You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by jg...@apache.org on 2005/11/14 10:00:12 UTC
svn commit: r344084 - in /geronimo/trunk/modules/tomcat/src:
java/org/apache/geronimo/tomcat/JAASTomcatPrincipal.java
java/org/apache/geronimo/tomcat/realm/TomcatJAASRealm.java
test/org/apache/geronimo/tomcat/JAASSecurityTest.java
Author: jgenender
Date: Mon Nov 14 00:59:37 2005
New Revision: 344084
URL: http://svn.apache.org/viewcvs?rev=344084&view=rev
Log:
Implemented own JAAS Principal handler due to TC 5.5.12 changes
Modified:
geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/JAASTomcatPrincipal.java
geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatJAASRealm.java
geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/JAASSecurityTest.java
Modified: geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/JAASTomcatPrincipal.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/JAASTomcatPrincipal.java?rev=344084&r1=344083&r2=344084&view=diff
==============================================================================
--- geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/JAASTomcatPrincipal.java (original)
+++ geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/JAASTomcatPrincipal.java Mon Nov 14 00:59:37 2005
@@ -18,6 +18,7 @@
import java.security.Principal;
+import java.util.List;
import javax.security.auth.Subject;
@@ -27,6 +28,7 @@
public class JAASTomcatPrincipal implements Principal {
private final String name;
private Subject subject;
+ private List roles;
public JAASTomcatPrincipal(String name) {
this.name = name;
@@ -42,5 +44,13 @@
public void setSubject(Subject subject) {
this.subject = subject;
+ }
+
+ public List getRoles() {
+ return roles;
+ }
+
+ public void setRoles(List roles) {
+ this.roles = roles;
}
}
Modified: geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatJAASRealm.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatJAASRealm.java?rev=344084&r1=344083&r2=344084&view=diff
==============================================================================
--- geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatJAASRealm.java (original)
+++ geronimo/trunk/modules/tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatJAASRealm.java Mon Nov 14 00:59:37 2005
@@ -16,20 +16,19 @@
*/
package org.apache.geronimo.tomcat.realm;
-import java.security.Principal;
-import javax.security.auth.Subject;
-import javax.security.auth.login.AccountExpiredException;
-import javax.security.auth.login.CredentialExpiredException;
-import javax.security.auth.login.FailedLoginException;
-import javax.security.auth.login.LoginContext;
-import javax.security.auth.login.LoginException;
-
import org.apache.catalina.realm.JAASCallbackHandler;
import org.apache.catalina.realm.JAASRealm;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-
import org.apache.geronimo.security.ContextManager;
+import org.apache.geronimo.tomcat.JAASTomcatPrincipal;
+
+import javax.security.auth.Subject;
+import javax.security.auth.login.*;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
/**
@@ -37,7 +36,7 @@
*/
public class TomcatJAASRealm extends JAASRealm implements Cloneable {
private static final Log log = LogFactory.getLog(TomcatJAASRealm.class);
-
+
private static final String DEFAULT_NAME = "tomcat";
/**
@@ -154,13 +153,85 @@
}
return (principal);
+
} catch (Throwable t) {
log.error("error ", t);
return null;
}
}
+ protected Principal createPrincipal(String username, Subject subject) {
+ // Prepare to scan the Principals for this Subject
+ String password = null; // Will not be carried forward
+
+ List roles = new ArrayList();
+ Principal userPrincipal = null;
+
+ // Scan the Principals for this Subject
+ Iterator principals = subject.getPrincipals().iterator();
+ while (principals.hasNext()) {
+ Principal principal = (Principal) principals.next();
+
+ String principalClass = principal.getClass().getName();
+
+ if( log.isDebugEnabled() ) {
+ log.debug(sm.getString("jaasRealm.checkPrincipal", principal, principalClass));
+ }
+
+ if (userPrincipal == null && userClasses.contains(principalClass)) {
+ userPrincipal = principal;
+ if( log.isDebugEnabled() ) {
+ log.debug(sm.getString("jaasRealm.userPrincipalSuccess", principal.getName()));
+ }
+ }
+
+ if (roleClasses.contains(principalClass)) {
+ roles.add(principal.getName());
+ if( log.isDebugEnabled() ) {
+ log.debug(sm.getString("jaasRealm.rolePrincipalAdd", principal.getName()));
+ }
+ }
+ }
+
+ // Print failure message if needed
+ if (userPrincipal == null) {
+ if (log.isDebugEnabled()) {
+ log.debug(sm.getString("jaasRealm.userPrincipalFailure"));
+ log.debug(sm.getString("jaasRealm.rolePrincipalFailure"));
+ }
+ } else {
+ if (roles.size() == 0) {
+ if (log.isDebugEnabled()) {
+ log.debug(sm.getString("jaasRealm.rolePrincipalFailure"));
+ }
+ }
+ }
+
+ JAASTomcatPrincipal jaasPrincipal = new JAASTomcatPrincipal(username);
+ jaasPrincipal.setSubject(subject);
+ jaasPrincipal.setRoles(roles);
+
+ // Return the resulting Principal for our authenticated user
+ return jaasPrincipal;
+ }
+
+
public Object clone() throws CloneNotSupportedException{
return super.clone();
}
+
+
+ public boolean hasRole(Principal principal, String role) {
+
+ if ((principal == null) || (role == null) ||
+ !(principal instanceof JAASTomcatPrincipal))
+ return (false);
+
+ JAASTomcatPrincipal jtp = (JAASTomcatPrincipal) principal;
+ if (jtp.getRoles().contains(role))
+ return true;
+
+ return false;
+ }
+
}
Modified: geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/JAASSecurityTest.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/JAASSecurityTest.java?rev=344084&r1=344083&r2=344084&view=diff
==============================================================================
--- geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/JAASSecurityTest.java (original)
+++ geronimo/trunk/modules/tomcat/src/test/org/apache/geronimo/tomcat/JAASSecurityTest.java Mon Nov 14 00:59:37 2005
@@ -104,8 +104,8 @@
//Give the container some time to load the web context
//this is wierd..it only needs to be done on this test
- Thread.sleep(5000);
-
+ Thread.sleep(5000);
+
//Begin the test
HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:8181/securetest/protected/hello.txt").openConnection();
connection.setInstanceFollowRedirects(false);
@@ -122,6 +122,7 @@
connection = (HttpURLConnection) new URL(location).openConnection();
connection.setRequestMethod("POST");
+ connection.setRequestProperty("Referer","http://localhost:8181/securetest/auth/logon.html?param=test");
connection.setRequestProperty("Cookie", cookie);
connection.setInstanceFollowRedirects(false);
assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode());