You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by jg...@apache.org on 2005/11/14 10:00:12 UTC

svn commit: r344084 - in /geronimo/trunk/modules/tomcat/src: java/org/apache/geronimo/tomcat/JAASTomcatPrincipal.java java/org/apache/geronimo/tomcat/realm/TomcatJAASRealm.java test/org/apache/geronimo/tomcat/JAASSecurityTest.java

Author: jgenender
Date: Mon Nov 14 00:59:37 2005
New Revision: 344084

URL: http://svn.apache.org/viewcvs?rev=344084&view=rev
Log:
Implemented own JAAS Principal handler due to TC 5.5.12 changes

Modified:
    geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/JAASTomcatPrincipal.java
    geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatJAASRealm.java
    geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/JAASSecurityTest.java

Modified: geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/JAASTomcatPrincipal.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/JAASTomcatPrincipal.java?rev=344084&r1=344083&r2=344084&view=diff
==============================================================================
--- geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/JAASTomcatPrincipal.java (original)
+++ geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/JAASTomcatPrincipal.java Mon Nov 14 00:59:37 2005
@@ -18,6 +18,7 @@
 
 
 import java.security.Principal;
+import java.util.List;
 import javax.security.auth.Subject;
 
 
@@ -27,6 +28,7 @@
 public class JAASTomcatPrincipal implements Principal {
     private final String name;
     private Subject subject;
+    private List roles;
 
     public JAASTomcatPrincipal(String name) {
         this.name = name;
@@ -42,5 +44,13 @@
 
     public void setSubject(Subject subject) {
         this.subject = subject;
+    }
+
+    public List getRoles() {
+        return roles;
+    }
+
+    public void setRoles(List roles) {
+        this.roles = roles;
     }
 }

Modified: geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatJAASRealm.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatJAASRealm.java?rev=344084&r1=344083&r2=344084&view=diff
==============================================================================
--- geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatJAASRealm.java (original)
+++ geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatJAASRealm.java Mon Nov 14 00:59:37 2005
@@ -16,20 +16,19 @@
  */
 package org.apache.geronimo.tomcat.realm;
 
-import java.security.Principal;
-import javax.security.auth.Subject;
-import javax.security.auth.login.AccountExpiredException;
-import javax.security.auth.login.CredentialExpiredException;
-import javax.security.auth.login.FailedLoginException;
-import javax.security.auth.login.LoginContext;
-import javax.security.auth.login.LoginException;
-
 import org.apache.catalina.realm.JAASCallbackHandler;
 import org.apache.catalina.realm.JAASRealm;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-
 import org.apache.geronimo.security.ContextManager;
+import org.apache.geronimo.tomcat.JAASTomcatPrincipal;
+
+import javax.security.auth.Subject;
+import javax.security.auth.login.*;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
 
 
 /**
@@ -37,7 +36,7 @@
  */
 public class TomcatJAASRealm extends JAASRealm implements Cloneable {
     private static final Log log = LogFactory.getLog(TomcatJAASRealm.class);
-    
+
     private static final String DEFAULT_NAME = "tomcat";
 
     /**
@@ -154,13 +153,85 @@
             }
 
             return (principal);
+
         } catch (Throwable t) {
             log.error("error ", t);
             return null;
         }
     }
 
+    protected Principal createPrincipal(String username, Subject subject) {
+        // Prepare to scan the Principals for this Subject
+        String password = null; // Will not be carried forward
+
+        List roles = new ArrayList();
+        Principal userPrincipal = null;
+
+        // Scan the Principals for this Subject
+        Iterator principals = subject.getPrincipals().iterator();
+        while (principals.hasNext()) {
+            Principal principal = (Principal) principals.next();
+
+            String principalClass = principal.getClass().getName();
+
+            if( log.isDebugEnabled() ) {
+                log.debug(sm.getString("jaasRealm.checkPrincipal", principal, principalClass));
+            }
+
+            if (userPrincipal == null && userClasses.contains(principalClass)) {
+                userPrincipal = principal;
+                if( log.isDebugEnabled() ) {
+                    log.debug(sm.getString("jaasRealm.userPrincipalSuccess", principal.getName()));
+                }
+            }
+
+            if (roleClasses.contains(principalClass)) {
+                roles.add(principal.getName());
+                if( log.isDebugEnabled() ) {
+                    log.debug(sm.getString("jaasRealm.rolePrincipalAdd", principal.getName()));
+                }
+            }
+        }
+
+        // Print failure message if needed
+        if (userPrincipal == null) {
+            if (log.isDebugEnabled()) {
+                log.debug(sm.getString("jaasRealm.userPrincipalFailure"));
+                log.debug(sm.getString("jaasRealm.rolePrincipalFailure"));
+            }
+        } else {
+            if (roles.size() == 0) {
+                if (log.isDebugEnabled()) {
+                    log.debug(sm.getString("jaasRealm.rolePrincipalFailure"));
+                }
+            }
+        }
+
+        JAASTomcatPrincipal jaasPrincipal = new JAASTomcatPrincipal(username);
+        jaasPrincipal.setSubject(subject);
+        jaasPrincipal.setRoles(roles);
+
+        // Return the resulting Principal for our authenticated user
+        return jaasPrincipal;
+    }
+
+
     public Object clone() throws CloneNotSupportedException{
         return super.clone();
     }
+
+
+    public boolean hasRole(Principal principal, String role) {
+
+        if ((principal == null) || (role == null) ||
+            !(principal instanceof JAASTomcatPrincipal))
+            return (false);
+
+        JAASTomcatPrincipal jtp = (JAASTomcatPrincipal) principal;
+        if (jtp.getRoles().contains(role))
+            return true;
+
+        return false;
+    }
+
 }

Modified: geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/JAASSecurityTest.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/JAASSecurityTest.java?rev=344084&r1=344083&r2=344084&view=diff
==============================================================================
--- geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/JAASSecurityTest.java (original)
+++ geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/JAASSecurityTest.java Mon Nov 14 00:59:37 2005
@@ -104,8 +104,8 @@
 
         //Give the container some time to load the web context
         //this is wierd..it only needs to be done on this test
-        Thread.sleep(5000);       
- 
+        Thread.sleep(5000);
+
         //Begin the test
         HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:8181/securetest/protected/hello.txt").openConnection();
         connection.setInstanceFollowRedirects(false);
@@ -122,6 +122,7 @@
 
         connection = (HttpURLConnection) new URL(location).openConnection();
         connection.setRequestMethod("POST");
+        connection.setRequestProperty("Referer","http://localhost:8181/securetest/auth/logon.html?param=test");
         connection.setRequestProperty("Cookie", cookie);
         connection.setInstanceFollowRedirects(false);
         assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode());