You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by ff...@apache.org on 2014/05/12 08:54:04 UTC
git commit: [KARAF-2978]RBAC-- recognize group configuration when use
Publickey to Login (cherry picked from commit
7e1aa7ae4adab02b975ef2bc172be5ceaca42af7)
Repository: karaf
Updated Branches:
refs/heads/master b8493ae83 -> 43a945aab
[KARAF-2978]RBAC-- recognize group configuration when use Publickey to Login
(cherry picked from commit 7e1aa7ae4adab02b975ef2bc172be5ceaca42af7)
Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/43a945aa
Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/43a945aa
Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/43a945aa
Branch: refs/heads/master
Commit: 43a945aab0b4dae011c9dd3e8f1f338397b69b5a
Parents: b8493ae
Author: Freeman Fang <fr...@gmail.com>
Authored: Mon May 12 14:45:23 2014 +0800
Committer: Freeman Fang <fr...@gmail.com>
Committed: Mon May 12 14:50:25 2014 +0800
----------------------------------------------------------------------
.../main/resources/resources/etc/keys.properties | 3 ++-
.../apache/karaf/jaas/modules/BackingEngine.java | 2 ++
.../properties/PropertiesBackingEngine.java | 1 -
.../modules/publickey/PublickeyLoginModule.java | 17 ++++++++++++++++-
4 files changed, 20 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/karaf/blob/43a945aa/assemblies/features/framework/src/main/resources/resources/etc/keys.properties
----------------------------------------------------------------------
diff --git a/assemblies/features/framework/src/main/resources/resources/etc/keys.properties b/assemblies/features/framework/src/main/resources/resources/etc/keys.properties
index 2eb3b01..36d3c0d 100644
--- a/assemblies/features/framework/src/main/resources/resources/etc/keys.properties
+++ b/assemblies/features/framework/src/main/resources/resources/etc/keys.properties
@@ -27,4 +27,5 @@
# and modifiable via the JAAS command group. These users reside in a JAAS domain
# with the name "karaf"..
#
-karaf=AAAAB3NzaC1kc3MAAACBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAAAAFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QAAAIEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoAAACBAKKSU2PFl/qOLxIwmBZPPIcJshVe7bVUpFvyl3BbJDow8rXfskl8wO63OzP/qLmcJM0+JbcRU/53JjTuyk31drV2qxhIOsLDC9dGCWj47Y7TyhPdXh/0dthTRBy6bqGtRPxGa7gJov1xm/UuYYXPIUR/3x9MAZvZ5xvE0kYXO+rx,admin
+karaf=AAAAB3NzaC1kc3MAAACBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAAAAFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QAAAIEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoAAACBAKKSU2PFl/qOLxIwmBZPPIcJshVe7bVUpFvyl3BbJDow8rXfskl8wO63OzP/qLmcJM0+JbcRU/53JjTuyk31drV2qxhIOsLDC9dGCWj47Y7TyhPdXh/0dthTRBy6bqGtRPxGa7gJov1xm/UuYYXPIUR/3x9MAZvZ5xvE0kYXO+rx,_g_:admingroup
+_g_\:admingroup = group,admin,manager,viewer
http://git-wip-us.apache.org/repos/asf/karaf/blob/43a945aa/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/BackingEngine.java
----------------------------------------------------------------------
diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/BackingEngine.java b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/BackingEngine.java
index a4b1a30..6f39801 100644
--- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/BackingEngine.java
+++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/BackingEngine.java
@@ -23,6 +23,8 @@ import org.apache.karaf.jaas.boot.principal.UserPrincipal;
public interface BackingEngine {
+ static final String GROUP_PREFIX = "_g_:";
+
/**
* Create a new User.
*
http://git-wip-us.apache.org/repos/asf/karaf/blob/43a945aa/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesBackingEngine.java
----------------------------------------------------------------------
diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesBackingEngine.java b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesBackingEngine.java
index 18a4edd..bc568c1 100644
--- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesBackingEngine.java
+++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesBackingEngine.java
@@ -32,7 +32,6 @@ public class PropertiesBackingEngine implements BackingEngine {
private static final transient Logger LOGGER = LoggerFactory.getLogger(PropertiesBackingEngine.class);
- static final String GROUP_PREFIX = "_g_:";
private Properties users;
private EncryptionSupport encryptionSupport;
http://git-wip-us.apache.org/repos/asf/karaf/blob/43a945aa/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/publickey/PublickeyLoginModule.java
----------------------------------------------------------------------
diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/publickey/PublickeyLoginModule.java b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/publickey/PublickeyLoginModule.java
index dea6081..54ff0a5 100644
--- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/publickey/PublickeyLoginModule.java
+++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/publickey/PublickeyLoginModule.java
@@ -36,6 +36,8 @@ import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import org.apache.felix.utils.properties.Properties;
+import org.apache.karaf.jaas.modules.properties.PropertiesBackingEngine;
+import org.apache.karaf.jaas.boot.principal.GroupPrincipal;
import org.apache.karaf.jaas.boot.principal.RolePrincipal;
import org.apache.karaf.jaas.boot.principal.UserPrincipal;
import org.apache.karaf.jaas.modules.AbstractKarafLoginModule;
@@ -120,7 +122,20 @@ public class PublickeyLoginModule extends AbstractKarafLoginModule {
principals = new HashSet<Principal>();
principals.add(new UserPrincipal(user));
for (int i = 1; i < infos.length; i++) {
- principals.add(new RolePrincipal(infos[i]));
+ if (infos[i].startsWith(PropertiesBackingEngine.GROUP_PREFIX)) {
+ // it's a group reference
+ principals.add(new GroupPrincipal(infos[i].substring(PropertiesBackingEngine.GROUP_PREFIX.length())));
+ String groupInfo = (String) users.get(infos[i]);
+ if (groupInfo != null) {
+ String[] roles = groupInfo.split(",");
+ for (int j = 1; j < roles.length; j++) {
+ principals.add(new RolePrincipal(roles[j]));
+ }
+ }
+ } else {
+ // it's an user reference
+ principals.add(new RolePrincipal(infos[i]));
+ }
}
users.clear();