You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2012/08/16 19:02:37 UTC
svn commit: r1373922 - in
/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak:
security/authentication/LoginModuleImpl.java
spi/security/authentication/AbstractLoginModule.java
Author: angela
Date: Thu Aug 16 17:02:37 2012
New Revision: 1373922
URL: http://svn.apache.org/viewvc?rev=1373922&view=rev
Log:
OAK-91 : Implement Authentication Support (work in progress)
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java?rev=1373922&r1=1373921&r2=1373922&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java Thu Aug 16 17:02:37 2012
@@ -22,12 +22,14 @@ import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
+import javax.annotation.CheckForNull;
import javax.jcr.Credentials;
import javax.jcr.GuestCredentials;
import javax.jcr.SimpleCredentials;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
@@ -35,6 +37,7 @@ import org.apache.jackrabbit.oak.api.Aut
import org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule;
import org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials;
import org.apache.jackrabbit.oak.spi.security.authentication.PrincipalProviderCallback;
+import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -124,6 +127,9 @@ public class LoginModuleImpl extends Abs
if (success) {
log.debug("Login: adding Credentials to shared state.");
sharedState.put(SHARED_KEY_CREDENTIALS, credentials);
+
+ log.debug("Login: adding login name to shared state.");
+ sharedState.put(SHARED_KEY_LOGIN_NAME, userID);
}
return success;
}
@@ -164,9 +170,13 @@ public class LoginModuleImpl extends Abs
Set<Principal> principals = new HashSet<Principal>();
PrincipalProvider principalProvider = getPrincipalProvider();
if (principalProvider != null && userID != null) {
- Principal p = principalProvider.getPrincipal(userID); // TODO FIXME
+ // TODO fixme
+ Principal p = principalProvider.getPrincipal(userID);
if (p != null) {
principals.add(p);
+ if ("admin".equals(p.getName())) {
+ principals.add(AdminPrincipal.INSTANCE);
+ }
principals.addAll(principalProvider.getGroupMembership(p));
} else {
log.debug("Commit: Cannot retrieve principal for userID '{}'.", userID);
@@ -194,6 +204,7 @@ public class LoginModuleImpl extends Abs
return principalProvider;
}
+ @CheckForNull
private String getUserID() {
// TODO add proper implementation
String userID = null;
@@ -207,8 +218,23 @@ public class LoginModuleImpl extends Abs
if (bc instanceof SimpleCredentials) {
userID = ((SimpleCredentials) bc).getUserID();
}
+ } else {
+ try {
+ NameCallback callback = new NameCallback("User-ID: ");
+ callbackHandler.handle(new Callback[]{callback});
+ userID = callback.getName();
+ } catch (UnsupportedCallbackException e) {
+ log.warn("Credentials- or NameCallback must be supported");
+ } catch (IOException e) {
+ log.error("Name-Callback failed: " + e.getMessage());
+ }
}
}
+
+ if (userID == null) {
+ userID = getSharedLoginName();
+ }
+
return userID;
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java?rev=1373922&r1=1373921&r2=1373922&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java Thu Aug 16 17:02:37 2012
@@ -19,6 +19,7 @@ package org.apache.jackrabbit.oak.spi.se
import java.io.IOException;
import java.util.Map;
import java.util.Set;
+import javax.annotation.CheckForNull;
import javax.jcr.Credentials;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
@@ -46,6 +47,13 @@ public abstract class AbstractLoginModul
*/
public static final String SHARED_KEY_CREDENTIALS = "org.apache.jackrabbit.credentials";
+ /**
+ * Key of the sharedState entry referring to a valid login ID that is shared
+ * between multiple login modules.
+ */
+ public static final String SHARED_KEY_LOGIN_NAME = "javax.security.auth.login.name";
+
+
protected Subject subject;
protected CallbackHandler callbackHandler;
protected Map sharedState;
@@ -75,6 +83,7 @@ public abstract class AbstractLoginModul
//--------------------------------------------------------------------------
protected abstract Set<Class> getSupportedCredentials();
+ @CheckForNull
protected Credentials getCredentials() {
if (callbackHandler != null) {
log.debug("Login: retrieving Credentials using callback.");
@@ -111,6 +120,7 @@ public abstract class AbstractLoginModul
return null;
}
+ @CheckForNull
protected Credentials getSharedCredentials() {
Credentials shared = null;
if (sharedState.containsKey(SHARED_KEY_CREDENTIALS)) {
@@ -124,4 +134,13 @@ public abstract class AbstractLoginModul
return shared;
}
+
+ @CheckForNull
+ protected String getSharedLoginName() {
+ if (sharedState.containsKey(SHARED_KEY_LOGIN_NAME)) {
+ return (String) sharedState.get(SHARED_KEY_LOGIN_NAME);
+ } else {
+ return null;
+ }
+ }
}