You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2015/06/23 11:26:16 UTC
svn commit: r1687004 - in /tomcat/trunk:
java/org/apache/catalina/authenticator/jaspic/
test/org/apache/catalina/authenticator/jaspic/
Author: markt
Date: Tue Jun 23 09:26:15 2015
New Revision: 1687004
URL: http://svn.apache.org/r1687004
Log:
Change JASPIC callback handler to be a singleton
Implemented JAAS subject support
Patch by fjodorver
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicCallbackHandler.java
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/PrincipalGroupCallback.java
tomcat/trunk/test/org/apache/catalina/authenticator/jaspic/TestJaspicCallbackHandler.java
tomcat/trunk/test/org/apache/catalina/authenticator/jaspic/TestPrincipalGroupCallback.java
Modified: tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java?rev=1687004&r1=1687003&r2=1687004&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java (original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java Tue Jun 23 09:26:15 2015
@@ -17,8 +17,8 @@
package org.apache.catalina.authenticator.jaspic;
import java.io.IOException;
-import java.security.Principal;
import java.util.Map;
+import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.message.AuthException;
@@ -34,6 +34,7 @@ import javax.servlet.http.HttpServletRes
import org.apache.catalina.LifecycleException;
import org.apache.catalina.authenticator.AuthenticatorBase;
import org.apache.catalina.connector.Request;
+import org.apache.catalina.realm.GenericPrincipal;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
@@ -52,18 +53,19 @@ public class JaspicAuthenticator extends
@SuppressWarnings("rawtypes")
private Map authProperties = null;
+ private JaspicCallbackHandler callbackHandler;
@Override
protected synchronized void startInternal() throws LifecycleException {
super.startInternal();
serviceSubject = new Subject();
+ callbackHandler = getJaspicCallbackHandler();
}
@Override
public boolean authenticate(Request request, HttpServletResponse response) throws IOException {
MessageInfo messageInfo = new MessageInfoImpl(request, response, true);
- JaspicCallbackHandler callbackHandler = getJaspicCallbackHandler();
AuthConfigFactory factory = AuthConfigFactory.getFactory();
String appContext = getAppContextId(request);
@@ -76,20 +78,21 @@ public class JaspicAuthenticator extends
}
AuthStatus authStatus;
+ Subject subject = new Subject();
try {
ServerAuthConfig authConfig = configProvider.getServerAuthConfig(MESSAGE_LAYER,
appContext, callbackHandler);
String messageAuthContextId = authConfig.getAuthContextID(messageInfo);
ServerAuthContext authContext = authConfig.getAuthContext(messageAuthContextId,
serviceSubject, authProperties);
- authStatus = authContext.validateRequest(messageInfo, new Subject(), serviceSubject);
+ authStatus = authContext.validateRequest(messageInfo, subject, serviceSubject);
} catch (AuthException e) {
handleUnauthorizedRequest(response, e);
return false;
}
if (authStatus == AuthStatus.SUCCESS) {
- Principal principal = callbackHandler.getPrincipal();
+ GenericPrincipal principal = getPrincipal(subject);
if (principal != null) {
register(request, response, principal, AUTH_TYPE, null, null);
}
@@ -99,6 +102,20 @@ public class JaspicAuthenticator extends
}
+ private GenericPrincipal getPrincipal(Subject subject) {
+ if (subject == null) {
+ return null;
+ }
+
+ Set<GenericPrincipal> principals = subject.getPrivateCredentials(GenericPrincipal.class);
+ if (principals.isEmpty()) {
+ return null;
+ }
+
+ return principals.iterator().next();
+ }
+
+
@Override
public void login(String userName, String password, Request request) throws ServletException {
throw new IllegalStateException("not implemented yet!");
Modified: tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicCallbackHandler.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicCallbackHandler.java?rev=1687004&r1=1687003&r2=1687004&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicCallbackHandler.java (original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicCallbackHandler.java Tue Jun 23 09:26:15 2015
@@ -28,7 +28,6 @@ import javax.security.auth.message.callb
import javax.security.auth.message.callback.PasswordValidationCallback;
import org.apache.catalina.Realm;
-import org.apache.catalina.realm.GenericPrincipal;
import org.apache.tomcat.util.res.StringManager;
/**
@@ -39,8 +38,6 @@ public class JaspicCallbackHandler imple
private Realm realm;
- private PrincipalGroupCallback principalGroupCallback = new PrincipalGroupCallback();
-
public JaspicCallbackHandler(Realm realm) {
this.realm = realm;
@@ -52,22 +49,19 @@ public class JaspicCallbackHandler imple
if (callbacks == null) {
return;
}
+ PrincipalGroupCallback principalGroupCallback = new PrincipalGroupCallback();
for (Callback callback : callbacks) {
- handleCallback(callback);
+ handleCallback(callback, principalGroupCallback);
}
+ principalGroupCallback.configureSubject();
}
- public GenericPrincipal getPrincipal() {
