You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by jd...@apache.org on 2008/11/25 08:54:59 UTC
svn commit: r720434 - in /geronimo/gshell/trunk:
gshell-commands/gshell-ssh/src/main/java/org/apache/geronimo/gshell/commands/ssh/
gshell-commands/gshell-ssh/src/main/resources/META-INF/gshell/
gshell-support/gshell-security/src/main/java/org/apache/ge...
Author: jdillon
Date: Mon Nov 24 23:54:55 2008
New Revision: 720434
URL: http://svn.apache.org/viewvc?rev=720434&view=rev
Log:
Hook up JSecurity for sshd auth
Added:
geronimo/gshell/trunk/gshell-support/gshell-security/src/main/java/org/apache/geronimo/gshell/security/crypto/SecurityManagerInstaller.java (with props)
Modified:
geronimo/gshell/trunk/gshell-commands/gshell-ssh/src/main/java/org/apache/geronimo/gshell/commands/ssh/JSecurityPasswordAuthenticator.java
geronimo/gshell/trunk/gshell-commands/gshell-ssh/src/main/resources/META-INF/gshell/components.xml
geronimo/gshell/trunk/gshell-support/gshell-security/src/main/resources/META-INF/gshell/components.xml
Modified: geronimo/gshell/trunk/gshell-commands/gshell-ssh/src/main/java/org/apache/geronimo/gshell/commands/ssh/JSecurityPasswordAuthenticator.java
URL: http://svn.apache.org/viewvc/geronimo/gshell/trunk/gshell-commands/gshell-ssh/src/main/java/org/apache/geronimo/gshell/commands/ssh/JSecurityPasswordAuthenticator.java?rev=720434&r1=720433&r2=720434&view=diff
==============================================================================
--- geronimo/gshell/trunk/gshell-commands/gshell-ssh/src/main/java/org/apache/geronimo/gshell/commands/ssh/JSecurityPasswordAuthenticator.java (original)
+++ geronimo/gshell/trunk/gshell-commands/gshell-ssh/src/main/java/org/apache/geronimo/gshell/commands/ssh/JSecurityPasswordAuthenticator.java Mon Nov 24 23:54:55 2008
@@ -20,10 +20,11 @@
package org.apache.geronimo.gshell.commands.ssh;
import com.google.code.sshd.server.PasswordAuthenticator;
-import org.jsecurity.SecurityUtils;
import org.jsecurity.authc.AuthenticationException;
import org.jsecurity.authc.UsernamePasswordToken;
import org.jsecurity.subject.Subject;
+import org.jsecurity.mgt.SecurityManager;
+import org.jsecurity.SecurityUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -37,25 +38,47 @@
{
private final Logger log = LoggerFactory.getLogger(getClass());
+ private final SecurityManager securityManager;
+
+ public JSecurityPasswordAuthenticator(final SecurityManager securityManager) {
+ // securityManager can be null
+ this.securityManager = securityManager;
+ }
+
+ public JSecurityPasswordAuthenticator() {
+ this(null);
+ }
+
public Object authenticate(final String username, final String password) {
assert username != null;
assert password != null;
-
- Subject currentUser = SecurityUtils.getSubject();
- if (!currentUser.isAuthenticated()) {
- UsernamePasswordToken token = new UsernamePasswordToken(username, password);
+ log.debug("Authenticating: {}/{}", username, password);
- try {
- currentUser.login(token);
- log.info("User [" + currentUser.getPrincipal() + "] logged in successfully");
- }
- catch (AuthenticationException e) {
- log.error("Authentication failed: " + e, e);
- return null;
- }
+ Subject currentUser;
+
+ if (securityManager != null) {
+ currentUser = securityManager.getSubject();
+ }
+ else {
+ currentUser = SecurityUtils.getSubject();
+ }
+
+ if (currentUser.isAuthenticated()) {
+ log.debug("Logging out current user: {}", currentUser.getPrincipal());
+ currentUser.logout();
}
- return currentUser.getPrincipal();
+ try {
+ UsernamePasswordToken token = new UsernamePasswordToken(username, password);
+ currentUser.login(token);
+ Object principal = currentUser.getPrincipal();
+ log.info("User [{}] logged in successfully", principal);
+ return principal;
+ }
+ catch (AuthenticationException e) {
+ log.error("Authentication failed: " + e, e);
+ return null;
+ }
}
}
\ No newline at end of file
Modified: geronimo/gshell/trunk/gshell-commands/gshell-ssh/src/main/resources/META-INF/gshell/components.xml
URL: http://svn.apache.org/viewvc/geronimo/gshell/trunk/gshell-commands/gshell-ssh/src/main/resources/META-INF/gshell/components.xml?rev=720434&r1=720433&r2=720434&view=diff
==============================================================================
--- geronimo/gshell/trunk/gshell-commands/gshell-ssh/src/main/resources/META-INF/gshell/components.xml (original)
+++ geronimo/gshell/trunk/gshell-commands/gshell-ssh/src/main/resources/META-INF/gshell/components.xml Mon Nov 24 23:54:55 2008
@@ -79,10 +79,12 @@
<bean name="keyPairProvider" class="com.google.code.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider"/>
- <bean name="passwordAuthenticator" class="org.apache.geronimo.gshell.commands.ssh.BogusPasswordAuthenticator"/>
+ <bean name="passwordAuthenticator" class="org.apache.geronimo.gshell.commands.ssh.JSecurityPasswordAuthenticator">
