You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2012/08/28 00:04:53 UTC

svn commit: r1377888 - in /tomcat/tc6.0.x/trunk: STATUS.txt java/org/apache/catalina/realm/DataSourceRealm.java java/org/apache/catalina/realm/JDBCRealm.java webapps/docs/changelog.xml webapps/docs/config/realm.xml

Author: markt
Date: Mon Aug 27 22:04:52 2012
New Revision: 1377888

URL: http://svn.apache.org/viewvc?rev=1377888&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=53047
Allow database realms configured with an all roles mode that is authentication only to not have to define a role table

Modified:
    tomcat/tc6.0.x/trunk/STATUS.txt
    tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/DataSourceRealm.java
    tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JDBCRealm.java
    tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
    tomcat/tc6.0.x/trunk/webapps/docs/config/realm.xml

Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1377888&r1=1377887&r2=1377888&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Mon Aug 27 22:04:52 2012
@@ -109,14 +109,6 @@ PATCHES PROPOSED TO BACKPORT:
   +1: kkolinko
   -1:
 
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=53047
-  Allow database realms configured with an all roles mode that is authentication
-  only to not have to define a role table
-  http://svn.apache.org/viewvc?rev=1348498&view=rev
-  http://svn.apache.org/viewvc?rev=1377444&view=rev (documentation)
-  +1: markt, kfujino, kkolinko, schultz
-  -1:
-
 * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=53481
   Add support for SSLHonorCipherOrder
   http://svn.apache.org/viewvc?view=revision&revision=1371298

Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/DataSourceRealm.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/DataSourceRealm.java?rev=1377888&r1=1377887&r2=1377888&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/DataSourceRealm.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/DataSourceRealm.java Mon Aug 27 22:04:52 2012
@@ -458,6 +458,12 @@ public class DataSourceRealm
     protected String getPassword(Connection dbConnection, 
 								 String username) {
 
+        if (allRolesMode != AllRolesMode.STRICT_MODE && !isRoleStoreDefined()) {
+            // Using an authentication only configuration and no role store has
+            // been defined so don't spend cycles looking
+            return null;
+        }
+
         ResultSet rs = null;
         PreparedStatement stmt = null;
         String dbCredentials = null;
@@ -622,8 +628,13 @@ public class DataSourceRealm
 
     }
 
-    // ------------------------------------------------------ Lifecycle Methods
 
+    private boolean isRoleStoreDefined() {
+        return userRoleTable != null || roleNameCol != null;
+    }
+
+
+    // ------------------------------------------------------ Lifecycle Methods
 
     /**
      *

Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JDBCRealm.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JDBCRealm.java?rev=1377888&r1=1377887&r2=1377888&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JDBCRealm.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JDBCRealm.java Mon Aug 27 22:04:52 2012
@@ -619,6 +619,12 @@ public class JDBCRealm
      */
     protected ArrayList<String> getRoles(String username) {
         
+        if (allRolesMode != AllRolesMode.STRICT_MODE && !isRoleStoreDefined()) {
+            // Using an authentication only configuration and no role store has
+            // been defined so don't spend cycles looking
+            return null;
+        }
+
         PreparedStatement stmt = null;
         ResultSet rs = null;
 
@@ -678,8 +684,7 @@ public class JDBCRealm
             numberOfTries--;
         }
         
-        return (null);
-        
+        return null;
     }
     
     
@@ -765,8 +770,12 @@ public class JDBCRealm
     }
 
 
-    // ------------------------------------------------------ Lifecycle Methods
+    private boolean isRoleStoreDefined() {
+        return userRoleTable != null || roleNameCol != null;
+    }
+
 
