You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by dj...@apache.org on 2007/08/14 10:25:00 UTC
svn commit: r565657 - in /geronimo/server/trunk/modules:
geronimo-client/src/main/java/org/apache/geronimo/client/
geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/
geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/ ger...
Author: djencks
Date: Tue Aug 14 01:24:58 2007
New Revision: 565657
URL: http://svn.apache.org/viewvc?view=rev&rev=565657
Log:
GERONIMO-3407 stop using SubjectRegistrationLoginModule
Removed:
geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/SubjectRegistrationLoginModule.java
Modified:
geronimo/server/trunk/modules/geronimo-client/src/main/java/org/apache/geronimo/client/AppClientContainer.java
geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSGSSUPMechConfig.java
geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/InternalJAASJettyRealm.java
geronimo/server/trunk/modules/geronimo-jmx-remoting/src/main/java/org/apache/geronimo/jmxremoting/Authenticator.java
geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/GeronimoSecurityService.java
geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ContextManager.java
geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/SimpleCredentialStoreImpl.java
geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java
geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java
geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginKerberosTest.java
geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java
geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginSQLTest.java
geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/TimeoutTest.java
geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java
geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/realm/TomcatJAASRealm.java
Modified: geronimo/server/trunk/modules/geronimo-client/src/main/java/org/apache/geronimo/client/AppClientContainer.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-client/src/main/java/org/apache/geronimo/client/AppClientContainer.java?view=diff&rev=565657&r1=565656&r2=565657
==============================================================================
--- geronimo/server/trunk/modules/geronimo-client/src/main/java/org/apache/geronimo/client/AppClientContainer.java (original)
+++ geronimo/server/trunk/modules/geronimo-client/src/main/java/org/apache/geronimo/client/AppClientContainer.java Tue Aug 14 01:24:58 2007
@@ -130,13 +130,7 @@
if (callbackHandlerClass != null) {
callbackHandler = (CallbackHandler) holder.newInstance(callbackHandlerClass, classLoader, componentContext);
- loginContext = new LoginContext(realmName, callbackHandler);
- try {
- loginContext.login();
- } catch (LoginException e) {
- loginContext = null;
- throw e;
- }
+ loginContext = ContextManager.login(realmName, callbackHandler);
clientSubject = loginContext.getSubject();
}
ContextManager.setCallers(clientSubject, clientSubject);
@@ -220,7 +214,7 @@
holder.destroyInstance(callbackHandler);
}
if (loginContext != null) {
- loginContext.logout();
+ ContextManager.logout(loginContext);
}
jndiContext.stopClient(appClientModuleName);
}
Modified: geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSGSSUPMechConfig.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSGSSUPMechConfig.java?view=diff&rev=565657&r1=565656&r2=565657
==============================================================================
--- geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSGSSUPMechConfig.java (original)
+++ geronimo/server/trunk/modules/geronimo-corba/src/main/java/org/apache/geronimo/corba/security/config/tss/TSSGSSUPMechConfig.java Tue Aug 14 01:24:58 2007
@@ -105,11 +105,10 @@
if (!targetName.equals(tokenTargetName)) throw new SASException(2);
String userName = Util.extractUserNameFromScopedName(token.username);
- LoginContext context = new LoginContext(tokenTargetName,
+ LoginContext context = ContextManager.login(tokenTargetName,
new UsernamePasswordCallback(userName,
new String(token.password, "UTF8").toCharArray()));
- context.login();
- result = ContextManager.getServerSideSubject(context.getSubject());
+ result = context.getSubject();
}
} catch (UnsupportedEncodingException e) {
throw new SASException(1, e);
Modified: geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/InternalJAASJettyRealm.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/InternalJAASJettyRealm.java?view=diff&rev=565657&r1=565656&r2=565657
