You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by ta...@apache.org on 2007/01/13 03:15:51 UTC
svn commit: r495818 - in /portals/jetspeed-2/trunk: applications/gems/
applications/gems/src/java/org/apache/portals/gems/browser/
commons/src/java/org/apache/jetspeed/security/
components/page-manager/src/java/org/apache/jetspeed/om/page/impl/ compone...
Author: taylor
Date: Fri Jan 12 18:15:50 2007
New Revision: 495818
URL: http://svn.apache.org/viewvc?view=rev&rev=495818
Log:
https://issues.apache.org/jira/browse/JS2-640
When running Jetspeed with a Security Manager enabled, Java does not always run privileged actions with the last Subject associated with "Subject.doAsPrivileged"
In order to ensure that the Jetspeed subject is the active subject, we have implemented JSSubject, which ensures that the Jetspeed subject is always the active subject.
patch from Hajo Birthelmer
Added:
portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/JSSubject.java
Modified:
portals/jetspeed-2/trunk/applications/gems/project.xml
portals/jetspeed-2/trunk/applications/gems/src/java/org/apache/portals/gems/browser/DatabaseBrowserPortlet.java
portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/BaseElementImpl.java
portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/psml/AbstractBaseElement.java
portals/jetspeed-2/trunk/components/page-manager/src/test/org/apache/jetspeed/page/PageManagerTestShared.java
portals/jetspeed-2/trunk/components/portal-site/src/java/org/apache/jetspeed/portalsite/impl/PortalSiteSessionContextImpl.java
portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/administration/PortalAdministrationImpl.java
portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/aggregator/impl/WorkerImpl.java
portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/AbstractSecurityValve.java
portals/jetspeed-2/trunk/components/portal/src/test/org/apache/jetspeed/aggregator/TestAggregator.java
portals/jetspeed-2/trunk/components/portal/src/test/org/apache/jetspeed/layout/TestConstraintsAction.java
portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/impl/PermissionManagerImpl.java
portals/jetspeed-2/trunk/components/security/src/test/org/apache/jetspeed/security/TestRdbmsPolicy.java
portals/jetspeed-2/trunk/components/security/src/test/org/apache/jetspeed/security/TestRdbmsPolicyFolder.java
portals/jetspeed-2/trunk/components/security/src/test/org/apache/jetspeed/security/TestUserManager.java
portals/jetspeed-2/trunk/components/web-content/src/java/org/apache/jetspeed/portlet/SSOIFramePortlet.java
portals/jetspeed-2/trunk/components/web-content/src/java/org/apache/jetspeed/portlet/SSOWebContentPortlet.java
portals/jetspeed-2/trunk/components/web-content/src/java/org/apache/jetspeed/portlet/sso/SSOProxyPortlet.java
Modified: portals/jetspeed-2/trunk/applications/gems/project.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/applications/gems/project.xml?view=diff&rev=495818&r1=495817&r2=495818
==============================================================================
--- portals/jetspeed-2/trunk/applications/gems/project.xml (original)
+++ portals/jetspeed-2/trunk/applications/gems/project.xml Fri Jan 12 18:15:50 2007
@@ -73,6 +73,15 @@
<version>1.0</version>
<type>jar</type>
</dependency>
+ <dependency>
+ <id>org.apache.portals.jetspeed-2:jetspeed-commons</id>
+ <version>${jetspeed.version}</version>
+ <type>jar</type>
+ <properties>
+ <war.bundle>false</war.bundle>
+ </properties>
+ </dependency>
+
<dependency>
<id>org.apache.pluto:pluto</id>
<version>${pluto.version}</version>
Modified: portals/jetspeed-2/trunk/applications/gems/src/java/org/apache/portals/gems/browser/DatabaseBrowserPortlet.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/applications/gems/src/java/org/apache/portals/gems/browser/DatabaseBrowserPortlet.java?view=diff&rev=495818&r1=495817&r2=495818
==============================================================================
--- portals/jetspeed-2/trunk/applications/gems/src/java/org/apache/portals/gems/browser/DatabaseBrowserPortlet.java (original)
+++ portals/jetspeed-2/trunk/applications/gems/src/java/org/apache/portals/gems/browser/DatabaseBrowserPortlet.java Fri Jan 12 18:15:50 2007
@@ -43,6 +43,7 @@
import javax.sql.DataSource;
import org.apache.commons.dbcp.BasicDataSource;
+import org.apache.jetspeed.security.JSSubject;
import org.apache.jetspeed.sso.SSOContext;
import org.apache.jetspeed.sso.SSOException;
import org.apache.portals.bridges.util.PreferencesHelper;
@@ -368,6 +369,6 @@
private Subject getSubject()
{
AccessControlContext context = AccessController.getContext();
- return Subject.getSubject(context);
+ return JSSubject.getSubject(context);
}
}
Added: portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/JSSubject.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/JSSubject.java?view=auto&rev=495818
==============================================================================
--- portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/JSSubject.java (added)
+++ portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/JSSubject.java Fri Jan 12 18:15:50 2007
@@ -0,0 +1,246 @@
+/* Copyright 2004 Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jetspeed.security;
+
+/**
+ * Wrapper for the javax.security.auth.Subject class.
+ * Due to a design oversight in JAAS 1.0, the javax.security.auth.Subject.getSubject method does not return the Subject
+ * that is associated with the running thread !inside! a java.security.AccessController.doPrivileged code block.
+ * As a result, the current subject cannot be determined correctly.
+ * This class uses the ThreadLocal mechanism to carry the thread-specific instance of the subject
+ * @author hajo
+ *
+ */
+
+import javax.security.auth.*;
+import java.util.*;
+import java.io.*;
+import java.lang.reflect.*;
+import java.text.MessageFormat;
+import java.security.AccessController;
+import java.security.AccessControlContext;
+import java.security.DomainCombiner;
+import java.security.Permission;
+import java.security.PermissionCollection;
+import java.security.Principal;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedExceptionAction;
+import java.security.PrivilegedActionException;
+import java.security.ProtectionDomain;
+import sun.security.util.ResourcesMgr;
+import sun.security.util.SecurityConstants;
+
+
+
+public class JSSubject implements java.io.Serializable
+{
+
+ private static final long serialVersionUID = -8308522755600156057L;
+
+ static ThreadLocal threadLocal =
+ new ThreadLocal();
+
+
+
+
+
+ /**
+ * Get the <code>Subject</code> associated with the provided
+ * <code>AccessControlContext</code> fromn the current Thread or from the standard SUBJECT mechansim
+ * <p>
+ *
+ * @param acc the <code>AccessControlContext</code> from which to retrieve
+ * the <code>Subject</code>. Only used if current thread doesn't carry subject
+ *
+ * @return the <code>Subject</code> associated with the provided
+ * <code>AccessControlContext</code>, or <code>null</code>
+ * if no <code>Subject</code> is associated
+ * with the provided <code>AccessControlContext</code>.
