You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2015/06/16 16:22:29 UTC
svn commit: r1685844 - in
/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication:
token/TokenLoginModule.java user/LoginModuleImpl.java
Author: angela
Date: Tue Jun 16 14:22:28 2015
New Revision: 1685844
URL: http://svn.apache.org/r1685844
Log:
OAK-2998 : Postpone calculation of effective principals to LoginModule.commit
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImpl.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java?rev=1685844&r1=1685843&r2=1685844&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java Tue Jun 16 14:22:28 2015
@@ -120,7 +120,6 @@ public final class TokenLoginModule exte
private TokenCredentials tokenCredentials;
private TokenInfo tokenInfo;
private String userId;
- private Set<? extends Principal> principals;
//--------------------------------------------------------< LoginModule >---
@Override
@@ -138,7 +137,6 @@ public final class TokenLoginModule exte
tokenCredentials = tc;
tokenInfo = authentication.getTokenInfo();
userId = tokenInfo.getUserId();
- principals = getPrincipals(userId);
log.debug("Login: adding login name to shared state.");
sharedState.put(SHARED_KEY_LOGIN_NAME, userId);
@@ -151,8 +149,9 @@ public final class TokenLoginModule exte
@Override
public boolean commit() throws LoginException {
- if (tokenCredentials != null) {
- updateSubject(tokenCredentials, getAuthInfo(tokenInfo), principals);
+ if (tokenCredentials != null && userId != null) {
+ Set<? extends Principal> principals = getPrincipals(userId);
+ updateSubject(tokenCredentials, getAuthInfo(tokenInfo, principals), principals);
return true;
}
try{
@@ -205,7 +204,6 @@ public final class TokenLoginModule exte
tokenCredentials = null;
tokenInfo = null;
userId = null;
- principals = null;
}
//------------------------------------------------------------< private >---
@@ -245,7 +243,7 @@ public final class TokenLoginModule exte
* @return The {@code AuthInfo} resulting from the successful login.
*/
@CheckForNull
- private AuthInfo getAuthInfo(@Nullable TokenInfo tokenInfo) {
+ private AuthInfo getAuthInfo(@Nullable TokenInfo tokenInfo, @Nonnull Set<? extends Principal> principals) {
if (tokenInfo != null) {
Map<String, Object> attributes = new HashMap<String, Object>();
Map<String, String> publicAttributes = tokenInfo.getPublicAttributes();
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImpl.java?rev=1685844&r1=1685843&r2=1685844&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImpl.java Tue Jun 16 14:22:28 2015
@@ -110,7 +110,6 @@ public final class LoginModuleImpl exten
}
private Credentials credentials;
- private Set<? extends Principal> principals;
private String userId;
//--------------------------------------------------------< LoginModule >---
@@ -133,8 +132,6 @@ public final class LoginModuleImpl exten
}
if (success) {
- principals = getPrincipals(userId);
-
log.debug("Adding Credentials to shared state.");
//noinspection unchecked
sharedState.put(SHARED_KEY_CREDENTIALS, credentials);
@@ -148,15 +145,16 @@ public final class LoginModuleImpl exten
@Override
public boolean commit() {
- if (credentials == null || principals == null) {
+ if (credentials == null) {
// login attempt in this login module was not successful
clearState();
return false;
} else {
if (!subject.isReadOnly()) {
+ Set<? extends Principal> principals = getPrincipals(userId);
subject.getPrincipals().addAll(principals);
subject.getPublicCredentials().add(credentials);
- setAuthInfo(createAuthInfo(), subject);
+ setAuthInfo(createAuthInfo(principals), subject);
} else {
log.debug("Could not add information to read only subject {}", subject);
}
@@ -176,7 +174,6 @@ public final class LoginModuleImpl exten
super.clearState();
credentials = null;
- principals = null;
userId = null;
}
@@ -239,7 +236,7 @@ public final class LoginModuleImpl exten
return null;
}
- private AuthInfo createAuthInfo() {
+ private AuthInfo createAuthInfo(@Nonnull Set<? extends Principal> principals) {
Credentials creds;
if (credentials instanceof ImpersonationCredentials) {
creds = ((ImpersonationCredentials) credentials).getBaseCredentials();