You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by dj...@apache.org on 2006/12/30 06:57:58 UTC
svn commit: r491173 - in /directory/sandbox/triplesec-jacc:
admin-api/src/test/resources/
guardian-api/src/main/java/org/safehaus/triplesec/guardian/
guardian-api/src/test/java/org/safehaus/triplesec/guardian/
guardian-api/src/test/java/org/safehaus/tr...
Author: djencks
Date: Fri Dec 29 21:57:57 2006
New Revision: 491173
URL: http://svn.apache.org/viewvc?view=rev&rev=491173
Log:
Introduce RealmPolicy for dealing with many applications (context) in a realm and use it in SafehausPrincipal. Also fix a few bugs
Added:
directory/sandbox/triplesec-jacc/guardian-api/src/main/java/org/safehaus/triplesec/guardian/RealmPolicy.java (with props)
directory/sandbox/triplesec-jacc/guardian-api/src/main/java/org/safehaus/triplesec/guardian/RealmPolicyFactory.java (with props)
directory/sandbox/triplesec-jacc/guardian-ldap/src/main/java/org/safehaus/triplesec/guardian/ldap/LdapRealmPolicy.java (with props)
Removed:
directory/sandbox/triplesec-jacc/admin-api/src/test/resources/server.ldif
Modified:
directory/sandbox/triplesec-jacc/guardian-api/src/main/java/org/safehaus/triplesec/guardian/ApplicationPolicyFactory.java
directory/sandbox/triplesec-jacc/guardian-api/src/main/java/org/safehaus/triplesec/guardian/ConnectionDriver.java
directory/sandbox/triplesec-jacc/guardian-api/src/test/java/org/safehaus/triplesec/guardian/ApplicationPolicyFactoryTest.java
directory/sandbox/triplesec-jacc/guardian-api/src/test/java/org/safehaus/triplesec/guardian/mock/MockConnectionDriver.java
directory/sandbox/triplesec-jacc/guardian-ldap/src/main/java/org/safehaus/triplesec/guardian/ldap/LdapApplicationPolicy.java
directory/sandbox/triplesec-jacc/guardian-ldap/src/main/java/org/safehaus/triplesec/guardian/ldap/LdapConnectionDriver.java
directory/sandbox/triplesec-jacc/guardian-ldap/src/test/java/org/safehaus/triplesec/guardian/ldap/LdapConnectionDriverTest.java
directory/sandbox/triplesec-jacc/guardian-ldif/src/main/java/org/safehaus/triplesec/guardian/ldif/LdifConnectionDriver.java
directory/sandbox/triplesec-jacc/guardian-ldif/src/test/java/org/safehaus/triplesec/guardian/ldif/LdapConnectionDriverTest.java
directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/SafehausLoginModule.java
directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/SafehausPrincipal.java
directory/sandbox/triplesec-jacc/jaas/src/test/java/org/safehaus/triplesec/jaas/SafehausLoginModuleIntegrationTest.java
directory/sandbox/triplesec-jacc/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/ConnectionManager.java
directory/sandbox/triplesec-jacc/webapp-demo/src/main/java/org/safehaus/triplesec/demo/security/AuthenticatedWebSession.java
directory/sandbox/triplesec-jacc/webapp-servlet-demo/src/main/java/org/safehaus/triplesec/demo/LoginServlet.java
Modified: directory/sandbox/triplesec-jacc/guardian-api/src/main/java/org/safehaus/triplesec/guardian/ApplicationPolicyFactory.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/guardian-api/src/main/java/org/safehaus/triplesec/guardian/ApplicationPolicyFactory.java?view=diff&rev=491173&r1=491172&r2=491173
==============================================================================
--- directory/sandbox/triplesec-jacc/guardian-api/src/main/java/org/safehaus/triplesec/guardian/ApplicationPolicyFactory.java (original)
+++ directory/sandbox/triplesec-jacc/guardian-api/src/main/java/org/safehaus/triplesec/guardian/ApplicationPolicyFactory.java Fri Dec 29 21:57:57 2006
@@ -220,7 +220,7 @@
{
try
{
- return driver.newStore( url, info );
+ return driver.newApplicationPolicy( url, info );
}
catch( StoreConnectionException e )
{
Modified: directory/sandbox/triplesec-jacc/guardian-api/src/main/java/org/safehaus/triplesec/guardian/ConnectionDriver.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/guardian-api/src/main/java/org/safehaus/triplesec/guardian/ConnectionDriver.java?view=diff&rev=491173&r1=491172&r2=491173
==============================================================================
--- directory/sandbox/triplesec-jacc/guardian-api/src/main/java/org/safehaus/triplesec/guardian/ConnectionDriver.java (original)
+++ directory/sandbox/triplesec-jacc/guardian-api/src/main/java/org/safehaus/triplesec/guardian/ConnectionDriver.java Fri Dec 29 21:57:57 2006
@@ -53,5 +53,7 @@
* @return the connected {@link ApplicationPolicy}
* @throws GuardianException if failed to connect
*/
- ApplicationPolicy newStore( String url, Properties info ) throws GuardianException;
+ ApplicationPolicy newApplicationPolicy( String url, Properties info ) throws GuardianException;
