You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by at...@apache.org on 2008/09/16 23:06:19 UTC
svn commit: r696058 - in
/portals/jetspeed-2/portal/branches/security-refactoring:
components/jetspeed-portal/src/main/java/org/apache/jetspeed/security/impl/
components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/
jetspeed-common...
Author: ate
Date: Tue Sep 16 14:06:19 2008
New Revision: 696058
URL: http://svn.apache.org/viewvc?rev=696058&view=rev
Log:
Fixing age old JS2-238: Subject object is abandoned after the JAAS authentication, *on Tomcat* at least.
I discovered that Tomcat JAASRealm implementation actually will take use the Jetspeed provided user principal for request.getUserPrincipal().
As we already provide the UserSubjectPrincipal wrapper, getting hold of the Jetspeed provided subject is easy and so doesn't need to be loaded/created twice (on Tomcat).
Added:
portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-commons/src/main/java/org/apache/jetspeed/security/UserSubjectPrincipalImpl.java (with props)
Modified:
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-portal/src/main/java/org/apache/jetspeed/security/impl/SecurityValveImpl.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/DefaultLoginModule.java
portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-commons/src/main/java/org/apache/jetspeed/security/JetspeedSubjectFactory.java
portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-portal-resources/src/main/resources/conf/tomcat/context.xml
Modified: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-portal/src/main/java/org/apache/jetspeed/security/impl/SecurityValveImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-portal/src/main/java/org/apache/jetspeed/security/impl/SecurityValveImpl.java?rev=696058&r1=696057&r2=696058&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-portal/src/main/java/org/apache/jetspeed/security/impl/SecurityValveImpl.java (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-portal/src/main/java/org/apache/jetspeed/security/impl/SecurityValveImpl.java Tue Sep 16 14:06:19 2008
@@ -16,10 +16,7 @@
*/
package org.apache.jetspeed.security.impl;
-import java.lang.reflect.Method;
import java.security.Principal;
-import java.util.HashSet;
-import java.util.Set;
import javax.security.auth.Subject;
@@ -51,7 +48,6 @@
private UserManager userMgr;
private PortalStatistics statistics;
- private boolean resolveTomcatPrincipalFailed;
public SecurityValveImpl(Profiler profiler, UserManager userMgr, PortalStatistics statistics,
PortalAuthenticationConfiguration authenticationConfiguration)
@@ -181,25 +177,6 @@
protected Subject resolveSubjectFromContainerPrincipal(RequestContext request, Principal userPrincipal)
{
- // default handling for Tomcat Realm
- if (!resolveTomcatPrincipalFailed && userPrincipal.getClass().getName().equals("org.apache.catalina.realm.GenericPrincipal"))
- {
- try
- {
- Method m = userPrincipal.getClass().getMethod("getUserPrincipal", (Class[])null);
- Principal p = (Principal)m.invoke(userPrincipal, (Object[])null);
- if (p != null && p instanceof UserSubjectPrincipal)
- {
- return ((UserSubjectPrincipal)p).getSubject();
- }
- }
- catch (Exception e)
- {
- // ignore
- }
- // don't try again
- resolveTomcatPrincipalFailed = true;
- }
return null;
}
}
Modified: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/DefaultLoginModule.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/DefaultLoginModule.java?rev=696058&r1=696057&r2=696058&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/DefaultLoginModule.java (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/DefaultLoginModule.java Tue Sep 16 14:06:19 2008
@@ -38,6 +38,7 @@
import org.apache.jetspeed.security.User;
import org.apache.jetspeed.security.UserManager;
import org.apache.jetspeed.security.AuthenticationProvider;
+import org.apache.jetspeed.security.UserSubjectPrincipal;
/**
* <p>LoginModule implementation that authenticates a user
@@ -178,7 +179,7 @@
// TODO We should get the user profile here and had it in cache so that we do not have to retrieve it again.
// TODO Ideally the User should be available from the session. Need discussion around this.
