You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by co...@apache.org on 2001/02/27 20:10:20 UTC
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/util/aaa SimplePrincipal.java
costin 01/02/27 11:10:19
Modified: src/share/org/apache/tomcat/core Request.java
src/share/org/apache/tomcat/modules/aaa JDBCRealm.java
SimpleRealm.java
Added: src/share/org/apache/tomcat/util/aaa SimplePrincipal.java
Removed: src/share/org/apache/tomcat/util SimplePrincipal.java
Log:
Another code move for simpler dependencies.
This time with a more significant change - the aaa modules must set
the Principal ( instead of relying on core to create one ).
The Principal is carying more information than the String user, and
in general we should use Principal whenever possible. ( for example
by checking the class name of the principal you can find who did
the authentication )
Revision Changes Path
1.95 +0 -4 jakarta-tomcat/src/share/org/apache/tomcat/core/Request.java
Index: Request.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/Request.java,v
retrieving revision 1.94
retrieving revision 1.95
diff -u -r1.94 -r1.95
--- Request.java 2001/02/27 16:54:02 1.94
+++ Request.java 2001/02/27 19:10:14 1.95
@@ -65,7 +65,6 @@
import org.apache.tomcat.util.http.ContentType;
import org.apache.tomcat.util.http.Cookies;
-import org.apache.tomcat.util.SimplePrincipal;
import org.apache.tomcat.util.buf.MessageBytes;
@@ -443,9 +442,6 @@
*/
public Principal getUserPrincipal() {
if( getRemoteUser() == null ) return null;
- if( principal == null ) {
- principal=new SimplePrincipal( getRemoteUser() );
- }
return principal;
}
1.5 +15 -7 jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/JDBCRealm.java
Index: JDBCRealm.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/JDBCRealm.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- JDBCRealm.java 2001/02/20 03:16:51 1.4
+++ JDBCRealm.java 2001/02/27 19:10:16 1.5
@@ -1,7 +1,7 @@
/*
- * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/JDBCRealm.java,v 1.4 2001/02/20 03:16:51 costin Exp $
- * $Revision: 1.4 $
- * $Date: 2001/02/20 03:16:51 $
+ * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/JDBCRealm.java,v 1.5 2001/02/27 19:10:16 costin Exp $
+ * $Revision: 1.5 $
+ * $Date: 2001/02/27 19:10:16 $
*
* The Apache Software License, Version 1.1
*
@@ -64,11 +64,9 @@
import org.apache.tomcat.core.*;
import org.apache.tomcat.util.res.StringManager;
import org.apache.tomcat.util.buf.HexUtils;
+import org.apache.tomcat.util.aaa.*;
import java.security.*;
-//import java.security.Principal;
-//import java.io.File;
-//import java.util.Enumeration;
-//import java.util.Hashtable;
+import java.security.Principal;
import java.util.Vector;
import java.io.*;
import java.net.*;
@@ -447,6 +445,7 @@
req.setAuthType(ctx.getAuthMethod());
if (user != null) {
req.setRemoteUser(user);
+ req.setUserPrincipal( new JdbcPrincipal( user ));
String userRoles[] = getUserRoles(user);
req.setUserRoles(userRoles);
return OK;
@@ -524,4 +523,13 @@
shutdown();
}
+ // Nothing - except cary on the class name information
+ public static class JdbcPrincipal extends SimplePrincipal {
+ private String name;
+
+ JdbcPrincipal(String name) {
+ super(name);
+ }
+ }
}
+
1.2 +74 -58 jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/SimpleRealm.java
Index: SimpleRealm.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/SimpleRealm.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- SimpleRealm.java 2001/01/01 02:01:29 1.1
+++ SimpleRealm.java 2001/02/27 19:10:17 1.2
@@ -64,9 +64,11 @@
import org.apache.tomcat.util.*;
import org.apache.tomcat.util.log.*;
import org.apache.tomcat.util.xml.*;
+import org.apache.tomcat.util.aaa.*;
import java.io.*;
import java.net.*;
import java.util.*;
+import java.security.Principal;
import org.xml.sax.*;
/**
@@ -143,13 +145,18 @@
if( user==null) return DECLINED; // we don't know about this
if( debug > 0 ) log( "Verify user=" + user + " pass=" + password );
- if( memoryRealm.checkPassword( user, password ) ) {
+ SimpleRealmPrincipal srp=memoryRealm.getPrincipal( user );
+ if( srp == null ) return DECLINED;
+
+ if( srp.checkPassword( password ) ) {
if( debug > 0 ) log( "Auth ok, user=" + user );
Context ctx = req.getContext();
req.setAuthType(ctx.getAuthMethod());
req.setRemoteUser( user );
+ req.setUserPrincipal( srp );
+
if( user!=null ) {
- String userRoles[] = memoryRealm.getUserRoles( user );
+ String userRoles[] = srp.getUserRoles( user );
req.setUserRoles( userRoles );
}
return OK; // the user is ok, - no need for more work
@@ -163,12 +170,14 @@
class MemoryRealm {
// String user -> password
- Hashtable passwords=new Hashtable();
+ // Hashtable passwords=new Hashtable();
// String role -> Vector users
- Hashtable roles=new Hashtable();
+ // Hashtable roles=new Hashtable();
// user -> roles
- Hashtable userRoles= new Hashtable();
- String filename;
+ // Hashtable userRoles= new Hashtable();
+
+ Hashtable principals=new Hashtable();
+ String filename;
String home;
MemoryRealm(String fn,String home) {
@@ -176,64 +185,22 @@
filename=fn;
}
- public Hashtable getRoles() {
- return roles;