+
+ RealmPolicy newRealmPolicy( String url, Properties info ) throws GuardianException;
}
Added: directory/sandbox/triplesec-jacc/guardian-api/src/main/java/org/safehaus/triplesec/guardian/RealmPolicy.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/guardian-api/src/main/java/org/safehaus/triplesec/guardian/RealmPolicy.java?view=auto&rev=491173
==============================================================================
--- directory/sandbox/triplesec-jacc/guardian-api/src/main/java/org/safehaus/triplesec/guardian/RealmPolicy.java (added)
+++ directory/sandbox/triplesec-jacc/guardian-api/src/main/java/org/safehaus/triplesec/guardian/RealmPolicy.java Fri Dec 29 21:57:57 2006
@@ -0,0 +1,33 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.safehaus.triplesec.guardian;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public interface RealmPolicy {
+
+ ApplicationPolicy getApplicationPolicy(String applicationName) throws GuardianException;
+
+ Profile getProfile(String profileId, String applicationName) throws GuardianException;
+
+ void close();
+}
Propchange: directory/sandbox/triplesec-jacc/guardian-api/src/main/java/org/safehaus/triplesec/guardian/RealmPolicy.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: directory/sandbox/triplesec-jacc/guardian-api/src/main/java/org/safehaus/triplesec/guardian/RealmPolicy.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: directory/sandbox/triplesec-jacc/guardian-api/src/main/java/org/safehaus/triplesec/guardian/RealmPolicy.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: directory/sandbox/triplesec-jacc/guardian-api/src/main/java/org/safehaus/triplesec/guardian/RealmPolicyFactory.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/guardian-api/src/main/java/org/safehaus/triplesec/guardian/RealmPolicyFactory.java?view=auto&rev=491173
==============================================================================
--- directory/sandbox/triplesec-jacc/guardian-api/src/main/java/org/safehaus/triplesec/guardian/RealmPolicyFactory.java (added)
+++ directory/sandbox/triplesec-jacc/guardian-api/src/main/java/org/safehaus/triplesec/guardian/RealmPolicyFactory.java Fri Dec 29 21:57:57 2006
@@ -0,0 +1,238 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.safehaus.triplesec.guardian;
+
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.Properties;
+import java.util.StringTokenizer;
+import java.util.Collections;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public abstract class RealmPolicyFactory {
+ /**
+ * A property key that specifies the maxinum number of retries in case of
+ * connection failure in {@link #newInstance(String, java.util.Properties)}.
+ */
+ public static final String RETRY_COUNT = ApplicationPolicyFactory.class.getName() + ".retryCount";
+
+ /**
+ * A property key that specified the delay in seconds between connection retries
+ * in {@link #newInstance(String, java.util.Properties)}.
+ */
+ public static final String RETRY_DELAY = ApplicationPolicyFactory.class.getName() + ".retryDelay";
+
+ /** a static list of registered {@link ConnectionDriver}s */
+ private static final List drivers = new ArrayList();
+
+
+ /**
+ * Registers a {@link ConnectionDriver} with this factory.
+ *
+ * @param driver the {@link ConnectionDriver} being registered
+ * @return <tt>true</tt> if and only if the driver is registered
+ */
+ public static boolean registerDriver( ConnectionDriver driver )
+ {
+ synchronized( drivers )
+ {
+ for( Iterator i = drivers.iterator(); i.hasNext(); )
+ {
+ if( driver.getClass().equals( i.next().getClass() ) )
+ {
+ return false;
+ }
+ }
+
+ drivers.add( driver );
+ }
+
+ return true;
+ }
+
+
+ /**
+ * Deregisters all {@link ConnectionDriver}s of the specified
+ * <tt>driverClass</tt> type.
+ *
+ * @param driverClass the type of {@link ConnectionDriver}s to deregister
+ * @return <tt>true</tt> if and only if any drivers are deregistered
+ */
+ public static boolean deregisterDriver( Class driverClass )
+ {
+ boolean removed = false;
+ synchronized( drivers )
+ {
+ for( Iterator i = drivers.iterator(); i.hasNext(); )
+ {
+ if( driverClass.isAssignableFrom( i.next().getClass() ) )
+ {
+ i.remove();
+ removed = true;
+ }
+ }
+ }
+
+ return removed;
+ }
+
+
+ /**
+ * Connects to the {@link ApplicationPolicy} with the specified <tt>urls</tt>
+ * and extra connection <tt>info</tt> using an appropriate {@link ConnectionDriver}.
+ * <p>
+ * URLs are separated by whitespace characters. This operation tries the specified
+ * URLs in random order to distribute server-side load.