==============================================================================
--- geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/InternalJAASJettyRealm.java (original)
+++ geronimo/server/trunk/modules/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/InternalJAASJettyRealm.java Tue Aug 14 01:24:58 2007
@@ -88,12 +88,10 @@
}
//set up the login context
- LoginContext loginContext = new LoginContext(securityRealmName, callbackHandler);
- loginContext.login();
+ LoginContext loginContext = ContextManager.login(securityRealmName, callbackHandler);
callbackHandler.clear();
Subject subject = ContextManager.getServerSideSubject(loginContext.getSubject());
- //TODO use the run-as subject as nextCaller
ContextManager.setCallers(subject, subject);
//login success
Modified: geronimo/server/trunk/modules/geronimo-jmx-remoting/src/main/java/org/apache/geronimo/jmxremoting/Authenticator.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-jmx-remoting/src/main/java/org/apache/geronimo/jmxremoting/Authenticator.java?view=diff&rev=565657&r1=565656&r2=565657
==============================================================================
--- geronimo/server/trunk/modules/geronimo-jmx-remoting/src/main/java/org/apache/geronimo/jmxremoting/Authenticator.java (original)
+++ geronimo/server/trunk/modules/geronimo-jmx-remoting/src/main/java/org/apache/geronimo/jmxremoting/Authenticator.java Tue Aug 14 01:24:58 2007
@@ -35,12 +35,13 @@
public class Authenticator implements JMXAuthenticator, NotificationListener {
private final String configName;
private final ClassLoader cl;
- private ThreadLocal threadContext = new ThreadLocal();
- private Map contextMap = Collections.synchronizedMap(new HashMap());
+ private ThreadLocal<LoginContext> threadContext = new ThreadLocal<LoginContext>();
+ private Map<String, LoginContext> contextMap = Collections.synchronizedMap(new HashMap<String, LoginContext>());
/**
* Constructor indicating which JAAS Application Configuration Entry to use.
* @param configName the JAAS config name
+ * @param cl classloader to use as TCCL for operations
*/
public Authenticator(String configName, ClassLoader cl) {
this.configName = configName;
@@ -48,7 +49,7 @@
}
public Subject authenticate(Object o) throws SecurityException {
- if (o instanceof String[] == false) {
+ if (!(o instanceof String[])) {
throw new IllegalArgumentException("Expected String[2], got " + o == null ? null : o.getClass().getName());
}
String[] params = (String[]) o;
@@ -61,6 +62,8 @@
Credentials credentials = new Credentials(params[0], params[1]);
try {
thread.setContextClassLoader(cl);
+ //TODO consider using ContextManager for login and checking a permission against the ACC
+ //to do e.g. deployments.
LoginContext context = new LoginContext(configName, credentials);
context.login();
threadContext.set(context);
@@ -80,11 +83,11 @@
String type = cxNotification.getType();
String connectionId = cxNotification.getConnectionId();
if (JMXConnectionNotification.OPENED.equals(type)) {
- LoginContext context = (LoginContext) threadContext.get();
+ LoginContext context = threadContext.get();
threadContext.set(null);
contextMap.put(connectionId, context);
} else {
- LoginContext context = (LoginContext) contextMap.remove(connectionId);
+ LoginContext context = contextMap.remove(connectionId);
if (context != null) {
try {
context.logout();
Modified: geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/GeronimoSecurityService.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/GeronimoSecurityService.java?view=diff&rev=565657&r1=565656&r2=565657
==============================================================================
--- geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/GeronimoSecurityService.java (original)
+++ geronimo/server/trunk/modules/geronimo-openejb/src/main/java/org/apache/geronimo/openejb/GeronimoSecurityService.java Tue Aug 14 01:24:58 2007
@@ -49,18 +49,16 @@
}
public Object login(String securityRealm, String user, String pass) throws LoginException {
- LoginContext context = new LoginContext(securityRealm, new UsernamePasswordCallbackHandler(user, pass));
- context.login();
+ LoginContext context = ContextManager.login(securityRealm, new UsernamePasswordCallbackHandler(user, pass));
Subject subject = context.getSubject();
- SubjectId subjectId = ContextManager.registerSubject(subject);
- return subjectId;
+ return ContextManager.getSubjectId(subject);
}
- public void logout(Object securityIdentity) {
- Subject subject = ContextManager.getRegisteredSubject((SubjectId) securityIdentity);
- ContextManager.unregisterSubject(subject);
- }
+// public void logout(Object securityIdentity) {
+// Subject subject = ContextManager.getRegisteredSubject((SubjectId) securityIdentity);
+// ContextManager.unregisterSubject(subject);
+// }
public void associate(Object securityIdentity) throws LoginException {
if (securityIdentity == null) {
Modified: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ContextManager.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ContextManager.java?view=diff&rev=565657&r1=565656&r2=565657
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ContextManager.java (original)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/ContextManager.java Tue Aug 14 01:24:58 2007
@@ -35,6 +35,9 @@
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
import javax.security.jacc.EJBRoleRefPermission;
import org.apache.geronimo.security.realm.providers.GeronimoCallerPrincipal;
@@ -66,6 +69,22 @@
static {
EMPTY.setReadOnly();
registerSubject(EMPTY);
+ }
+
+ public static LoginContext login(String realm, CallbackHandler callbackHandler) throws LoginException {
+ Subject subject = new Subject();
+ LoginContext loginContext = new LoginContext(realm, subject, callbackHandler);
+ loginContext.login();
+ SubjectId id = ContextManager.registerSubject(subject);
+ IdentificationPrincipal principal = new IdentificationPrincipal(id);
+ subject.getPrincipals().add(principal);
+ return loginContext;
+ }
+
+ public static void logout(LoginContext loginContext) throws LoginException {
+ Subject subject = loginContext.getSubject();
+ ContextManager.unregisterSubject(subject);
+ loginContext.logout();
}
Modified: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/SimpleCredentialStoreImpl.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/SimpleCredentialStoreImpl.java?view=diff&rev=565657&r1=565656&r2=565657
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/SimpleCredentialStoreImpl.java (original)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/credentialstore/SimpleCredentialStoreImpl.java Tue Aug 14 01:24:58 2007
@@ -36,7 +36,7 @@
import org.apache.geronimo.security.ContextManager;
/**
- * @version $Rev:$ $Date:$
+ * @version $Rev$ $Date$
*/
public class SimpleCredentialStoreImpl implements CredentialStore {
@@ -78,8 +78,7 @@
if (callbackInfos == null) {
throw new LoginException("Unknown id: " + id + " in realm: " + realm);
}
- Subject subject = new Subject();
- LoginContext loginContext = new LoginContext(realm, subject, new CallbackHandler() {
+ LoginContext loginContext = ContextManager.login(realm, new CallbackHandler() {
public void handle(Callback[] callbacks) throws UnsupportedCallbackException {
for (Callback callback: callbacks) {
@@ -91,8 +90,7 @@
}
}
});
- loginContext.login();
- return ContextManager.getServerSideSubject(subject);
+ return loginContext.getSubject();
}
public void addEntry(String realm, String id, Map<String, SingleCallbackHandler> callbackInfos) {
Modified: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java?view=diff&rev=565657&r1=565656&r2=565657
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java (original)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java Tue Aug 14 01:24:58 2007
@@ -17,7 +17,6 @@
package org.apache.geronimo.security.realm;
import java.util.ArrayList;
-import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Properties;
@@ -32,7 +31,6 @@
import org.apache.geronimo.security.jaas.ConfigurationEntryFactory;
import org.apache.geronimo.security.jaas.JaasLoginModuleChain;
import org.apache.geronimo.security.jaas.JaasLoginModuleUse;
-import org.apache.geronimo.security.jaas.SubjectRegistrationLoginModule;
import org.apache.geronimo.system.serverinfo.ServerInfo;
@@ -81,7 +79,6 @@
if (loginModuleUse != null) {
loginModuleUse.configure(domainNames, loginModuleConfigurations, realmName, kernel, serverInfo, classLoader);
- loginModuleConfigurations.add(new AppConfigurationEntry(SubjectRegistrationLoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, Collections.<String, Object>emptyMap()));
}
domains = domainNames.toArray(new String[domainNames.size()]);
Modified: geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java?view=diff&rev=565657&r1=565656&r2=565657
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java (original)
+++ geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java Tue Aug 14 01:24:58 2007
@@ -67,9 +67,8 @@
