You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by dj...@apache.org on 2009/07/10 23:55:11 UTC
svn commit: r793126 - in
/geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7:
./ handler/
Author: djencks
Date: Fri Jul 10 21:55:11 2009
New Revision: 793126
URL: http://svn.apache.org/viewvc?rev=793126&view=rev
Log:
GERONIMO-4740 fix jetty run-as handling
Modified:
geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/GeronimoServletHolder.java
geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyServletRegistration.java
geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/POJOWebServiceHolderWrapper.java
geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/ServletHolderWrapper.java
geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/WebAppContextWrapper.java
geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/GeronimoUserIdentity.java
Modified: geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/GeronimoServletHolder.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/GeronimoServletHolder.java?rev=793126&r1=793125&r2=793126&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/GeronimoServletHolder.java (original)
+++ geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/GeronimoServletHolder.java Fri Jul 10 21:55:11 2009
@@ -39,36 +39,13 @@
public class GeronimoServletHolder extends ServletHolder {
private final IntegrationContext integrationContext;
- private final Subject runAsSubject;
private final JettyServletRegistration servletRegistration;
- public GeronimoServletHolder(IntegrationContext integrationContext, Subject runAsSubject, JettyServletRegistration servletRegistration) {
+ public GeronimoServletHolder(IntegrationContext integrationContext, JettyServletRegistration servletRegistration) {
this.integrationContext = integrationContext;
- this.runAsSubject = runAsSubject;
this.servletRegistration = servletRegistration;
}
- //TODO probably need to override init and destroy (?) to handle runAsSubject since we are not setting it in the superclass any more.
-
- /**
- * Service a request with this servlet. Set the ThreadLocal to hold the
- * current JettyServletHolder.
- */
- public void handle(Request baseRequest, ServletRequest request, ServletResponse response)
- throws ServletException, IOException {
- if (runAsSubject == null) {
- super.handle(baseRequest, request, response);
- } else {
- Callers oldCallers = ContextManager.pushNextCaller(runAsSubject);
- try {
- super.handle(baseRequest, request, response);
- } finally {
- ContextManager.popCallers(oldCallers);
- }
- }
- }
-
-
public synchronized Object newInstance() throws InstantiationException, IllegalAccessException {
return servletRegistration.newInstance(_className);
}
Modified: geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyServletRegistration.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyServletRegistration.java?rev=793126&r1=793125&r2=793126&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyServletRegistration.java (original)
+++ geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/JettyServletRegistration.java Fri Jul 10 21:55:11 2009
@@ -42,7 +42,5 @@
void destroyInstance(Object o) throws Exception;
- Subject getSubjectForRole(String role) throws LoginException;
-
IntegrationContext getIntegrationContext();
}
Modified: geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/POJOWebServiceHolderWrapper.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/POJOWebServiceHolderWrapper.java?rev=793126&r1=793125&r2=793126&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/POJOWebServiceHolderWrapper.java (original)
+++ geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/POJOWebServiceHolderWrapper.java Fri Jul 10 21:55:11 2009
@@ -65,8 +65,7 @@
@ParamAttribute(name = "runAsRole") String runAsRole,
@ParamReference(name = "WebServiceContainerFactory") WebServiceContainerFactory webServiceContainerFactory,
@ParamReference(name = "JettyServletRegistration", namingType = NameFactory.WEB_MODULE) JettyServletRegistration context) throws Exception {
- Subject runAsSubject = context == null ? null : context.getSubjectForRole(runAsRole);
- servletHolder = new GeronimoServletHolder(context == null ? null : context.getIntegrationContext(), runAsSubject, context);
+ servletHolder = new GeronimoServletHolder(context == null ? null : context.getIntegrationContext(), context);
//context will be null only for use as "default servlet info holder" in deployer.