+ *
+ * @param urls the whitespace-separated URLs of the {@link org.safehaus.triplesec.guardian.ApplicationPolicy}
+ * @param info the extra information to pass to {@link org.safehaus.triplesec.guardian.ConnectionDriver}
+ * @return the connected store
+ * @throws GuardianException if failed to connect to the store
+ */
+ public static RealmPolicy newInstance( String urls, Properties info ) throws GuardianException
+ {
+ List urlList = new ArrayList();
+ StringTokenizer tk = new StringTokenizer( urls );
+ while( tk.hasMoreElements() )
+ {
+ urlList.add( tk.nextToken() );
+ }
+
+ Collections.shuffle( urlList );
+
+ GuardianException ex = null;
+ for( Iterator ui = urlList.iterator(); ui.hasNext(); )
+ {
+ String url = ( String ) ui.next();
+ try
+ {
+ ex = null;
+ return newInstance0( url, info );
+ }
+ catch( GuardianException e )
+ {
+ ex = e;
+ }
+ catch( Throwable t )
+ {
+ ex = new GuardianException( "Driver exception.", t );
+ }
+ }
+
+ throw ex;
+ }
+
+ private static RealmPolicy newInstance0( String url, Properties info )
+ {
+ ConnectionDriver driver = null;
+
+ synchronized( drivers )
+ {
+ for( Iterator i = drivers.iterator(); i.hasNext(); )
+ {
+ ConnectionDriver d = ( ConnectionDriver ) i.next();
+ if( d.accept( url ) )
+ {
+ driver = d;
+ break;
+ }
+ }
+ }
+
+ if( driver == null )
+ {
+ throw new NoConnectionDriverException( url );
+ }
+
+ if( info == null )
+ {
+ info = new Properties();
+ }
+
+ String retryCountStr = info.getProperty( RETRY_COUNT );
+ String retryDelayStr = info.getProperty( RETRY_DELAY );
+ int retryCount;
+ int retryDelay;
+
+ // Get retryCount
+ if( retryCountStr == null )
+ {
+ retryCount = 0;
+ }
+ else
+ {
+ retryCount = Integer.parseInt( retryCountStr );
+ }
+
+ // Adjust if invalid
+ if( retryCount < 0 )
+ {
+ retryCount = 0;
+ }
+
+ // Get retryDelay
+ if( retryDelayStr == null )
+ {
+ retryDelay = 1;
+ }
+ else
+ {
+ retryDelay = Integer.parseInt( retryDelayStr );
+ }
+
+ // Adjust if invalid
+ if( retryDelay < 0 )
+ {
+ retryDelay = 0;
+ }
+
+ // Try to connect
+ for( int i = 0;; i++ )
+ {
+ try
+ {
+ return driver.newRealmPolicy( url, info );
+ }
+ catch( StoreConnectionException e )
+ {
+ // Propagate exception if exceeded max retryCount.
+ if( i >= retryCount )
+ {
+ throw e;
+ }
+ else
+ {
+ // or sleep for the next try
+ try
+ {
+ Thread.sleep( retryDelay * 1000L );
+ }
+ catch( InterruptedException e1 )
+ {
+ }
+ }
+ }
+ }
+ }
+}
Propchange: directory/sandbox/triplesec-jacc/guardian-api/src/main/java/org/safehaus/triplesec/guardian/RealmPolicyFactory.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: directory/sandbox/triplesec-jacc/guardian-api/src/main/java/org/safehaus/triplesec/guardian/RealmPolicyFactory.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: directory/sandbox/triplesec-jacc/guardian-api/src/main/java/org/safehaus/triplesec/guardian/RealmPolicyFactory.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: directory/sandbox/triplesec-jacc/guardian-api/src/test/java/org/safehaus/triplesec/guardian/ApplicationPolicyFactoryTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/guardian-api/src/test/java/org/safehaus/triplesec/guardian/ApplicationPolicyFactoryTest.java?view=diff&rev=491173&r1=491172&r2=491173
==============================================================================
--- directory/sandbox/triplesec-jacc/guardian-api/src/test/java/org/safehaus/triplesec/guardian/ApplicationPolicyFactoryTest.java (original)
+++ directory/sandbox/triplesec-jacc/guardian-api/src/test/java/org/safehaus/triplesec/guardian/ApplicationPolicyFactoryTest.java Fri Dec 29 21:57:57 2006
@@ -135,7 +135,7 @@
return url.startsWith( prefix );
}
- public ApplicationPolicy newStore(String url, Properties info) throws GuardianException {
+ public ApplicationPolicy newApplicationPolicy(String url, Properties info) throws GuardianException {
return new ApplicationPolicy()
{
public String getApplicationName() {
@@ -198,6 +198,12 @@
}
};
}
+
+
+ //TODO implement and test?
