You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by jg...@apache.org on 2007/01/05 23:05:35 UTC
svn commit: r493206 - in
/geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat:
GeronimoStandardContext.java interceptor/PolicyContextBeforeAfter.java
realm/TomcatGeronimoRealm.java
Author: jgenender
Date: Fri Jan 5 14:05:34 2007
New Revision: 493206
URL: http://svn.apache.org/viewvc?view=rev&rev=493206
Log:
GERONIMO-2695 - Use default principal when no authentication has occurred
Modified:
geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java
geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java
geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java
Modified: geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java?view=diff&rev=493206&r1=493205&r2=493206
==============================================================================
--- geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java (original)
+++ geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java Fri Jan 5 14:05:34 2007
@@ -41,6 +41,7 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.geronimo.common.DeploymentException;
+import org.apache.geronimo.common.GeronimoSecurityException;
import org.apache.geronimo.naming.enc.EnterpriseNamingContext;
import org.apache.geronimo.security.ContextManager;
import org.apache.geronimo.security.IdentificationPrincipal;
@@ -117,14 +118,17 @@
* Register our default subject with the ContextManager
*/
DefaultPrincipal defaultPrincipal = securityHolder.getDefaultPrincipal();
- if (defaultPrincipal != null) {
- defaultSubject = ConfigurationUtil.generateDefaultSubject(defaultPrincipal, ctx.getClassLoader());
- ContextManager.registerSubject(defaultSubject);
- SubjectId id = ContextManager.getSubjectId(defaultSubject);
- defaultSubject.getPrincipals().add(new IdentificationPrincipal(id));
+ if (defaultPrincipal == null) {
+ throw new GeronimoSecurityException("Unable to generate default principal");
}
- interceptor = new PolicyContextBeforeAfter(interceptor, index++, index++, securityHolder.getPolicyContextID());
+ defaultSubject = ConfigurationUtil.generateDefaultSubject(defaultPrincipal, ctx.getClassLoader());
+ ContextManager.registerSubject(defaultSubject);
+ SubjectId id = ContextManager.getSubjectId(defaultSubject);
+ defaultSubject.getPrincipals().add(new IdentificationPrincipal(id));
+
+ interceptor = new PolicyContextBeforeAfter(interceptor, index++, index++, index++, securityHolder.getPolicyContextID(), defaultSubject);
+
}
}
Modified: geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java?view=diff&rev=493206&r1=493205&r2=493206
==============================================================================
--- geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java (original)
+++ geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java Fri Jan 5 14:05:34 2007
@@ -17,6 +17,7 @@
package org.apache.geronimo.tomcat.interceptor;
import javax.security.jacc.PolicyContext;
+import javax.security.auth.Subject;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
@@ -25,16 +26,22 @@
public class PolicyContextBeforeAfter implements BeforeAfter{
+ public static final String DEFAULT_SUBJECT = "~DEFAULT_SUBJECT";
+
private final BeforeAfter next;
private final String policyContextID;
private final int policyContextIDIndex;
private final int callersIndex;
+ private final int defaultSubjectIndex;
+ private final Subject defaultSubject;
- public PolicyContextBeforeAfter(BeforeAfter next, int policyContextIDIndex, int callersIndex, String policyContextID) {
+ public PolicyContextBeforeAfter(BeforeAfter next, int policyContextIDIndex, int callersIndex, int defaultSubjectIndex, String policyContextID, Subject defaultSubject) {
this.next = next;
this.policyContextIDIndex = policyContextIDIndex;
this.callersIndex = callersIndex;
+ this.defaultSubjectIndex = defaultSubjectIndex;
this.policyContextID = policyContextID;
+ this.defaultSubject = defaultSubject;
}
public void before(Object[] context, ServletRequest httpRequest, ServletResponse httpResponse) {
@@ -47,6 +54,11 @@
//Set the new
PolicyContext.setContextID(policyContextID);
PolicyContext.setHandlerData(httpRequest);
+ if (httpRequest != null){
+ httpRequest.setAttribute(DEFAULT_SUBJECT, defaultSubject);
+ context[defaultSubjectIndex] = httpRequest.getAttribute(DEFAULT_SUBJECT);
+ }
+
if (next != null) {
next.before(context, httpRequest, httpResponse);
@@ -61,6 +73,9 @@
//Replace the old
PolicyContext.setContextID((String)context[policyContextIDIndex]);
ContextManager.popCallers((Callers) context[callersIndex]);
+ if (httpRequest != null)
+ httpRequest.setAttribute(DEFAULT_SUBJECT, context[defaultSubjectIndex]);
+
}
}
Modified: geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java?view=diff&rev=493206&r1=493205&r2=493206
==============================================================================
--- geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java (original)
+++ geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java Fri Jan 5 14:05:34 2007
@@ -30,6 +30,7 @@
import org.apache.geronimo.security.realm.providers.CertificateChainCallbackHandler;
import org.apache.geronimo.security.realm.providers.PasswordCallbackHandler;
import org.apache.geronimo.tomcat.JAASTomcatPrincipal;
+import org.apache.geronimo.tomcat.interceptor.PolicyContextBeforeAfter;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
@@ -180,8 +181,8 @@
//If we have no principal, then we should use the default.
if (principal == null) {
- return request.isSecure();
-
+ Subject defaultSubject = (Subject)request.getAttribute(PolicyContextBeforeAfter.DEFAULT_SUBJECT);
+ ContextManager.setCallers(defaultSubject, defaultSubject);
} else {
Subject currentCaller = ((JAASTomcatPrincipal) principal).getSubject();
ContextManager.setCallers(currentCaller, currentCaller);