this.pojoClassName = pojoClassName;
@@ -76,6 +75,7 @@
if (context != null) {
servletHolder.setName(servletName);
servletHolder.setClassName(POJOWebServiceServlet.class.getName());
+ servletHolder.setRunAsRole(runAsRole);
servletHolder.setInitParameters(initParams);
if (loadOnStartup != null) {
servletHolder.setInitOrder(loadOnStartup);
Modified: geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/ServletHolderWrapper.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/ServletHolderWrapper.java?rev=793126&r1=793125&r2=793126&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/ServletHolderWrapper.java (original)
+++ geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/ServletHolderWrapper.java Fri Jul 10 21:55:11 2009
@@ -19,8 +19,6 @@
import java.util.Map;
import java.util.Set;
-import javax.security.auth.Subject;
-
import org.apache.geronimo.gbean.GBeanLifecycle;
import org.apache.geronimo.gbean.annotation.GBean;
import org.apache.geronimo.gbean.annotation.ParamAttribute;
@@ -67,10 +65,10 @@
@ParamAttribute(name = "runAsRole") String runAsRole,
@ParamReference(name = "JettyServletRegistration", namingType = NameFactory.WEB_MODULE) JettyServletRegistration context) throws Exception {
servletRegistration = context;
- Subject runAsSubject = context == null ? null : context.getSubjectForRole(runAsRole);
- servletHolder = new GeronimoServletHolder(context == null ? null : context.getIntegrationContext(), runAsSubject, servletRegistration);
+ servletHolder = new GeronimoServletHolder(context == null ? null : context.getIntegrationContext(), servletRegistration);
servletHolder.setName(servletName);
servletHolder.setClassName(servletClassName);
+ servletHolder.setRunAsRole(runAsRole);
//context will be null only for use as "default servlet info holder" in deployer.
if (context != null) {
Modified: geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/WebAppContextWrapper.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/WebAppContextWrapper.java?rev=793126&r1=793125&r2=793126&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/WebAppContextWrapper.java (original)
+++ geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/WebAppContextWrapper.java Fri Jul 10 21:55:11 2009
@@ -93,7 +93,6 @@
private final GeronimoWebAppContext webAppContext;
private final Context componentContext;
private final Holder holder;
- private final RunAsSource runAsSource;
private final Set<String> servletNames = new HashSet<String>();
@@ -156,7 +155,7 @@
this.holder = holder == null ? Holder.EMPTY : holder;
- this.runAsSource = runAsSource == null? RunAsSource.NULL: runAsSource;
+ RunAsSource runAsSource1 = runAsSource == null ? RunAsSource.NULL : runAsSource;
SessionHandler sessionHandler;
if (null != handlerFactory) {
@@ -174,7 +173,7 @@
//wrap jetty realm with something that knows the dumb realmName
// JAASJettyRealm realm = new JAASJettyRealm(realmName, internalJAASJettyRealm);
if (securityHandlerFactory != null) {
- Subject defaultSubject = this.runAsSource.getDefaultSubject();
+ Subject defaultSubject = runAsSource1.getDefaultSubject();
securityHandler = securityHandlerFactory.buildSecurityHandler(policyContextID, defaultSubject, runAsSource, true);
} else {
//TODO may need to turn off security with Context._options.
@@ -297,10 +296,6 @@
return webClassLoader;
}
- public Subject getSubjectForRole(String role) throws LoginException {
- return runAsSource.getSubjectForRole(role);
- }
-
public IntegrationContext getIntegrationContext() {
return integrationContext;
}
Modified: geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/GeronimoUserIdentity.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/GeronimoUserIdentity.java?rev=793126&r1=793125&r2=793126&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/GeronimoUserIdentity.java (original)
+++ geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/GeronimoUserIdentity.java Fri Jul 10 21:55:11 2009
@@ -32,6 +32,7 @@
import org.eclipse.jetty.security.RunAsToken;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.apache.geronimo.security.ContextManager;
/**
* @version $Rev$ $Date$
@@ -58,6 +59,7 @@
}
public Principal getUserPrincipal() {
+ //not clear whether this should reflect any run-as identity. Currently it does not.
return userPrincipal;
}
@@ -74,6 +76,8 @@
servletName = "";
}
try {
+ //correct run-as identity available from context manager.
+ AccessControlContext acc = ContextManager.getCurrentContext();
acc.checkPermission(new WebRoleRefPermission(servletName, role));
return true;
} catch (AccessControlException e) {