+ public RealmPolicy newRealmPolicy(String url, Properties info) throws GuardianException {
+ return null;
+ }
}
private static class TestConnectionDriver1 extends TestConnectionDriver
@@ -229,12 +235,12 @@
counter = 0;
}
- public ApplicationPolicy newStore( String url, Properties info ) throws GuardianException
+ public ApplicationPolicy newApplicationPolicy( String url, Properties info ) throws GuardianException
{
counter++;
if( counter == 3 )
{
- return super.newStore( url, info );
+ return super.newApplicationPolicy( url, info );
}
throw new StoreConnectionException();
Modified: directory/sandbox/triplesec-jacc/guardian-api/src/test/java/org/safehaus/triplesec/guardian/mock/MockConnectionDriver.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/guardian-api/src/test/java/org/safehaus/triplesec/guardian/mock/MockConnectionDriver.java?view=diff&rev=491173&r1=491172&r2=491173
==============================================================================
--- directory/sandbox/triplesec-jacc/guardian-api/src/test/java/org/safehaus/triplesec/guardian/mock/MockConnectionDriver.java (original)
+++ directory/sandbox/triplesec-jacc/guardian-api/src/test/java/org/safehaus/triplesec/guardian/mock/MockConnectionDriver.java Fri Dec 29 21:57:57 2006
@@ -26,6 +26,8 @@
import org.safehaus.triplesec.guardian.ApplicationPolicyFactory;
import org.safehaus.triplesec.guardian.ConnectionDriver;
import org.safehaus.triplesec.guardian.GuardianException;
+import org.safehaus.triplesec.guardian.RealmPolicy;
+import org.safehaus.triplesec.guardian.Profile;
/**
@@ -43,16 +45,27 @@
public boolean accept( String url )
{
- if ( url.equals( "mockApplication" ) )
- {
- return true;
- }
-
- return false;
+ return url.equals("mockApplication");
}
- public ApplicationPolicy newStore( String url, Properties info ) throws GuardianException
+ public ApplicationPolicy newApplicationPolicy( String url, Properties info ) throws GuardianException
{
return new MockApplicationPolicy();
+ }
+
+ public RealmPolicy newRealmPolicy(String url, Properties info) throws GuardianException {
+ return new RealmPolicy() {
+
+ public ApplicationPolicy getApplicationPolicy(String applicationName) throws GuardianException {
+ return new MockApplicationPolicy();
+ }
+
+ public Profile getProfile(String profileId, String applicationName) throws GuardianException {
+ return getApplicationPolicy(applicationName).getProfile(profileId);
+ }
+
+ public void close() {
+ }
+ };
}
}
Modified: directory/sandbox/triplesec-jacc/guardian-ldap/src/main/java/org/safehaus/triplesec/guardian/ldap/LdapApplicationPolicy.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/guardian-ldap/src/main/java/org/safehaus/triplesec/guardian/ldap/LdapApplicationPolicy.java?view=diff&rev=491173&r1=491172&r2=491173
==============================================================================
--- directory/sandbox/triplesec-jacc/guardian-ldap/src/main/java/org/safehaus/triplesec/guardian/ldap/LdapApplicationPolicy.java (original)
+++ directory/sandbox/triplesec-jacc/guardian-ldap/src/main/java/org/safehaus/triplesec/guardian/ldap/LdapApplicationPolicy.java Fri Dec 29 21:57:57 2006
@@ -102,14 +102,11 @@
* @throws GuardianException if failures are encountered while loading objects from the backing store
*/
public LdapApplicationPolicy(DirContext ctx, Properties info) throws GuardianException {
- if (ctx == null) {
- throw new NullPointerException("ctx cannot be null");
- }
-
- this.ctx = ctx;
+ this(ctx, getApplicationName(info.getProperty("applicationPrincipalDN")));
+ }
- // extract the applicationName from the applicationPrincipalDN
- applicationName = getApplicationName(info.getProperty("applicationPrincipalDN"));
+ public LdapApplicationPolicy(DirContext ctx, String applicationName) throws GuardianException {
+ this.applicationName = applicationName;
StringBuffer buf = new StringBuffer();
buf.append("appName=");
@@ -117,6 +114,12 @@
buf.append(",ou=applications");
baseRdn = buf.toString();
+ if (ctx == null) {
+ throw new NullPointerException("ctx cannot be null");
+ }
+
+ this.ctx = ctx;
+
// load the set of permissions associated with this application
// loadPermissions();
@@ -710,7 +713,7 @@
* 2. Let user application know that the Role has changed.
*/
//context class loader might be odd here..... maybe we need to register more cl???
- Role newRole = getRole(entry, name, Thread.currentThread().getContextClassLoader(), false);
+ Role newRole = getRole(entry, name, Thread.currentThread().getContextClassLoader(), true);
Roles roles = LdapApplicationPolicy.this.roles;
Roles oldRoles = new Roles(applicationName, new Role[]{roles.get(roleName)});
roles = roles.removeAll(oldRoles);
Modified: directory/sandbox/triplesec-jacc/guardian-ldap/src/main/java/org/safehaus/triplesec/guardian/ldap/LdapConnectionDriver.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/guardian-ldap/src/main/java/org/safehaus/triplesec/guardian/ldap/LdapConnectionDriver.java?view=diff&rev=491173&r1=491172&r2=491173
==============================================================================
--- directory/sandbox/triplesec-jacc/guardian-ldap/src/main/java/org/safehaus/triplesec/guardian/ldap/LdapConnectionDriver.java (original)
+++ directory/sandbox/triplesec-jacc/guardian-ldap/src/main/java/org/safehaus/triplesec/guardian/ldap/LdapConnectionDriver.java Fri Dec 29 21:57:57 2006
@@ -32,6 +32,8 @@
import org.safehaus.triplesec.guardian.ConnectionDriver;
import org.safehaus.triplesec.guardian.GuardianException;
import org.safehaus.triplesec.guardian.StoreConnectionException;
+import org.safehaus.triplesec.guardian.RealmPolicy;
+import org.safehaus.triplesec.guardian.RealmPolicyFactory;
/**
@@ -44,6 +46,7 @@
static
{
ApplicationPolicyFactory.registerDriver( new LdapConnectionDriver() );
