You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2015/06/26 09:46:49 UTC
svn commit: r1687700 - in
/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic: ./ provider/
provider/modules/
Author: markt
Date: Fri Jun 26 07:46:48 2015
New Revision: 1687700
URL: http://svn.apache.org/r1687700
Log:
Remove realm name and authentication type from security messages, this information is set up per module now
Patch by fjodorver
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/MessageInfoImpl.java
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatServerAuthContext.java
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/BasicAuthModule.java
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/DigestAuthModule.java
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/TomcatAuthModule.java
Modified: tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java?rev=1687700&r1=1687699&r2=1687700&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java (original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java Fri Jun 26 07:46:48 2015
@@ -68,8 +68,7 @@ public class JaspicAuthenticator extends
return true;
}
- MessageInfoImpl messageInfo = new MessageInfoImpl(request, response, true, getAuthMethod());
- messageInfo.setRealmName(getRealmName(context));
+ MessageInfoImpl messageInfo = new MessageInfoImpl(request, response, true);
AuthConfigFactory factory = AuthConfigFactory.getFactory();
String appContext = getAppContextId(request);
Modified: tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/MessageInfoImpl.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/MessageInfoImpl.java?rev=1687700&r1=1687699&r2=1687700&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/MessageInfoImpl.java (original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/MessageInfoImpl.java Fri Jun 26 07:46:48 2015
@@ -27,8 +27,6 @@ import org.apache.catalina.connector.Req
public class MessageInfoImpl implements MessageInfo {
public static final String IS_MANDATORY = "javax.security.auth.message.MessagePolicy.isMandatory";
- public static final String AUTH_METHOD = "javax.servlet.http.authType";
- public static final String REALM_NAME = "javax.servlet.http.realmName";
private final Map<String, Object> map = new HashMap<>();
private HttpServletRequest request;
@@ -37,16 +35,10 @@ public class MessageInfoImpl implements
public MessageInfoImpl() {
}
- public MessageInfoImpl(Request request, HttpServletResponse response, boolean authMandatory,
- String authMethod) {
+ public MessageInfoImpl(Request request, HttpServletResponse response, boolean authMandatory) {
this.request = request;
this.response = response;
map.put(IS_MANDATORY, Boolean.toString(authMandatory));
- map.put(AUTH_METHOD, authMethod);
- }
-
- public void setRealmName(String realmName) {
- map.put(REALM_NAME, realmName);
}
@Override
Modified: tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java?rev=1687700&r1=1687699&r2=1687700&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java (original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java Fri Jun 26 07:46:48 2015
@@ -16,6 +16,7 @@
*/
package org.apache.catalina.authenticator.jaspic.provider;
+import java.util.HashMap;
import java.util.Map;
import javax.security.auth.Subject;
@@ -88,12 +89,20 @@ public class TomcatAuthConfig implements
public synchronized ServerAuthContext getAuthContext(String authContextID,
Subject serviceSubject, Map properties) throws AuthException {
if (this.tomcatServerAuthContext == null) {
- this.tomcatServerAuthContext = new TomcatServerAuthContext(handler, getModule());
+ this.tomcatServerAuthContext = new TomcatServerAuthContext(handler, getModule(),
+ getOptions());
}
return tomcatServerAuthContext;
}
+ private Map<String, String> getOptions() {
+ Map<String, String> options = new HashMap<>();
+ options.put(TomcatAuthModule.REALM_NAME, getRealmName());
+ return options;
+ }
+
+
private TomcatAuthModule getModule() throws AuthException {
String authMethod = getAuthMethod();
switch (authMethod) {
@@ -111,6 +120,11 @@ public class TomcatAuthConfig implements
}
+ private String getRealmName() {
+ return loginConfig.getRealmName();
+ }
+
+
/**
* Temporary workaround to get authentication method
* @return
