You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by ch...@apache.org on 2014/08/27 09:39:02 UTC
svn commit: r1620786 - in /jackrabbit/oak/branches/1.0: ./
oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/
oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/
oak-doc/
Author: chetanm
Date: Wed Aug 27 07:39:01 2014
New Revision: 1620786
URL: http://svn.apache.org/r1620786
Log:
OAK-2051 - Provide option to use Configuration SPI in JAAS authentication when running within AppServer
OAK-1880 - Omit Configuration Retrieval for PreAuthContext
Merging 1601578,1620512. Also includes OAK-1880 as related changes were required
Modified:
jackrabbit/oak/branches/1.0/ (props changed)
jackrabbit/oak/branches/1.0/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationConfigurationImpl.java
jackrabbit/oak/branches/1.0/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java
jackrabbit/oak/branches/1.0/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AuthenticationConfiguration.java
jackrabbit/oak/branches/1.0/oak-doc/ (props changed)
Propchange: jackrabbit/oak/branches/1.0/
------------------------------------------------------------------------------
Merged /jackrabbit/oak/trunk:r1601578,1620512
Modified: jackrabbit/oak/branches/1.0/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationConfigurationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.0/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationConfigurationImpl.java?rev=1620786&r1=1620785&r2=1620786&view=diff
==============================================================================
--- jackrabbit/oak/branches/1.0/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationConfigurationImpl.java (original)
+++ jackrabbit/oak/branches/1.0/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationConfigurationImpl.java Wed Aug 27 07:39:01 2014
@@ -17,12 +17,12 @@
package org.apache.jackrabbit.oak.security.authentication;
import java.util.Map;
-
import javax.annotation.Nonnull;
-import javax.security.auth.login.Configuration;
import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
+import org.apache.felix.scr.annotations.Properties;
+import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.Service;
import org.apache.jackrabbit.oak.api.ContentRepository;
import org.apache.jackrabbit.oak.spi.security.ConfigurationBase;
@@ -49,8 +49,19 @@ import org.slf4j.LoggerFactory;
* </ul>
*
*/
-@Component
+@Component(metatype = true, label = "Apache Jackrabbit Oak AuthenticationConfiguration")
@Service({AuthenticationConfiguration.class, SecurityConfiguration.class})
+@Properties({
+ @Property(name = AuthenticationConfiguration.PARAM_APP_NAME,
+ label = "Application Name",
+ value = AuthenticationConfiguration.DEFAULT_APP_NAME,
+ description = "Application named used for JAAS authentication"),
+ @Property(name = AuthenticationConfiguration.PARAM_CONFIG_SPI_NAME,
+ label = "JAAS Config SPI Name",
+ description = "Name of JAAS Configuration Spi. This needs to be set to JAAS config provider " +
+ "name if JAAS authentication " +
+ "is managed by Felix JAAS Support with its Global Configuration Policy set to 'default'.")
+})
public class AuthenticationConfigurationImpl extends ConfigurationBase implements AuthenticationConfiguration {
private static final Logger log = LoggerFactory.getLogger(AuthenticationConfigurationImpl.class);
@@ -111,20 +122,6 @@ public class AuthenticationConfiguration
@Override
public LoginContextProvider getLoginContextProvider(ContentRepository contentRepository) {
String appName = getParameters().getConfigValue(PARAM_APP_NAME, DEFAULT_APP_NAME);
- Configuration loginConfig = null;
- try {
- loginConfig = Configuration.getConfiguration();
- // NOTE: workaround for Java7 behavior (see OAK-497)
- if (loginConfig.getAppConfigurationEntry(appName) == null) {
- loginConfig = null;
- }
- } catch (SecurityException e) {
- log.info("Failed to retrieve login configuration: using default. " + e);
- }
- if (loginConfig == null) {
- log.debug("No login configuration available for {}; using default", appName);
- loginConfig = ConfigurationUtil.getDefaultConfiguration(getParameters());
- }
// todo: temporary workaround
SecurityProvider provider = getSecurityProvider();
Whiteboard whiteboard = null;
@@ -133,6 +130,6 @@ public class AuthenticationConfiguration
} else {
log.warn("Unable to obtain whiteboard from SecurityProvider");
}
- return new LoginContextProviderImpl(appName, loginConfig, contentRepository, getSecurityProvider(), whiteboard);
+ return new LoginContextProviderImpl(appName, getParameters(), contentRepository, getSecurityProvider(), whiteboard);
}
}
\ No newline at end of file
Modified: jackrabbit/oak/branches/1.0/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.0/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java?rev=1620786&r1=1620785&r2=1620786&view=diff
==============================================================================
--- jackrabbit/oak/branches/1.0/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java (original)
+++ jackrabbit/oak/branches/1.0/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java Wed Aug 27 07:39:01 2014
@@ -17,6 +17,9 @@
package org.apache.jackrabbit.oak.security.authentication;