+ RealmPolicyFactory.registerDriver( new LdapConnectionDriver() );
}
public LdapConnectionDriver()
@@ -56,13 +59,31 @@
}
- public ApplicationPolicy newStore( String url, Properties info ) throws GuardianException
+ public ApplicationPolicy newApplicationPolicy( String url, Properties info ) throws GuardianException
{
if ( info == null )
{
info = new Properties();
}
+ InitialDirContext ictx = getContext(url, info);
+
+ return new LdapApplicationPolicy( ictx, info );
+ }
+
+
+ public RealmPolicy newRealmPolicy(String url, Properties info) throws GuardianException {
+ if ( info == null )
+ {
+ info = new Properties();
+ }
+
+ InitialDirContext ictx = getContext(url, info);
+
+ return new LdapRealmPolicy(ictx);
+ }
+
+ private InitialDirContext getContext(String url, Properties info) {
if ( url == null )
{
throw new IllegalArgumentException( "A non-null url must be provided." );
@@ -97,7 +118,7 @@
env.remove( Context.SECURITY_CREDENTIALS ); // remove credentials before printing to log
throw new StoreConnectionException( "Failed to obtain initial context for " + env, e );
}
-
- return new LdapApplicationPolicy( ictx, info );
+ return ictx;
}
+
}
Added: directory/sandbox/triplesec-jacc/guardian-ldap/src/main/java/org/safehaus/triplesec/guardian/ldap/LdapRealmPolicy.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/guardian-ldap/src/main/java/org/safehaus/triplesec/guardian/ldap/LdapRealmPolicy.java?view=auto&rev=491173
==============================================================================
--- directory/sandbox/triplesec-jacc/guardian-ldap/src/main/java/org/safehaus/triplesec/guardian/ldap/LdapRealmPolicy.java (added)
+++ directory/sandbox/triplesec-jacc/guardian-ldap/src/main/java/org/safehaus/triplesec/guardian/ldap/LdapRealmPolicy.java Fri Dec 29 21:57:57 2006
@@ -0,0 +1,92 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.safehaus.triplesec.guardian.ldap;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.SearchControls;
+import javax.naming.directory.SearchResult;
+
+import org.safehaus.triplesec.guardian.ApplicationPolicy;
+import org.safehaus.triplesec.guardian.GuardianException;
+import org.safehaus.triplesec.guardian.Profile;
+import org.safehaus.triplesec.guardian.RealmPolicy;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class LdapRealmPolicy implements RealmPolicy {
+ private static final String[] APP_NAME_ID = new String[]{"appName"};
+ private static final String BASE_RDN = "ou=applications";
+
+ private final Map<String, ApplicationPolicy> appToPolicyMap = new HashMap<String, ApplicationPolicy>();
+
+ public LdapRealmPolicy(DirContext ctx) {
+ if (ctx == null) {
+ throw new NullPointerException("ctx cannot be null");
+ }
+ SearchControls controls = new SearchControls();
+ controls.setSearchScope(SearchControls.ONELEVEL_SCOPE);
+ controls.setReturningAttributes(APP_NAME_ID);
+
+ try {
+ for (NamingEnumeration results = ctx.search(BASE_RDN, "(objectClass=policyApplication)", controls); results.hasMore(); ) {
+ SearchResult result = ( SearchResult ) results.next();
+ String appName = (String) result.getAttributes().get("appName").get();
+ ApplicationPolicy appPolicy = new LdapApplicationPolicy(ctx, appName);
+ appToPolicyMap.put(appName, appPolicy);
+ }
+ }
+ catch (NamingException e) {
+ throw new GuardianException("Failed to lookup profiles while searching the directory");
+ }
+
+ }
+
+
+ public ApplicationPolicy getApplicationPolicy(String applicationName) throws GuardianException {
+ ApplicationPolicy applicationPolicy = appToPolicyMap.get(applicationName);
+ if (applicationPolicy == null) {
+ throw new GuardianException("No application policy for application named: " + applicationName);
+ }
+ return applicationPolicy;
+ }
+
+ public Profile getProfile(String profileId, String applicationName) throws GuardianException {
+ ApplicationPolicy applicationPolicy = getApplicationPolicy(applicationName);
+ Profile profile = applicationPolicy.getProfile(profileId);
+ if (profile == null) {
+ throw new GuardianException("No profile for profileId: " + profileId + " in application named: " + applicationName);
+ }
+ return profile;
+ }
+
+ public void close() {
+ for (ApplicationPolicy applicationPolicy : appToPolicyMap.values()) {
+ applicationPolicy.close();
+ }
+ appToPolicyMap.clear();
+ }
+}
Propchange: directory/sandbox/triplesec-jacc/guardian-ldap/src/main/java/org/safehaus/triplesec/guardian/ldap/LdapRealmPolicy.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: directory/sandbox/triplesec-jacc/guardian-ldap/src/main/java/org/safehaus/triplesec/guardian/ldap/LdapRealmPolicy.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: directory/sandbox/triplesec-jacc/guardian-ldap/src/main/java/org/safehaus/triplesec/guardian/ldap/LdapRealmPolicy.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: directory/sandbox/triplesec-jacc/guardian-ldap/src/test/java/org/safehaus/triplesec/guardian/ldap/LdapConnectionDriverTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/guardian-ldap/src/test/java/org/safehaus/triplesec/guardian/ldap/LdapConnectionDriverTest.java?view=diff&rev=491173&r1=491172&r2=491173
==============================================================================
--- directory/sandbox/triplesec-jacc/guardian-ldap/src/test/java/org/safehaus/triplesec/guardian/ldap/LdapConnectionDriverTest.java (original)
+++ directory/sandbox/triplesec-jacc/guardian-ldap/src/test/java/org/safehaus/triplesec/guardian/ldap/LdapConnectionDriverTest.java Fri Dec 29 21:57:57 2006
@@ -39,7 +39,7 @@
try
{
- driver.newStore( "", null );
+ driver.newApplicationPolicy( "", null );
fail( "should not get here due to exception" );
}
catch( IllegalArgumentException e )
@@ -56,7 +56,7 @@
props.setProperty( "applicationCredentials", "secret" );