Modified: tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatServerAuthContext.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatServerAuthContext.java?rev=1687700&r1=1687699&r2=1687700&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatServerAuthContext.java (original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatServerAuthContext.java Fri Jun 26 07:46:48 2015
@@ -16,7 +16,7 @@
*/
package org.apache.catalina.authenticator.jaspic.provider;
-import java.util.Collections;
+import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
@@ -33,15 +33,16 @@ import org.apache.tomcat.util.res.String
*/
public class TomcatServerAuthContext implements ServerAuthContext {
- protected static final StringManager sm = StringManager.getManager(TomcatServerAuthContext.class);
+ protected static final StringManager sm = StringManager
+ .getManager(TomcatServerAuthContext.class);
private ServerAuthModule module;
- public TomcatServerAuthContext(CallbackHandler handler, ServerAuthModule module)
- throws AuthException {
+ public TomcatServerAuthContext(CallbackHandler handler, ServerAuthModule module,
+ Map<String, String> options) throws AuthException {
this.module = module;
- this.module.initialize(null, null, handler, Collections.emptyMap());
+ this.module.initialize(null, null, handler, options);
}
Modified: tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/BasicAuthModule.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/BasicAuthModule.java?rev=1687700&r1=1687699&r2=1687700&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/BasicAuthModule.java (original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/BasicAuthModule.java Fri Jun 26 07:46:48 2015
@@ -45,14 +45,10 @@ public class BasicAuthModule extends Tom
private Class<?>[] supportedMessageTypes = new Class[] { HttpServletRequest.class,
HttpServletResponse.class };
- private CallbackHandler handler;
-
-
@SuppressWarnings("rawtypes")
@Override
- public void initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy,
+ public void initializeModule(MessagePolicy requestPolicy, MessagePolicy responsePolicy,
CallbackHandler handler, Map options) throws AuthException {
- this.handler = handler;
}
@@ -67,7 +63,7 @@ public class BasicAuthModule extends Tom
HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
String authorization = request.getHeader(AUTHORIZATION_HEADER);
- String realmName = getRealmName(messageInfo);
+ String realmName = getRealmName();
if (authorization == null) {
return sendUnauthorizedError(response, realmName);
Modified: tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/DigestAuthModule.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/DigestAuthModule.java?rev=1687700&r1=1687699&r2=1687700&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/DigestAuthModule.java (original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/DigestAuthModule.java Fri Jun 26 07:46:48 2015
@@ -180,9 +180,9 @@ public class DigestAuthModule extends To
}
- @SuppressWarnings("rawtypes")
@Override
- public void initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy,
+ @SuppressWarnings("rawtypes")
+ public void initializeModule(MessagePolicy requestPolicy, MessagePolicy responsePolicy,
CallbackHandler handler, Map options) throws AuthException {
this.handler = handler;
startInternal();
@@ -238,12 +238,12 @@ public class DigestAuthModule extends To
String authorization = request.getHeader(AUTHORIZATION_HEADER);
DigestInfo digestInfo = new DigestInfo(getOpaque(), getNonceValidity(), getKey(), nonces,
- isValidateUri());
+ isValidateUri(), getRealmName());
if (authorization == null) {
String nonce = generateNonce(request);
- String authenticateHeader = getAuthenticateHeader(nonce, false, messageInfo);
+ String authenticateHeader = getAuthenticateHeader(nonce, false);
return sendUnauthorizedError(response, authenticateHeader);
}
@@ -251,7 +251,7 @@ public class DigestAuthModule extends To
return AuthStatus.SEND_FAILURE;
}
- if (digestInfo.validate(request, messageInfo)) {
+ if (digestInfo.validate(request)) {
// TODO discuss a better way to get user roles
principal = (GenericPrincipal) digestInfo.authenticate(realm);
}
@@ -259,7 +259,7 @@ public class DigestAuthModule extends To
if (principal == null || digestInfo.isNonceStale()) {
String nonce = generateNonce(request);
boolean isNoncaneStale = principal != null && digestInfo.isNonceStale();
- String authenticateHeader = getAuthenticateHeader(nonce, isNoncaneStale, messageInfo);
+ String authenticateHeader = getAuthenticateHeader(nonce, isNoncaneStale);