- return principalGroupCallback.getPrincipal();
- }
-
-
- private void handleCallback(Callback callback) {
+ private void handleCallback(Callback callback, PrincipalGroupCallback principalGroupCallback) {
if (callback instanceof CallerPrincipalCallback) {
principalGroupCallback.setCallerPrincipalCallback((CallerPrincipalCallback) callback);
} else if (callback instanceof GroupPrincipalCallback) {
- principalGroupCallback.setCallerPrincipalCallback((GroupPrincipalCallback) callback);
+ principalGroupCallback.setGroupPrincipalCallback((GroupPrincipalCallback) callback);
} else if (callback instanceof PasswordValidationCallback) {
handlePasswordValidationCallback((PasswordValidationCallback) callback);
} else {
Modified: tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/PrincipalGroupCallback.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/PrincipalGroupCallback.java?rev=1687004&r1=1687003&r2=1687004&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/PrincipalGroupCallback.java (original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/PrincipalGroupCallback.java Tue Jun 23 09:26:15 2015
@@ -21,6 +21,7 @@ import java.util.Arrays;
import java.util.Collections;
import java.util.List;
+import javax.security.auth.Subject;
import javax.security.auth.message.callback.CallerPrincipalCallback;
import javax.security.auth.message.callback.GroupPrincipalCallback;
@@ -39,11 +40,30 @@ public class PrincipalGroupCallback {
this.callerPrincipalCallback = callerPrincipalCallback;
}
-
- public void setCallerPrincipalCallback(GroupPrincipalCallback groupPrincipalCallback) {
+ public void setGroupPrincipalCallback(GroupPrincipalCallback groupPrincipalCallback) {
this.groupPrincipalCallback = groupPrincipalCallback;
}
+ public void configureSubject() {
+ GenericPrincipal principal = getPrincipal();
+ if (principal == null) {
+ return;
+ }
+ Subject subject = getSubject();
+ if (subject != null) {
+ subject.getPrivateCredentials().add(principal);
+ }
+ }
+
+ private Subject getSubject() {
+ if (callerPrincipalCallback != null) {
+ return callerPrincipalCallback.getSubject();
+ }
+ if (groupPrincipalCallback != null) {
+ return callerPrincipalCallback.getSubject();
+ }
+ return null;
+ }
/**
* Get tomcat's principal, which contains user principal and roles
Modified: tomcat/trunk/test/org/apache/catalina/authenticator/jaspic/TestJaspicCallbackHandler.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/authenticator/jaspic/TestJaspicCallbackHandler.java?rev=1687004&r1=1687003&r2=1687004&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/catalina/authenticator/jaspic/TestJaspicCallbackHandler.java (original)
+++ tomcat/trunk/test/org/apache/catalina/authenticator/jaspic/TestJaspicCallbackHandler.java Tue Jun 23 09:26:15 2015
@@ -16,6 +16,8 @@
*/
package org.apache.catalina.authenticator.jaspic;
+import java.util.Set;
+
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.message.callback.CallerPrincipalCallback;
@@ -39,17 +41,20 @@ public class TestJaspicCallbackHandler {
@Test
public void shouldConvertCallbackToTomcatPrincipal() throws Exception {
// given
- CallerPrincipalCallback callerCallback = new CallerPrincipalCallback(new Subject(), USER);
+ Subject subject = new Subject();
+ CallerPrincipalCallback callerCallback = new CallerPrincipalCallback(subject, USER);
String[] groups = new String[] { "group" };
- GroupPrincipalCallback groupCallback = new GroupPrincipalCallback(new Subject(), groups);
+ GroupPrincipalCallback groupCallback = new GroupPrincipalCallback(subject, groups);
Callback[] callbacks = new Callback[] { callerCallback, groupCallback };
// when
jaspicCallbackHandler.handle(callbacks);
- GenericPrincipal principal = jaspicCallbackHandler.getPrincipal();
// then
+ Set<GenericPrincipal> principals = callerCallback.getSubject().getPrivateCredentials(
+ GenericPrincipal.class);
+ GenericPrincipal principal = principals.iterator().next();
assertEquals(USER, principal.getName());
assertArrayEquals(groups, principal.getRoles());
}
Modified: tomcat/trunk/test/org/apache/catalina/authenticator/jaspic/TestPrincipalGroupCallback.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/authenticator/jaspic/TestPrincipalGroupCallback.java?rev=1687004&r1=1687003&r2=1687004&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/catalina/authenticator/jaspic/TestPrincipalGroupCallback.java (original)
+++ tomcat/trunk/test/org/apache/catalina/authenticator/jaspic/TestPrincipalGroupCallback.java Tue Jun 23 09:26:15 2015
@@ -78,7 +78,7 @@ public class TestPrincipalGroupCallback
String[] groups = new String[] { "group1" };
GroupPrincipalCallback groupCallback = new GroupPrincipalCallback(subject, groups);
- principalGroupCallback.setCallerPrincipalCallback(groupCallback);
+ principalGroupCallback.setGroupPrincipalCallback(groupCallback);
// when
GenericPrincipal principal = principalGroupCallback.getPrincipal();
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org