+ *
+ * @exception SecurityException if the caller does not have permission
+ * to get the <code>Subject</code>. <p>
+ *
+ * @exception NullPointerException if the provided
+ * <code>AccessControlContext</code> is <code>null</code>.
+ */
+ public static Subject getSubject(final AccessControlContext acc)
+ {
+ Subject s = null;
+ try
+ {
+ s= (Subject)threadLocal.get();
+ }
+ catch (Exception e)
+ {}
+ if (s == null)
+ return Subject.getSubject(acc);
+ else
+ return s;
+ }
+
+ /**
+ * Perform work as a particular <code>Subject</code> after setting subject reference in current thread
+ *
+ * @param subject the <code>Subject</code> that the specified
+ * <code>action</code> will run as. This parameter
+ * may be <code>null</code>. <p>
+ *
+ * @param action the code to be run as the specified
+ * <code>Subject</code>. <p>
+ *
+ * @return the <code>Object</code> returned by the PrivilegedAction's
+ * <code>run</code> method.
+ *
+ * @exception NullPointerException if the <code>PrivilegedAction</code>
+ * is <code>null</code>. <p>
+ *
+ * @exception SecurityException if the caller does not have permission
+ * to invoke this method.
+ */
+ public static Object doAs(final Subject subject1,
+ final java.security.PrivilegedAction action)
+ {
+ Subject subject = subject1;
+ if (subject == null)
+ subject = JSSubject.getSubject(null);
+ threadLocal.set(subject);
+ if (subject != null)
+ return subject.doAs(subject,action);
+ else
+ return Subject.doAs(subject,action);
+
+ }
+
+ /**
+ * Perform work as a particular <code>Subject</code> after setting subject reference in current thread.
+ *
+ *
+ * @param subject the <code>Subject</code> that the specified
+ * <code>action</code> will run as. This parameter
+ * may be <code>null</code>. <p>
+ *
+ * @param action the code to be run as the specified
+ * <code>Subject</code>. <p>
+ *
+ * @return the <code>Object</code> returned by the
+ * PrivilegedExceptionAction's <code>run</code> method.
+ *
+ * @exception PrivilegedActionException if the
+ * <code>PrivilegedExceptionAction.run</code>
+ * method throws a checked exception. <p>
+ *
+ * @exception NullPointerException if the specified
+ * <code>PrivilegedExceptionAction</code> is
+ * <code>null</code>. <p>
+ *
+ * @exception SecurityException if the caller does not have permission
+ * to invoke this method.
+ */
+ public static Object doAs(final Subject subject1,
+ final java.security.PrivilegedExceptionAction action)
+ throws java.security.PrivilegedActionException
+ {
+ Subject subject = subject1;
+ if (subject == null)
+ subject = JSSubject.getSubject(null);
+ threadLocal.set(subject);
+ if (subject != null)
+ return subject.doAs(subject,action);
+ else
+ return Subject.doAs(subject,action);
+ }
+ /**
+ * Perform privileged work as a particular <code>Subject</code> after setting subject reference in current thread.
+ *
+ *
+ * @param subject the <code>Subject</code> that the specified
+ * <code>action</code> will run as. This parameter
+ * may be <code>null</code>. <p>
+ *
+ * @param action the code to be run as the specified
+ * <code>Subject</code>. <p>
+ *
+ * @param acc the <code>AccessControlContext</code> to be tied to the
+ * specified <i>subject</i> and <i>action</i>. <p>
+ *
+ * @return the <code>Object</code> returned by the PrivilegedAction's
+ * <code>run</code> method.
+ *
+ * @exception NullPointerException if the <code>PrivilegedAction</code>
+ * is <code>null</code>. <p>
+ *
+ * @exception SecurityException if the caller does not have permission
+ * to invoke this method.
+ */
+ public static Object doAsPrivileged(final Subject subject1,
+ final java.security.PrivilegedAction action,
+ final java.security.AccessControlContext acc) {
+ Subject subject = subject1;
+ if (subject == null)
+ subject = JSSubject.getSubject(acc);
+ threadLocal.set(subject);
+ if (subject != null)
+ return subject.doAsPrivileged(subject,action,acc);
+ else
+ return Subject.doAsPrivileged(subject,action,acc);
+
+ }
+
+
+ /**
+ * Perform privileged work as a particular <code>Subject</code> after setting subject reference in current thread.
+ *
+ *
+ * @param subject the <code>Subject</code> that the specified
+ * <code>action</code> will run as. This parameter
+ * may be <code>null</code>. <p>
+ *
+ * @param action the code to be run as the specified
+ * <code>Subject</code>. <p>
+ *
+ * @param acc the <code>AccessControlContext</code> to be tied to the
+ * specified <i>subject</i> and <i>action</i>. <p>
+ *
+ * @return the <code>Object</code> returned by the
+ * PrivilegedExceptionAction's <code>run</code> method.
+ *
+ * @exception PrivilegedActionException if the
+ * <code>PrivilegedExceptionAction.run</code>
+ * method throws a checked exception. <p>
+ *
+ * @exception NullPointerException if the specified
+ * <code>PrivilegedExceptionAction</code> is
+ * <code>null</code>. <p>
+ *
+ * @exception SecurityException if the caller does not have permission
+ * to invoke this method.
