You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by ff...@apache.org on 2014/05/12 08:54:04 UTC

git commit: [KARAF-2978]RBAC-- recognize group configuration when use Publickey to Login (cherry picked from commit 7e1aa7ae4adab02b975ef2bc172be5ceaca42af7)

Repository: karaf
Updated Branches:
  refs/heads/master b8493ae83 -> 43a945aab


[KARAF-2978]RBAC-- recognize group configuration when use Publickey to Login
(cherry picked from commit 7e1aa7ae4adab02b975ef2bc172be5ceaca42af7)


Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/43a945aa
Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/43a945aa
Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/43a945aa

Branch: refs/heads/master
Commit: 43a945aab0b4dae011c9dd3e8f1f338397b69b5a
Parents: b8493ae
Author: Freeman Fang <fr...@gmail.com>
Authored: Mon May 12 14:45:23 2014 +0800
Committer: Freeman Fang <fr...@gmail.com>
Committed: Mon May 12 14:50:25 2014 +0800

----------------------------------------------------------------------
 .../main/resources/resources/etc/keys.properties   |  3 ++-
 .../apache/karaf/jaas/modules/BackingEngine.java   |  2 ++
 .../properties/PropertiesBackingEngine.java        |  1 -
 .../modules/publickey/PublickeyLoginModule.java    | 17 ++++++++++++++++-
 4 files changed, 20 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/karaf/blob/43a945aa/assemblies/features/framework/src/main/resources/resources/etc/keys.properties
----------------------------------------------------------------------
diff --git a/assemblies/features/framework/src/main/resources/resources/etc/keys.properties b/assemblies/features/framework/src/main/resources/resources/etc/keys.properties
index 2eb3b01..36d3c0d 100644
--- a/assemblies/features/framework/src/main/resources/resources/etc/keys.properties
+++ b/assemblies/features/framework/src/main/resources/resources/etc/keys.properties
@@ -27,4 +27,5 @@
 # and modifiable via the JAAS command group. These users reside in a JAAS domain
 # with the name "karaf"..
 #
-karaf=AAAAB3NzaC1kc3MAAACBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAAAAFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QAAAIEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoAAACBAKKSU2PFl/qOLxIwmBZPPIcJshVe7bVUpFvyl3BbJDow8rXfskl8wO63OzP/qLmcJM0+JbcRU/53JjTuyk31drV2qxhIOsLDC9dGCWj47Y7TyhPdXh/0dthTRBy6bqGtRPxGa7gJov1xm/UuYYXPIUR/3x9MAZvZ5xvE0kYXO+rx,admin
+karaf=AAAAB3NzaC1kc3MAAACBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAAAAFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QAAAIEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoAAACBAKKSU2PFl/qOLxIwmBZPPIcJshVe7bVUpFvyl3BbJDow8rXfskl8wO63OzP/qLmcJM0+JbcRU/53JjTuyk31drV2qxhIOsLDC9dGCWj47Y7TyhPdXh/0dthTRBy6bqGtRPxGa7gJov1xm/UuYYXPIUR/3x9MAZvZ5xvE0kYXO+rx,_g_:admingroup
+_g_\:admingroup = group,admin,manager,viewer

http://git-wip-us.apache.org/repos/asf/karaf/blob/43a945aa/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/BackingEngine.java
----------------------------------------------------------------------
diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/BackingEngine.java b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/BackingEngine.java
index a4b1a30..6f39801 100644
--- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/BackingEngine.java
+++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/BackingEngine.java
@@ -23,6 +23,8 @@ import org.apache.karaf.jaas.boot.principal.UserPrincipal;
 
 public interface BackingEngine {
 
+    static final String GROUP_PREFIX = "_g_:";
+    
     /**
      * Create a new User.
      *

http://git-wip-us.apache.org/repos/asf/karaf/blob/43a945aa/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesBackingEngine.java
----------------------------------------------------------------------
diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesBackingEngine.java b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesBackingEngine.java
index 18a4edd..bc568c1 100644
--- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesBackingEngine.java
+++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesBackingEngine.java
@@ -32,7 +32,6 @@ public class PropertiesBackingEngine implements BackingEngine {
 
     private static final transient Logger LOGGER = LoggerFactory.getLogger(PropertiesBackingEngine.class);
 
-    static final String GROUP_PREFIX = "_g_:";
 
     private Properties users;
     private EncryptionSupport encryptionSupport;

http://git-wip-us.apache.org/repos/asf/karaf/blob/43a945aa/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/publickey/PublickeyLoginModule.java
----------------------------------------------------------------------
diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/publickey/PublickeyLoginModule.java b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/publickey/PublickeyLoginModule.java
index dea6081..54ff0a5 100644
--- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/publickey/PublickeyLoginModule.java
+++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/publickey/PublickeyLoginModule.java
@@ -36,6 +36,8 @@ import javax.security.auth.login.FailedLoginException;
 import javax.security.auth.login.LoginException;
 
 import org.apache.felix.utils.properties.Properties;
+import org.apache.karaf.jaas.modules.properties.PropertiesBackingEngine;
+import org.apache.karaf.jaas.boot.principal.GroupPrincipal;
 import org.apache.karaf.jaas.boot.principal.RolePrincipal;
 import org.apache.karaf.jaas.boot.principal.UserPrincipal;
 import org.apache.karaf.jaas.modules.AbstractKarafLoginModule;
@@ -120,7 +122,20 @@ public class PublickeyLoginModule extends AbstractKarafLoginModule {
         principals = new HashSet<Principal>();
         principals.add(new UserPrincipal(user));
         for (int i = 1; i < infos.length; i++) {
-            principals.add(new RolePrincipal(infos[i]));
+            if (infos[i].startsWith(PropertiesBackingEngine.GROUP_PREFIX)) {
+                // it's a group reference
+                principals.add(new GroupPrincipal(infos[i].substring(PropertiesBackingEngine.GROUP_PREFIX.length())));
+                String groupInfo = (String) users.get(infos[i]);
+                if (groupInfo != null) {
+                    String[] roles = groupInfo.split(",");
+                    for (int j = 1; j < roles.length; j++) {
+                        principals.add(new RolePrincipal(roles[j]));
+                    }
+                }
+            } else {
+                // it's an user reference
+                principals.add(new RolePrincipal(infos[i]));
+            }
         }
 
         users.clear();