You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2008/09/06 21:52:56 UTC
svn commit: r692717 - in /tomcat/tc6.0.x/trunk: ./ STATUS.txt
java/org/apache/catalina/realm/JAASCallbackHandler.java
java/org/apache/catalina/realm/JAASMemoryLoginModule.java
java/org/apache/catalina/realm/JAASRealm.java webapps/docs/changelog.xml
Author: markt
Date: Sat Sep 6 12:52:56 2008
New Revision: 692717
URL: http://svn.apache.org/viewvc?rev=692717&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=41407
Add support for CLIENT-CERT to the JASSRealm.
Modified:
tomcat/tc6.0.x/trunk/ (props changed)
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java
tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java
tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASRealm.java
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
Propchange: tomcat/tc6.0.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Sep 6 12:52:56 2008
@@ -1 +1 @@
-/tomcat/trunk:673796,673820,683982,684001,684081,684234
+/tomcat/trunk:673796,673820,683982,684001,684081,684234,684269-684270
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=692717&r1=692716&r2=692717&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Sat Sep 6 12:52:56 2008
@@ -71,12 +71,6 @@
0: remm (looks risky, very minor problem)
-1:
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=41407
- Add support for CLIENT-CERT to the JASSRealm. Builds on DIGEST patch above.
- http://svn.apache.org/viewvc?rev=684270&view=rev
- +1: markt, remm, funkman
- -1:
-
* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45608
Prevent race condition for allocate/deallocate in StandardWrapper
http://svn.apache.org/viewvc?rev=685177&view=rev
Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java?rev=692717&r1=692716&r2=692717&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java Sat Sep 6 12:52:56 2008
@@ -80,21 +80,22 @@
/**
* Construct a callback handler for DIGEST authentication.
*
- * @param realm Our associated JAASRealm instance
- * @param username Username to be authenticated with
- * @param password Password to be authenticated with
- * @param nonce Server generated nonce
- * @param nc Nonce count
- * @param cnonce Client generated nonce
- * @param qop Quality of protection aplied to the message
- * @param realmName Realm name
- * @param md5a2 Second MD5 digest used to calculate the digest
+ * @param realm Our associated JAASRealm instance
+ * @param username Username to be authenticated with
+ * @param password Password to be authenticated with
+ * @param nonce Server generated nonce
+ * @param nc Nonce count
+ * @param cnonce Client generated nonce
+ * @param qop Quality of protection aplied to the message
+ * @param realmName Realm name
+ * @param md5a2 Second MD5 digest used to calculate the digest
* MD5(Method + ":" + uri)
+ * @param authMethod The authentication method in use
*/
public JAASCallbackHandler(JAASRealm realm, String username,
String password, String nonce, String nc,
String cnonce, String qop, String realmName,
- String md5a2) {
+ String md5a2, String authMethod) {
this(realm, username, password);
this.nonce = nonce;
this.nc = nc;
@@ -102,6 +103,7 @@
this.qop = qop;
this.realmName = realmName;
this.md5a2 = md5a2;
+ this.authMethod = authMethod;
}
// ----------------------------------------------------- Instance Variables
@@ -123,7 +125,6 @@
*/
protected JAASRealm realm = null;
-
/**
* The username to be authenticated with.
*/
@@ -159,6 +160,10 @@
*/
protected String md5a2;
+ /**
+ * The authentication method to be used. If null, assume BASIC/FORM.