assertEquals("Audit file wasn't cleared", 0, auditlog.length());
// First try with explicit configuration entry
- LoginContext context = new LoginContext("properties-realm", new AbstractTest.UsernamePasswordCallback("alan", "starcraft"));
+ LoginContext context = ContextManager.login("properties-realm", new AbstractTest.UsernamePasswordCallback("alan", "starcraft"));
- context.login();
Subject subject = context.getSubject();
Subject clientSubject = subject;
assertTrue("expected non-null client subject", subject != null);
@@ -87,7 +86,7 @@
assertTrue("server subject should have seven principals (" + subject.getPrincipals().size() + ")", subject.getPrincipals().size() == 7);
assertTrue("server subject should have one private credential (" + subject.getPrivateCredentials().size() + ")", subject.getPrivateCredentials().size() == 1);
- context.logout();
+ ContextManager.logout(context);
assertNull(ContextManager.getRegisteredSubject(idp.getId()));
assertNull(ContextManager.getServerSideSubject(clientSubject));
@@ -95,9 +94,8 @@
assertTrue("id of subject should be null", ContextManager.getSubjectId(subject) == null);
// next try the automatic configuration entry
- context = new LoginContext("properties-realm", new AbstractTest.UsernamePasswordCallback("alan", "starcraft"));
+ context = ContextManager.login("properties-realm", new AbstractTest.UsernamePasswordCallback("alan", "starcraft"));
- context.login();
subject = context.getSubject();
assertTrue("expected non-null client subject", subject != null);
set = subject.getPrincipals(IdentificationPrincipal.class);
@@ -105,17 +103,14 @@
IdentificationPrincipal idp2 = (IdentificationPrincipal) set.iterator().next();
assertNotSame(idp.getId(), idp2.getId());
assertEquals(idp2.getId(), idp2.getId());
- subject = ContextManager.getServerSideSubject(subject);
-
- assertTrue("expected non-null server subject", subject != null);
assertTrue("server subject should have one remote principal", subject.getPrincipals(IdentificationPrincipal.class).size() == 1);
- remote = (IdentificationPrincipal) subject.getPrincipals(IdentificationPrincipal.class).iterator().next();
+ remote = subject.getPrincipals(IdentificationPrincipal.class).iterator().next();
assertTrue("server subject should be associated with remote id", ContextManager.getRegisteredSubject(remote.getId()) != null);
assertTrue("server subject should have two realm principals (" + subject.getPrincipals(RealmPrincipal.class).size() + ")", subject.getPrincipals(RealmPrincipal.class).size() == 2);
assertTrue("server subject should have seven principals (" + subject.getPrincipals().size() + ")", subject.getPrincipals().size() == 7);
assertTrue("server subject should have one private credential (" + subject.getPrivateCredentials().size() + ")", subject.getPrivateCredentials().size() == 1);
- context.logout();
+ ContextManager.logout(context);
assertTrue("id of subject should be null", ContextManager.getSubjectId(subject) == null);
Modified: geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginKerberosTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginKerberosTest.java?view=diff&rev=565657&r1=565656&r2=565657
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginKerberosTest.java (original)
+++ geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginKerberosTest.java Tue Aug 14 01:24:58 2007
@@ -87,18 +87,12 @@
context.login();
Subject subject = context.getSubject();
- assertTrue("expected non-null client-side subject", subject != null);
- subject = ContextManager.getServerSideSubject(subject);
-
- assertTrue("expected non-null server-side subject", subject != null);
- assertTrue("id of server-side subject should be non-null", ContextManager.getSubjectId(subject) != null);
- assertEquals("server-side subject should have two principals", 2, subject.getPrincipals().size());
- assertEquals("server-side subject should have one identification principal", 1, subject.getPrincipals(IdentificationPrincipal.class).size());
+ assertTrue("expected non-null subject", subject != null);
+ assertEquals("server-side subject should have two principals", 1, subject.getPrincipals().size());
assertEquals("server-side subject should have one kerberos principal", 1, subject.getPrincipals(KerberosPrincipal.class).size());
context.logout();
- assertTrue("id of subject should be null", ContextManager.getSubjectId(subject) == null);
} catch (LoginException e) {
//See GERONIMO-3388. This seems to be the normal code path.
