You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2005/07/08 00:42:03 UTC
cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm JAASMemoryLoginModule.java JAASRealm.java LocalStrings.properties MemoryRealm.java
markt 2005/07/07 15:42:03
Modified: catalina/src/share/org/apache/catalina/realm
JAASMemoryLoginModule.java JAASRealm.java
LocalStrings.properties MemoryRealm.java
Log:
Fix bug 16274. Essentially a port from TC%, mainly of Costin's work.
The JAAS realm is still experimental but it can now be used to authenticate against
tomcat-users.xml.
Revision Changes Path
1.3 +12 -194 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JAASMemoryLoginModule.java
Index: JAASMemoryLoginModule.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JAASMemoryLoginModule.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- JAASMemoryLoginModule.java 26 Aug 2004 21:37:21 -0000 1.2
+++ JAASMemoryLoginModule.java 7 Jul 2005 22:42:03 -0000 1.3
@@ -18,14 +18,11 @@
package org.apache.catalina.realm;
-import java.beans.PropertyChangeListener;
import java.io.File;
import java.io.IOException;
-import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import java.security.Principal;
-import java.security.cert.X509Certificate;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
@@ -35,8 +32,6 @@
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
-import org.apache.catalina.Container;
-import org.apache.catalina.Realm;
import org.apache.commons.digester.Digester;
@@ -69,7 +64,13 @@
* @version $Revision$ $Date$
*/
-public class JAASMemoryLoginModule implements LoginModule, Realm {
+public class JAASMemoryLoginModule extends MemoryRealm implements LoginModule {
+
+ /**
+ * Descriptive information about this Realm implementation.
+ */
+ protected final String info =
+ "org.apache.catalina.realm.JAASMemoryLoginModule/1.0";
// ----------------------------------------------------- Instance Variables
@@ -135,35 +136,6 @@
/**
- * Add a new user to the in-memory database.
- *
- * @param username User's username
- * @param password User's password (clear text)
- * @param roles Comma-delimited set of roles associated with this user
- */
- void addUser(String username, String password, String roles) {
-
- // Accumulate the list of roles for this user
- ArrayList list = new ArrayList();
- roles += ",";
- while (true) {
- int comma = roles.indexOf(',');
- if (comma < 0)
- break;
- String role = roles.substring(0, comma).trim();
- list.add(role);
- roles = roles.substring(comma + 1);
- }
-
- // Construct and cache the Principal for this user
- GenericPrincipal principal =
- new GenericPrincipal(this, username, password, list);
- principals.put(username, principal);
-
- }
-
-
- /**
* Phase 2 of authenticating a <code>Subject</code> when Phase 1
* fails. This method is called if the <code>LoginContext</code>
* failed somewhere in the overall authentication chain.
@@ -283,7 +255,7 @@
}
// Validate the username and password we have received
- principal = null; // FIXME - look up and check password
+ principal = super.authenticate(username, password);
// Report results based on success or failure
if (principal != null) {
@@ -316,29 +288,6 @@
// ---------------------------------------------------------- Realm Methods
-
- /**
- * Return the Container with which this Realm has been associated.
- */
- public Container getContainer() {
-
- return (null);
-
- }
-
-
- /**
- * Set the Container with which this Realm has been associated.
- *
- * @param container The associated Container
- */
- public void setContainer(Container container) {
-
- ;
-
- }
-
-
/**
* Return descriptive information about this Realm implementation and
* the corresponding version number, in the format
@@ -346,113 +295,7 @@
*/
public String getInfo() {
- return (null);
-
- }
-
-
- /**
- * Add a property change listener to this component.
- *
- * @param listener The listener to add
- */
- public void addPropertyChangeListener(PropertyChangeListener listener) {
-
- ;
-
- }
-
-
- /**
- * Return the Principal associated with the specified username and
- * credentials, if there is one; otherwise return <code>null</code>.
- *
- * @param username Username of the Principal to look up
- * @param credentials Password or other credentials to use in
- * authenticating this username
- */
- public Principal authenticate(String username, String credentials) {
-
- return (null);
-
- }
-
-
- /**
- * Return the Principal associated with the specified username and
- * credentials, if there is one; otherwise return <code>null</code>.
- *
- * @param username Username of the Principal to look up
- * @param credentials Password or other credentials to use in
- * authenticating this username
- */
- public Principal authenticate(String username, byte[] credentials) {
-
- return (null);
-
- }
-
-
- /**
- * Return the Principal associated with the specified username, which
- * matches the digest calculated using the given parameters using the
- * method described in RFC 2069; otherwise return <code>null</code>.
- *
- * @param username Username of the Principal to look up
- * @param digest Digest which has been submitted by the client
- * @param nonce Unique (or supposedly unique) token which has been used
- * for this request
- * @param realm Realm name
- * @param md5a2 Second MD5 digest used to calculate the digest :
- * MD5(Method + ":" + uri)
- */
- public Principal authenticate(String username, String digest,
- String nonce, String nc, String cnonce,
- String qop, String realm,
- String md5a2) {
-
- return (null);
-
- }
-
-
- /**
- * Return the Principal associated with the specified chain of X509
- * client certificates. If there is none, return <code>null</code>.