return sendUnauthorizedError(response, authenticateHeader);
}
@@ -389,10 +389,9 @@ public class DigestAuthModule extends To
* @param nonce nonce token
* @return
*/
- protected String getAuthenticateHeader(String nonce, boolean isNonceStale,
- MessageInfo messageInfo) {
+ protected String getAuthenticateHeader(String nonce, boolean isNonceStale) {
- String realmName = getRealmName(messageInfo);
+ String realmName = getRealmName();
String template = "Digest realm=\"{0}\", qop=\"{1}\", nonce=\"{2}\", opaque=\"{3}\"";
String authenticateHeader = MessageFormat.format(template, realmName, QOP, nonce,
@@ -425,13 +424,16 @@ public class DigestAuthModule extends To
private boolean nonceStale = false;
+ private String contextRealmName;
+
public DigestInfo(String opaque, long nonceValidity, String key,
- Map<String, NonceInfo> nonces, boolean validateUri) {
+ Map<String, NonceInfo> nonces, boolean validateUri, String contextRealmName) {
this.opaque = opaque;
this.nonceValidity = nonceValidity;
this.key = key;
this.nonces = nonces;
this.validateUri = validateUri;
+ this.contextRealmName = contextRealmName;
}
public String getUsername() {
@@ -470,7 +472,7 @@ public class DigestAuthModule extends To
return true;
}
- public boolean validate(HttpServletRequest request, MessageInfo messageInfo) {
+ public boolean validate(HttpServletRequest request) {
if ((userName == null) || (realmName == null) || (nonce == null) || (uri == null)
|| (response == null)) {
return false;
@@ -507,8 +509,7 @@ public class DigestAuthModule extends To
}
// Validate the Realm name
- String lcRealm = getRealmName(messageInfo);
- if (!lcRealm.equals(realmName)) {
+ if (!contextRealmName.equals(realmName)) {
return false;
}
Modified: tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/TomcatAuthModule.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/TomcatAuthModule.java?rev=1687700&r1=1687699&r2=1687700&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/TomcatAuthModule.java (original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/TomcatAuthModule.java Fri Jun 26 07:46:48 2015
@@ -16,7 +16,13 @@
*/
package org.apache.catalina.authenticator.jaspic.provider.modules;
+import java.util.Map;
+import java.util.Optional;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.message.AuthException;
import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.MessagePolicy;
import javax.security.auth.message.module.ServerAuthModule;
import org.apache.catalina.authenticator.jaspic.MessageInfoImpl;
@@ -24,17 +30,21 @@ import org.apache.tomcat.util.res.String
public abstract class TomcatAuthModule implements ServerAuthModule {
+ public static final String REALM_NAME = "javax.servlet.http.realmName";
+ public static final String DEFAULT_REALM_NAME = "Authentication required";
+
protected static final String AUTH_HEADER_NAME = "WWW-Authenticate";
protected static final String AUTHORIZATION_HEADER = "authorization";
- /**
- * Default authentication realm name.
- */
- protected static final String REALM_NAME = "Authentication required";
+
/**
* The string manager for this package.
*/
protected static final StringManager sm = StringManager.getManager(TomcatAuthModule.class);
+ protected String realmName;
+
+ protected CallbackHandler handler;
+
protected boolean isMandatory(MessageInfo messageInfo) {
String mandatory = (String) messageInfo.getMap().get(MessageInfoImpl.IS_MANDATORY);
@@ -42,11 +52,23 @@ public abstract class TomcatAuthModule i
}
- @SuppressWarnings("unchecked")
- protected static String getRealmName(MessageInfo messageInfo) {
- if (messageInfo == null) {
- return REALM_NAME;
- }
- return (String) messageInfo.getMap().getOrDefault(MessageInfoImpl.REALM_NAME, REALM_NAME);
+ @SuppressWarnings("rawtypes")
+ @Override
+ public final void initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy,
+ CallbackHandler handler, Map options) throws AuthException {
+ this.handler = handler;
+ this.realmName = (String) options.get(REALM_NAME);
+ initializeModule(requestPolicy, responsePolicy, handler, options);
+ }
+
+
+ public String getRealmName() {
+ return Optional.of(realmName).orElse(DEFAULT_REALM_NAME);
}
+
+
+ @SuppressWarnings("rawtypes")
+ public abstract void initializeModule(MessagePolicy requestPolicy,
+ MessagePolicy responsePolicy, CallbackHandler handler, Map options)
+ throws AuthException;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org