e.printStackTrace();
Modified: geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java?view=diff&rev=565657&r1=565656&r2=565657
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java (original)
+++ geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java Tue Aug 14 01:24:58 2007
@@ -103,20 +103,8 @@
Subject subject = context.getSubject();
assertTrue("expected non-null subject", subject != null);
- assertTrue("subject should have one remote principal", subject.getPrincipals(IdentificationPrincipal.class).size() == 1);
- IdentificationPrincipal remote = subject.getPrincipals(IdentificationPrincipal.class).iterator().next();
- assertTrue("subject should be associated with remote id", ContextManager.getRegisteredSubject(remote.getId()) != null);
- assertEquals("subject should have seven principals (" + subject.getPrincipals().size() + ")", 7, subject.getPrincipals().size());
- assertEquals("subject should have 2 realm principals (" + subject.getPrincipals(RealmPrincipal.class).size() + ")", 2, subject.getPrincipals(RealmPrincipal.class).size());
- assertEquals("subject should have 2 domain principals (" + subject.getPrincipals(DomainPrincipal.class).size() + ")", 2, subject.getPrincipals(DomainPrincipal.class).size());
-
- subject = ContextManager.getServerSideSubject(subject);
-
- assertTrue("expected non-null subject", subject != null);
- assertTrue("subject should have one remote principal", subject.getPrincipals(IdentificationPrincipal.class).size() == 1);
- remote = subject.getPrincipals(IdentificationPrincipal.class).iterator().next();
- assertTrue("subject should be associated with remote id", ContextManager.getRegisteredSubject(remote.getId()) != null);
- assertEquals("subject should have seven principals (" + subject.getPrincipals().size() + ")", 7, subject.getPrincipals().size());
+ assertTrue("subject should have no remote principal", subject.getPrincipals(IdentificationPrincipal.class).size() == 0);
+ assertEquals("subject should have 6 principals (" + subject.getPrincipals().size() + ")", 6, subject.getPrincipals().size());
assertEquals("subject should have 2 realm principals (" + subject.getPrincipals(RealmPrincipal.class).size() + ")", 2, subject.getPrincipals(RealmPrincipal.class).size());
assertEquals("subject should have 2 domain principals (" + subject.getPrincipals(DomainPrincipal.class).size() + ")", 2, subject.getPrincipals(DomainPrincipal.class).size());
Modified: geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginSQLTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginSQLTest.java?view=diff&rev=565657&r1=565656&r2=565657
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginSQLTest.java (original)
+++ geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginSQLTest.java Tue Aug 14 01:24:58 2007
@@ -143,16 +143,10 @@
context.login();
Subject subject = context.getSubject();
- assertTrue("expected non-null client-side subject", subject != null);
- subject = ContextManager.getServerSideSubject(subject);
-
- assertTrue("expected non-null server-side subject", subject != null);
- assertEquals("server-side subject should have seven principal", 7, subject.getPrincipals().size());
+ assertTrue("expected non-null subject", subject != null);
+ assertEquals("server-side subject should have 6 principal", 6, subject.getPrincipals().size());
assertEquals("server-side subject should have two realm principals", 2, subject.getPrincipals(RealmPrincipal.class).size());
assertEquals("server-side subject should have two domain principals", 2, subject.getPrincipals(DomainPrincipal.class).size());
- assertEquals("server-side subject should have one remote principal", 1, subject.getPrincipals(IdentificationPrincipal.class).size());
- IdentificationPrincipal principal = subject.getPrincipals(IdentificationPrincipal.class).iterator().next();
- assertTrue("id of principal should be non-zero", principal.getId().getSubjectId() != 0);
context.logout();
}
Modified: geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/TimeoutTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/TimeoutTest.java?view=diff&rev=565657&r1=565656&r2=565657
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/TimeoutTest.java (original)
+++ geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/TimeoutTest.java Tue Aug 14 01:24:58 2007
@@ -99,14 +99,11 @@
kernel.shutdown();
}
- public void testNothing() {
- }
public void testTimeout() throws Exception {
- LoginContext context = new LoginContext("properties-realm", new AbstractTest.UsernamePasswordCallback("alan", "starcraft"));
+ LoginContext context = ContextManager.login("properties-realm", new AbstractTest.UsernamePasswordCallback("alan", "starcraft"));
- context.login();
Subject subject = context.getSubject();
assertTrue("expected non-null client subject", subject != null);
Set set = subject.getPrincipals(IdentificationPrincipal.class);
@@ -124,11 +121,11 @@
assertTrue("id of server subject should be non-null", ContextManager.getSubjectId(subject) != null);
- Thread.sleep(3000); // wait for timeout to kick in
+// Thread.sleep(3000); // wait for timeout to kick in
+//
+// assertTrue("id of server subject should be non-null", ContextManager.getSubjectId(subject) != null);
- assertTrue("id of server subject should be non-null", ContextManager.getSubjectId(subject) != null);
-
- Thread.sleep(7000); // wait for timeout to kick in
+// Thread.sleep(7000); // wait for timeout to kick in
//TODO figure out if we can time out logins!