try
{
- driver.newStore( null, props );
+ driver.newApplicationPolicy( null, props );
fail( "should never get here due to an exception" );
}
catch ( IllegalArgumentException e )
@@ -74,7 +74,7 @@
{
Properties props = new Properties();
props.setProperty( "applicationCredentials", "secret" );
- driver.newStore( "", props );
+ driver.newApplicationPolicy( "", props );
fail( "should never get here due to an exception" );
}
catch ( IllegalArgumentException e )
@@ -91,7 +91,7 @@
props.setProperty( "applicationPrincipalDN", "appName=something" );
try
{
- driver.newStore( "", props );
+ driver.newApplicationPolicy( "", props );
fail( "should never get here due to an exception" );
}
catch ( IllegalArgumentException e )
Modified: directory/sandbox/triplesec-jacc/guardian-ldif/src/main/java/org/safehaus/triplesec/guardian/ldif/LdifConnectionDriver.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/guardian-ldif/src/main/java/org/safehaus/triplesec/guardian/ldif/LdifConnectionDriver.java?view=diff&rev=491173&r1=491172&r2=491173
==============================================================================
--- directory/sandbox/triplesec-jacc/guardian-ldif/src/main/java/org/safehaus/triplesec/guardian/ldif/LdifConnectionDriver.java (original)
+++ directory/sandbox/triplesec-jacc/guardian-ldif/src/main/java/org/safehaus/triplesec/guardian/ldif/LdifConnectionDriver.java Fri Dec 29 21:57:57 2006
@@ -30,6 +30,7 @@
import org.safehaus.triplesec.guardian.ApplicationPolicyFactory;
import org.safehaus.triplesec.guardian.ConnectionDriver;
import org.safehaus.triplesec.guardian.GuardianException;
+import org.safehaus.triplesec.guardian.RealmPolicy;
/**
@@ -45,12 +46,12 @@
ApplicationPolicyFactory.registerDriver( new LdifConnectionDriver() );
}
-
+
public LdifConnectionDriver()
{
}
-
+
public boolean accept( String url )
{
if ( ( url.startsWith( "file:" ) || url.startsWith( "jar:" ) ) && url.endsWith( ".ldif" ) )
@@ -60,9 +61,9 @@
return false;
}
-
- public ApplicationPolicy newStore( String url, Properties info ) throws GuardianException
+
+ public ApplicationPolicy newApplicationPolicy( String url, Properties info ) throws GuardianException
{
if ( info == null )
{
@@ -79,7 +80,7 @@
{
throw new IllegalArgumentException( "An applicationPrincipalDN property value must be provided." );
}
-
+
if ( url.startsWith( "file:" ) )
{
File ldifFile = null;
@@ -97,7 +98,11 @@
{
throw new NotImplementedException();
}
-
+
throw new GuardianException( "Unrecognized URL scheme for " );
+ }
+
+ public RealmPolicy newRealmPolicy(String url, Properties info) throws GuardianException {
+ throw new GuardianException("NOT YET IMPLEMENTED");
}
}
Modified: directory/sandbox/triplesec-jacc/guardian-ldif/src/test/java/org/safehaus/triplesec/guardian/ldif/LdapConnectionDriverTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/guardian-ldif/src/test/java/org/safehaus/triplesec/guardian/ldif/LdapConnectionDriverTest.java?view=diff&rev=491173&r1=491172&r2=491173
==============================================================================
--- directory/sandbox/triplesec-jacc/guardian-ldif/src/test/java/org/safehaus/triplesec/guardian/ldif/LdapConnectionDriverTest.java (original)
+++ directory/sandbox/triplesec-jacc/guardian-ldif/src/test/java/org/safehaus/triplesec/guardian/ldif/LdapConnectionDriverTest.java Fri Dec 29 21:57:57 2006
@@ -38,7 +38,7 @@
LdifConnectionDriver driver = new LdifConnectionDriver();
try
{
- driver.newStore( "", null );
+ driver.newApplicationPolicy( "", null );
fail( "should not get here due to exception" );
}
catch( IllegalArgumentException e )
@@ -54,7 +54,7 @@
props.setProperty( "applicationPrincipalDN", "appName=something" );
try
{
- driver.newStore( null, props );
+ driver.newApplicationPolicy( null, props );
fail( "should never get here due to an exception" );
}
catch ( IllegalArgumentException e )
@@ -69,7 +69,7 @@
try
{
Properties props = new Properties();
- driver.newStore( "", props );
+ driver.newApplicationPolicy( "", props );
fail( "should never get here due to an exception" );
}
catch ( IllegalArgumentException e )
Modified: directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/SafehausLoginModule.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/SafehausLoginModule.java?view=diff&rev=491173&r1=491172&r2=491173
==============================================================================
--- directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/SafehausLoginModule.java (original)
+++ directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/SafehausLoginModule.java Fri Dec 29 21:57:57 2006
@@ -22,6 +22,7 @@
import java.util.Hashtable;
import java.util.Map;
+import java.security.Principal;
import javax.naming.Context;
import javax.naming.NamingException;
@@ -36,8 +37,8 @@
import javax.security.auth.callback.PasswordCallback;
import org.safehaus.otp.HotpErrorConstants;
-import org.safehaus.triplesec.guardian.ApplicationPolicy;
import org.safehaus.triplesec.guardian.Profile;
+import org.safehaus.triplesec.guardian.RealmPolicy;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -52,7 +53,7 @@
public class SafehausLoginModule implements LoginModule {
public static final String ALLOW_ADMIN = SafehausLoginModule.class.getName() + ".allowAdmin";
public static final String REALM_KEY = SafehausLoginModule.class.getName() + ".profileId";
- public static final String POLICY_KEY = SafehausLoginModule.class.getName() + ".policy";
+ public static final String REALM_POLICY_KEY = SafehausLoginModule.class.getName() + ".realmpolicy";
private static final Logger log = LoggerFactory.getLogger(SafehausLoginModule.class);
/**
@@ -68,8 +69,8 @@
private Map sharedState;
private Map options;
// private PolicyCallback policyCallback;
- private Profile profile;
