You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2017/11/22 20:48:39 UTC
svn commit: r1816078 - in /tomcat/trunk:
java/org/apache/catalina/authenticator/AuthenticatorBase.java
test/org/apache/catalina/authenticator/TestJaspicCallbackHandlerInAuthenticator.java
webapps/docs/changelog.xml webapps/docs/config/valve.xml
Author: markt
Date: Wed Nov 22 20:48:39 2017
New Revision: 1816078
URL: http://svn.apache.org/viewvc?rev=1816078&view=rev
Log:
Add a property to the Authenticator implementations to enable a custom JASPIC CallbackHandler to be specified.
Patch provided by Lazar.
This closes #93
Added:
tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicCallbackHandlerInAuthenticator.java (with props)
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
tomcat/trunk/webapps/docs/changelog.xml
tomcat/trunk/webapps/docs/config/valve.xml
Modified: tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java?rev=1816078&r1=1816077&r2=1816078&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java (original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java Wed Nov 22 20:48:39 2017
@@ -27,6 +27,7 @@ import java.util.Optional;
import java.util.Set;
import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.MessageInfo;
@@ -211,6 +212,13 @@ public abstract class AuthenticatorBase
*/
protected String secureRandomProvider = null;
+ /**
+ * The name of the JASPIC callback handler class. If none is specified the
+ * default {@link org.apache.catalina.authenticator.jaspic.CallbackHandlerImpl}
+ * will be used.
+ */
+ protected String jaspicCallbackHandlerClass = null;
+
protected SessionIdGeneratorBase sessionIdGenerator = null;
/**
@@ -407,6 +415,25 @@ public abstract class AuthenticatorBase
this.secureRandomProvider = secureRandomProvider;
}
+ /**
+ * Return the JASPIC callback handler class name
+ *
+ * @return The name of the JASPIC callback handler
+ */
+ public String getJaspicCallbackHandlerClass() {
+ return jaspicCallbackHandlerClass;
+ }
+
+ /**
+ * Set the JASPIC callback handler class name
+ *
+ * @param jaspicCallbackHandlerClass
+ * The new JASPIC callback handler class name
+ */
+ public void setJaspicCallbackHandlerClass(String jaspicCallbackHandlerClass) {
+ this.jaspicCallbackHandlerClass = jaspicCallbackHandlerClass;
+ }
+
// --------------------------------------------------------- Public Methods
/**
@@ -640,8 +667,9 @@ public abstract class AuthenticatorBase
new MessageInfoImpl(request.getRequest(), response.getResponse(), authMandatory);
try {
+ CallbackHandler callbackHandler = createCallbackHandler();
ServerAuthConfig serverAuthConfig = jaspicProvider.getServerAuthConfig(
- "HttpServlet", jaspicAppContextID, CallbackHandlerImpl.getInstance());
+ "HttpServlet", jaspicAppContextID, callbackHandler);
String authContextID = serverAuthConfig.getAuthContextID(jaspicState.messageInfo);
jaspicState.serverAuthContext = serverAuthConfig.getAuthContext(authContextID, null, null);
} catch (AuthException e) {
@@ -653,6 +681,32 @@ public abstract class AuthenticatorBase
return jaspicState;
}
+ private CallbackHandler createCallbackHandler() {
+ CallbackHandler callbackHandler = null;
+ if (jaspicCallbackHandlerClass == null) {
+ callbackHandler = CallbackHandlerImpl.getInstance();
+ } else {
+ Class<?> clazz = null;
+ try {
+ clazz = Class.forName(jaspicCallbackHandlerClass, true,
+ Thread.currentThread().getContextClassLoader());
+ } catch (ClassNotFoundException e) {
+ // Proceed with the retry below
+ }
+
+ try {
+ if (clazz == null) {
+ clazz = Class.forName(jaspicCallbackHandlerClass);
+ }
+ callbackHandler = (CallbackHandler)clazz.getConstructor().newInstance();
+ } catch (ReflectiveOperationException e) {
+ throw new SecurityException(e);
+ }
+ }
+
+ return callbackHandler;
+ }
+
// ------------------------------------------------------ Protected Methods
Added: tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicCallbackHandlerInAuthenticator.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicCallbackHandlerInAuthenticator.java?rev=1816078&view=auto
==============================================================================
--- tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicCallbackHandlerInAuthenticator.java (added)
+++ tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicCallbackHandlerInAuthenticator.java Wed Nov 22 20:48:39 2017
@@ -0,0 +1,84 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.authenticator;
+
+import java.io.IOException;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.servlet.http.HttpServletResponse;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+import org.apache.catalina.authenticator.jaspic.CallbackHandlerImpl;
+import org.apache.catalina.connector.Request;
+
+public class TestJaspicCallbackHandlerInAuthenticator {
+
+ @Test
+ public void testCustomCallbackHandlerCreation() throws Exception {