+ */
+ public static Object doAsPrivileged(final Subject subject,
+ final java.security.PrivilegedExceptionAction action,
+ final java.security.AccessControlContext acc)
+ throws java.security.PrivilegedActionException {
+ Subject s = subject;
+ if (s == null)
+ s = JSSubject.getSubject(acc);
+ threadLocal.set(s);
+ if (s != null)
+ return s.doAsPrivileged(s,action,acc);
+ else
+ return Subject.doAsPrivileged(s,action,acc);
+
+ }
+
+
+}
Modified: portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/BaseElementImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/BaseElementImpl.java?view=diff&rev=495818&r1=495817&r2=495818
==============================================================================
--- portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/BaseElementImpl.java (original)
+++ portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/BaseElementImpl.java Fri Jan 12 18:15:50 2007
@@ -32,6 +32,7 @@
import org.apache.jetspeed.page.impl.DatabasePageManagerUtils;
import org.apache.jetspeed.security.FolderPermission;
import org.apache.jetspeed.security.GroupPrincipal;
+import org.apache.jetspeed.security.JSSubject;
import org.apache.jetspeed.security.PagePermission;
import org.apache.jetspeed.security.PortalResourcePermission;
import org.apache.jetspeed.security.RolePrincipal;
@@ -351,10 +352,10 @@
}
// get current request context subject
- Subject subject = Subject.getSubject(AccessController.getContext());
+ Subject subject = JSSubject.getSubject(AccessController.getContext());
if (subject == null)
{
- throw new SecurityException("BaseElementImpl.checkConstraints(): Missing Subject.");
+ throw new SecurityException("BaseElementImpl.checkConstraints(): Missing JSSubject.");
}
// get user/group/role principal names
Modified: portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/psml/AbstractBaseElement.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/psml/AbstractBaseElement.java?view=diff&rev=495818&r1=495817&r2=495818
==============================================================================
--- portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/psml/AbstractBaseElement.java (original)
+++ portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/psml/AbstractBaseElement.java Fri Jan 12 18:15:50 2007
@@ -27,6 +27,7 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.jetspeed.JetspeedActions;
import org.apache.jetspeed.om.common.SecuredResource;
import org.apache.jetspeed.om.common.SecurityConstraint;
import org.apache.jetspeed.om.common.SecurityConstraints;
@@ -39,11 +40,11 @@
import org.apache.jetspeed.page.document.psml.NodeSetImpl;
import org.apache.jetspeed.security.FolderPermission;
import org.apache.jetspeed.security.GroupPrincipal;
+import org.apache.jetspeed.security.JSSubject;
import org.apache.jetspeed.security.PagePermission;
+import org.apache.jetspeed.security.PortalResourcePermission;
import org.apache.jetspeed.security.RolePrincipal;
import org.apache.jetspeed.security.UserPrincipal;
-import org.apache.jetspeed.security.PortalResourcePermission;
-import org.apache.jetspeed.JetspeedActions;
/**
@@ -258,10 +259,10 @@
}
// get current request context subject
- Subject subject = Subject.getSubject(AccessController.getContext());
+ Subject subject = JSSubject.getSubject(AccessController.getContext());
if (subject == null)
{
- throw new SecurityException("AbstractBaseElement.checkConstraints(): Missing Subject.");
+ throw new SecurityException("AbstractBaseElement.checkConstraints(): Missing JSSubject");
}
// get user/group/role principal names
Modified: portals/jetspeed-2/trunk/components/page-manager/src/test/org/apache/jetspeed/page/PageManagerTestShared.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/page-manager/src/test/org/apache/jetspeed/page/PageManagerTestShared.java?view=diff&rev=495818&r1=495817&r2=495818
==============================================================================
--- portals/jetspeed-2/trunk/components/page-manager/src/test/org/apache/jetspeed/page/PageManagerTestShared.java (original)
+++ portals/jetspeed-2/trunk/components/page-manager/src/test/org/apache/jetspeed/page/PageManagerTestShared.java Fri Jan 12 18:15:50 2007
@@ -61,7 +61,7 @@
import org.apache.jetspeed.page.psml.CastorXmlPageManager;
import org.apache.jetspeed.security.FolderPermission;
import org.apache.jetspeed.security.FragmentPermission;
-import org.apache.jetspeed.security.GroupPrincipal;
+import org.apache.jetspeed.security.JSSubject;
import org.apache.jetspeed.security.PagePermission;
import org.apache.jetspeed.security.RolePrincipal;
import org.apache.jetspeed.security.UserPrincipal;
@@ -219,7 +219,7 @@
Subject guestSubject = new Subject(true, principals, new HashSet(), new HashSet());
// setup test as admin user
- Exception setup = (Exception)Subject.doAsPrivileged(adminSubject, new PrivilegedAction()
+ Exception setup = (Exception)JSSubject.doAsPrivileged(adminSubject, new PrivilegedAction()
{
public Object run()
{
@@ -345,7 +345,7 @@
pageManager.reset();
// access test as admin user
- Exception adminAccess = (Exception)Subject.doAsPrivileged(adminSubject, new PrivilegedAction()
+ Exception adminAccess = (Exception)JSSubject.doAsPrivileged(adminSubject, new PrivilegedAction()
{
public Object run()
{
@@ -388,7 +388,7 @@
}
// access test as user user
- Exception userAccess = (Exception)Subject.doAsPrivileged(userSubject, new PrivilegedAction()
+ Exception userAccess = (Exception)JSSubject.doAsPrivileged(userSubject, new PrivilegedAction()
{
public Object run()
{
@@ -457,7 +457,7 @@
}
// access test as manager user
- Exception managerAccess = (Exception)Subject.doAsPrivileged(managerSubject, new PrivilegedAction()
+ Exception managerAccess = (Exception)JSSubject.doAsPrivileged(managerSubject, new PrivilegedAction()
{
public Object run()
{
@@ -517,7 +517,7 @@
}
// access test as guest user
- Exception guestAccess = (Exception)Subject.doAsPrivileged(guestSubject, new PrivilegedAction()
+ Exception guestAccess = (Exception)JSSubject.doAsPrivileged(guestSubject, new PrivilegedAction()
{
public Object run()
{
@@ -594,7 +594,7 @@
pageManager.reset();
// cleanup test as admin user
- Exception cleanup = (Exception)Subject.doAsPrivileged(adminSubject, new PrivilegedAction()
+ Exception cleanup = (Exception)JSSubject.doAsPrivileged(adminSubject, new PrivilegedAction()
{
public Object run()
{
Modified: portals/jetspeed-2/trunk/components/portal-site/src/java/org/apache/jetspeed/portalsite/impl/PortalSiteSessionContextImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/portal-site/src/java/org/apache/jetspeed/portalsite/impl/PortalSiteSessionContextImpl.java?view=diff&rev=495818&r1=495817&r2=495818
==============================================================================
--- portals/jetspeed-2/trunk/components/portal-site/src/java/org/apache/jetspeed/portalsite/impl/PortalSiteSessionContextImpl.java (original)
