You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lenya.apache.org by an...@apache.org on 2008/03/19 17:35:05 UTC
svn commit: r638929 - in /lenya/branches/branch_1_2_x_shibboleth/src:
java/org/apache/lenya/ java/org/apache/lenya/ac/
java/org/apache/lenya/ac/impl/ webapp/WEB-INF/
webapp/lenya/pubs/default/config/ac/
Author: andreas
Date: Wed Mar 19 09:34:57 2008
New Revision: 638929
URL: http://svn.apache.org/viewvc?rev=638929&view=rev
Log:
Allow to configure the authenticator in ac.xconf.
Modified:
lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/Authenticator.java
lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/DefaultAccessController.java
lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/lenya.roles
lenya/branches/branch_1_2_x_shibboleth/src/webapp/WEB-INF/cocoon-xconf.xsl
lenya/branches/branch_1_2_x_shibboleth/src/webapp/lenya/pubs/default/config/ac/ac.xconf
Modified: lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/Authenticator.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/Authenticator.java?rev=638929&r1=638928&r2=638929&view=diff
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/Authenticator.java (original)
+++ lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/Authenticator.java Wed Mar 19 09:34:57 2008
@@ -31,6 +31,11 @@
* Avalon role.
*/
String ROLE = Authenticator.class.getName();
+
+ /**
+ * The default authenticator type.
+ */
+ String DEFAULT_AUTHENTICATOR = "user";
/**
* Authenticates a request.
Modified: lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/DefaultAccessController.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/DefaultAccessController.java?rev=638929&r1=638928&r2=638929&view=diff
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/DefaultAccessController.java (original)
+++ lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/DefaultAccessController.java Wed Mar 19 09:34:57 2008
@@ -57,6 +57,7 @@
/**
* Default access controller implementation.
+ *
* @version $Id: DefaultAccessController.java 473842 2006-11-12 01:15:20Z gregor $
*/
public class DefaultAccessController extends AbstractLogEnabled implements AccessController,
@@ -66,6 +67,7 @@
protected static final String TYPE_ATTRIBUTE = "type";
protected static final String ACCREDITABLE_MANAGER_ELEMENT = "accreditable-manager";
protected static final String POLICY_MANAGER_ELEMENT = "policy-manager";
+ protected static final String AUTHENTICATOR_ELEMENT = "authenticator";
private static final String REGEX = "([0-9]{1,3}\\.){3}[0-9]{1,3}";
private ServiceSelector accreditableManagerSelector;
@@ -75,10 +77,12 @@
private List authorizerKeys = new ArrayList();
private ServiceSelector policyManagerSelector;
private PolicyManager policyManager;
+ private ServiceSelector authenticatorSelector;
private Authenticator authenticator;
/**
- * @see org.apache.lenya.ac.AccessController#authenticate(org.apache.cocoon.environment.Request, ErrorHandler)
+ * @see org.apache.lenya.ac.AccessController#authenticate(org.apache.cocoon.environment.Request,
+ * ErrorHandler)
*/
public boolean authenticate(Request request, ErrorHandler handler)
throws AccessControlException {
@@ -150,7 +154,7 @@
setupAccreditableManager(conf);
setupAuthorizers(conf);
setupPolicyManager(conf);
- setupAuthenticator();
+ setupAuthenticator(conf);
} catch (ConfigurationException e) {
throw e;
} catch (Exception e) {
@@ -208,7 +212,6 @@
/**
* Creates the authorizers.
- *
* @param configuration The access controller configuration.
* @throws ConfigurationException when the configuration failed.
* @throws ServiceException when something went wrong.
@@ -236,7 +239,6 @@
/**
* Creates the policy manager.
- *
* @param configuration The access controller configuration.
* @throws ConfigurationException when the configuration failed.
* @throws ServiceException when something went wrong.
@@ -260,18 +262,24 @@
/**
* Sets up the authenticator.
- *
- * @throws ServiceException when something went wrong.
+ * @param config The access controller configuration.
+ * @throws Exception when something went wrong.
*/
- protected void setupAuthenticator() throws ServiceException {
- authenticator = (Authenticator) manager.lookup(Authenticator.ROLE);
+ protected void setupAuthenticator(Configuration config) throws Exception {
+ Configuration authConfig = config.getChild(AUTHENTICATOR_ELEMENT, false);
+ String type = authConfig == null ? Authenticator.DEFAULT_AUTHENTICATOR : authConfig
+ .getAttribute(TYPE_ATTRIBUTE);
+
+ this.authenticatorSelector = (ServiceSelector) manager.lookup(Authenticator.ROLE
+ + "Selector");
+ this.authenticator = (Authenticator) this.authenticatorSelector.select(type);
+ configureOrParameterize(this.authenticator, authConfig);
}
private ServiceManager manager;
/**
* Set the global component manager.
- *
* @param manager The global component manager
* @throws ServiceException when something went wrong.