import java.security.AccessController;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.jcr.Credentials;
@@ -26,7 +29,9 @@ import javax.security.auth.login.Configu
import javax.security.auth.login.LoginException;
import org.apache.jackrabbit.oak.api.ContentRepository;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
+import org.apache.jackrabbit.oak.spi.security.authentication.ConfigurationUtil;
import org.apache.jackrabbit.oak.spi.security.authentication.JaasLoginContext;
import org.apache.jackrabbit.oak.spi.security.authentication.LoginContext;
import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider;
@@ -35,6 +40,8 @@ import org.apache.jackrabbit.oak.spi.whi
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import static org.apache.jackrabbit.oak.spi.security.authentication.AuthenticationConfiguration.PARAM_CONFIG_SPI_NAME;
+
/**
* {@code LoginContextProvider}
*/
@@ -43,17 +50,19 @@ class LoginContextProviderImpl implement
private static final Logger log = LoggerFactory.getLogger(LoginContextProviderImpl.class);
private final String appName;
- private final Configuration configuration;
+ private final ConfigurationParameters params;
private final ContentRepository contentRepository;
private final SecurityProvider securityProvider;
private final Whiteboard whiteboard;
- LoginContextProviderImpl(String appName, Configuration configuration,
+ private Configuration configuration;
+
+ LoginContextProviderImpl(String appName, ConfigurationParameters params,
ContentRepository contentRepository,
SecurityProvider securityProvider,
Whiteboard whiteboard) {
this.appName = appName;
- this.configuration = configuration;
+ this.params = params;
this.contentRepository = contentRepository;
this.securityProvider = securityProvider;
this.whiteboard = whiteboard;
@@ -73,7 +82,7 @@ class LoginContextProviderImpl implement
subject = new Subject();
}
CallbackHandler handler = getCallbackHandler(credentials, workspaceName);
- return new JaasLoginContext(appName, subject, handler, configuration);
+ return new JaasLoginContext(appName, subject, handler, getConfiguration());
}
//------------------------------------------------------------< private >---
@@ -92,4 +101,51 @@ class LoginContextProviderImpl implement
private CallbackHandler getCallbackHandler(Credentials credentials, String workspaceName) {
return new CallbackHandlerImpl(credentials, workspaceName, contentRepository, securityProvider, whiteboard);
}
+
+ @Nonnull
+ private Configuration getConfiguration() {
+ if (configuration == null) {
+ Configuration loginConfig = null;
+
+ //Default value cannot be set to null so using a sentinel to determine
+ //case when its not set
+ String configSpiName = params.getConfigValue(PARAM_CONFIG_SPI_NAME, "NA");
+ if(!"NA".equals(configSpiName)){
+ try {
+ loginConfig = Configuration.getInstance(
+ "JavaLoginConfig", //Algorithm name
+ null, //Extra params to be passed. For this impl its null
+ configSpiName //Name of the config provider
+ );
+ if (loginConfig.getAppConfigurationEntry(appName) == null) {
+ log.warn("No configuration found for application {} though fetching JAAS " +
+ "configuration from SPI {} is enabled.", appName, configSpiName);
+ }
+ } catch (NoSuchAlgorithmException e) {
+ log.warn("Error fetching JAAS config from SPI {}", configSpiName, e);
+ } catch (NoSuchProviderException e) {
+ log.warn("Error fetching JAAS config from SPI {}", configSpiName, e);
+ }
+ }
+
+ if(loginConfig == null) {
+ try {
+ loginConfig = Configuration.getConfiguration();
+ // NOTE: workaround for Java7 behavior (see OAK-497)
+ if (loginConfig.getAppConfigurationEntry(appName) == null) {
+ loginConfig = null;
+ }
+ } catch (SecurityException e) {
+ log.info("Failed to retrieve login configuration: using default. " + e);
+ }
+ }
+
+ if (loginConfig == null) {
+ log.debug("No login configuration available for {}; using default", appName);
+ loginConfig = ConfigurationUtil.getDefaultConfiguration(params);
+ }
+ configuration = loginConfig;
+ }
+ return configuration;
+ }
}
\ No newline at end of file
Modified: jackrabbit/oak/branches/1.0/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AuthenticationConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.0/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AuthenticationConfiguration.java?rev=1620786&r1=1620785&r2=1620786&view=diff
==============================================================================
--- jackrabbit/oak/branches/1.0/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AuthenticationConfiguration.java (original)
+++ jackrabbit/oak/branches/1.0/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AuthenticationConfiguration.java Wed Aug 27 07:39:01 2014
@@ -31,6 +31,8 @@ public interface AuthenticationConfigura
String PARAM_APP_NAME = "org.apache.jackrabbit.oak.authentication.appName";
String DEFAULT_APP_NAME = "jackrabbit.oak";
+ String PARAM_CONFIG_SPI_NAME = "org.apache.jackrabbit.oak.authentication.configSpiName";
+
@Nonnull
LoginContextProvider getLoginContextProvider(ContentRepository contentRepository);
}
Propchange: jackrabbit/oak/branches/1.0/oak-doc/
------------------------------------------------------------------------------
Merged /jackrabbit/oak/trunk/oak-doc:r1601578,1620512