You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by re...@apache.org on 2005/04/01 13:36:52 UTC
cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/connector Request.java
remm 2005/04/01 03:36:52
Modified: catalina/src/share/org/apache/catalina/realm
GenericPrincipal.java JAASRealm.java
catalina/src/share/org/apache/catalina/connector
Request.java
Log:
- Commit my proposed changes to GenericPrincipal, and use it to remove the role map in the JAAS realm.
- Let me know if I did it wrong ;)
Revision Changes Path
1.5 +33 -14 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/GenericPrincipal.java
Index: GenericPrincipal.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/GenericPrincipal.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- GenericPrincipal.java 27 Feb 2004 14:58:45 -0000 1.4
+++ GenericPrincipal.java 1 Apr 2005 11:36:51 -0000 1.5
@@ -65,25 +65,29 @@
*/
public GenericPrincipal(Realm realm, String name, String password,
List roles) {
-
- super();
- this.realm = realm;
- this.name = name;
- this.password = password;
- if (roles != null) {
- this.roles = new String[roles.size()];
- this.roles = (String[]) roles.toArray(this.roles);
- if (this.roles.length > 0)
- Arrays.sort(this.roles);
- }
+ this(realm, name, password, roles, null);
}
- public GenericPrincipal(String name, String password,
- List roles) {
+ /**
+ * Construct a new Principal, associated with the specified Realm, for the
+ * specified username and password, with the specified role names
+ * (as Strings).
+ *
+ * @param realm The Realm that owns this principal
+ * @param name The username of the user represented by this Principal
+ * @param password Credentials used to authenticate this user
+ * @param roles List of roles (must be Strings) possessed by this user
+ * @param userPrincipal - the principal to be returned from the request
+ * getUserPrincipal call if not null; if null, this will be returned
+ */
+ public GenericPrincipal(Realm realm, String name, String password,
+ List roles, Principal userPrincipal) {
super();
+ this.realm = realm;
this.name = name;
this.password = password;
+ this.userPrincipal = userPrincipal;
if (roles != null) {
this.roles = new String[roles.size()];
this.roles = (String[]) roles.toArray(this.roles);
@@ -92,6 +96,7 @@
}
}
+
// ------------------------------------------------------------- Properties
@@ -140,6 +145,20 @@
}
+ /**
+ * The authenticated Principal to be exposed to applications.
+ */
+ protected Principal userPrincipal = null;
+
+ public Principal getUserPrincipal() {
+ if (userPrincipal != null) {
+ return userPrincipal;
+ } else {
+ return this;
+ }
+ }
+
+
// --------------------------------------------------------- Public Methods
1.12 +3 -63 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/JAASRealm.java
Index: JAASRealm.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/JAASRealm.java,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- JAASRealm.java 6 Oct 2004 16:11:34 -0000 1.11
+++ JAASRealm.java 1 Apr 2005 11:36:51 -0000 1.12
@@ -20,9 +20,7 @@
import java.security.Principal;
import java.util.ArrayList;
-import java.util.HashMap;
import java.util.Iterator;
-import java.util.Map;
import java.util.List;
import javax.security.auth.Subject;
@@ -170,12 +168,6 @@
*/
protected List userClasses = new ArrayList();
- /**
- * Map associating each user <code>Principal</code> object
- * with an array of role <code>Principal</code>s.
- * This Map is read when <code>hasRole</code> is called.
- */
- protected Map roleMap = new HashMap();
/**
* Whether to use context ClassLoader or default ClassLoader.
@@ -417,52 +409,6 @@
}
}
- /**
- * Returns <code>true</code> if the specified user <code>Principal</code> has the specified
- * security role, within the context of this <code>Realm</code>; otherwise return
- * <code>false</code>. This will be true when
- * an associated role <code>Principal</code> can be found whose <code>getName</code>
- * method returns a <code>String</code> equalling the specified role.