+ */
+ protected String authMethod;
// --------------------------------------------------------- Public Methods
@@ -208,6 +213,8 @@
cb.setText(realmName);
} else if (cb.getPrompt().equals("md5a2")) {
cb.setText(md5a2);
+ } else if (cb.getPrompt().equals("authMethod")) {
+ cb.setText(authMethod);
} else {
throw new UnsupportedCallbackException(callbacks[i]);
}
Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java?rev=692717&r1=692716&r2=692717&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java Sat Sep 6 12:52:56 2008
@@ -39,6 +39,7 @@
import org.apache.catalina.Context;
import org.apache.catalina.Realm;
+import org.apache.catalina.authenticator.Constants;
import org.apache.catalina.connector.Request;
import org.apache.catalina.deploy.SecurityConstraint;
import org.apache.catalina.util.RequestUtil;
@@ -310,7 +311,7 @@
// Set up our CallbackHandler requests
if (callbackHandler == null)
throw new LoginException("No CallbackHandler specified");
- Callback callbacks[] = new Callback[8];
+ Callback callbacks[] = new Callback[9];
callbacks[0] = new NameCallback("Username: ");
callbacks[1] = new PasswordCallback("Password: ", false);
callbacks[2] = new TextInputCallback("nonce");
@@ -319,6 +320,7 @@
callbacks[5] = new TextInputCallback("qop");
callbacks[6] = new TextInputCallback("realmName");
callbacks[7] = new TextInputCallback("md5a2");
+ callbacks[8] = new TextInputCallback("authMethod");
// Interact with the user to retrieve the username and password
String username = null;
@@ -329,6 +331,7 @@
String qop = null;
String realmName = null;
String md5a2 = null;
+ String authMethod = null;
try {
callbackHandler.handle(callbacks);
@@ -341,6 +344,7 @@
qop = ((TextInputCallback) callbacks[5]).getText();
realmName = ((TextInputCallback) callbacks[6]).getText();
md5a2 = ((TextInputCallback) callbacks[7]).getText();
+ authMethod = ((TextInputCallback) callbacks[8]).getText();
} catch (IOException e) {
throw new LoginException(e.toString());
} catch (UnsupportedCallbackException e) {
@@ -348,13 +352,16 @@
}
// Validate the username and password we have received
- if (md5a2 == null) {
- // Not using DIGEST
+ if (authMethod == null) {
+ // BASIC or FORM
principal = super.authenticate(username, password);
- } else {
- // Must be using DIGEST
+ } else if (authMethod.equals(Constants.DIGEST_METHOD)) {
principal = super.authenticate(username, password, nonce, nc,
cnonce, qop, realmName, md5a2);
+ } else if (authMethod.equals(Constants.CERT_METHOD)) {
+ principal = super.getPrincipal(username);
+ } else {
+ throw new LoginException("Unknown authentication method");
}
log.debug("login " + username + " " + principal);
Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASRealm.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASRealm.java?rev=692717&r1=692716&r2=692717&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASRealm.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASRealm.java Sat Sep 6 12:52:56 2008
@@ -34,6 +34,7 @@
import org.apache.catalina.Container;
import org.apache.catalina.LifecycleException;
+import org.apache.catalina.authenticator.Constants;
import org.apache.catalina.util.StringManager;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
@@ -337,13 +338,15 @@
* @param realmName Realm name
* @param md5a2 Second MD5 digest used to calculate the digest
* MD5(Method + ":" + uri)
+ * @param authMethod The authentication scheme in use
*/
public Principal authenticate(String username, String clientDigest,
String nonce, String nc, String cnonce, String qop,
String realmName, String md5a2) {
return authenticate(username,
new JAASCallbackHandler(this, username, clientDigest, nonce,
- nc, cnonce, qop, realmName, md5a2));
+ nc, cnonce, qop, realmName, md5a2,
+ Constants.DIGEST_METHOD));
}
@@ -467,7 +470,9 @@
*/
protected Principal getPrincipal(String username) {
- return (null);
+ return authenticate(username,
+ new JAASCallbackHandler(this, username, null, null, null, null,
+ null, null, null, Constants.CERT_METHOD));
}
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=692717&r1=692716&r2=692717&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Sat Sep 6 12:52:56 2008
@@ -35,6 +35,9 @@
<section name="Tomcat 6.0.19 (remm)">
<subsection name="Catalina">
<changelog>
+ <add>
+ <bug>41407</bug>: Add CLIENT-CERT support to the JAAS Realm. (markt)
+ </add>
<fix>
<bug>45453</bug>: Remove potential race condition in JDBC Realm.
Based on a patch by Santtu Hyrkk. (markt)
@@ -134,7 +137,7 @@
</subsection>
<subsection name="Catalina">
<changelog>
- <fix><bug>45272</bug>Put in work around for Internet Explorer not accepting a quoted Path: value using the Set-Cookie header (fhanik)</fix>
+ <fix><bug>45272</bug>: Put in work around for Internet Explorer not accepting a quoted Path: value using the Set-Cookie header (fhanik)</fix>
<fix>
APR connector now adds connection to poller after using send file.
(remm)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org