+    // ------------------------------------------------------ Lifecycle Methods
 
     /**
      *

Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1377888&r1=1377887&r2=1377888&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Mon Aug 27 22:04:52 2012
@@ -258,6 +258,12 @@
         <code>org.apache.tools.ant.Task</code> enabling it to work with features
         such as namespaces within build.xml files. (markt)
       </fix>
+      <fix>
+        <bug>53047</bug>: If a JDBC Realm or DataSource Realm is configured for
+        an all roles mode that only requires authorization (and no roles) and no
+        role table or column is defined, don't populate the Principal's roles.
+        (markt/kkolinko) 
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Cluster">

Modified: tomcat/tc6.0.x/trunk/webapps/docs/config/realm.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/config/realm.xml?rev=1377888&r1=1377887&r2=1377888&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/config/realm.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/config/realm.xml Mon Aug 27 22:04:52 2012
@@ -116,6 +116,11 @@
         authenticated and no check will be made for assigned roles unless roles
         are defined in web.xml in which case the user must be assigned at least
         one of those roles.</p>
+        <p>When this attribute has the value of <code>authOnly</code> or
+        <code>strictAuthOnly</code>, the <strong>roleNameCol</strong> and
+        <strong>userRoleTable</strong> attributes become optional. If those two
+        attributes are omitted, the user's roles will not be loaded by this
+        Realm.</p>
       </attribute>
 
       <attribute name="connectionName" required="true">
@@ -149,9 +154,12 @@
         used to connect to the authentication database.</p>
       </attribute>
 
-      <attribute name="roleNameCol" required="true">
+      <attribute name="roleNameCol" required="false">
         <p>Name of the column, in the "user roles" table, which contains
         a role name assigned to the corresponding user.</p>
+        <p>This attribute is <strong>required</strong> in majority of
+        configurations. See <strong>allRolesMode</strong> attribute for
+        a rare case when it can be omitted.</p>
       </attribute>
 
       <attribute name="userCredCol" required="true">
@@ -168,10 +176,13 @@
         that contains the user's username.</p>
       </attribute>
 
-      <attribute name="userRoleTable" required="true">
+      <attribute name="userRoleTable" required="false">
         <p>Name of the "user roles" table, which must contain columns
         named by the <code>userNameCol</code> and <code>roleNameCol</code>
         attributes.</p>
+        <p>This attribute is <strong>required</strong> in majority of
+        configurations. See <strong>allRolesMode</strong> attribute for
+        a rare case when it can be omitted.</p>
       </attribute>
 
       <attribute name="userTable" required="true">
@@ -232,6 +243,11 @@
         authenticated and no check will be made for assigned roles unless roles
         are defined in web.xml in which case the user must be assigned at least
         one of those roles.</p>
+        <p>When this attribute has the value of <code>authOnly</code> or
+        <code>strictAuthOnly</code>, the <strong>roleNameCol</strong> and
+        <strong>userRoleTable</strong> attributes become optional. If those two
+        attributes are omitted, the user's roles will not be loaded by this
+        Realm.</p>
       </attribute>
 
       <attribute name="dataSourceName" required="true">
@@ -251,9 +267,12 @@
         global DataSource.</p>
       </attribute>
     
-      <attribute name="roleNameCol" required="true">
+      <attribute name="roleNameCol" required="false">
         <p>Name of the column, in the "user roles" table, which contains
         a role name assigned to the corresponding user.</p>
+        <p>This attribute is <strong>required</strong> in majority of
+        configurations. See <strong>allRolesMode</strong> attribute for
+        a rare case when it can be omitted.</p>
       </attribute>
 
       <attribute name="userCredCol" required="true">
@@ -270,10 +289,13 @@
         that contains the user's username.</p>
       </attribute>
 
-      <attribute name="userRoleTable" required="true">
+      <attribute name="userRoleTable" required="false">
         <p>Name of the "user roles" table, which must contain columns
         named by the <code>userNameCol</code> and <code>roleNameCol</code>
         attributes.</p>
+        <p>This attribute is <strong>required</strong> in majority of
+        configurations. See <strong>allRolesMode</strong> attribute for
+        a rare case when it can be omitted.</p>
       </attribute>
 
       <attribute name="userTable" required="true">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org