You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2016/02/16 21:47:09 UTC
svn commit: r1730748 - in
/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic:
LocalStrings.properties SimpleAuthConfigProvider.java
SimpleServerAuthConfig.java SimpleServerAuthContext.java
Author: markt
Date: Tue Feb 16 20:47:09 2016
New Revision: 1730748
URL: http://svn.apache.org/viewvc?rev=1730748&view=rev
Log:
Add simple implementations that can use used, via configuration, when working with 3rd-party providers that only provide a ServerAuthModule implementation.
Added:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/SimpleAuthConfigProvider.java (with props)
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/SimpleServerAuthConfig.java (with props)
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/SimpleServerAuthContext.java (with props)
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/LocalStrings.properties
Modified: tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/LocalStrings.properties
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/LocalStrings.properties?rev=1730748&r1=1730747&r2=1730748&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/LocalStrings.properties (original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/LocalStrings.properties Tue Feb 16 20:47:09 2016
@@ -23,4 +23,6 @@ jaspicAuthenticator.authenticate=Authent
persistentProviderRegistrations.deleteFail=The temporary file [{0}] cannot be deleted
persistentProviderRegistrations.existsDeleteFail=The temporary file [{0}] already exists and cannot be deleted
-persistentProviderRegistrations.moveFail=Failed to move [{0}] to [{1}]
\ No newline at end of file
+persistentProviderRegistrations.moveFail=Failed to move [{0}] to [{1}]
+
+simpleServerAuthConfig.noModules="No ServerAuthModules configured"
\ No newline at end of file
Added: tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/SimpleAuthConfigProvider.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/SimpleAuthConfigProvider.java?rev=1730748&view=auto
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/SimpleAuthConfigProvider.java (added)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/SimpleAuthConfigProvider.java Tue Feb 16 20:47:09 2016
@@ -0,0 +1,89 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.authenticator.jaspic;
+
+import java.util.Map;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.config.AuthConfigFactory;
+import javax.security.auth.message.config.AuthConfigProvider;
+import javax.security.auth.message.config.ClientAuthConfig;
+import javax.security.auth.message.config.ServerAuthConfig;
+
+/**
+ * Basic implementation primarily intended for use when using third-party
+ * {@link javax.security.auth.message.module.ServerAuthModule} implementations
+ * that only provide the module.
+ */
+public class SimpleAuthConfigProvider implements AuthConfigProvider {
+
+ private final Map<String,String> properties;
+
+ private volatile ServerAuthConfig serverAuthConfig;
+
+ public SimpleAuthConfigProvider(Map<String,String> properties, AuthConfigFactory factory) {
+ this.properties = properties;
+ if (factory != null) {
+ factory.registerConfigProvider(this, null, null, "Automatic registration");
+ }
+ }
+
+
+ /**
+ * {@inheritDoc}
+ * <p>
+ * This implementation does not support client-side authentication and
+ * therefore always returns {@code null}.
+ */
+ @Override
+ public ClientAuthConfig getClientAuthConfig(String layer, String appContext,
+ CallbackHandler handler) throws AuthException {
+ return null;
+ }
+
+
+ @Override
+ public ServerAuthConfig getServerAuthConfig(String layer, String appContext,
+ CallbackHandler handler) throws AuthException {
+ ServerAuthConfig serverAuthConfig = this.serverAuthConfig;
+ if (serverAuthConfig == null) {
+ synchronized (this) {
+ if (this.serverAuthConfig == null) {
+ this.serverAuthConfig = createServerAuthConfig(layer, appContext, handler, properties);
+ }
+ serverAuthConfig = this.serverAuthConfig;
+ }
+ }
+ return serverAuthConfig;
+ }
+
+
+ protected ServerAuthConfig createServerAuthConfig(String layer, String appContext,
+ CallbackHandler handler, Map<String,String> properties) {
+ return new SimpleServerAuthConfig(layer, appContext, handler, properties);
+ }
+
+
+ @Override
+ public void refresh() {
+ ServerAuthConfig serverAuthConfig = this.serverAuthConfig;
+ if (serverAuthConfig != null) {
+ serverAuthConfig.refresh();
+ }
+ }
+}
Propchange: tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/SimpleAuthConfigProvider.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/SimpleServerAuthConfig.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/SimpleServerAuthConfig.java?rev=1730748&view=auto
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/SimpleServerAuthConfig.java (added)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/SimpleServerAuthConfig.java Tue Feb 16 20:47:09 2016
@@ -0,0 +1,150 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.authenticator.jaspic;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.config.ServerAuthConfig;
+import javax.security.auth.message.config.ServerAuthContext;
+import javax.security.auth.message.module.ServerAuthModule;
+
+import org.apache.tomcat.util.res.StringManager;
+
+/**
+ * Basic implementation primarily intended for use when using third-party
+ * {@link ServerAuthModule} implementations that only provide the module. This
+ * implementation supports configuring the {@link ServerAuthContext} with
+ * multiple modules.
