You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by at...@apache.org on 2005/05/25 00:17:54 UTC
cvs commit: jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/impl/ext JBossLoginModule.java
ate 2005/05/24 15:17:54
Modified: components/security/src/java/org/apache/jetspeed/security/impl
DefaultLoginModule.java
portal/src/resources jboss-login-config.xml
Added: components/security/src/java/org/apache/jetspeed/security/impl/ext
JBossLoginModule.java
Log:
Provide role security for JBoss
(request.isUserInRole(roleName)
See: http://issues.apache.org/jira/browse/JS2-262
This is just a first version which needs further enhancements for JAAS security on other AppServers,
but for JBoss (and Tomcat) this now works.
Revision Changes Path
1.3 +28 -1 jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/impl/DefaultLoginModule.java
Index: DefaultLoginModule.java
===================================================================
RCS file: /home/cvs/jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/impl/DefaultLoginModule.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- DefaultLoginModule.java 28 Jan 2005 01:25:10 -0000 1.2
+++ DefaultLoginModule.java 24 May 2005 22:17:54 -0000 1.3
@@ -14,6 +14,8 @@
*/
package org.apache.jetspeed.security.impl;
+import java.security.Principal;
+import java.util.List;
import java.util.Map;
import javax.security.auth.Subject;
@@ -26,7 +28,11 @@
import javax.security.auth.spi.LoginModule;
import org.apache.jetspeed.security.LoginModuleProxy;
+import org.apache.jetspeed.security.RolePrincipal;
+import org.apache.jetspeed.security.SecurityHelper;
+import org.apache.jetspeed.security.User;
import org.apache.jetspeed.security.UserManager;
+import org.apache.jetspeed.security.UserPrincipal;
/**
* <p>LoginModule implementation that authenticates a user
@@ -117,7 +123,7 @@
{
// TODO We should get the user profile here and had it in cache so that we do not have to retrieve it again.
// TODO Ideally the User should be available from the session. Need discussion around this.
- subject.getPrincipals().addAll(ums.getUser(username).getSubject().getPrincipals());
+ commitPrincipals(subject, ums.getUser(username));
username = null;
commitSuccess = true;
@@ -213,4 +219,25 @@
}
}
+
+ protected Principal getUserPrincipal(User user)
+ {
+ return SecurityHelper.getPrincipal(user.getSubject(),UserPrincipal.class);
+ }
+
+ protected List getUserRoles(User user)
+ {
+ return SecurityHelper.getPrincipals(user.getSubject(),RolePrincipal.class);
+ }
+
+ /**
+ * Default setup of the logged on Subject Principals for Tomcat
+ * @param subject
+ * @param user
+ */
+ protected void commitPrincipals(Subject subject, User user)
+ {
+ subject.getPrincipals().add(getUserPrincipal(user));
+ subject.getPrincipals().addAll(getUserRoles(user));
+ }
}
1.3 +1 -1 jakarta-jetspeed-2/portal/src/resources/jboss-login-config.xml
Index: jboss-login-config.xml
===================================================================
RCS file: /home/cvs/jakarta-jetspeed-2/portal/src/resources/jboss-login-config.xml,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- jboss-login-config.xml 23 Mar 2005 22:55:30 -0000 1.2
+++ jboss-login-config.xml 24 May 2005 22:17:54 -0000 1.3
@@ -1,6 +1,6 @@
<application-policy name="Jetspeed">
<authentication>
- <login-module code="org.apache.jetspeed.security.impl.DefaultLoginModule"
+ <login-module code="org.apache.jetspeed.security.impl.ext.JBossLoginModule"
flag="required">
<module-option name="unauthenticatedIdentity">guest</module-option>
</login-module>
1.1 jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/impl/ext/JBossLoginModule.java
Index: JBossLoginModule.java
===================================================================
/* Copyright 2004 Apache Software Foundation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.jetspeed.security.impl.ext;
import java.security.Principal;
import java.security.acl.Group;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.List;
import javax.security.auth.Subject;
import org.apache.jetspeed.security.User;
import org.apache.jetspeed.security.impl.DefaultLoginModule;
/**
* <p>Configures Subject principals for JBoss JAAS implementation
* @author <a href="mailto:ate@douma.nu">Ate Douma</a>
*/
public class JBossLoginModule extends DefaultLoginModule
{
private static class JBossGroup implements Group
{
private String name;
private ArrayList members = new ArrayList();
public JBossGroup(String name, List members)
{
this.name = name;
this.members.addAll(members);
}
public boolean addMember(Principal user)
{
if ( !isMember(user) )
{
members.add(user);
return true;
}
return false;
}
public boolean isMember(Principal member)
{
return members.contains(member);
}
public boolean removeMember(Principal user)
{
return members.remove(user);
}
public Enumeration members()
{
return Collections.enumeration(members);
}
public String getName()
{
return name;
}
}
protected void commitPrincipals(Subject subject, User user)
{
// add UserPrincipal to subject
subject.getPrincipals().add(getUserPrincipal(user));
subject.getPrincipals().add(new JBossGroup("Roles",getUserRoles(user)));
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org