LoginModule module;
+ private Principal principal;
public SafehausLoginModule() {
@@ -113,7 +114,7 @@
// if (module.commit()) {
//Clearing the principals means this has to be the only login module, not a reasonable assumption
// this.subject.getPrincipals().clear();
- this.subject.getPrincipals().add(new SafehausPrincipal(profile));
+ this.subject.getPrincipals().add(principal);
return true;
// }
//
@@ -179,8 +180,8 @@
throw new NullPointerException(msg);
}
- final ApplicationPolicy policy = (ApplicationPolicy) options.get(POLICY_KEY);
- if (policy == null) {
+ final RealmPolicy realmPolicy = (RealmPolicy) options.get(REALM_POLICY_KEY);
+ if (realmPolicy == null) {
String msg = "Cannot login without a non-null .";
log.error(msg);
throw new NullPointerException(msg);
@@ -192,44 +193,21 @@
// -------------------------------------------------------------------
final String passcode = passcodeCallback.getPasscode();
- this.profile = policy.getProfile(profileId);
- if (this.profile == null) {
- log.info("Profile " + name + " not found for user.");
- return false;
- } else if (name.equals("admin")) {
- if (! options.containsKey(ALLOW_ADMIN) ||
- (options.containsKey(ALLOW_ADMIN) && ! ((String) options.get(ALLOW_ADMIN)).equals("true"))) {
- throw new LoginException("Admin authentication has not been enabled.");
- }
-
- // ---------------------------------------------------------------
- // Do just LDAP auth now but with special DN for the admin user
- // ---------------------------------------------------------------
-
- if (bindAs("uid=admin,ou=system", password)) {
- //add in commit(), not here
-// this.subject.getPrincipals().add( new SafehausPrincipal( profile ) );
- return true;
- } else {
- return false;
- }
- } else {
- log.info("Profile " + name + " found for user " + profile.getUserName());
- }
//try to connect to ldap using these credentials
- if (!bindAs(getUserDn(profile.getUserName(), realm), password)) {
+ if (!bindAs(getUserDn(name, realm), password)) {
return false;
}
+ principal = new SafehausPrincipal(name, profileId, realmPolicy);
// If the profile is disabled then throw and exceptions
- if (profile.isDisabled()) {
- return false;
+// if (profile.isDisabled()) {
+// return false;
// throw new AccountDisabledException("The profile " + profile.getProfileId()
// + " associated with your account for application "
// + profile.getApplicationName() + " has been disabled.");
- }
+// }
return true;
// -------------------------------------------------------------------
Modified: directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/SafehausPrincipal.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/SafehausPrincipal.java?view=diff&rev=491173&r1=491172&r2=491173
==============================================================================
--- directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/SafehausPrincipal.java (original)
+++ directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/SafehausPrincipal.java Fri Dec 29 21:57:57 2006
@@ -22,6 +22,7 @@
import java.security.Principal;
import org.safehaus.triplesec.guardian.Profile;
+import org.safehaus.triplesec.guardian.RealmPolicy;
/**
@@ -34,19 +35,20 @@
public class SafehausPrincipal implements Principal
{
- /** the Guardian authorization profile for this principal */
- private final Profile profile;
+ private final String name;
+ private final String profileId;
+ private final RealmPolicy realmPolicy;
- SafehausPrincipal( Profile profile )
- {
- this.profile = profile;
+ public SafehausPrincipal(String name, String profileId, RealmPolicy realmPolicy) {
+ this.name = name;
+ this.profileId = profileId;
+ this.realmPolicy = realmPolicy;
}
-
-
+
public String getName()
{
- return profile.getProfileId();
+ return name;
}
@@ -55,8 +57,8 @@
*
* @return the authorization Profile
*/
- public Profile getAuthorizationProfile()
+ public Profile getAuthorizationProfile(String applicationName)
{
- return profile;
+ return realmPolicy.getProfile(profileId, applicationName);
}
}
Modified: directory/sandbox/triplesec-jacc/jaas/src/test/java/org/safehaus/triplesec/jaas/SafehausLoginModuleIntegrationTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/jaas/src/test/java/org/safehaus/triplesec/jaas/SafehausLoginModuleIntegrationTest.java?view=diff&rev=491173&r1=491172&r2=491173
==============================================================================
--- directory/sandbox/triplesec-jacc/jaas/src/test/java/org/safehaus/triplesec/jaas/SafehausLoginModuleIntegrationTest.java (original)
+++ directory/sandbox/triplesec-jacc/jaas/src/test/java/org/safehaus/triplesec/jaas/SafehausLoginModuleIntegrationTest.java Fri Dec 29 21:57:57 2006
@@ -20,23 +20,23 @@
package org.safehaus.triplesec.jaas;
-import java.util.Properties;
-import java.util.HashMap;
-import java.util.Map;
import java.io.IOException;
import java.security.Principal;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
import javax.naming.Context;
import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import org.safehaus.triplesec.guardian.RealmPolicy;
+import org.safehaus.triplesec.guardian.RealmPolicyFactory;
import org.safehaus.triplesec.integration.TriplesecIntegration;
-import org.safehaus.triplesec.guardian.ApplicationPolicyFactory;
-import org.safehaus.triplesec.guardian.ApplicationPolicy;
/**
* @version $Rev:$ $Date:$
@@ -45,7 +45,7 @@
private static final String APP_NAME = "mockApplication";
- private ApplicationPolicy store;
+ private RealmPolicy realmPolicy;
private static final String BASE_URL = "dc=example,dc=com";
private String providerUrl;
@@ -66,15 +66,15 @@
props.setProperty( "applicationCredentials", "testing" );
Class.forName( "org.safehaus.triplesec.guardian.ldap.LdapConnectionDriver" );
- store = ApplicationPolicyFactory.