+ */
+public class SimpleServerAuthConfig implements ServerAuthConfig {
+
+ private static StringManager sm = StringManager.getManager(SimpleServerAuthConfig.class);
+
+ private static final String SERVER_AUTH_MODULE_KEY_PREFIX =
+ "org.apache.catalina.authenticator.jaspic.ServerAuthModule.";
+
+ private final String layer;
+ private final String appContext;
+ private final CallbackHandler handler;
+ private final Map<String,String> properties;
+
+ private volatile ServerAuthContext serverAuthContext;
+
+ public SimpleServerAuthConfig(String layer, String appContext, CallbackHandler handler,
+ Map<String,String> properties) {
+ this.layer = layer;
+ this.appContext = appContext;
+ this.handler = handler;
+ this.properties = properties;
+ }
+
+
+ @Override
+ public String getMessageLayer() {
+ return layer;
+ }
+
+
+ @Override
+ public String getAppContext() {
+ return appContext;
+ }
+
+
+ @Override
+ public String getAuthContextID(MessageInfo messageInfo) {
+ return messageInfo.toString();
+ }
+
+
+ @Override
+ public void refresh() {
+ serverAuthContext = null;
+ }
+
+
+ @Override
+ public boolean isProtected() {
+ return false;
+ }
+
+
+ @SuppressWarnings({"rawtypes", "unchecked"}) // JASPIC API uses raw types
+ @Override
+ public ServerAuthContext getAuthContext(String authContextID, Subject serviceSubject,
+ Map properties) throws AuthException {
+ ServerAuthContext serverAuthContext = this.serverAuthContext;
+ if (serverAuthContext == null) {
+ synchronized (this) {
+ if (this.serverAuthContext == null) {
+ Map<String,String> mergedProperties = new HashMap<>();
+ if (this.properties != null) {
+ mergedProperties.putAll(this.properties);
+ }
+ if (properties == null) {
+ throw new AuthException(sm.getString("simpleServerAuthConfig.noModules"));
+ } else {
+ mergedProperties.putAll(properties);
+ }
+
+ List<ServerAuthModule> modules = new ArrayList<>();
+ int moduleIndex = 1;
+ String key = SERVER_AUTH_MODULE_KEY_PREFIX + moduleIndex;
+ String moduleClassName = (String) properties.get(key);
+ while (moduleClassName != null) {
+ try {
+ Class<?> clazz = Class.forName(moduleClassName);
+ ServerAuthModule module = (ServerAuthModule) clazz.newInstance();
+ module.initialize(null, null, handler, mergedProperties);
+ modules.add(module);
+ } catch (ClassNotFoundException | InstantiationException | IllegalAccessException e) {
+ AuthException ae = new AuthException();
+ ae.initCause(e);
+ throw ae;
+ }
+
+ // Look for the next module
+ moduleIndex++;
+ key = SERVER_AUTH_MODULE_KEY_PREFIX + moduleIndex;
+ moduleClassName = (String) properties.get(key);
+ }
+
+ if (modules.size() == 0) {
+ throw new AuthException(sm.getString("simpleServerAuthConfig.noModules"));
+ }
+
+ this.serverAuthContext = createServerAuthContext(modules);
+ }
+ serverAuthContext = this.serverAuthContext;
+ }
+ }
+
+ return serverAuthContext;
+ }
+
+
+ protected ServerAuthContext createServerAuthContext(List<ServerAuthModule> modules) {
+ return new SimpleServerAuthContext(modules);
+ }
+}
Propchange: tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/SimpleServerAuthConfig.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/SimpleServerAuthContext.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/SimpleServerAuthContext.java?rev=1730748&view=auto
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/SimpleServerAuthContext.java (added)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/SimpleServerAuthContext.java Tue Feb 16 20:47:09 2016
@@ -0,0 +1,74 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.authenticator.jaspic;
+
+import java.util.List;
+
+import javax.security.auth.Subject;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.config.ServerAuthContext;
+import javax.security.auth.message.module.ServerAuthModule;
+
+/**
+ * Basic implementation primarily intended for use when using third-party
+ * {@link ServerAuthModule} implementations that only provide the module. This
+ * implementation supports multiple modules and will treat the user as
+ * authenticated if any one module is able to authenticate the user.
+ */
+public class SimpleServerAuthContext implements ServerAuthContext {
+
+ private final List<ServerAuthModule> modules;
+
+
+ public SimpleServerAuthContext(List<ServerAuthModule> modules) {
+ this.modules = modules;
+ }
+
+
+ @SuppressWarnings("unchecked") // JASPIC API uses raw types
+ @Override
+ public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject,
+ Subject serviceSubject) throws AuthException {
+ for (int moduleIndex = 0; moduleIndex < modules.size(); moduleIndex++) {
+ ServerAuthModule module = modules.get(moduleIndex);
+ AuthStatus result = module.validateRequest(messageInfo, clientSubject, serviceSubject);
+ if (result != AuthStatus.SEND_FAILURE) {
+ messageInfo.getMap().put("moduleIndex", Integer.valueOf(moduleIndex));
+ return result;
+ }
+ }
+ return AuthStatus.SEND_FAILURE;
+ }
+
+
+ @Override
+ public AuthStatus secureResponse(MessageInfo messageInfo, Subject serviceSubject)
+ throws AuthException {
+ ServerAuthModule module = modules.get(((Integer) messageInfo.getMap().get("moduleIndex")).intValue());
+ return module.secureResponse(messageInfo, serviceSubject);
+ }
+
+
+ @Override
+ public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException {
+ for (ServerAuthModule module : modules) {
+ module.cleanSubject(messageInfo, subject);
+ }
+ }
+}
Propchange: tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/SimpleServerAuthContext.java
------------------------------------------------------------------------------
svn:eol-style = native
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org