+++ portals/jetspeed-2/trunk/components/portal-site/src/java/org/apache/jetspeed/portalsite/impl/PortalSiteSessionContextImpl.java Fri Jan 12 18:15:50 2007
@@ -40,13 +40,13 @@
import org.apache.jetspeed.page.document.NodeException;
import org.apache.jetspeed.page.document.NodeNotFoundException;
import org.apache.jetspeed.page.document.NodeSet;
-import org.apache.jetspeed.portalsite.Menu;
import org.apache.jetspeed.portalsite.PortalSiteRequestContext;
import org.apache.jetspeed.portalsite.PortalSiteSessionContext;
import org.apache.jetspeed.portalsite.view.SiteView;
import org.apache.jetspeed.portalsite.view.SiteViewMenuDefinitionLocator;
import org.apache.jetspeed.profiler.ProfileLocator;
import org.apache.jetspeed.profiler.ProfileLocatorProperty;
+import org.apache.jetspeed.security.JSSubject;
import org.apache.jetspeed.security.UserPrincipal;
/**
@@ -679,7 +679,7 @@
// get current user principal; ignore derivative
// changes in role and group principals
String currentUserPrincipal = null;
- Subject subject = Subject.getSubject(AccessController.getContext());
+ Subject subject = JSSubject.getSubject(AccessController.getContext());
if (subject != null)
{
Iterator principals = subject.getPrincipals().iterator();
Modified: portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/administration/PortalAdministrationImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/administration/PortalAdministrationImpl.java?view=diff&rev=495818&r1=495817&r2=495818
==============================================================================
--- portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/administration/PortalAdministrationImpl.java (original)
+++ portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/administration/PortalAdministrationImpl.java Fri Jan 12 18:15:50 2007
@@ -28,7 +28,6 @@
import javax.portlet.PortletConfig;
import javax.portlet.PortletRequest;
import javax.portlet.PortletResponse;
-import javax.security.auth.Subject;
import org.apache.commons.configuration.Configuration;
import org.apache.commons.logging.Log;
@@ -40,7 +39,6 @@
import org.apache.jetspeed.om.folder.FolderNotFoundException;
import org.apache.jetspeed.om.folder.InvalidFolderException;
import org.apache.jetspeed.page.PageManager;
-import org.apache.jetspeed.page.PageNotUpdatedException;
import org.apache.jetspeed.page.document.NodeException;
import org.apache.jetspeed.prefs.PreferencesProvider;
import org.apache.jetspeed.prefs.om.Node;
@@ -48,6 +46,7 @@
import org.apache.jetspeed.profiler.rules.ProfilingRule;
import org.apache.jetspeed.request.RequestContext;
import org.apache.jetspeed.security.GroupManager;
+import org.apache.jetspeed.security.JSSubject;
import org.apache.jetspeed.security.RoleManager;
import org.apache.jetspeed.security.SecurityHelper;
import org.apache.jetspeed.security.User;
@@ -249,7 +248,7 @@
final PageManager innerPageManager = pageManager;
final String innerUser = userName;
User powerUser = userManager.getUser(this.adminUser);
- JetspeedException pe = (JetspeedException) Subject.doAsPrivileged(powerUser.getSubject(), new PrivilegedAction()
+ JetspeedException pe = (JetspeedException) JSSubject.doAsPrivileged(powerUser.getSubject(), new PrivilegedAction()
{
public Object run()
{
Modified: portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/aggregator/impl/WorkerImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/aggregator/impl/WorkerImpl.java?view=diff&rev=495818&r1=495817&r2=495818
==============================================================================
--- portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/aggregator/impl/WorkerImpl.java (original)
+++ portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/aggregator/impl/WorkerImpl.java Fri Jan 12 18:15:50 2007
@@ -26,6 +26,7 @@
import org.apache.jetspeed.aggregator.RenderingJob;
import org.apache.jetspeed.aggregator.Worker;
import org.apache.jetspeed.aggregator.WorkerMonitor;
+import org.apache.jetspeed.security.JSSubject;
/**
* Worker thread processes jobs and notify its WorkerMonitor when completed.
@@ -162,11 +163,11 @@
Subject subject = null;
if (this.context != null)
{
- subject = Subject.getSubject(this.context);
+ subject = JSSubject.getSubject(this.context);
}
if (subject != null)
{
- Subject.doAsPrivileged(subject, new PrivilegedAction()
+ JSSubject.doAsPrivileged(subject, new PrivilegedAction()
{
public Object run()
{
Modified: portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/AbstractSecurityValve.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/AbstractSecurityValve.java?view=diff&rev=495818&r1=495817&r2=495818
==============================================================================
--- portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/AbstractSecurityValve.java (original)
+++ portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/security/impl/AbstractSecurityValve.java Fri Jan 12 18:15:50 2007
@@ -17,6 +17,7 @@
import org.apache.jetspeed.pipeline.valve.SecurityValve;
import org.apache.jetspeed.pipeline.valve.ValveContext;
import org.apache.jetspeed.request.RequestContext;
+import org.apache.jetspeed.security.JSSubject;
/**
* <p>
@@ -77,7 +78,7 @@
*
* <p>
* Uses <code>getSubject()</code> to call <code>ValveContext.invokeNext()</code> via
- * <code>Subject.doAsPrivileged()</code>. This method also takes care of setting the value of
+ * <code>JSSubjectdoAsPrivileged()</code>. This method also takes care of setting the value of
* the <code>RequestContext.subject</code> property and the session attribute
* <code>org.apache.jetspeed.PortalReservedParameters.SESSION_KEY_SUBJECT</code>
* </p>
@@ -108,7 +109,7 @@
// the current subject
final ValveContext vc = context;
final RequestContext rc = request;
- PipelineException pe = (PipelineException) Subject.doAsPrivileged(subject, new PrivilegedAction()
+ PipelineException pe = (PipelineException) JSSubject.doAsPrivileged(subject, new PrivilegedAction()
{
public Object run()
{
Modified: portals/jetspeed-2/trunk/components/portal/src/test/org/apache/jetspeed/aggregator/TestAggregator.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/portal/src/test/org/apache/jetspeed/aggregator/TestAggregator.java?view=diff&rev=495818&r1=495817&r2=495818
==============================================================================
--- portals/jetspeed-2/trunk/components/portal/src/test/org/apache/jetspeed/aggregator/TestAggregator.java (original)
+++ portals/jetspeed-2/trunk/components/portal/src/test/org/apache/jetspeed/aggregator/TestAggregator.java Fri Jan 12 18:15:50 2007
@@ -21,7 +21,6 @@
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.HashMap;
-import java.util.List;
import javax.security.auth.Subject;
import javax.servlet.ServletConfig;
@@ -31,7 +30,6 @@
import junit.framework.TestCase;
import junit.framework.TestSuite;
-import org.apache.jetspeed.CommonPortletServices;
import org.apache.jetspeed.PortalReservedParameters;
import org.apache.jetspeed.capabilities.Capabilities;