- }
+ public SimpleRealmPrincipal getPrincipal( String user ) {
+ return (SimpleRealmPrincipal)principals.get(user);
+ }
+ public void addPrincipal( String name, Principal p ) {
+ principals.put( name, p );
+ }
+
public void addUser(String name, String pass, String groups ) {
if( getDebug() > 0 ) log( "Add user " + name + " " +
pass + " " + groups );
- passwords.put( name, pass );
- groups += ",";
- while (true) {
- int comma = groups.indexOf(",");
- if (comma < 0)
- break;
- addRole( groups.substring(0, comma).trim(), name);
- groups = groups.substring(comma + 1);
- }
+ SimpleRealmPrincipal sp=new SimpleRealmPrincipal( name, pass );
+ sp.addRoles( groups );
+ principals.put( name, sp );
}
- public void addRole( String role, String user ) {
- Vector users=(Vector)roles.get(role);
- if(users==null) {
- users=new Vector();
- roles.put(role, users );
- }
- users.addElement( user );
-
- Vector thisUserRoles=(Vector)userRoles.get( user );
- if( thisUserRoles == null ) {
- thisUserRoles = new Vector();
- userRoles.put( user, thisUserRoles );
- }
- thisUserRoles.addElement( role );
- }
-
- public boolean checkPassword( String user, String pass ) {
- if( user==null ) return false;
- if( getDebug() > 0 ) log( "check " + user+ " " +
- pass + " " + passwords.get( user ));
- return pass.equals( (String)passwords.get( user ) );
- }
-
- public String[] getUserRoles( String user ) {
- Vector v=(Vector)userRoles.get( user );
- if( v==null) return null;
- String roles[]=new String[v.size()];
- for( int i=0; i<roles.length; i++ ) {
- roles[i]=(String)v.elementAt( i );
- }
- return roles;
- }
-
- public boolean userInRole( String user, String role ) {
- Vector users=(Vector)roles.get(role);
- if( getDebug() > 0 ) log( "check role " + user+ " " +
- role + " " );
- if(users==null) return false;
- return users.indexOf( user ) >=0 ;
- }
void readMemoryRealm() throws Exception {
File f;
if (filename != null)
@@ -258,6 +225,7 @@
String user=attributes.getValue("name");
String pass=attributes.getValue("password");
String group=attributes.getValue("roles");
+
mr.addUser( user, pass, group );
}
}
@@ -266,5 +234,53 @@
xh.readXml( f, this );
}
}
+
+ public static class SimpleRealmPrincipal extends SimplePrincipal {
+ private String pass;
+ private Vector roles=new Vector();
+
+ SimpleRealmPrincipal(String name, String pass) {
+ super( name );
+ this.pass=pass;
+ }
+
+ // local methods
+
+ private void addRole(String role ) {
+ roles.addElement( role );
+ }
+
+ boolean checkPassword( String s ) {
+ if( s == pass ) return true; // interned or nulls?
+ if( s==null ) return false; // if pass == null already true
+ return s.equals( pass );
+ }
+
+ // backward compat - bad XML format !!!
+ void addRoles( String groups ) {
+ groups += ",";
+ while (true) {
+ int comma = groups.indexOf(",");
+ if (comma < 0)
+ break;
+ addRole( groups.substring(0, comma).trim() );
+ groups = groups.substring(comma + 1);
+ }
+ }
+
+ String[] getUserRoles( String user ) {
+ String rolesA[]=new String[roles.size()];
+ for( int i=0; i<roles.size(); i++ ) {
+ rolesA[i]=(String)roles.elementAt( i );
+ }
+ return rolesA;
+ }
+
+ // public boolean userInRole( String role ) {
+ // return roles.indexOf( role ) >=0 ;
+ // }
+
+ }
+
}
1.1 jakarta-tomcat/src/share/org/apache/tomcat/util/aaa/SimplePrincipal.java
Index: SimplePrincipal.java
===================================================================
/*
* ====================================================================
*
* The Apache Software License, Version 1.1
*
* Copyright (c) 1999 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution, if
* any, must include the following acknowlegement:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowlegement may appear in the software itself,
* if and wherever such third-party acknowlegements normally appear.
*
* 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
* Foundation" must not be used to endorse or promote products derived
* from this software without prior written permission. For written
* permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache"
* nor may "Apache" appear in their names without prior written
* permission of the Apache Group.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
* [Additional notices, if required by prior licensing conditions]
*
*/
package org.apache.tomcat.util.aaa;
import java.security.Principal;
public class SimplePrincipal implements Principal {
private String name;
public SimplePrincipal(String name) {
this.name = name;
}
/**
* Returns true if the specified Object represents the
* same principal (i.e. a Principal with the same name)
*
* @param another Another Principal instance
* @return true if another is a Principal with the same name
*/
public boolean equals(Object another) {
return another instanceof Principal &&
((Principal) another).getName().equals(getName());
}
/**
* Returns the principal's name.
*
* @return The principal's name
*/
public String getName() {
return name;
}
/**
* Returns the principal's name.
*
* @return The principal's name
*/
public String toString() {
return getName();
}
}