+ testCallbackHandlerCreation("org.apache.catalina.authenticator.TestCallbackHandlerImpl",
+ TestCallbackHandlerImpl.class);
+ }
+
+ @Test
+ public void testDefaultCallbackHandlerCreation() throws Exception {
+ testCallbackHandlerCreation(null, CallbackHandlerImpl.class);
+ }
+
+
+ private void testCallbackHandlerCreation(String callbackHandlerImplClassName,
+ Class<?> callbackHandlerImplClass)
+ throws NoSuchMethodException, SecurityException, IllegalAccessException,
+ IllegalArgumentException, InvocationTargetException {
+ TestAuthenticator authenticator = new TestAuthenticator();
+ authenticator.setJaspicCallbackHandlerClass(callbackHandlerImplClassName);
+ Method createCallbackHandlerMethod =
+ AuthenticatorBase.class.getDeclaredMethod("createCallbackHandler");
+ createCallbackHandlerMethod.setAccessible(true);
+ CallbackHandler callbackHandler =
+ (CallbackHandler) createCallbackHandlerMethod.invoke(authenticator);
+ Assert.assertTrue(callbackHandlerImplClass.isInstance(callbackHandler));
+ }
+
+ private static class TestAuthenticator extends AuthenticatorBase {
+
+ @Override
+ protected boolean doAuthenticate(Request request, HttpServletResponse response)
+ throws IOException {
+ return false;
+ }
+
+ @Override
+ protected String getAuthMethod() {
+ return null;
+ }
+
+ }
+}
+
+class TestCallbackHandlerImpl implements CallbackHandler {
+
+ @Override
+ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+ // don't have to do anything; needed only for instantiation
+ }
+}
\ No newline at end of file
Propchange: tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicCallbackHandlerInAuthenticator.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1816078&r1=1816077&r2=1816078&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Wed Nov 22 20:48:39 2017
@@ -128,6 +128,11 @@
with a provider name of <code>null</code>. Patch provided by Lazar.
(markt)
</fix>
+ <add>
+ <bug>61795</bug>: Add a property to the <code>Authenticator</code>
+ implementations to enable a custom JASPIC <code>CallbackHandler</code>
+ to be specified. Patch provided by Lazar. (markt)
+ </add>
</changelog>
</subsection>
<subsection name="Coyote">
Modified: tomcat/trunk/webapps/docs/config/valve.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/valve.xml?rev=1816078&r1=1816077&r2=1816078&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/valve.xml (original)
+++ tomcat/trunk/webapps/docs/config/valve.xml Wed Nov 22 20:48:39 2017
@@ -1162,6 +1162,14 @@
specified, the platform default provider will be used.</p>
</attribute>
+ <attribute name="jaspicCallbackHandlerClass" required="false">
+ <p>Name of the Java class of the
+ <code>javax.security.auth.callback.CallbackHandler</code> implementation
+ which should be used by JASPIC. If none is specified the default
+ <code>org.apache.catalina.authenticator.jaspic.CallbackHandlerImpl</code>
+ will be used.</p>
+ </attribute>
+
</attributes>
</subsection>
@@ -1308,6 +1316,14 @@
authentication always fails.</p>
</attribute>
+ <attribute name="jaspicCallbackHandlerClass" required="false">
+ <p>Name of the Java class of the
+ <code>javax.security.auth.callback.CallbackHandler</code> implementation
+ which should be used by JASPIC. If none is specified the default
+ <code>org.apache.catalina.authenticator.jaspic.CallbackHandlerImpl</code>
+ will be used.</p>
+ </attribute>
+
</attributes>
</subsection>
@@ -1413,6 +1429,14 @@
specified, the platform default provider will be used.</p>
</attribute>
+ <attribute name="jaspicCallbackHandlerClass" required="false">
+ <p>Name of the Java class of the
+ <code>javax.security.auth.callback.CallbackHandler</code> implementation
+ which should be used by JASPIC. If none is specified the default
+ <code>org.apache.catalina.authenticator.jaspic.CallbackHandlerImpl</code>
+ will be used.</p>
+ </attribute>
+
</attributes>
</subsection>
@@ -1505,6 +1529,14 @@
specified, the platform default provider will be used.</p>
</attribute>
+ <attribute name="jaspicCallbackHandlerClass" required="false">
+ <p>Name of the Java class of the
+ <code>javax.security.auth.callback.CallbackHandler</code> implementation
+ which should be used by JASPIC. If none is specified the default
+ <code>org.apache.catalina.authenticator.jaspic.CallbackHandlerImpl</code>
+ will be used.</p>
+ </attribute>
+
</attributes>
</subsection>
@@ -1655,6 +1687,14 @@
will be used.</p>
</attribute>
+ <attribute name="jaspicCallbackHandlerClass" required="false">
+ <p>Name of the Java class of the
+ <code>javax.security.auth.callback.CallbackHandler</code> implementation
+ which should be used by JASPIC. If none is specified the default
+ <code>org.apache.catalina.authenticator.jaspic.CallbackHandlerImpl</code>
+ will be used.</p>
+ </attribute>
+
</attributes>
</subsection>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org