import org.apache.jetspeed.components.portletregistry.PortletRegistry;
@@ -47,6 +45,7 @@
import org.apache.jetspeed.profiler.Profiler;
import org.apache.jetspeed.request.RequestContext;
import org.apache.jetspeed.request.RequestContextComponent;
+import org.apache.jetspeed.security.JSSubject;
import org.apache.jetspeed.security.SecurityHelper;
import org.apache.jetspeed.security.UserManager;
import org.apache.jetspeed.testhelpers.SpringEngineHelper;
@@ -183,7 +182,7 @@
requestContext.setCapabilityMap(capabilities.getCapabilityMap("Mozilla/5"));
requestContext.setPortalURL(navComponent.createURL(requestContext.getRequest(), requestContext.getCharacterEncoding()));
- Exception ex = (Exception) Subject.doAsPrivileged(subject, new PrivilegedAction()
+ Exception ex = (Exception) JSSubject.doAsPrivileged(subject, new PrivilegedAction()
{
public Object run()
{
Modified: portals/jetspeed-2/trunk/components/portal/src/test/org/apache/jetspeed/layout/TestConstraintsAction.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/portal/src/test/org/apache/jetspeed/layout/TestConstraintsAction.java?view=diff&rev=495818&r1=495817&r2=495818
==============================================================================
--- portals/jetspeed-2/trunk/components/portal/src/test/org/apache/jetspeed/layout/TestConstraintsAction.java (original)
+++ portals/jetspeed-2/trunk/components/portal/src/test/org/apache/jetspeed/layout/TestConstraintsAction.java Fri Jan 12 18:15:50 2007
@@ -38,6 +38,7 @@
import org.apache.jetspeed.pipeline.PipelineException;
import org.apache.jetspeed.request.JetspeedRequestContext;
import org.apache.jetspeed.request.RequestContext;
+import org.apache.jetspeed.security.JSSubject;
import org.apache.jetspeed.security.impl.RolePrincipalImpl;
import org.apache.jetspeed.security.impl.UserPrincipalImpl;
import org.apache.velocity.app.VelocityEngine;
@@ -267,7 +268,7 @@
principals.add(new RolePrincipalImpl("admin"));
Subject subject = new Subject(true, principals, new HashSet(), new HashSet());
- PipelineException pe = (PipelineException) Subject.doAsPrivileged(subject, new PrivilegedAction()
+ PipelineException pe = (PipelineException) JSSubject.doAsPrivileged(subject, new PrivilegedAction()
{
public Object run()
{
Modified: portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/impl/PermissionManagerImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/impl/PermissionManagerImpl.java?view=diff&rev=495818&r1=495817&r2=495818
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/impl/PermissionManagerImpl.java (original)
+++ portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/impl/PermissionManagerImpl.java Fri Jan 12 18:15:50 2007
@@ -33,6 +33,7 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.jetspeed.i18n.KeyedMessage;
+import org.apache.jetspeed.security.JSSubject;
import org.apache.jetspeed.security.PermissionManager;
import org.apache.jetspeed.security.RolePrincipal;
import org.apache.jetspeed.security.SecurityException;
@@ -504,8 +505,8 @@
{
try
{
- //Subject.doAs(subject, new PrivilegedAction()
- Subject.doAsPrivileged(subject, new PrivilegedAction()
+ //JSSubject.doAs(subject, new PrivilegedAction()
+ JSSubject.doAsPrivileged(subject, new PrivilegedAction()
{
public Object run()
{
Modified: portals/jetspeed-2/trunk/components/security/src/test/org/apache/jetspeed/security/TestRdbmsPolicy.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/test/org/apache/jetspeed/security/TestRdbmsPolicy.java?view=diff&rev=495818&r1=495817&r2=495818
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/test/org/apache/jetspeed/security/TestRdbmsPolicy.java (original)
+++ portals/jetspeed-2/trunk/components/security/src/test/org/apache/jetspeed/security/TestRdbmsPolicy.java Fri Jan 12 18:15:50 2007
@@ -160,7 +160,7 @@
// InternalPermission should be granted.
try
{
- Subject.doAsPrivileged(loginContext.getSubject(), new PrivilegedAction()
+ JSSubject.doAsPrivileged(loginContext.getSubject(), new PrivilegedAction()
{
public Object run()
{
@@ -180,7 +180,7 @@
// Should be denied.
try
{
- Subject.doAsPrivileged(loginContext.getSubject(), new PrivilegedAction()
+ JSSubject.doAsPrivileged(loginContext.getSubject(), new PrivilegedAction()
{
public Object run()
{
Modified: portals/jetspeed-2/trunk/components/security/src/test/org/apache/jetspeed/security/TestRdbmsPolicyFolder.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/test/org/apache/jetspeed/security/TestRdbmsPolicyFolder.java?view=diff&rev=495818&r1=495817&r2=495818
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/test/org/apache/jetspeed/security/TestRdbmsPolicyFolder.java (original)
+++ portals/jetspeed-2/trunk/components/security/src/test/org/apache/jetspeed/security/TestRdbmsPolicyFolder.java Fri Jan 12 18:15:50 2007
@@ -101,7 +101,7 @@
try
{
- Subject.doAs(loginContext.getSubject(), new PrivilegedAction()
+ JSSubject.doAs(loginContext.getSubject(), new PrivilegedAction()
{
public Object run()
{
@@ -119,7 +119,7 @@
// Should be denied.
try
{
- Subject.doAs(loginContext.getSubject(), new PrivilegedAction()
+ JSSubject.doAs(loginContext.getSubject(), new PrivilegedAction()
{
public Object run()
{
@@ -144,7 +144,7 @@
try
{
- Subject.doAs(loginContext.getSubject(), new PrivilegedAction()
+ JSSubject.doAs(loginContext.getSubject(), new PrivilegedAction()
{
public Object run()
{
@@ -162,7 +162,7 @@
try
{
- Subject.doAs(loginContext.getSubject(), new PrivilegedAction()
+ JSSubject.doAs(loginContext.getSubject(), new PrivilegedAction()
{
public Object run()
{
@@ -179,7 +179,7 @@
try
{
- Subject.doAs(loginContext.getSubject(), new PrivilegedAction()
+ JSSubject.doAs(loginContext.getSubject(), new PrivilegedAction()
{
public Object run()
{
@@ -197,7 +197,7 @@
try
{
- Subject.doAs(loginContext.getSubject(), new PrivilegedAction()
+ JSSubject.doAs(loginContext.getSubject(), new PrivilegedAction()
{
public Object run()
{
@@ -215,7 +215,7 @@
try
{
- Subject.doAs(loginContext.getSubject(), new PrivilegedAction()
+ JSSubject.doAs(loginContext.getSubject(), new PrivilegedAction()
{
public Object run()
{
@@ -232,7 +232,7 @@
try
{
- Subject.doAs(loginContext.getSubject(), new PrivilegedAction()
+ JSSubject.doAs(loginContext.getSubject(), new PrivilegedAction()
{
public Object run()
{
Modified: portals/jetspeed-2/trunk/components/security/src/test/org/apache/jetspeed/security/TestUserManager.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/test/org/apache/jetspeed/security/TestUserManager.java?view=diff&rev=495818&r1=495817&r2=495818
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/test/org/apache/jetspeed/security/TestUserManager.java (original)
+++ portals/jetspeed-2/trunk/components/security/src/test/org/apache/jetspeed/security/TestUserManager.java Fri Jan 12 18:15:50 2007
@@ -129,7 +129,7 @@
assertTrue("user exists. should not have thrown an exception.", false);
}
assertNotNull("user is null", user);
- // Test the User Subject.