+ <constructor-arg ref="securityManager"/>
+ </bean>
<!--
- <bean name="passwordAuthenticator" class="org.apache.geronimo.gshell.commands.ssh.JSecurityPasswordAuthenticator"/>
+ <bean name="passwordAuthenticator" class="org.apache.geronimo.gshell.commands.ssh.BogusPasswordAuthenticator"/>
-->
</beans>
\ No newline at end of file
Added: geronimo/gshell/trunk/gshell-support/gshell-security/src/main/java/org/apache/geronimo/gshell/security/crypto/SecurityManagerInstaller.java
URL: http://svn.apache.org/viewvc/geronimo/gshell/trunk/gshell-support/gshell-security/src/main/java/org/apache/geronimo/gshell/security/crypto/SecurityManagerInstaller.java?rev=720434&view=auto
==============================================================================
--- geronimo/gshell/trunk/gshell-support/gshell-security/src/main/java/org/apache/geronimo/gshell/security/crypto/SecurityManagerInstaller.java (added)
+++ geronimo/gshell/trunk/gshell-support/gshell-security/src/main/java/org/apache/geronimo/gshell/security/crypto/SecurityManagerInstaller.java Mon Nov 24 23:54:55 2008
@@ -0,0 +1,47 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.geronimo.gshell.security.crypto;
+
+import org.jsecurity.mgt.SecurityManager;
+import org.jsecurity.SecurityUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Installs a static {@link SecurityManager}.
+ *
+ * @version $Rev$ $Date$
+ */
+public class SecurityManagerInstaller
+{
+ private final Logger log = LoggerFactory.getLogger(getClass());
+
+ private SecurityManager securityManager;
+
+ public SecurityManagerInstaller(final SecurityManager securityManager) {
+ assert securityManager != null;
+ this.securityManager = securityManager;
+ }
+
+ public void init() {
+ log.debug("Installing security manager: {}", securityManager);
+ SecurityUtils.setSecurityManager(securityManager);
+ }
+}
\ No newline at end of file
Propchange: geronimo/gshell/trunk/gshell-support/gshell-security/src/main/java/org/apache/geronimo/gshell/security/crypto/SecurityManagerInstaller.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/gshell/trunk/gshell-support/gshell-security/src/main/java/org/apache/geronimo/gshell/security/crypto/SecurityManagerInstaller.java
------------------------------------------------------------------------------
svn:keywords = Date Author Id Revision HeadURL
Propchange: geronimo/gshell/trunk/gshell-support/gshell-security/src/main/java/org/apache/geronimo/gshell/security/crypto/SecurityManagerInstaller.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: geronimo/gshell/trunk/gshell-support/gshell-security/src/main/resources/META-INF/gshell/components.xml
URL: http://svn.apache.org/viewvc/geronimo/gshell/trunk/gshell-support/gshell-security/src/main/resources/META-INF/gshell/components.xml?rev=720434&r1=720433&r2=720434&view=diff
==============================================================================
--- geronimo/gshell/trunk/gshell-support/gshell-security/src/main/resources/META-INF/gshell/components.xml (original)
+++ geronimo/gshell/trunk/gshell-support/gshell-security/src/main/resources/META-INF/gshell/components.xml Mon Nov 24 23:54:55 2008
@@ -24,34 +24,30 @@
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd"
default-autowire="no"
- default-dependency-check="none"
- default-init-method="init"
- default-destroy-method="destroy">
+ default-dependency-check="none">
<bean id="cryptoContext" class="org.apache.geronimo.gshell.security.crypto.CryptoContextImpl" lazy-init="true">
<property name="transformation" value="RSA"/>
<property name="provider" value="default"/>
</bean>
+
+ <bean class="org.apache.geronimo.gshell.security.crypto.SecurityManagerInstaller" init-method="init">
+ <constructor-arg ref="securityManager"/>
+ </bean>
<bean id="securityManager" class="org.jsecurity.mgt.DefaultSecurityManager" lazy-init="true">
+ <property name="cacheManager">
+ <bean class="org.jsecurity.cache.HashtableCacheManager"/>
+ </property>
<property name="realms">
<list>
- <ref bean="bogusRealm"/>
+ <ref bean="localRealm"/>
</list>
</property>
</bean>
- <bean id="bogusRealm" class="org.jsecurity.realm.text.TextConfigurationRealm" lazy-init="true">
- <property name="userDefinitions">
- <value>
- test=test
- </value>
- </property>
- <property name="roleDefinitions">
- <value>
- foo=bar,baz
- </value>
- </property>
+ <bean id="localRealm" class="org.jsecurity.realm.text.PropertiesRealm" lazy-init="true">
+ <property name="resourcePath" value="classpath:security.properties"/>
</bean>
<!--
@@ -62,9 +58,7 @@
<bean class="org.jsecurity.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager"/>
</bean>
- -->
- <!--
<bean id="secureRemoteInvocationExecutor" class="org.jsecurity.spring.remoting.SecureRemoteInvocationExecutor">
<property name="securityManager" ref="securityManager"/>
</bean>