- * @param principal <code>Principal</code> for whom the role is to be checked
- * @param role Security role to be checked
- */
- public boolean hasRole(Principal principal, String role) {
- if (log.isDebugEnabled()) {
- log.debug(sm.getString("jaasRealm.isInRole.start", principal.getName(), role));
- }
-
- if ((principal == null) || (role == null) ||
- (roleMap.get(principal) == null)) {
- if (log.isDebugEnabled()) {
- log.debug(sm.getString("jaasRealm.isInRole.noPrincipalOrRole"));
- }
- return false;
- }
-
- List roles = (List)roleMap.get(principal);
- if (log.isDebugEnabled()) {
- log.debug(sm.getString("jaasRealm.isInRole.principalCached", String.valueOf(roles.size())));
- }
-
- for (Iterator it = roles.iterator(); it.hasNext();) {
- Principal possessedRole = (Principal)it.next();
- String possessedRoleName = possessedRole.getName();
- if (log.isDebugEnabled()) {
- log.debug(sm.getString("jaasRealm.isInRole.possessesRole", possessedRole.getName()));
- }
-
- if (possessedRoleName.equals(role)) {
- if (log.isDebugEnabled()) {
- log.debug(sm.getString("jaasRealm.isInRole.match"));
- }
- return true;
- }
- }
- if (log.isDebugEnabled()) {
- log.debug(sm.getString("jaasRealm.isInRole.noMatch"));
- }
- return false;
- }
// -------------------------------------------------------- Package Methods
@@ -538,7 +484,7 @@
}
if (roleClasses.contains(principalClass)) {
- roles.add(principal);
+ roles.add(principal.getName());
if( log.isDebugEnabled() ) {
log.debug(sm.getString("jaasRealm.rolePrincipalAdd", principal.getName()));
}
@@ -556,17 +502,11 @@
if (log.isDebugEnabled()) {
log.debug(sm.getString("jaasRealm.rolePrincipalFailure"));
}
- } else {
- roleMap.put(userPrincipal, roles);
- if (log.isDebugEnabled()) {
- log.debug(sm.getString("jaasRealm.rolePrincipalSuccess", String.valueOf(roles.size())));
- log.debug(sm.getString("jaasRealm.cachePrincipal", userPrincipal.getName(), String.valueOf(roles.size())));
- }
}
}
// Return the resulting Principal for our authenticated user
- return userPrincipal;
+ return new GenericPrincipal(this, username, null, roles, userPrincipal);
}
/**
1.21 +7 -2 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/connector/Request.java
Index: Request.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/connector/Request.java,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- Request.java 31 Mar 2005 10:31:53 -0000 1.20
+++ Request.java 1 Apr 2005 11:36:52 -0000 1.21
@@ -62,6 +62,7 @@
import org.apache.catalina.Session;
import org.apache.catalina.Wrapper;
import org.apache.catalina.core.ApplicationFilterFactory;
+import org.apache.catalina.realm.GenericPrincipal;
import org.apache.catalina.util.Enumerator;
import org.apache.catalina.util.ParameterMap;
import org.apache.catalina.util.RequestUtil;
@@ -2127,7 +2128,11 @@
* Return the principal that has been authenticated for this Request.
*/
public Principal getUserPrincipal() {
- return (userPrincipal);
+ if (userPrincipal instanceof GenericPrincipal) {
+ return ((GenericPrincipal) userPrincipal).getUserPrincipal();
+ } else {
+ return (userPrincipal);
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/connector
Request.java
Posted by Remy Maucherat <re...@apache.org>.
Bill Barker wrote:
>>remm 2005/04/01 03:36:52
>>
>> Modified: catalina/src/share/org/apache/catalina/realm
>> GenericPrincipal.java JAASRealm.java
>> catalina/src/share/org/apache/catalina/connector
>> Request.java
>> Log:
>> - Commit my proposed changes to GenericPrincipal, and use it to remove
>
> the role map in the JAAS realm.
>
>> - Let me know if I did it wrong ;)
>
> Cluster has code to serialize GP that will need to be updated (but I don't
> see a good way myself off the top of my head :(). But with this, at least
> Cluster+JAAS is less broken than it was before.
I didn't think about that kind of issues at all. It's one of the reasons
I didn't do it before 5.5.9 ;)
Maybe it would be good to standardize on JAAS + JAAC for the next big
release.
When serializing the session, the principal is marked as transient. I
don't know much besides that.
Rémy
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/connector Request.java
Posted by Bill Barker <wb...@wilshire.com>.
----- Original Message -----
From: <re...@apache.org>
To: <ja...@apache.org>
Sent: Friday, April 01, 2005 3:36 AM
Subject: cvs commit:
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/connector
Request.java
> remm 2005/04/01 03:36:52
>
> Modified: catalina/src/share/org/apache/catalina/realm
> GenericPrincipal.java JAASRealm.java
> catalina/src/share/org/apache/catalina/connector
> Request.java
> Log:
> - Commit my proposed changes to GenericPrincipal, and use it to remove
the role map in the JAAS realm.
> - Let me know if I did it wrong ;)
>
Cluster has code to serialize GP that will need to be updated (but I don't
see a good way myself off the top of my head :(). But with this, at least
Cluster+JAAS is less broken than it was before.
This message is intended only for the use of the person(s) listed above as the intended recipient(s), and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not an intended recipient, you may not read, copy, or distribute this message or any attachment. If you received this communication in error, please notify us immediately by e-mail and then delete all copies of this message and any attachments.
In addition you should be aware that ordinary (unencrypted) e-mail sent through the Internet is not secure. Do not send confidential or sensitive information, such as social security numbers, account numbers, personal identification numbers and passwords, to us via ordinary (unencrypted) e-mail.