+ // Test the User JSSubject
Subject subject = user.getSubject();
assertNotNull("subject is null", subject);
// Asset user principal.
Modified: portals/jetspeed-2/trunk/components/web-content/src/java/org/apache/jetspeed/portlet/SSOIFramePortlet.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/web-content/src/java/org/apache/jetspeed/portlet/SSOIFramePortlet.java?view=diff&rev=495818&r1=495817&r2=495818
==============================================================================
--- portals/jetspeed-2/trunk/components/web-content/src/java/org/apache/jetspeed/portlet/SSOIFramePortlet.java (original)
+++ portals/jetspeed-2/trunk/components/web-content/src/java/org/apache/jetspeed/portlet/SSOIFramePortlet.java Fri Jan 12 18:15:50 2007
@@ -19,8 +19,6 @@
import java.security.AccessControlContext;
import java.security.AccessController;
-import javax.security.auth.Subject;
-
import javax.portlet.ActionRequest;
import javax.portlet.ActionResponse;
import javax.portlet.PortletConfig;
@@ -29,7 +27,9 @@
import javax.portlet.PortletPreferences;
import javax.portlet.RenderRequest;
import javax.portlet.RenderResponse;
+import javax.security.auth.Subject;
+import org.apache.jetspeed.security.JSSubject;
import org.apache.jetspeed.sso.SSOContext;
import org.apache.jetspeed.sso.SSOException;
import org.apache.jetspeed.sso.SSOProvider;
@@ -221,7 +221,7 @@
private Subject getSubject()
{
AccessControlContext context = AccessController.getContext();
- return Subject.getSubject(context);
+ return JSSubject.getSubject(context);
}
}
Modified: portals/jetspeed-2/trunk/components/web-content/src/java/org/apache/jetspeed/portlet/SSOWebContentPortlet.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/web-content/src/java/org/apache/jetspeed/portlet/SSOWebContentPortlet.java?view=diff&rev=495818&r1=495817&r2=495818
==============================================================================
--- portals/jetspeed-2/trunk/components/web-content/src/java/org/apache/jetspeed/portlet/SSOWebContentPortlet.java (original)
+++ portals/jetspeed-2/trunk/components/web-content/src/java/org/apache/jetspeed/portlet/SSOWebContentPortlet.java Fri Jan 12 18:15:50 2007
@@ -44,6 +44,7 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.jetspeed.rewriter.WebContentRewriter;
+import org.apache.jetspeed.security.JSSubject;
import org.apache.jetspeed.sso.SSOContext;
import org.apache.jetspeed.sso.SSOException;
import org.apache.jetspeed.sso.SSOProvider;
@@ -241,7 +242,7 @@
private Subject getSubject()
{
AccessControlContext context = AccessController.getContext();
- return Subject.getSubject(context);
+ return JSSubject.getSubject(context);
}
protected byte[] doPreemptiveAuthentication(HttpClient client,HttpMethod method, RenderRequest request, RenderResponse response)
Modified: portals/jetspeed-2/trunk/components/web-content/src/java/org/apache/jetspeed/portlet/sso/SSOProxyPortlet.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/web-content/src/java/org/apache/jetspeed/portlet/sso/SSOProxyPortlet.java?view=diff&rev=495818&r1=495817&r2=495818
==============================================================================
--- portals/jetspeed-2/trunk/components/web-content/src/java/org/apache/jetspeed/portlet/sso/SSOProxyPortlet.java (original)
+++ portals/jetspeed-2/trunk/components/web-content/src/java/org/apache/jetspeed/portlet/sso/SSOProxyPortlet.java Fri Jan 12 18:15:50 2007
@@ -1,275 +1,274 @@
-/* Copyright 2004 Apache Software Foundation
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-* http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
-*/
-
-/*Created on: Dec 5, 2005 */
-
-package org.apache.jetspeed.portlet.sso;
-
-import java.io.BufferedInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.io.Reader;
-import java.security.AccessControlContext;
-import java.security.AccessController;
-import java.util.StringTokenizer;
-
-import javax.portlet.ActionRequest;
-import javax.portlet.ActionResponse;
-import javax.portlet.PortletConfig;
-import javax.portlet.PortletContext;
-import javax.portlet.PortletException;
-import javax.portlet.PortletURL;
-import javax.portlet.RenderRequest;
-import javax.portlet.RenderResponse;
-import javax.security.auth.Subject;
-
-import org.apache.jetspeed.sso.SSOException;
-import org.apache.jetspeed.sso.SSOProvider;
-import org.apache.portals.bridges.common.ScriptPostProcess;
-import org.apache.portals.bridges.velocity.GenericVelocityPortlet;
-
-/**
- * SSOProxyPortlet
- * This portlet can be used as a bridge to any URL.
- * It acts as a http client and therefore it can store
- * cookies.
- * The main purpose is that the SSOProxy portlet authenticates
- * any SSO credential for the principal user not knowing in advance
- * what URL the user might select. No login prompt will appear for any url
- * in the portlet for that an SSO entry exists and the principal user has permissions.
