestURI().setString
+ (saved.getRequestURI());
+ return (true);
+
+ }
+
+
+ /**
+ * Save the original request information into our session.
+ *
+ * @param request The request to be saved
+ * @param session The session to contain the saved information
+ * @throws IOException
+ */
+ protected void saveRequest(Request request, Session session)
+ throws IOException {
+
+ // Create and populate a SavedRequest object for this request
+ SavedRequest saved = new SavedRequest();
+ Cookie cookies[] = request.getCookies();
+ if (cookies != null) {
+ for (int i = 0; i < cookies.length; i++)
+ saved.addCookie(cookies[i]);
+ }
+ Enumeration names = request.getHeaderNames();
+ while (names.hasMoreElements()) {
+ String name = (String) names.nextElement();
+ Enumeration values = request.getHeaders(name);
+ while (values.hasMoreElements()) {
+ String value = (String) values.nextElement();
+ saved.addHeader(name, value);
+ }
+ }
+ Enumeration locales = request.getLocales();
+ while (locales.hasMoreElements()) {
+ Locale locale = (Locale) locales.nextElement();
+ saved.addLocale(locale);
+ }
+
+ if ("POST".equalsIgnoreCase(request.getMethod())) {
+ ByteChunk body = new ByteChunk();
+ body.setLimit(request.getConnector().getMaxSavePostSize());
+
+ byte[] buffer = new byte[4096];
+ int bytesRead;
+ InputStream is = request.getInputStream();
+
+ while ((bytesRead = is.read(buffer)) >= 0) {
+ body.append(buffer, 0, bytesRead);
+ }
+ saved.setContentType(request.getContentType());
+ saved.setBody(body);
+ }
+
+ saved.setMethod(request.getMethod());
+ saved.setQueryString(request.getQueryString());
+ saved.setRequestURI(request.getRequestURI());
+
+ // Stash the SavedRequest in our session for later use
+ session.setNote(Constants.FORM_REQUEST_NOTE, saved);
+
+ }
+
+
+ /**
+ * Return the request URI (with the corresponding query string, if any)
+ * from the saved request so that we can redirect to it.
+ *
+ * @param session Our current session
+ */
+ protected String savedRequestURL(Session session) {
+
+ SavedRequest saved =
+ (SavedRequest) session.getNote(Constants.FORM_REQUEST_NOTE);
+ if (saved == null)
+ return (null);
+ StringBuffer sb = new StringBuffer(saved.getRequestURI());
+ if (saved.getQueryString() != null) {
+ sb.append('?');
+ sb.append(saved.getQueryString());
+ }
+ return (sb.toString());
+
+ }
+
+}
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/FormAuthenticator.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/FormAuthenticator.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/FormAuthenticator.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/NoneAuthenticator.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/NoneAuthenticator.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/NoneAuthenticator.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/NoneAuthenticator.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat.security.authentication;
+
+import org.apache.geronimo.tomcat.security.Authenticator;
+import org.apache.geronimo.tomcat.security.AuthResult;
+import org.apache.geronimo.tomcat.security.ServerAuthException;
+import org.apache.geronimo.tomcat.security.TomcatAuthStatus;
+import org.apache.geronimo.tomcat.security.UserIdentity;
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class NoneAuthenticator implements Authenticator {
+
+ private final AuthResult unauthenticated;
+
+ public NoneAuthenticator(UserIdentity unauthenticatedIdentity) {
+ unauthenticated = new AuthResult(TomcatAuthStatus.SUCCESS, unauthenticatedIdentity);
+ }
+
+ public AuthResult validateRequest(Request request, Response response, boolean isAuthMandatory) throws ServerAuthException {
+ return unauthenticated;
+ }
+
+ public boolean secureResponse(Request request, Response response, AuthResult authResult) throws ServerAuthException {
+ return true;
+ }
+
+ public String getAuthType() {
+ return "NONE";
+ }
+}
