You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by dj...@apache.org on 2009/07/17 07:29:16 UTC
svn commit: r794963 - in
/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat:
./ security/impl/ security/jacc/
Author: djencks
Date: Fri Jul 17 05:29:16 2009
New Revision: 794963
URL: http://svn.apache.org/viewvc?rev=794963&view=rev
Log:
GERONIMO-4748 simplify default subject handling which should remove the possibility of the problem in the defect
Modified:
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/BaseGeronimoContextConfig.java
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoIdentityService.java
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCUserIdentity.java
Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/BaseGeronimoContextConfig.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/BaseGeronimoContextConfig.java?rev=794963&r1=794962&r2=794963&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/BaseGeronimoContextConfig.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/BaseGeronimoContextConfig.java Fri Jul 17 05:29:16 2009
@@ -25,37 +25,34 @@
import java.util.Map;
import javax.security.auth.Subject;
+import javax.security.auth.message.AuthException;
import javax.security.auth.message.config.AuthConfigFactory;
-import javax.security.auth.message.config.RegistrationListener;
import javax.security.auth.message.config.AuthConfigProvider;
+import javax.security.auth.message.config.RegistrationListener;
import javax.security.auth.message.config.ServerAuthConfig;
-import javax.security.auth.message.AuthException;
-import org.apache.catalina.deploy.LoginConfig;
-import org.apache.catalina.deploy.SecurityConstraint;
-import org.apache.catalina.startup.ContextConfig;
-import org.apache.catalina.Context;
import org.apache.catalina.core.StandardContext;
+import org.apache.catalina.startup.ContextConfig;
+import org.apache.geronimo.security.ContextManager;
+import org.apache.geronimo.security.jaas.ConfigurationFactory;
import org.apache.geronimo.tomcat.security.Authenticator;
-import org.apache.geronimo.tomcat.security.LoginService;
-import org.apache.geronimo.tomcat.security.IdentityService;
import org.apache.geronimo.tomcat.security.Authorizer;
+import org.apache.geronimo.tomcat.security.IdentityService;
+import org.apache.geronimo.tomcat.security.LoginService;
import org.apache.geronimo.tomcat.security.SecurityValve;
import org.apache.geronimo.tomcat.security.UserIdentity;
-import org.apache.geronimo.tomcat.security.jacc.JACCAuthorizer;
-import org.apache.geronimo.tomcat.security.jacc.JACCRealm;
-import org.apache.geronimo.tomcat.security.jacc.JACCSecurityValve;
-import org.apache.geronimo.tomcat.security.impl.GeronimoLoginService;
-import org.apache.geronimo.tomcat.security.impl.GeronimoIdentityService;
import org.apache.geronimo.tomcat.security.authentication.BasicAuthenticator;
-import org.apache.geronimo.tomcat.security.authentication.NoneAuthenticator;
-import org.apache.geronimo.tomcat.security.authentication.DigestAuthenticator;
import org.apache.geronimo.tomcat.security.authentication.ClientCertAuthenticator;
+import org.apache.geronimo.tomcat.security.authentication.DigestAuthenticator;
import org.apache.geronimo.tomcat.security.authentication.FormAuthenticator;
-import org.apache.geronimo.tomcat.security.authentication.jaspic.JaspicCallbackHandler;
+import org.apache.geronimo.tomcat.security.authentication.NoneAuthenticator;
import org.apache.geronimo.tomcat.security.authentication.jaspic.JaspicAuthenticator;
-import org.apache.geronimo.security.ContextManager;
-import org.apache.geronimo.security.jaas.ConfigurationFactory;
+import org.apache.geronimo.tomcat.security.authentication.jaspic.JaspicCallbackHandler;
+import org.apache.geronimo.tomcat.security.impl.GeronimoIdentityService;
+import org.apache.geronimo.tomcat.security.impl.GeronimoLoginService;
+import org.apache.geronimo.tomcat.security.jacc.JACCAuthorizer;
+import org.apache.geronimo.tomcat.security.jacc.JACCRealm;
+import org.apache.geronimo.tomcat.security.jacc.JACCSecurityValve;
/**
* @version $Rev$ $Date$
@@ -65,10 +62,10 @@
protected void configureSecurity(StandardContext geronimoContext, String policyContextId, ConfigurationFactory configurationFactory, Subject defaultSubject, String authMethod, String realmName, String loginPage, String errorPage) {
- IdentityService identityService = new GeronimoIdentityService();
if (defaultSubject == null) {
defaultSubject = ContextManager.EMPTY;
}
+ IdentityService identityService = new GeronimoIdentityService(defaultSubject);
UserIdentity unauthenticatedIdentity = identityService.newUserIdentity(defaultSubject, null, null);
LoginService loginService = new GeronimoLoginService(configurationFactory, identityService);
Authenticator authenticator = null;
Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java?rev=794963&r1=794962&r2=794963&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java Fri Jul 17 05:29:16 2009
@@ -145,7 +145,7 @@
defaultSubject = ContextManager.EMPTY;
}
- interceptor = new PolicyContextBeforeAfter(interceptor, index++, index++, index++, policyContextId, defaultSubject);
+// interceptor = new PolicyContextBeforeAfter(interceptor, index++, index++, index++, policyContextId, defaultSubject);
}
}
@@ -265,8 +265,8 @@
//Install the DefaultSubjectValve after the authentication valve so the default subject is supplied
//only if no real subject is authenticated.
- Valve defaultSubjectValve = new DefaultSubjectValve(defaultSubject);
- addValve(defaultSubjectValve);
+// Valve defaultSubjectValve = new DefaultSubjectValve(defaultSubject);
+// addValve(defaultSubjectValve);
// if a servlet uses run-as then make sure role desgnates have been provided
if (hasRunAsServlet()) {
Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoIdentityService.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoIdentityService.java?rev=794963&r1=794962&r2=794963&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoIdentityService.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoIdentityService.java Fri Jul 17 05:29:16 2009
@@ -30,19 +30,27 @@
import org.apache.geronimo.tomcat.security.UserIdentity;
import org.apache.geronimo.tomcat.security.jacc.JACCUserIdentity;
import org.apache.geronimo.security.ContextManager;
+import org.apache.geronimo.security.Callers;
/**
* @version $Rev$ $Date$
*/
public class GeronimoIdentityService implements IdentityService {
+ private final Subject defaultSubject;
+
+ public GeronimoIdentityService(Subject defaultSubject) {
+ this.defaultSubject = defaultSubject;
+ }
+
public Object associate(UserIdentity userIdentity) {
- Subject subject = userIdentity == null? ContextManager.EMPTY: userIdentity.getSubject();
+ Subject subject = userIdentity == null? defaultSubject: userIdentity.getSubject();
+ Callers callers = ContextManager.getCallers();
ContextManager.setCallers(subject, subject);
- return null;
+ return callers;
}
public void dissociate(Object previous) {
- ContextManager.clearCallers();
+ ContextManager.popCallers((Callers) previous);
}
public UserIdentity newUserIdentity(Subject subject, Principal userPrincipal, List<String> groups) {
Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCUserIdentity.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCUserIdentity.java?rev=794963&r1=794962&r2=794963&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCUserIdentity.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCUserIdentity.java Fri Jul 17 05:29:16 2009
@@ -38,6 +38,7 @@
private final AccessControlContext acc;
public JACCUserIdentity(Subject subject, Principal userPrincipal, List<String> groups, AccessControlContext acc) {
+ if (subject == null) throw new NullPointerException("No Subject in user identity");
this.subject = subject;
this.userPrincipal = userPrincipal;
this.groups = groups;