// assertTrue("id of server subject should be null", ContextManager.getSubjectId(subject) == null);
}
Modified: geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java?view=diff&rev=565657&r1=565656&r2=565657
==============================================================================
--- geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java (original)
+++ geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java Tue Aug 14 01:24:58 2007
@@ -16,6 +16,25 @@
*/
package org.apache.geronimo.tomcat.realm;
+import java.io.IOException;
+import java.security.AccessControlContext;
+import java.security.AccessControlException;
+import java.security.Principal;
+import java.security.cert.X509Certificate;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.AccountExpiredException;
+import javax.security.auth.login.CredentialExpiredException;
+import javax.security.auth.login.FailedLoginException;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+import javax.security.jacc.PolicyContext;
+import javax.security.jacc.PolicyContextException;
+import javax.security.jacc.WebResourcePermission;
+import javax.security.jacc.WebRoleRefPermission;
+import javax.security.jacc.WebUserDataPermission;
+
import org.apache.catalina.Context;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.connector.Request;
@@ -32,31 +51,12 @@
import org.apache.geronimo.tomcat.JAASTomcatPrincipal;
import org.apache.geronimo.tomcat.interceptor.PolicyContextBeforeAfter;
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.login.AccountExpiredException;
-import javax.security.auth.login.CredentialExpiredException;
-import javax.security.auth.login.FailedLoginException;
-import javax.security.auth.login.LoginContext;
-import javax.security.auth.login.LoginException;
-import javax.security.jacc.PolicyContext;
-import javax.security.jacc.PolicyContextException;
-import javax.security.jacc.WebResourcePermission;
-import javax.security.jacc.WebRoleRefPermission;
-import javax.security.jacc.WebUserDataPermission;
-
-import java.io.IOException;
-import java.security.AccessControlContext;
-import java.security.AccessControlException;
-import java.security.Principal;
-import java.security.cert.X509Certificate;
-
public class TomcatGeronimoRealm extends JAASRealm {
private static final Log log = LogFactory.getLog(TomcatGeronimoRealm.class);
- private static ThreadLocal currentRequestWrapperName = new ThreadLocal();
+ private static ThreadLocal<String> currentRequestWrapperName = new ThreadLocal<String>();
/**
* Descriptive information about this <code>Realm</code> implementation.
@@ -70,10 +70,10 @@
public TomcatGeronimoRealm() {
- }
+ }
public static String setRequestWrapperName(String requestWrapperName) {
- String old = (String) currentRequestWrapperName.get();
+ String old = currentRequestWrapperName.get();
currentRequestWrapperName.set(requestWrapperName);
return old;
}
@@ -136,10 +136,10 @@
* Return <code>true</code> if this constraint is satisfied and processing
* should continue, or <code>false</code> otherwise.
*
- * @param request Request we are processing
- * @param response Response we are creating
+ * @param request Request we are processing
+ * @param response Response we are creating
* @param constraints Security constraints we are enforcing
- * @param context The Context to which client of this class is attached.
+ * @param context The Context to which client of this class is attached.
* @throws java.io.IOException if an input/output error occurs
*/
public boolean hasResourcePermission(Request request,
@@ -152,7 +152,7 @@
// and the "j_security_check" action
LoginConfig config = context.getLoginConfig();
if ((config != null) &&
- (org.apache.catalina.realm.Constants.FORM_METHOD.equals(config.getAuthMethod()))) {
+ (org.apache.catalina.realm.Constants.FORM_METHOD.equals(config.getAuthMethod()))) {
String requestURI = request.getDecodedRequestURI();
String loginPage = context.getPath() + config.getLoginPage();
if (loginPage.equals(requestURI)) {
@@ -172,7 +172,7 @@
return (true);
}
}
-
+
//Set the current wrapper name (Servlet mapping)
currentRequestWrapperName.set(request.getWrapper().getName());
@@ -181,7 +181,7 @@
//If we have no principal, then we should use the default.