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/NoneAuthenticator.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/NoneAuthenticator.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/NoneAuthenticator.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicAuthenticator.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicAuthenticator.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicAuthenticator.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicAuthenticator.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,140 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat.security.authentication.jaspic;
+
+import java.util.Map;
+import java.util.Set;
+import java.util.Arrays;
+import java.security.Principal;
+
+import javax.security.auth.message.config.ServerAuthContext;
+import javax.security.auth.message.config.ServerAuthConfig;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.callback.CallerPrincipalCallback;
+import javax.security.auth.message.callback.GroupPrincipalCallback;
+import javax.security.auth.Subject;
+
+import org.apache.geronimo.tomcat.security.Authenticator;
+import org.apache.geronimo.tomcat.security.AuthResult;
+import org.apache.geronimo.tomcat.security.ServerAuthException;
+import org.apache.geronimo.tomcat.security.TomcatAuthStatus;
+import org.apache.geronimo.tomcat.security.UserIdentity;
+import org.apache.geronimo.tomcat.security.IdentityService;
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class JaspicAuthenticator implements Authenticator {
+ private static final String MESSAGE_INFO_KEY = "org.apache.geronimo.tomcat.jaspic.message.info";
+
+ private final ServerAuthConfig serverAuthConfig;
+ private final Map authProperties;
+ private final Subject serviceSubject;
+ private final JaspicCallbackHandler callbackHandler;
+ private final IdentityService identityService;
+
+ public JaspicAuthenticator(ServerAuthConfig serverAuthConfig, Map authProperties, Subject serviceSubject, JaspicCallbackHandler callbackHandler, IdentityService identityService) {
+ this.serverAuthConfig = serverAuthConfig;
+ this.authProperties = authProperties;
+ this.serviceSubject = serviceSubject;
+ this.callbackHandler = callbackHandler;
+ this.identityService = identityService;
+ }
+
+ public AuthResult validateRequest(Request request, Response response, boolean isAuthMandatory) throws ServerAuthException {
+ try {
+ MessageInfo messageInfo = new JaspicMessageInfo(request, response, isAuthMandatory);
+ request.setNote(MESSAGE_INFO_KEY, messageInfo);
+ String authContextId = serverAuthConfig.getAuthContextID(messageInfo);
+ ServerAuthContext authContext = serverAuthConfig.getAuthContext(authContextId, serviceSubject, authProperties);
+ Subject clientSubject = new Subject();
+
+ AuthStatus authStatus = authContext.validateRequest(messageInfo, clientSubject, serviceSubject);
+ if (authStatus == AuthStatus.SEND_CONTINUE)
+ return new AuthResult(TomcatAuthStatus.SEND_CONTINUE, null);
+ if (authStatus == AuthStatus.SEND_FAILURE)
+ return new AuthResult(TomcatAuthStatus.SEND_FAILURE, null);
+
+ if (authStatus == AuthStatus.SUCCESS) {
+ Set<UserIdentity> ids = clientSubject.getPrivateCredentials(UserIdentity.class);
+ UserIdentity userIdentity;
+ if (ids.size() > 0) {
+ userIdentity = ids.iterator().next();
+ } else {
+ CallerPrincipalCallback principalCallback = callbackHandler.getThreadCallerPrincipalCallback();
+ if (principalCallback == null) throw new NullPointerException("No CallerPrincipalCallback");
+ Principal principal = principalCallback.getPrincipal();
+ if (principal == null) {
+ String principalName = principalCallback.getName();
+ Set<Principal> principals = principalCallback.getSubject().getPrincipals();
+ for (Principal p : principals) {
+ if (p.getName().equals(principalName)) {
+ principal = p;
+ break;
+ }
+ }
+ if (principal == null) {
+ //TODO not clear what to do here.
+ return new AuthResult(TomcatAuthStatus.SUCCESS, null);
+ }
+ }
+ GroupPrincipalCallback groupPrincipalCallback = callbackHandler.getThreadGroupPrincipalCallback();
+ String[] groups = groupPrincipalCallback == null ? null : groupPrincipalCallback.getGroups();
+ userIdentity = identityService.newUserIdentity(clientSubject, principal, Arrays.asList(groups));
+ }
+ return new AuthResult(TomcatAuthStatus.SUCCESS, userIdentity);
+ }
+ if (authStatus == AuthStatus.SEND_SUCCESS) {
+ //we are processing a message in a secureResponse dialog.
