You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by jd...@apache.org on 2008/11/25 08:54:59 UTC

svn commit: r720434 - in /geronimo/gshell/trunk: gshell-commands/gshell-ssh/src/main/java/org/apache/geronimo/gshell/commands/ssh/ gshell-commands/gshell-ssh/src/main/resources/META-INF/gshell/ gshell-support/gshell-security/src/main/java/org/apache/ge...

Author: jdillon
Date: Mon Nov 24 23:54:55 2008
New Revision: 720434

URL: http://svn.apache.org/viewvc?rev=720434&view=rev
Log:
Hook up JSecurity for sshd auth

Added:
    geronimo/gshell/trunk/gshell-support/gshell-security/src/main/java/org/apache/geronimo/gshell/security/crypto/SecurityManagerInstaller.java   (with props)
Modified:
    geronimo/gshell/trunk/gshell-commands/gshell-ssh/src/main/java/org/apache/geronimo/gshell/commands/ssh/JSecurityPasswordAuthenticator.java
    geronimo/gshell/trunk/gshell-commands/gshell-ssh/src/main/resources/META-INF/gshell/components.xml
    geronimo/gshell/trunk/gshell-support/gshell-security/src/main/resources/META-INF/gshell/components.xml

Modified: geronimo/gshell/trunk/gshell-commands/gshell-ssh/src/main/java/org/apache/geronimo/gshell/commands/ssh/JSecurityPasswordAuthenticator.java
URL: http://svn.apache.org/viewvc/geronimo/gshell/trunk/gshell-commands/gshell-ssh/src/main/java/org/apache/geronimo/gshell/commands/ssh/JSecurityPasswordAuthenticator.java?rev=720434&r1=720433&r2=720434&view=diff
==============================================================================
--- geronimo/gshell/trunk/gshell-commands/gshell-ssh/src/main/java/org/apache/geronimo/gshell/commands/ssh/JSecurityPasswordAuthenticator.java (original)
+++ geronimo/gshell/trunk/gshell-commands/gshell-ssh/src/main/java/org/apache/geronimo/gshell/commands/ssh/JSecurityPasswordAuthenticator.java Mon Nov 24 23:54:55 2008
@@ -20,10 +20,11 @@
 package org.apache.geronimo.gshell.commands.ssh;
 
 import com.google.code.sshd.server.PasswordAuthenticator;
-import org.jsecurity.SecurityUtils;
 import org.jsecurity.authc.AuthenticationException;
 import org.jsecurity.authc.UsernamePasswordToken;
 import org.jsecurity.subject.Subject;
+import org.jsecurity.mgt.SecurityManager;
+import org.jsecurity.SecurityUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -37,25 +38,47 @@
 {
     private final Logger log = LoggerFactory.getLogger(getClass());
 
+    private final SecurityManager securityManager;
+
+    public JSecurityPasswordAuthenticator(final SecurityManager securityManager) {
+        // securityManager can be null
+        this.securityManager = securityManager;
+    }
+
+    public JSecurityPasswordAuthenticator() {
+        this(null);
+    }
+
     public Object authenticate(final String username, final String password) {
         assert username != null;
         assert password != null;
-        
-        Subject currentUser = SecurityUtils.getSubject();
 
-        if (!currentUser.isAuthenticated()) {
-            UsernamePasswordToken token = new UsernamePasswordToken(username, password);
+        log.debug("Authenticating: {}/{}", username, password);
 
-            try {
-                currentUser.login(token);
-                log.info("User [" + currentUser.getPrincipal() + "] logged in successfully");
-            }
-            catch (AuthenticationException e) {
-                log.error("Authentication failed: " + e, e);
-                return null;
-            }
+        Subject currentUser;
+
+        if (securityManager != null) {
+            currentUser = securityManager.getSubject();
+        }
+        else {
+            currentUser = SecurityUtils.getSubject();
+        }
+
+        if (currentUser.isAuthenticated()) {
+            log.debug("Logging out current user: {}", currentUser.getPrincipal());
+            currentUser.logout();
         }
 
-        return currentUser.getPrincipal();
+        try {
+            UsernamePasswordToken token = new UsernamePasswordToken(username, password);
+            currentUser.login(token);
+            Object principal = currentUser.getPrincipal();
+            log.info("User [{}] logged in successfully", principal);
+            return principal;
+        }
+        catch (AuthenticationException e) {
+            log.error("Authentication failed: " + e, e);
+            return null;
+        }
     }
 }
\ No newline at end of file

Modified: geronimo/gshell/trunk/gshell-commands/gshell-ssh/src/main/resources/META-INF/gshell/components.xml
URL: http://svn.apache.org/viewvc/geronimo/gshell/trunk/gshell-commands/gshell-ssh/src/main/resources/META-INF/gshell/components.xml?rev=720434&r1=720433&r2=720434&view=diff
==============================================================================
--- geronimo/gshell/trunk/gshell-commands/gshell-ssh/src/main/resources/META-INF/gshell/components.xml (original)
+++ geronimo/gshell/trunk/gshell-commands/gshell-ssh/src/main/resources/META-INF/gshell/components.xml Mon Nov 24 23:54:55 2008
@@ -79,10 +79,12 @@
 
     <bean name="keyPairProvider" class="com.google.code.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider"/>
 
