You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2012/08/28 00:04:53 UTC
svn commit: r1377888 - in /tomcat/tc6.0.x/trunk: STATUS.txt
java/org/apache/catalina/realm/DataSourceRealm.java
java/org/apache/catalina/realm/JDBCRealm.java webapps/docs/changelog.xml
webapps/docs/config/realm.xml
Author: markt
Date: Mon Aug 27 22:04:52 2012
New Revision: 1377888
URL: http://svn.apache.org/viewvc?rev=1377888&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=53047
Allow database realms configured with an all roles mode that is authentication only to not have to define a role table
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/DataSourceRealm.java
tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JDBCRealm.java
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc6.0.x/trunk/webapps/docs/config/realm.xml
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1377888&r1=1377887&r2=1377888&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Mon Aug 27 22:04:52 2012
@@ -109,14 +109,6 @@ PATCHES PROPOSED TO BACKPORT:
+1: kkolinko
-1:
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=53047
- Allow database realms configured with an all roles mode that is authentication
- only to not have to define a role table
- http://svn.apache.org/viewvc?rev=1348498&view=rev
- http://svn.apache.org/viewvc?rev=1377444&view=rev (documentation)
- +1: markt, kfujino, kkolinko, schultz
- -1:
-
* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=53481
Add support for SSLHonorCipherOrder
http://svn.apache.org/viewvc?view=revision&revision=1371298
Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/DataSourceRealm.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/DataSourceRealm.java?rev=1377888&r1=1377887&r2=1377888&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/DataSourceRealm.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/DataSourceRealm.java Mon Aug 27 22:04:52 2012
@@ -458,6 +458,12 @@ public class DataSourceRealm
protected String getPassword(Connection dbConnection,
String username) {
+ if (allRolesMode != AllRolesMode.STRICT_MODE && !isRoleStoreDefined()) {
+ // Using an authentication only configuration and no role store has
+ // been defined so don't spend cycles looking
+ return null;
+ }
+
ResultSet rs = null;
PreparedStatement stmt = null;
String dbCredentials = null;
@@ -622,8 +628,13 @@ public class DataSourceRealm
}
- // ------------------------------------------------------ Lifecycle Methods
+ private boolean isRoleStoreDefined() {
+ return userRoleTable != null || roleNameCol != null;
+ }
+
+
+ // ------------------------------------------------------ Lifecycle Methods
/**
*
Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JDBCRealm.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JDBCRealm.java?rev=1377888&r1=1377887&r2=1377888&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JDBCRealm.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JDBCRealm.java Mon Aug 27 22:04:52 2012
@@ -619,6 +619,12 @@ public class JDBCRealm
*/
protected ArrayList<String> getRoles(String username) {
+ if (allRolesMode != AllRolesMode.STRICT_MODE && !isRoleStoreDefined()) {
+ // Using an authentication only configuration and no role store has
+ // been defined so don't spend cycles looking
+ return null;
+ }
+
PreparedStatement stmt = null;
ResultSet rs = null;
@@ -678,8 +684,7 @@ public class JDBCRealm
numberOfTries--;
}
- return (null);
-
+ return null;
}
@@ -765,8 +770,12 @@ public class JDBCRealm
}
- // ------------------------------------------------------ Lifecycle Methods
+ private boolean isRoleStoreDefined() {
+ return userRoleTable != null || roleNameCol != null;
+ }
+
+ // ------------------------------------------------------ Lifecycle Methods
/**
*
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1377888&r1=1377887&r2=1377888&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Mon Aug 27 22:04:52 2012
@@ -258,6 +258,12 @@
<code>org.apache.tools.ant.Task</code> enabling it to work with features
such as namespaces within build.xml files. (markt)
</fix>
+ <fix>
+ <bug>53047</bug>: If a JDBC Realm or DataSource Realm is configured for
+ an all roles mode that only requires authorization (and no roles) and no
+ role table or column is defined, don't populate the Principal's roles.
+ (markt/kkolinko)
+ </fix>
</changelog>
</subsection>
<subsection name="Cluster">
Modified: tomcat/tc6.0.x/trunk/webapps/docs/config/realm.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/config/realm.xml?rev=1377888&r1=1377887&r2=1377888&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/config/realm.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/config/realm.xml Mon Aug 27 22:04:52 2012
@@ -116,6 +116,11 @@
authenticated and no check will be made for assigned roles unless roles
are defined in web.xml in which case the user must be assigned at least
one of those roles.</p>
+ <p>When this attribute has the value of <code>authOnly</code> or
+ <code>strictAuthOnly</code>, the <strong>roleNameCol</strong> and
+ <strong>userRoleTable</strong> attributes become optional. If those two
+ attributes are omitted, the user's roles will not be loaded by this
+ Realm.</p>
</attribute>
<attribute name="connectionName" required="true">
@@ -149,9 +154,12 @@
used to connect to the authentication database.</p>
</attribute>
- <attribute name="roleNameCol" required="true">
+ <attribute name="roleNameCol" required="false">
<p>Name of the column, in the "user roles" table, which contains
a role name assigned to the corresponding user.</p>
+ <p>This attribute is <strong>required</strong> in majority of
+ configurations. See <strong>allRolesMode</strong> attribute for
+ a rare case when it can be omitted.</p>
</attribute>
<attribute name="userCredCol" required="true">
@@ -168,10 +176,13 @@
that contains the user's username.</p>
</attribute>
- <attribute name="userRoleTable" required="true">
+ <attribute name="userRoleTable" required="false">
<p>Name of the "user roles" table, which must contain columns
named by the <code>userNameCol</code> and <code>roleNameCol</code>
attributes.</p>
+ <p>This attribute is <strong>required</strong> in majority of
+ configurations. See <strong>allRolesMode</strong> attribute for
+ a rare case when it can be omitted.</p>
</attribute>
<attribute name="userTable" required="true">
@@ -232,6 +243,11 @@
authenticated and no check will be made for assigned roles unless roles
are defined in web.xml in which case the user must be assigned at least
one of those roles.</p>
+ <p>When this attribute has the value of <code>authOnly</code> or
+ <code>strictAuthOnly</code>, the <strong>roleNameCol</strong> and
+ <strong>userRoleTable</strong> attributes become optional. If those two
+ attributes are omitted, the user's roles will not be loaded by this
+ Realm.</p>
</attribute>
<attribute name="dataSourceName" required="true">
@@ -251,9 +267,12 @@
global DataSource.</p>
</attribute>
- <attribute name="roleNameCol" required="true">
+ <attribute name="roleNameCol" required="false">
<p>Name of the column, in the "user roles" table, which contains
a role name assigned to the corresponding user.</p>
+ <p>This attribute is <strong>required</strong> in majority of
+ configurations. See <strong>allRolesMode</strong> attribute for
+ a rare case when it can be omitted.</p>
</attribute>
<attribute name="userCredCol" required="true">
@@ -270,10 +289,13 @@
that contains the user's username.</p>
</attribute>
- <attribute name="userRoleTable" required="true">
+ <attribute name="userRoleTable" required="false">
<p>Name of the "user roles" table, which must contain columns
named by the <code>userNameCol</code> and <code>roleNameCol</code>
attributes.</p>
+ <p>This attribute is <strong>required</strong> in majority of
+ configurations. See <strong>allRolesMode</strong> attribute for
+ a rare case when it can be omitted.</p>
</attribute>
<attribute name="userTable" required="true">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org