refreshProxy();
- commitSubject(subject, user.getUser(), SecurityHelper.getPrincipals(ums.getSubject(user), Role.class));
+ commitSubject(subject, ums.getSubject(user), user);
username = null;
user = null;
@@ -297,12 +298,13 @@
* @param subject
* @param user
*/
- protected void commitSubject(Subject containerSubject, User user, List<Principal> rolePrincipals)
+ protected void commitSubject(Subject containerSubject, Subject jetspeedSubject, AuthenticatedUser user)
{
// add user specific portal user name and roles
- subject.getPrincipals().add(user);
+ Principal userSubjectPrincipal = SecurityHelper.getPrincipal(jetspeedSubject, UserSubjectPrincipal.class);
+ subject.getPrincipals().add(userSubjectPrincipal);
boolean hasPortalUserRole = false;
- for (Principal role : rolePrincipals)
+ for (Principal role : SecurityHelper.getPrincipals(jetspeedSubject, Role.class))
{
subject.getPrincipals().add(role);
if (role.getName().equals(portalUserRole))
Modified: portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-commons/src/main/java/org/apache/jetspeed/security/JetspeedSubjectFactory.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-commons/src/main/java/org/apache/jetspeed/security/JetspeedSubjectFactory.java?rev=696058&r1=696057&r2=696058&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-commons/src/main/java/org/apache/jetspeed/security/JetspeedSubjectFactory.java (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-commons/src/main/java/org/apache/jetspeed/security/JetspeedSubjectFactory.java Tue Sep 16 14:06:19 2008
@@ -24,53 +24,23 @@
import javax.security.auth.Subject;
-
/**
* @version $Id$
*
*/
public class JetspeedSubjectFactory
{
- private static class JetspeedUserSubjectPrincipal implements UserSubjectPrincipal
- {
- private static final long serialVersionUID = -2269455453318109892L;
- private final User user;
- private Subject subject;
-
- public JetspeedUserSubjectPrincipal(User user)
- {
- this.user = user;
- }
- public String getName()
- {
- return user.getName();
- }
- public User getUser()
- {
- return user;
- }
- public Subject getSubject()
- {
- return subject;
- }
-
- public void setSubject(Subject subject)
- {
- this.subject = subject;
- }
- }
-
public static Subject createSubject(AuthenticatedUser user, Set<Principal> principals)
{
return createSubject(user.getUser(), user.getPublicCredentials(), user.getPrivateCredentials(), principals);
}
- public static Subject createSubject(User user, Set<Object> privateCredentials, Set<Object> publicCredentials, Set<Principal> principals)
+ public static Subject createSubject(User user, Set<Object> publicCredentials, Set<Object> privateCredentials, Set<Principal> principals)
{
- JetspeedUserSubjectPrincipal userPrincipal = new JetspeedUserSubjectPrincipal(user);
+ UserSubjectPrincipalImpl userPrincipal = new UserSubjectPrincipalImpl(user);
Set<Principal> subjectPrincipals = principals == null || principals.isEmpty() ? new HashSet<Principal>() : new PrincipalsSet();
- subjectPrincipals.add(user);
subjectPrincipals.add(userPrincipal);
+ subjectPrincipals.add(user);
if (principals != null)
{
subjectPrincipals.addAll(principals);
Added: portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-commons/src/main/java/org/apache/jetspeed/security/UserSubjectPrincipalImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-commons/src/main/java/org/apache/jetspeed/security/UserSubjectPrincipalImpl.java?rev=696058&view=auto
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-commons/src/main/java/org/apache/jetspeed/security/UserSubjectPrincipalImpl.java (added)
+++ portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-commons/src/main/java/org/apache/jetspeed/security/UserSubjectPrincipalImpl.java Tue Sep 16 14:06:19 2008
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.jetspeed.security;
+
+import javax.security.auth.Subject;
+
+/**
+ * @version $Id$
+ *
+ */
+public class UserSubjectPrincipalImpl implements UserSubjectPrincipal
+{
+ private static final long serialVersionUID = -2269455453318109892L;
+ private final User user;
+ private Subject subject;
+
+ public UserSubjectPrincipalImpl(User user)
+ {
+ this.user = user;
+ }
+ public String getName()
+ {
+ return user.getName();
+ }
+ public User getUser()
+ {
+ return user;
+ }
+ public Subject getSubject()
+ {
+ return subject;
+ }
+
+ public void setSubject(Subject subject)
+ {
+ this.subject = subject;
+ }
+}
\ No newline at end of file
Propchange: portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-commons/src/main/java/org/apache/jetspeed/security/UserSubjectPrincipalImpl.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-commons/src/main/java/org/apache/jetspeed/security/UserSubjectPrincipalImpl.java
------------------------------------------------------------------------------
svn:keywords = Id
Propchange: portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-commons/src/main/java/org/apache/jetspeed/security/UserSubjectPrincipalImpl.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-portal-resources/src/main/resources/conf/tomcat/context.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-portal-resources/src/main/resources/conf/tomcat/context.xml?rev=696058&r1=696057&r2=696058&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-portal-resources/src/main/resources/conf/tomcat/context.xml (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-portal-resources/src/main/resources/conf/tomcat/context.xml Tue Sep 16 14:06:19 2008
@@ -19,7 +19,7 @@
<Realm className="org.apache.catalina.realm.JAASRealm"
appName="Jetspeed"
- userClassNames="org.apache.jetspeed.security.impl.UserImpl,org.apache.jetspeed.security.impl.TransientUser,org.apache.jetspeed.security.impl.UserSubjectPrincipalImpl"
+ userClassNames="org.apache.jetspeed.security.impl.UserImpl,org.apache.jetspeed.security.impl.TransientUser,org.apache.jetspeed.security.UserSubjectPrincipalImpl"
roleClassNames="org.apache.jetspeed.security.impl.RoleImpl,org.apache.jetspeed.security.impl.TransientRole"
useContextClassLoader="true"
debug="0"/>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org