-    <bean name="passwordAuthenticator" class="org.apache.geronimo.gshell.commands.ssh.BogusPasswordAuthenticator"/>
+    <bean name="passwordAuthenticator" class="org.apache.geronimo.gshell.commands.ssh.JSecurityPasswordAuthenticator">
+        <constructor-arg ref="securityManager"/>
+    </bean>
 
     <!--
-    <bean name="passwordAuthenticator" class="org.apache.geronimo.gshell.commands.ssh.JSecurityPasswordAuthenticator"/>
+    <bean name="passwordAuthenticator" class="org.apache.geronimo.gshell.commands.ssh.BogusPasswordAuthenticator"/>
     -->
 
 </beans>
\ No newline at end of file

Added: geronimo/gshell/trunk/gshell-support/gshell-security/src/main/java/org/apache/geronimo/gshell/security/crypto/SecurityManagerInstaller.java
URL: http://svn.apache.org/viewvc/geronimo/gshell/trunk/gshell-support/gshell-security/src/main/java/org/apache/geronimo/gshell/security/crypto/SecurityManagerInstaller.java?rev=720434&view=auto
==============================================================================
--- geronimo/gshell/trunk/gshell-support/gshell-security/src/main/java/org/apache/geronimo/gshell/security/crypto/SecurityManagerInstaller.java (added)
+++ geronimo/gshell/trunk/gshell-support/gshell-security/src/main/java/org/apache/geronimo/gshell/security/crypto/SecurityManagerInstaller.java Mon Nov 24 23:54:55 2008
@@ -0,0 +1,47 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.geronimo.gshell.security.crypto;
+
+import org.jsecurity.mgt.SecurityManager;
+import org.jsecurity.SecurityUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Installs a static {@link SecurityManager}.
+ *
+ * @version $Rev$ $Date$
+ */
+public class SecurityManagerInstaller
+{
+    private final Logger log = LoggerFactory.getLogger(getClass());
+
+    private SecurityManager securityManager;
+
+    public SecurityManagerInstaller(final SecurityManager securityManager) {
+        assert securityManager != null;
+        this.securityManager = securityManager;
+    }
+
+    public void init() {
+        log.debug("Installing security manager: {}", securityManager);
+        SecurityUtils.setSecurityManager(securityManager);
+    }
+}
\ No newline at end of file

Propchange: geronimo/gshell/trunk/gshell-support/gshell-security/src/main/java/org/apache/geronimo/gshell/security/crypto/SecurityManagerInstaller.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/gshell/trunk/gshell-support/gshell-security/src/main/java/org/apache/geronimo/gshell/security/crypto/SecurityManagerInstaller.java
------------------------------------------------------------------------------
    svn:keywords = Date Author Id Revision HeadURL

Propchange: geronimo/gshell/trunk/gshell-support/gshell-security/src/main/java/org/apache/geronimo/gshell/security/crypto/SecurityManagerInstaller.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: geronimo/gshell/trunk/gshell-support/gshell-security/src/main/resources/META-INF/gshell/components.xml
URL: http://svn.apache.org/viewvc/geronimo/gshell/trunk/gshell-support/gshell-security/src/main/resources/META-INF/gshell/components.xml?rev=720434&r1=720433&r2=720434&view=diff
==============================================================================
--- geronimo/gshell/trunk/gshell-support/gshell-security/src/main/resources/META-INF/gshell/components.xml (original)
+++ geronimo/gshell/trunk/gshell-support/gshell-security/src/main/resources/META-INF/gshell/components.xml Mon Nov 24 23:54:55 2008
@@ -24,34 +24,30 @@
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd"
        default-autowire="no"
-       default-dependency-check="none"
-       default-init-method="init"
-       default-destroy-method="destroy">
+       default-dependency-check="none">
 
     <bean id="cryptoContext" class="org.apache.geronimo.gshell.security.crypto.CryptoContextImpl" lazy-init="true">
         <property name="transformation" value="RSA"/>
         <property name="provider" value="default"/>
     </bean>
+
+    <bean class="org.apache.geronimo.gshell.security.crypto.SecurityManagerInstaller" init-method="init">
+        <constructor-arg ref="securityManager"/>
+    </bean>
     
     <bean id="securityManager" class="org.jsecurity.mgt.DefaultSecurityManager" lazy-init="true">
+        <property name="cacheManager">
+            <bean class="org.jsecurity.cache.HashtableCacheManager"/>
+        </property>
         <property name="realms">
             <list>
-                <ref bean="bogusRealm"/>
+                <ref bean="localRealm"/>
             </list>
         </property>
     </bean>
 
-    <bean id="bogusRealm" class="org.jsecurity.realm.text.TextConfigurationRealm" lazy-init="true">
-        <property name="userDefinitions">
-            <value>
-                test=test
-            </value>
-        </property>
-        <property name="roleDefinitions">
-            <value>
-                foo=bar,baz
-            </value>
-        </property>
+    <bean id="localRealm" class="org.jsecurity.realm.text.PropertiesRealm" lazy-init="true">
+        <property name="resourcePath" value="classpath:security.properties"/>
     </bean>
 
     <!--
@@ -62,9 +58,7 @@
     <bean class="org.jsecurity.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
         <property name="securityManager" ref="securityManager"/>
     </bean>
-    -->
     
-    <!--
     <bean id="secureRemoteInvocationExecutor" class="org.jsecurity.spring.remoting.SecureRemoteInvocationExecutor">
         <property name="securityManager" ref="securityManager"/>
     </bean>