- *
- * @author Roger Ruttimann <ro...@apache.org>
- *
- */
-public class SSOProxyPortlet extends GenericVelocityPortlet {
- private PortletContext context;
- private SSOProvider sso;
-
- /* Re-use Proxy client inside the SSO Component */
- private boolean isAuthenticated = false;
-
- /** Default encoding UTF-8*/
- public String defaultEncoding = "UTF-8";
-
- /** Block Size */
- static final int BLOCK_SIZE = 4096;
-
- /** ACTION_PARAMETER_SSOPROXY*/
- static final String ACTION_PARAMETER_SSOPROXY = "SSOProxy";
-
- /** Preference values */
- /** DestinationURL */
- static final String DESTINATION_URL = "DestinationURL";
-
- /** SSOSite */
- static final String SSO_SITE = "SSOSite";
-
- /** ForceSSORefresh*/
- static final String FORCE_SSO_REFRESH = "ForceSSORefresh";
-
- /** Encoding*/
- static final String ENCODING = "Encoding";
-
- private String destinationURL;
- private String ssoSite;
- private String encoding;
-
- public void init(PortletConfig config) throws PortletException
- {
- super.init(config);
- context = getPortletContext();
- sso = (SSOProvider)context.getAttribute("cps:SSO");
- if (null == sso)
- {
- throw new PortletException("Failed to find SSO Provider on portlet initialization");
- }
-
- }
-
- public void processAction(ActionRequest request, ActionResponse actionResponse)
- throws PortletException, IOException
- {
- String ssoProxyAction = request.getParameter(ACTION_PARAMETER_SSOPROXY);
- System.out.println("SSOProxy Action value [" + ssoProxyAction + "]");
-
- if ( ssoProxyAction != null && ssoProxyAction.length() > 0)
- this.destinationURL = ssoProxyAction;
- else
- this.destinationURL = request.getParameter(this.DESTINATION_URL);
-
-
- this.ssoSite = request.getParameter(SSO_SITE);
- this.encoding = request.getParameter(ENCODING);
- if (this.encoding == null)
- this.encoding = this.defaultEncoding;
-
- // save the prefs
- super.processAction(request, actionResponse);
- }
-
- public void doView(RenderRequest request, RenderResponse response)
- throws PortletException, IOException
- {
- String forceRefresh = request.getPreferences().getValue(FORCE_SSO_REFRESH, "false");
-
- if (destinationURL == null || destinationURL.length() == 0)
- {
- // No destination configured Switch to configure View
- request.setAttribute(PARAM_VIEW_PAGE, this.getPortletConfig().getInitParameter(PARAM_EDIT_PAGE));
- setupPreferencesEdit(request, response);
- super.doView(request, response);
- return;
- }
-
-// Set the content type
- response.setContentType("text/html");
-
- /*
- * Call into the SSO Proxy and process the result page
- */
- boolean doRefresh = false;
- BufferedInputStream bis = null;
-
- if ( (forceRefresh.compareToIgnoreCase("TRUE") == 0) || this.isAuthenticated == false)
- doRefresh = true;
-
- try
- {
- StringBuffer page= new StringBuffer();
- Subject subject = getSubject();
- if (ssoSite == null || ssoSite.length() ==0)
- page.append(sso.useSSO(subject, destinationURL,doRefresh));
- else
- page.append(sso.useSSO(subject, destinationURL,ssoSite, doRefresh));
-
- // Authentication done at least once
- this.isAuthenticated = true;
- /*
- bis.mark(BLOCK_SIZE);
- String pageEncoding = getContentCharSet(bis);
- if (pageEncoding == null)
- {
- pageEncoding = encoding;
- }
-
- Reader read = new InputStreamReader(bis, encoding);
-
-
- char[] bytes = new char[BLOCK_SIZE];
-
- int len = read.read(bytes, 0, BLOCK_SIZE);
- while (len > 0)
- {
- page.append(bytes, 0, len);
- len = read.read(bytes, 0, BLOCK_SIZE);
- }
-
- //Done
- read.close();
- */
- // Rewrite
- // Post Process for generated page
- PortletURL actionURL = response.createActionURL();
- ScriptPostProcess processor = new ScriptPostProcess();
- processor.setInitalPage(page);
- processor.postProcessPage(actionURL, ACTION_PARAMETER_SSOPROXY);
- String finalPage = processor.getFinalizedPage();
-
- // Write the page
- response.getWriter().println(finalPage);
-
- }
- catch (SSOException e)
- {
- response.getWriter().println("<P>Error rendering page. Error message<BR>" + e.getMessage() + "</P>");
-
- this.destinationURL ="";
- }
- }
-
-
- public void doEdit(RenderRequest request, RenderResponse response)
- throws PortletException, IOException
- {
- super.doEdit(request, response);
- }
-
- /*
- * Helper methods
- */
- private Subject getSubject()
- {
- AccessControlContext context = AccessController.getContext();
- return Subject.getSubject(context);
- }
-
- private String getContentCharSet(InputStream is) throws IOException
- {
- if (!is.markSupported())
- {
- return null;
- }
-
- byte[] buf = new byte[BLOCK_SIZE];
- try
- {
- is.read(buf, 0, BLOCK_SIZE);
- String content = new String(buf, "ISO-8859-1");
- String lowerCaseContent = content.toLowerCase();
- int startIndex = lowerCaseContent.indexOf("<head");
- if (startIndex == -1)
- {
- startIndex = 0;
- }
- int endIndex = lowerCaseContent.indexOf("</head");
- if (endIndex == -1)
- {
- endIndex = content.length();
- }
- content = content.substring(startIndex, endIndex);
-
- StringTokenizer st = new StringTokenizer(content, "<>");
- while (st.hasMoreTokens())
- {
- String element = st.nextToken();
- String lowerCaseElement = element.toLowerCase();
- if (lowerCaseElement.startsWith("meta") && lowerCaseElement.indexOf("content-type") > 0)
- {
- StringTokenizer est = new StringTokenizer(element, " =\"\';");
- while (est.hasMoreTokens())
- {
- if (est.nextToken().equalsIgnoreCase("charset"))
- {
- if (est.hasMoreTokens())
- {
- is.reset();
- return est.nextToken();
- }
- }
- }
- }
- }
- }
- catch (IOException e)
- {
- }
-
- is.reset();
-
- return null;
- }
-
-}
+/* Copyright 2004 Apache Software Foundation
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+/*Created on: Dec 5, 2005 */
+
+package org.apache.jetspeed.portlet.sso;
+
+import java.io.BufferedInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.util.StringTokenizer;
+
+import javax.portlet.ActionRequest;
+import javax.portlet.ActionResponse;
+import javax.portlet.PortletConfig;
+import javax.portlet.PortletContext;
+import javax.portlet.PortletException;
+import javax.portlet.PortletURL;
+import javax.portlet.RenderRequest;
+import javax.portlet.RenderResponse;
+import javax.security.auth.Subject;
+
+import org.apache.jetspeed.security.JSSubject;
+import org.apache.jetspeed.sso.SSOException;
+import org.apache.jetspeed.sso.SSOProvider;
+import org.apache.portals.bridges.common.ScriptPostProcess;
+import org.apache.portals.bridges.velocity.GenericVelocityPortlet;
+
+/**
+ * SSOProxyPortlet
+ * This portlet can be used as a bridge to any URL.
+ * It acts as a http client and therefore it can store
+ * cookies.
+ * The main purpose is that the SSOProxy portlet authenticates
+ * any SSO credential for the principal user not knowing in advance
+ * what URL the user might select. No login prompt will appear for any url
+ * in the portlet for that an SSO entry exists and the principal user has permissions.