*/
@@ -281,7 +289,6 @@
/**
* Returns the service manager.
- *
* @return A service manager.
*/
protected ServiceManager getManager() {
@@ -305,8 +312,7 @@
}
/**
- * Returns if this action has authorizers.
- *
+ * Returns if this access controller has authorizers.
* @return A boolean value.
*/
protected boolean hasAuthorizers() {
@@ -341,8 +347,11 @@
getManager().release(authorizerSelector);
}
- if (authenticator != null) {
- getManager().release(authenticator);
+ if (this.authenticatorSelector != null) {
+ if (this.authenticator != null) {
+ this.authenticatorSelector.release(this.authenticator);
+ }
+ getManager().release(this.authenticatorSelector);
}
if (getLogger().isDebugEnabled()) {
@@ -352,7 +361,6 @@
/**
* Returns the accreditable manager.
- *
* @return An accreditable manager.
*/
public AccreditableManager getAccreditableManager() {
@@ -370,7 +378,6 @@
/**
* Returns the authenticator.
- *
* @return The authenticator.
*/
public Authenticator getAuthenticator() {
@@ -407,7 +414,6 @@
/**
* Checks if the session contains an identity that is not null and belongs
* to the used access controller.
- *
* @param session The current session.
* @return A boolean value.
* @throws AccessControlException when something went wrong.
Modified: lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/lenya.roles
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/lenya.roles?rev=638929&r1=638928&r2=638929&view=diff
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/lenya.roles (original)
+++ lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/lenya.roles Wed Mar 19 09:34:57 2008
@@ -44,6 +44,10 @@
<hint shorthand="usecase" class="org.apache.lenya.cms.ac.usecase.UsecaseAuthorizer"/>
</role>
+ <role name="org.apache.lenya.ac.AuthenticatorSelector"
+ shorthand="authenticators"
+ default-class="org.apache.avalon.excalibur.component.ExcaliburComponentSelector"/>
+
<role name="org.apache.lenya.ac.PolicyManagerSelector"
shorthand="policy-managers"
default-class="org.apache.avalon.excalibur.component.ExcaliburComponentSelector">
Modified: lenya/branches/branch_1_2_x_shibboleth/src/webapp/WEB-INF/cocoon-xconf.xsl
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/webapp/WEB-INF/cocoon-xconf.xsl?rev=638929&r1=638928&r2=638929&view=diff
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/webapp/WEB-INF/cocoon-xconf.xsl (original)
+++ lenya/branches/branch_1_2_x_shibboleth/src/webapp/WEB-INF/cocoon-xconf.xsl Wed Mar 19 09:34:57 2008
@@ -213,24 +213,14 @@
</component-instance>
</access-controller-resolvers>
- <component logger="lenya.ac.authenticator"
- class="org.apache.lenya.ac.shibboleth.ShibbolethAuthenticator"
- role="org.apache.lenya.ac.Authenticator">
- <redirect-to-wayf>true</redirect-to-wayf>
- </component>
-<!--
- <component logger="lenya.ac.authenticator"
- class="org.apache.lenya.ac.impl.UserAuthenticator"
- role="org.apache.lenya.ac.Authenticator"/>
--->
- <xsl:comment>
-Enable this authenticator and disable the UserAuthenticator for anonymous authentication (useful for client certs, for instance)
-
-<component logger="lenya.ac.authenticator"
- class="org.apache.lenya.ac.impl.AnonymousAuthenticator"
- role="org.apache.lenya.ac.Authenticator"/>
-</xsl:comment>
-
+ <authenticators>
+ <component-instance name="user" class="org.apache.lenya.ac.impl.UserAuthenticator"/>
+ <component-instance name="shibboleth" class="org.apache.lenya.ac.shibboleth.ShibbolethAuthenticator">
+ <redirect-to-wayf>true</redirect-to-wayf>
+ </component-instance>
+ <component-instance name="anonymous" class="org.apache.lenya.ac.impl.AnonymousAuthenticator"/>
+ </authenticators>
+
<component logger="lenya.ac.cache"
class="org.apache.lenya.ac.cache.SourceCacheImpl"
role="org.apache.lenya.ac.cache.SourceCache"/>
Modified: lenya/branches/branch_1_2_x_shibboleth/src/webapp/lenya/pubs/default/config/ac/ac.xconf
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/webapp/lenya/pubs/default/config/ac/ac.xconf?rev=638929&r1=638928&r2=638929&view=diff
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/webapp/lenya/pubs/default/config/ac/ac.xconf (original)
+++ lenya/branches/branch_1_2_x_shibboleth/src/webapp/lenya/pubs/default/config/ac/ac.xconf Wed Mar 19 09:34:57 2008
@@ -44,4 +44,6 @@
<authorizer type="workflow"/>
+ <authenticator type="shibboleth"/>
+
</access-controller>
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@lenya.apache.org
For additional commands, e-mail: commits-help@lenya.apache.org