+ return new AuthResult(TomcatAuthStatus.SEND_SUCCESS, null);
+ }
+ //should not happen
+ throw new NullPointerException("No AuthStatus returned");
+ } catch (AuthException e) {
+ throw new ServerAuthException(e);
+ }
+ }
+
+ public boolean secureResponse(Request request, Response response, AuthResult authResult) throws ServerAuthException {
+ JaspicMessageInfo messageInfo = (JaspicMessageInfo)request.getNote(MESSAGE_INFO_KEY);
+ if (messageInfo==null) throw new NullPointerException("MeesageInfo from request missing: " + request);
+ try
+ {
+ String authContextId = serverAuthConfig.getAuthContextID(messageInfo);
+ ServerAuthContext authContext = serverAuthConfig.getAuthContext(authContextId,serviceSubject,authProperties);
+ // TODO authContext.cleanSubject(messageInfo,validatedUser.getUserIdentity().getSubject());
+ AuthStatus status = authContext.secureResponse(messageInfo,serviceSubject);
+ return (AuthStatus.SEND_SUCCESS.equals(status));
+ }
+ catch (AuthException e)
+ {
+ throw new ServerAuthException(e);
+ }
+ }
+
+ public String getAuthType() {
+ return "JASPIC";
+ }
+}
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicAuthenticator.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicAuthenticator.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicAuthenticator.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicCallbackHandler.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicCallbackHandler.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicCallbackHandler.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicCallbackHandler.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,95 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat.security.authentication.jaspic;
+
+import java.io.IOException;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.message.callback.CallerPrincipalCallback;
+import javax.security.auth.message.callback.GroupPrincipalCallback;
+import javax.security.auth.message.callback.PasswordValidationCallback;
+import javax.security.auth.message.callback.CertStoreCallback;
+import javax.security.auth.message.callback.PrivateKeyCallback;
+import javax.security.auth.message.callback.SecretKeyCallback;
+import javax.security.auth.message.callback.TrustStoreCallback;
+import javax.security.auth.Subject;
+
+import org.apache.geronimo.tomcat.security.LoginService;
+import org.apache.geronimo.tomcat.security.UserIdentity;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class JaspicCallbackHandler implements CallbackHandler {
+ private final LoginService loginService;
+
+ private final ThreadLocal<CallerPrincipalCallback> callerPrincipals = new ThreadLocal<CallerPrincipalCallback>();
+ private final ThreadLocal<GroupPrincipalCallback> groupPrincipals = new ThreadLocal<GroupPrincipalCallback>();
+
+ public JaspicCallbackHandler(LoginService loginService) {
+ this.loginService = loginService;
+ }
+
+ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+ for (Callback callback : callbacks) {
+ // jaspi to server communication
+ if (callback instanceof CallerPrincipalCallback) {
+ callerPrincipals.set((CallerPrincipalCallback) callback);
+ } else if (callback instanceof GroupPrincipalCallback) {
+ groupPrincipals.set((GroupPrincipalCallback) callback);
+ } else if (callback instanceof PasswordValidationCallback) {
+ PasswordValidationCallback passwordValidationCallback = (PasswordValidationCallback) callback;
+ Subject subject = passwordValidationCallback.getSubject();
+
+ UserIdentity user = loginService.login(passwordValidationCallback.getUsername(), new String(passwordValidationCallback.getPassword()));
+
+ if (user != null) {
+ passwordValidationCallback.setResult(true);
+ passwordValidationCallback.getSubject().getPrincipals().addAll(user.getSubject().getPrincipals());
+ passwordValidationCallback.getSubject().getPrivateCredentials().add(user);
+ }
+ }
+ // server to jaspi communication
+ // TODO implement these
+ else if (callback instanceof CertStoreCallback) {
+ } else if (callback instanceof PrivateKeyCallback) {
+ } else if (callback instanceof SecretKeyCallback) {
+ } else if (callback instanceof TrustStoreCallback) {
+ } else {
+ throw new UnsupportedCallbackException(callback);
+ }
+ }
+ }
+
+ public CallerPrincipalCallback getThreadCallerPrincipalCallback() {
+ CallerPrincipalCallback callerPrincipalCallback = callerPrincipals.get();
+ callerPrincipals.remove();
+ return callerPrincipalCallback;
+ }
+
+ public GroupPrincipalCallback getThreadGroupPrincipalCallback() {
+ GroupPrincipalCallback groupPrincipalCallback = groupPrincipals.get();
+ groupPrincipals.remove();
+ return groupPrincipalCallback;
+ }
+}
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicCallbackHandler.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicCallbackHandler.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicCallbackHandler.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicMessageInfo.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicMessageInfo.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicMessageInfo.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicMessageInfo.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,73 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat.security.authentication.jaspic;
+
+import java.util.Map;
+import java.util.HashMap;
+
+import javax.security.auth.message.MessageInfo;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class JaspicMessageInfo implements MessageInfo {
+ private static final String MANDATORY_KEY = "javax.security.auth.message.MessagePolicy.isMandatory";
+
+ private final Map map = new HashMap();
+ private HttpServletRequest request;
+ private HttpServletResponse response;
+
+ public JaspicMessageInfo() {
+ }
+
+ public JaspicMessageInfo(Request request, Response response, boolean authMandatory) {
+ this.request = request;
+ this.response = response;
+ map.put(MANDATORY_KEY, authMandatory);
+ }
+
+ public Map getMap() {
+ return map;
+ }
+
+ public Object getRequestMessage() {
+ return request;
+ }
+
+ public Object getResponseMessage() {
+ return response;
+ }
+
+ public void setRequestMessage(Object request) {
+ if (!(request instanceof HttpServletRequest)) throw new IllegalArgumentException("Request in not a servlet request but " + request.getClass().getName());
+ this.request = (HttpServletRequest) request;
+ }
+
+ public void setResponseMessage(Object response) {
+ if (!(response instanceof HttpServletResponse)) throw new IllegalArgumentException("response in not a servlet response but " + response.getClass().getName());
+ this.response = (HttpServletResponse) response;
+ }
+}
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicMessageInfo.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicMessageInfo.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicMessageInfo.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoIdentityService.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoIdentityService.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoIdentityService.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoIdentityService.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,52 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat.security.impl;
+
+import java.security.Principal;
+import java.security.AccessControlContext;
+import java.util.List;
+
+import javax.security.auth.Subject;
+
+import org.apache.geronimo.tomcat.security.IdentityService;
+import org.apache.geronimo.tomcat.security.UserIdentity;
+import org.apache.geronimo.tomcat.security.jacc.JACCUserIdentity;
+import org.apache.geronimo.security.ContextManager;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class GeronimoIdentityService implements IdentityService {
+ public Object associate(UserIdentity userIdentity) {
+ Subject subject = userIdentity == null? ContextManager.EMPTY: userIdentity.getSubject();
+ ContextManager.setCallers(subject, subject);
+ return null;
+ }
+
+ public void dissociate(Object previous) {
+ ContextManager.clearCallers();
+ }
+
+ public UserIdentity newUserIdentity(Subject subject, Principal userPrincipal, List<String> groups) {
+ AccessControlContext acc = ContextManager.registerSubjectShort(subject, userPrincipal, groups);
+ return new JACCUserIdentity(subject, userPrincipal, groups, acc);
+ }
+}
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoIdentityService.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoIdentityService.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoIdentityService.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoLoginService.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoLoginService.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoLoginService.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoLoginService.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,64 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat.security.impl;
+
+import java.security.Principal;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.Subject;
+
+import org.apache.geronimo.tomcat.security.LoginService;
+import org.apache.geronimo.tomcat.security.UserIdentity;
+import org.apache.geronimo.tomcat.security.IdentityService;
+import org.apache.geronimo.security.jaas.ConfigurationFactory;
+import org.apache.geronimo.security.realm.providers.PasswordCallbackHandler;
+import org.apache.geronimo.security.ContextManager;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class GeronimoLoginService implements LoginService {
+
+ private final ConfigurationFactory configurationFactory;
+ private final IdentityService identityService;
+
+ public GeronimoLoginService(ConfigurationFactory configurationFactory, IdentityService identityService) {
+ this.configurationFactory = configurationFactory;
+ this.identityService = identityService;
+ }
+
+ public UserIdentity login(String userName, String password) {
+ CallbackHandler callbackHandler = new PasswordCallbackHandler(userName, password.toCharArray());
+ try {
+ LoginContext loginContext = ContextManager.login(configurationFactory.getConfigurationName(), callbackHandler, configurationFactory.getConfiguration());
+ Subject establishedSubject = loginContext.getSubject();
+ Principal userPrincipal = ContextManager.getCurrentPrincipal(establishedSubject);
+ return identityService.newUserIdentity(establishedSubject, userPrincipal, null);
+ } catch (LoginException e) {
+ return null;
+ }
+ }
+
+ public void logout(UserIdentity userIdentity) {
+ }
+}
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoLoginService.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoLoginService.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoLoginService.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCAuthorizer.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCAuthorizer.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCAuthorizer.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCAuthorizer.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,80 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat.security.jacc;
+
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.Realm;
+import org.apache.geronimo.tomcat.security.Authorizer;
+import org.apache.geronimo.tomcat.security.AuthResult;
+import org.apache.geronimo.tomcat.security.UserIdentity;
+
+import javax.security.jacc.WebUserDataPermission;
+import javax.security.jacc.WebResourcePermission;
+import java.security.AccessControlContext;
+import java.security.AccessControlException;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class JACCAuthorizer implements Authorizer {
+
+ private final AccessControlContext defaultACC;
+
+ public JACCAuthorizer(AccessControlContext defaultACC) {
+ this.defaultACC = defaultACC;
+ }
+
+ public Object getConstraints(Request request) {
+ return null;
+ }
+
+ public boolean hasUserDataPermissions(Request request, Object constraints) {
+ try {
+ defaultACC.checkPermission(new WebUserDataPermission(request));
+ return true;
+ } catch (AccessControlException e) {
+ return false;
+ }
+ }
+
+ public boolean isAuthMandatory(Request request, Object constraints) {
+ try {
+ defaultACC.checkPermission(new WebResourcePermission(request));
+ return false;
+ } catch (AccessControlException e) {
+ return true;
+ }
+ }
+
+ public boolean hasResourcePermissions(Request request, AuthResult authResult, Object constraints, UserIdentity userIdentity) {
+ if (!(userIdentity instanceof JACCUserIdentity)) {
+ return false;
+ }
+
+ AccessControlContext acc = ((JACCUserIdentity)userIdentity).getAccessControlContext();
+ try {
+ acc.checkPermission(new WebResourcePermission(request));
+ return true;
+ } catch (AccessControlException e) {
+ return false;
+ }
+ }
+}
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCAuthorizer.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCAuthorizer.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCAuthorizer.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCEJBWebServiceAuthorizer.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCEJBWebServiceAuthorizer.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCEJBWebServiceAuthorizer.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCEJBWebServiceAuthorizer.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat.security.jacc;
+
+import java.security.AccessControlContext;
+
+import org.apache.catalina.connector.Request;
+import org.apache.geronimo.tomcat.security.AuthResult;
+import org.apache.geronimo.tomcat.security.UserIdentity;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class JACCEJBWebServiceAuthorizer extends JACCAuthorizer {
+
+ public JACCEJBWebServiceAuthorizer(AccessControlContext defaultACC) {
+ super(defaultACC);
+ }
+
+ @Override
+ public boolean hasResourcePermissions(Request request, AuthResult authResult, Object constraints, UserIdentity userIdentity) {
+ return true;
+ }
+
+}
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCEJBWebServiceAuthorizer.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCEJBWebServiceAuthorizer.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCEJBWebServiceAuthorizer.java
------------------------------------------------------------------------------
svn:mime-type = text/plain