if (principal == null) {
- Subject defaultSubject = (Subject)request.getAttribute(PolicyContextBeforeAfter.DEFAULT_SUBJECT);
+ Subject defaultSubject = (Subject) request.getAttribute(PolicyContextBeforeAfter.DEFAULT_SUBJECT);
ContextManager.setCallers(defaultSubject, defaultSubject);
} else {
Subject currentCaller = ((JAASTomcatPrincipal) principal).getSubject();
@@ -192,7 +192,6 @@
AccessControlContext acc = ContextManager.getCurrentContext();
-
/**
* JACC v1.0 section 4.1.2
*/
@@ -221,7 +220,7 @@
return false;
}
- String name = (String)currentRequestWrapperName.get();
+ String name = currentRequestWrapperName.get();
/**
* JACC v1.0 secion B.19
@@ -264,7 +263,7 @@
*/
public Principal authenticate(String username, String credentials) {
- char[] cred = credentials == null? null: credentials.toCharArray();
+ char[] cred = credentials == null ? null : credentials.toCharArray();
CallbackHandler callbackHandler = new PasswordCallbackHandler(username, cred);
return authenticate(callbackHandler, username);
}
@@ -283,95 +282,64 @@
// Establish a LoginContext to use for authentication
try {
- if ( (principalName!=null) && (!principalName.equals("")) ) {
- LoginContext loginContext = null;
- if (appName == null)
- appName = "Tomcat";
-
- if (log.isDebugEnabled())
- log.debug(sm.getString("jaasRealm.beginLogin", principalName, appName));
-
- // What if the LoginModule is in the container class loader ?
- ClassLoader ocl = null;
-
- if (isUseContextClassLoader()) {
- ocl = Thread.currentThread().getContextClassLoader();
- Thread.currentThread().setContextClassLoader(this.getClass().getClassLoader());
- }
-
- try {
- loginContext = new LoginContext(appName, callbackHandler);
- } catch (Throwable e) {
- log.error(sm.getString("jaasRealm.unexpectedError"), e);
- return (null);
- } finally {
- if (isUseContextClassLoader()) {
- Thread.currentThread().setContextClassLoader(ocl);
- }
- }
-
- if (log.isDebugEnabled())
- log.debug("Login context created " + principalName);
-
- // Negotiate a login via this LoginContext
- Subject subject;
- try {
- loginContext.login();
- Subject tempSubject = loginContext.getSubject();
- if (tempSubject == null) {
- if (log.isDebugEnabled())
- log.debug(sm.getString("jaasRealm.failedLogin", principalName));
- return (null);
- }
-
- subject = ContextManager.getServerSideSubject(tempSubject);
- if (subject == null) {
- if (log.isDebugEnabled())
- log.debug(sm.getString("jaasRealm.failedLogin", principalName));
- return (null);
- }
-
- ContextManager.setCallers(subject, subject);
-
- } catch (AccountExpiredException e) {
- if (log.isDebugEnabled())
- log.debug(sm.getString("jaasRealm.accountExpired", principalName));
- return (null);
- } catch (CredentialExpiredException e) {
- if (log.isDebugEnabled())
- log.debug(sm.getString("jaasRealm.credentialExpired", principalName));
- return (null);
- } catch (FailedLoginException e) {
- if (log.isDebugEnabled())
- log.debug(sm.getString("jaasRealm.failedLogin", principalName));
- return (null);
- } catch (LoginException e) {
- log.warn(sm.getString("jaasRealm.loginException", principalName), e);
- return (null);
- } catch (Throwable e) {
- log.error(sm.getString("jaasRealm.unexpectedError"), e);
- return (null);
- }
-
- if (log.isDebugEnabled())
- log.debug(sm.getString("jaasRealm.loginContextCreated", principalName));
-
- // Return the appropriate Principal for this authenticated Subject
- /* Principal principal = createPrincipal(username, subject);
- if (principal == null) {
- log.debug(sm.getString("jaasRealm.authenticateFailure", username));
- return (null);
- }
- if (log.isDebugEnabled()) {
- log.debug(sm.getString("jaasRealm.authenticateSuccess", username));
- }
- */
- JAASTomcatPrincipal jaasPrincipal = new JAASTomcatPrincipal(principalName);
- jaasPrincipal.setSubject(subject);
+ if ((principalName != null) && (!principalName.equals(""))) {
+ LoginContext loginContext = null;
+ if (appName == null)
+ appName = "Tomcat";
- return (jaasPrincipal);
- }
- else {
+ if (log.isDebugEnabled())
+ log.debug(sm.getString("jaasRealm.beginLogin", principalName, appName));
+
+ // What if the LoginModule is in the container class loader ?