+ *
+ * @author Roger Ruttimann <ro...@apache.org>
+ *
+ */
+public class SSOProxyPortlet extends GenericVelocityPortlet {
+ private PortletContext context;
+ private SSOProvider sso;
+
+ /* Re-use Proxy client inside the SSO Component */
+ private boolean isAuthenticated = false;
+
+ /** Default encoding UTF-8*/
+ public String defaultEncoding = "UTF-8";
+
+ /** Block Size */
+ static final int BLOCK_SIZE = 4096;
+
+ /** ACTION_PARAMETER_SSOPROXY*/
+ static final String ACTION_PARAMETER_SSOPROXY = "SSOProxy";
+
+ /** Preference values */
+ /** DestinationURL */
+ static final String DESTINATION_URL = "DestinationURL";
+
+ /** SSOSite */
+ static final String SSO_SITE = "SSOSite";
+
+ /** ForceSSORefresh*/
+ static final String FORCE_SSO_REFRESH = "ForceSSORefresh";
+
+ /** Encoding*/
+ static final String ENCODING = "Encoding";
+
+ private String destinationURL;
+ private String ssoSite;
+ private String encoding;
+
+ public void init(PortletConfig config) throws PortletException
+ {
+ super.init(config);
+ context = getPortletContext();
+ sso = (SSOProvider)context.getAttribute("cps:SSO");
+ if (null == sso)
+ {
+ throw new PortletException("Failed to find SSO Provider on portlet initialization");
+ }
+
+ }
+
+ public void processAction(ActionRequest request, ActionResponse actionResponse)
+ throws PortletException, IOException
+ {
+ String ssoProxyAction = request.getParameter(ACTION_PARAMETER_SSOPROXY);
+ System.out.println("SSOProxy Action value [" + ssoProxyAction + "]");
+
+ if ( ssoProxyAction != null && ssoProxyAction.length() > 0)
+ this.destinationURL = ssoProxyAction;
+ else
+ this.destinationURL = request.getParameter(this.DESTINATION_URL);
+
+
+ this.ssoSite = request.getParameter(SSO_SITE);
+ this.encoding = request.getParameter(ENCODING);
+ if (this.encoding == null)
+ this.encoding = this.defaultEncoding;
+
+ // save the prefs
+ super.processAction(request, actionResponse);
+ }
+
+ public void doView(RenderRequest request, RenderResponse response)
+ throws PortletException, IOException
+ {
+ String forceRefresh = request.getPreferences().getValue(FORCE_SSO_REFRESH, "false");
+
+ if (destinationURL == null || destinationURL.length() == 0)
+ {
+ // No destination configured Switch to configure View
+ request.setAttribute(PARAM_VIEW_PAGE, this.getPortletConfig().getInitParameter(PARAM_EDIT_PAGE));
+ setupPreferencesEdit(request, response);
+ super.doView(request, response);
+ return;
+ }
+
+// Set the content type
+ response.setContentType("text/html");
+
+ /*
+ * Call into the SSO Proxy and process the result page
+ */
+ boolean doRefresh = false;
+ BufferedInputStream bis = null;
+
+ if ( (forceRefresh.compareToIgnoreCase("TRUE") == 0) || this.isAuthenticated == false)
+ doRefresh = true;
+
+ try
+ {
+ StringBuffer page= new StringBuffer();
+ Subject subject = getSubject();
+ if (ssoSite == null || ssoSite.length() ==0)
+ page.append(sso.useSSO(subject, destinationURL,doRefresh));
+ else
+ page.append(sso.useSSO(subject, destinationURL,ssoSite, doRefresh));
+
+ // Authentication done at least once
+ this.isAuthenticated = true;
+ /*
+ bis.mark(BLOCK_SIZE);
+ String pageEncoding = getContentCharSet(bis);
+ if (pageEncoding == null)
+ {
+ pageEncoding = encoding;
+ }
+
+ Reader read = new InputStreamReader(bis, encoding);
+
+
+ char[] bytes = new char[BLOCK_SIZE];
+
+ int len = read.read(bytes, 0, BLOCK_SIZE);
+ while (len > 0)
+ {
+ page.append(bytes, 0, len);
+ len = read.read(bytes, 0, BLOCK_SIZE);
+ }
+
+ //Done
+ read.close();
+ */
+ // Rewrite
+ // Post Process for generated page
+ PortletURL actionURL = response.createActionURL();
+ ScriptPostProcess processor = new ScriptPostProcess();
+ processor.setInitalPage(page);
+ processor.postProcessPage(actionURL, ACTION_PARAMETER_SSOPROXY);
+ String finalPage = processor.getFinalizedPage();
+
+ // Write the page
+ response.getWriter().println(finalPage);
+
+ }
+ catch (SSOException e)
+ {
+ response.getWriter().println("<P>Error rendering page. Error message<BR>" + e.getMessage() + "</P>");
+
+ this.destinationURL ="";
+ }
+ }
+
+
+ public void doEdit(RenderRequest request, RenderResponse response)
+ throws PortletException, IOException
+ {
+ super.doEdit(request, response);
+ }
+
+ /*
+ * Helper methods
+ */
+ private Subject getSubject()
+ {
+ AccessControlContext context = AccessController.getContext();
+ return JSSubject.getSubject(context);
+ }
+
+ private String getContentCharSet(InputStream is) throws IOException
+ {
+ if (!is.markSupported())
+ {
+ return null;
+ }
+
+ byte[] buf = new byte[BLOCK_SIZE];
+ try
+ {
+ is.read(buf, 0, BLOCK_SIZE);
+ String content = new String(buf, "ISO-8859-1");
+ String lowerCaseContent = content.toLowerCase();
+ int startIndex = lowerCaseContent.indexOf("<head");
+ if (startIndex == -1)
+ {
+ startIndex = 0;
+ }
+ int endIndex = lowerCaseContent.indexOf("</head");
+ if (endIndex == -1)
+ {
+ endIndex = content.length();
+ }
+ content = content.substring(startIndex, endIndex);
+
+ StringTokenizer st = new StringTokenizer(content, "<>");
+ while (st.hasMoreTokens())
+ {
+ String element = st.nextToken();
+ String lowerCaseElement = element.toLowerCase();
+ if (lowerCaseElement.startsWith("meta") && lowerCaseElement.indexOf("content-type") > 0)
+ {
+ StringTokenizer est = new StringTokenizer(element, " =\"\';");
+ while (est.hasMoreTokens())
+ {
+ if (est.nextToken().equalsIgnoreCase("charset"))
+ {
+ if (est.hasMoreTokens())
+ {
+ is.reset();
+ return est.nextToken();
+ }
+ }
+ }
+ }
+ }
+ }
+ catch (IOException e)
+ {
+ }
+
+ is.reset();
+
+ return null;
+ }
+
+}
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org