- *
- * @param certs Array of client certificates, with the first one in
- * the array being the certificate of the client itself.
- */
- public Principal authenticate(X509Certificate certs[]) {
-
- return (null);
-
- }
-
-
- /**
- * Return <code>true</code> if the specified Principal has the specified
- * security role, within the context of this Realm; otherwise return
- * <code>false</code>.
- *
- * @param principal Principal for whom the role is to be checked
- * @param role Security role to be checked
- */
- public boolean hasRole(Principal principal, String role) {
-
- return (false);
-
- }
-
-
- /**
- * Remove a property change listener from this component.
- *
- * @param listener The listener to remove
- */
- public void removePropertyChangeListener(PropertyChangeListener listener) {
-
- ;
+ return info;
}
@@ -485,36 +328,11 @@
log("Error processing configuration file " +
file.getAbsolutePath(), e);
return;
+ } finally {
+ digester.push(null);
}
}
- /**
- * Log a message.
- *
- * @param message The message to be logged
- */
- protected void log(String message) {
-
- System.out.print("JAASMemoryLoginModule: ");
- System.out.println(message);
-
- }
-
-
- /**
- * Log a message and associated exception.
- *
- * @param message The message to be logged
- * @param exception The associated exception
- */
- protected void log(String message, Throwable exception) {
-
- log(message);
- exception.printStackTrace(System.out);
-
- }
-
-
}
1.7 +21 -5 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JAASRealm.java
Index: JAASRealm.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JAASRealm.java,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- JAASRealm.java 27 Nov 2004 18:29:44 -0000 1.6
+++ JAASRealm.java 7 Jul 2005 22:42:03 -0000 1.7
@@ -19,7 +19,9 @@
import java.security.Principal;
+import java.security.acl.Group;
import java.util.ArrayList;
+import java.util.Enumeration;
import java.util.Iterator;
import javax.security.auth.Subject;
import javax.security.auth.login.AccountExpiredException;
@@ -270,7 +272,7 @@
}
// Return the appropriate Principal for this authenticated Subject
- Principal principal = createPrincipal(subject);
+ Principal principal = createPrincipal(username, subject);
if (principal == null) {
log(sm.getString("jaasRealm.authenticateError", username));
return (null);
@@ -326,9 +328,8 @@
*
* @param subject The Subject representing the logged in user
*/
- protected Principal createPrincipal(Subject subject) {
+ protected Principal createPrincipal(String username, Subject subject) {
// Prepare to scan the Principals for this Subject
- String username = null;
String password = null; // Will not be carried forward
ArrayList roles = new ArrayList();
@@ -336,13 +337,28 @@
Iterator principals = subject.getPrincipals().iterator();
while (principals.hasNext()) {
Principal principal = (Principal) principals.next();
+ if (principal instanceof GenericPrincipal) {
+ // No need to look any further
+ return principal;
+ }
String principalClass = principal.getClass().getName();
- if ((username == null) && userClasses.contains(principalClass)) {
+ if (userClasses.contains(principalClass)) {
+ // Override the default which is the original user, accepted by
+ // the LoginManager
username = principal.getName();
}
if (roleClasses.contains(principalClass)) {
roles.add(principal.getName());
}
+ if ((principal instanceof Group) &&
+ "Roles".equals(principal.getName())) {
+ Group grp = (Group) principal;
+ Enumeration en = grp.members();
+ while (en.hasMoreElements()) {
+ Principal roleP = (Principal) en.nextElement();
+ roles.add(roleP.getName());
+ }
+ }
}
// Create the resulting Principal for our authenticated user
1.12 +2 -1 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/LocalStrings.properties
Index: LocalStrings.properties
===================================================================
RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/LocalStrings.properties,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- LocalStrings.properties 3 Feb 2005 22:47:07 -0000 1.11
+++ LocalStrings.properties 7 Jul 2005 22:42:03 -0000 1.12
@@ -5,6 +5,7 @@
# package org.apache.catalina.realm
jaasRealm.accountExpired=Username {0} NOT authenticated due to expired account
+jaasRealm.authenticateError=Failed to create principal for username {0}
jaasRealm.authenticateSuccess=Username {0} successfully authenticated
jaasRealm.credentialExpired=Username {0} NOT authenticated due to expired credential
jaasRealm.failedLogin=Username {0} NOT authenticated due to failed login
1.16 +2 -2 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/MemoryRealm.java
Index: MemoryRealm.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/MemoryRealm.java,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- MemoryRealm.java 27 Nov 2004 18:29:44 -0000 1.15
+++ MemoryRealm.java 7 Jul 2005 22:42:03 -0000 1.16
@@ -42,7 +42,7 @@
* @version $Revision$ $Date$
*/
-public final class MemoryRealm
+public class MemoryRealm
extends RealmBase {
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org