+ ClassLoader ocl = null;
+
+ if (isUseContextClassLoader()) {
+ ocl = Thread.currentThread().getContextClassLoader();
+ Thread.currentThread().setContextClassLoader(this.getClass().getClassLoader());
+ }
+
+ try {
+ loginContext = ContextManager.login(appName, callbackHandler);
+ } catch (AccountExpiredException e) {
+ if (log.isDebugEnabled())
+ log.debug(sm.getString("jaasRealm.accountExpired", principalName));
+ return (null);
+ } catch (CredentialExpiredException e) {
+ if (log.isDebugEnabled())
+ log.debug(sm.getString("jaasRealm.credentialExpired", principalName));
+ return (null);
+ } catch (FailedLoginException e) {
+ if (log.isDebugEnabled())
+ log.debug(sm.getString("jaasRealm.failedLogin", principalName));
+ return (null);
+ } catch (LoginException e) {
+ log.warn(sm.getString("jaasRealm.loginException", principalName), e);
+ return (null);
+ } catch (Throwable e) {
+ log.error(sm.getString("jaasRealm.unexpectedError"), e);
+ return (null);
+ } finally {
+ if (isUseContextClassLoader()) {
+ Thread.currentThread().setContextClassLoader(ocl);
+ }
+ }
+
+ if (log.isDebugEnabled())
+ log.debug("Login context created " + principalName);
+
+ // Negotiate a login via this LoginContext
+ Subject subject = loginContext.getSubject();
+ ContextManager.setCallers(subject, subject);
+
+ if (log.isDebugEnabled())
+ log.debug(sm.getString("jaasRealm.loginContextCreated", principalName));
+
+ // Return the appropriate Principal for this authenticated Subject
+ JAASTomcatPrincipal jaasPrincipal = new JAASTomcatPrincipal(principalName);
+ jaasPrincipal.setSubject(subject);
+
+ return (jaasPrincipal);
+ } else {
if (log.isDebugEnabled())
log.debug("Login Failed - null userID");
return null;
@@ -382,6 +350,7 @@
return null;
}
}
+
/**
* Prepare for active use of the public methods of this <code>Component</code>.
*
Modified: geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/realm/TomcatJAASRealm.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/realm/TomcatJAASRealm.java?view=diff&rev=565657&r1=565656&r2=565657
==============================================================================
--- geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/realm/TomcatJAASRealm.java (original)
+++ geronimo/server/trunk/modules/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/realm/TomcatJAASRealm.java Tue Aug 14 01:24:58 2007
@@ -88,37 +88,7 @@
}
try {
- loginContext = new LoginContext(appName, new JAASCallbackHandler(this, username, credentials));
- } catch (Throwable e) {
- log.error(sm.getString("jaasRealm.unexpectedError"), e);
- return (null);
- } finally {
- if (isUseContextClassLoader()) {
- Thread.currentThread().setContextClassLoader(ocl);
- }
- }
-
- if (log.isDebugEnabled())
- log.debug("Login context created " + username);
-
- // Negotiate a login via this LoginContext
- Subject subject = null;
- try {
- loginContext.login();
- Subject tempSubject = loginContext.getSubject();
- if (tempSubject == null) {
- if (log.isDebugEnabled())
- log.debug(sm.getString("jaasRealm.failedLogin", username));
- return (null);
- }
-
- subject = ContextManager.getServerSideSubject(tempSubject);
- if (subject == null) {
- if (log.isDebugEnabled())
- log.debug(sm.getString("jaasRealm.failedLogin", username));
- return (null);
- }
-
+ loginContext = ContextManager.login(appName, new JAASCallbackHandler(this, username, credentials));
} catch (AccountExpiredException e) {
if (log.isDebugEnabled())
log.debug(sm.getString("jaasRealm.accountExpired", username));
@@ -137,8 +107,18 @@
} catch (Throwable e) {
log.error(sm.getString("jaasRealm.unexpectedError"), e);
return (null);
+ } finally {
+ if (isUseContextClassLoader()) {
+ Thread.currentThread().setContextClassLoader(ocl);
+ }
}
+ if (log.isDebugEnabled())
+ log.debug("Login context created " + username);
+
+ // Negotiate a login via this LoginContext
+ Subject subject = loginContext.getSubject();
+ ContextManager.setCallers(subject, subject);
if (log.isDebugEnabled())
log.debug(sm.getString("jaasRealm.loginContextCreated", username));