+ realmPolicy = RealmPolicyFactory.
newInstance( providerUrl, props );
}
protected void tearDown() throws Exception {
super.tearDown();
- store.close();
- store = null;
+ realmPolicy.close();
+ realmPolicy = null;
}
public void testBindAs() throws Exception {
@@ -98,7 +98,7 @@
options.put(Context.PROVIDER_URL, providerUrl);
options.put(Context.SECURITY_AUTHENTICATION, "simple");
options.put(SafehausLoginModule.REALM_KEY, "example.com");
- options.put(SafehausLoginModule.POLICY_KEY, store);
+ options.put(SafehausLoginModule.REALM_POLICY_KEY, realmPolicy);
SafehausLoginModule module = new SafehausLoginModule();
Subject subject = new Subject();
CallbackHandler callbackHandler = new TestCallbackHandler("akarasulu", "mockProfile1", "maxwell".toCharArray());
Modified: directory/sandbox/triplesec-jacc/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/ConnectionManager.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/ConnectionManager.java?view=diff&rev=491173&r1=491172&r2=491173
==============================================================================
--- directory/sandbox/triplesec-jacc/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/ConnectionManager.java (original)
+++ directory/sandbox/triplesec-jacc/swing-admin/src/main/java/org/safehaus/triplesec/admin/swing/ConnectionManager.java Fri Dec 29 21:57:57 2006
@@ -135,9 +135,9 @@
else
{
SafehausPrincipal principal = ( SafehausPrincipal ) subject.getPrincipals().toArray()[0];
- Profile profile = principal.getAuthorizationProfile();
+ String userName = principal.getName();
StringBuffer principalDn = new StringBuffer();
- principalDn.append( "uid=" ).append( profile.getUserName() ).append( ",ou=Users," )
+ principalDn.append( "uid=" ).append( userName ).append( ",ou=Users," )
.append( connectionInfo.getLdapRealmBase() );
env.put ( Context.SECURITY_PRINCIPAL, principalDn.toString() );
}
Modified: directory/sandbox/triplesec-jacc/webapp-demo/src/main/java/org/safehaus/triplesec/demo/security/AuthenticatedWebSession.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/webapp-demo/src/main/java/org/safehaus/triplesec/demo/security/AuthenticatedWebSession.java?view=diff&rev=491173&r1=491172&r2=491173
==============================================================================
--- directory/sandbox/triplesec-jacc/webapp-demo/src/main/java/org/safehaus/triplesec/demo/security/AuthenticatedWebSession.java (original)
+++ directory/sandbox/triplesec-jacc/webapp-demo/src/main/java/org/safehaus/triplesec/demo/security/AuthenticatedWebSession.java Fri Dec 29 21:57:57 2006
@@ -139,6 +139,6 @@
public Profile getUserProfile()
{
- return principal != null ? principal.getAuthorizationProfile() : null;
+ return principal != null ? principal.getAuthorizationProfile(getApplication().getName()) : null;
}
}
Modified: directory/sandbox/triplesec-jacc/webapp-servlet-demo/src/main/java/org/safehaus/triplesec/demo/LoginServlet.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/webapp-servlet-demo/src/main/java/org/safehaus/triplesec/demo/LoginServlet.java?view=diff&rev=491173&r1=491172&r2=491173
==============================================================================
--- directory/sandbox/triplesec-jacc/webapp-servlet-demo/src/main/java/org/safehaus/triplesec/demo/LoginServlet.java (original)
+++ directory/sandbox/triplesec-jacc/webapp-servlet-demo/src/main/java/org/safehaus/triplesec/demo/LoginServlet.java Fri Dec 29 21:57:57 2006
@@ -135,7 +135,8 @@
// get the authorization profile of the authenticated user and print it out
SafehausPrincipal principal = command.getSafehausPrincipal();
- Profile profile = principal.getAuthorizationProfile();
+ //TODO no doubt this is the wrong application name
+ Profile profile = principal.getAuthorizationProfile("demoApp");
PrintWriter out = response.getWriter();
out.println( "<html><body><p><font color=\"green\">Authentication Succeeded</font></p><br/><br/>" );
out.println( "<h2>Authorization Profile " + profile.getProfileId()