You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by ho...@apache.org on 2005/12/18 06:40:31 UTC
svn commit: r357441 - in /geronimo/branches/1.0/modules:
jetty/src/java/org/apache/geronimo/jetty/
security/src/java/org/apache/geronimo/security/jaas/client/
tomcat/src/java/org/apache/geronimo/tomcat/realm/
Author: hogstrom
Date: Sat Dec 17 21:40:22 2005
New Revision: 357441
URL: http://svn.apache.org/viewcvs?rev=357441&view=rev
Log:
GERONIMO-1375 Login should not produce stack trace
Modified:
geronimo/branches/1.0/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyRealm.java
geronimo/branches/1.0/modules/security/src/java/org/apache/geronimo/security/jaas/client/ServerLoginProxy.java
geronimo/branches/1.0/modules/tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java
Modified: geronimo/branches/1.0/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyRealm.java
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.0/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyRealm.java?rev=357441&r1=357440&r2=357441&view=diff
==============================================================================
--- geronimo/branches/1.0/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyRealm.java (original)
+++ geronimo/branches/1.0/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyRealm.java Sat Dec 17 21:40:22 2005
@@ -62,48 +62,57 @@
public Principal authenticate(String username, Object credentials, HttpRequest request) {
try {
- JAASJettyPrincipal userPrincipal = (JAASJettyPrincipal) userMap.get(username);
+ if ( (username!=null) && (!username.equals("")) ) {
- //user has been previously authenticated, but
- //re-authentication has been requested, so remove them
- if (userPrincipal != null) {
- userMap.remove(username);
- }
+ JAASJettyPrincipal userPrincipal = (JAASJettyPrincipal) userMap.get(username);
- ClearableCallbackHandler callbackHandler;
- if (credentials instanceof char[]) {
- char[] password = (char[]) credentials;
- callbackHandler = new PasswordCallbackHandler(username, password);
- } else if (credentials instanceof String) {
- char[] password = ((String) credentials).toCharArray();
- callbackHandler = new PasswordCallbackHandler(username, password);
- } else if (credentials instanceof X509Certificate[]) {
- X509Certificate[] certs = (X509Certificate[]) credentials;
- if (certs.length < 1) {
- throw new LoginException("no certificates supplied");
+ //user has been previously authenticated, but
+ //re-authentication has been requested, so remove them
+ if (userPrincipal != null) {
+ userMap.remove(username);
+ }
+
+ ClearableCallbackHandler callbackHandler;
+ if (credentials instanceof char[]) {
+ char[] password = (char[]) credentials;
+ callbackHandler = new PasswordCallbackHandler(username, password);
+ } else if (credentials instanceof String) {
+ char[] password = ((String) credentials).toCharArray();
+ callbackHandler = new PasswordCallbackHandler(username, password);
+ } else if (credentials instanceof X509Certificate[]) {
+ X509Certificate[] certs = (X509Certificate[]) credentials;
+ if (certs.length < 1) {
+ throw new LoginException("no certificates supplied");
+ }
+ callbackHandler = new CertificateCallbackHandler(certs[0]);
+ } else {
+ throw new LoginException("Cannot extract credentials from class: " + credentials.getClass().getName());
}
- callbackHandler = new CertificateCallbackHandler(certs[0]);
- } else {
- throw new LoginException("Cannot extract credentials from class: " + credentials.getClass().getName());
- }
- //set up the login context
- LoginContext loginContext = new LoginContext(loginDomainName, callbackHandler);
- loginContext.login();
- callbackHandler.clear();
+ //set up the login context
+ LoginContext loginContext = new LoginContext(loginDomainName, callbackHandler);
+ loginContext.login();
+ callbackHandler.clear();
- Subject subject = ContextManager.getServerSideSubject(loginContext.getSubject());
- ContextManager.setCurrentCaller(subject);
+ Subject subject = ContextManager.getServerSideSubject(loginContext.getSubject());
+ ContextManager.setCurrentCaller(subject);
- //login success
- userPrincipal = new JAASJettyPrincipal(username);
- userPrincipal.setSubject(subject);
+ //login success
+ userPrincipal = new JAASJettyPrincipal(username);
+ userPrincipal.setSubject(subject);
- userMap.put(username, userPrincipal);
+ userMap.put(username, userPrincipal);
+
+ return userPrincipal;
+ }
+ else {
+ log.debug("Login Failed - null userID");
+ return null;
+ }
- return userPrincipal;
} catch (LoginException e) {
- log.warn("Login Failed", e);
+// log.warn("Login Failed", e);
+ log.debug("Login Failed", e);
return null;
}
}
Modified: geronimo/branches/1.0/modules/security/src/java/org/apache/geronimo/security/jaas/client/ServerLoginProxy.java
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.0/modules/security/src/java/org/apache/geronimo/security/jaas/client/ServerLoginProxy.java?rev=357441&r1=357440&r2=357441&view=diff
==============================================================================
--- geronimo/branches/1.0/modules/security/src/java/org/apache/geronimo/security/jaas/client/ServerLoginProxy.java (original)
+++ geronimo/branches/1.0/modules/security/src/java/org/apache/geronimo/security/jaas/client/ServerLoginProxy.java Sat Dec 17 21:40:22 2005
@@ -21,6 +21,7 @@
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
+import javax.security.auth.login.FailedLoginException;
import org.apache.geronimo.security.jaas.server.JaasSessionId;
import org.apache.geronimo.security.jaas.server.JaasLoginServiceMBean;
@@ -71,6 +72,8 @@
System.err.println("No callback handler available for " + callbacks.length + " callbacks!");
}
return service.performLogin(sessionHandle, lmIndex, callbacks);
+ } catch (FailedLoginException e) {
+ throw e;
} catch (Exception e) {
LoginException le = new LoginException("Error filling callback list");
le.initCause(e);
Modified: geronimo/branches/1.0/modules/tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.0/modules/tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java?rev=357441&r1=357440&r2=357441&view=diff
==============================================================================
--- geronimo/branches/1.0/modules/tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java (original)
+++ geronimo/branches/1.0/modules/tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java Sat Dec 17 21:40:22 2005
@@ -337,92 +337,100 @@
// Establish a LoginContext to use for authentication
try {
- LoginContext loginContext = null;
- if (appName == null)
- appName = "Tomcat";
-
- if (log.isDebugEnabled())
- log.debug(sm.getString("jaasRealm.beginLogin", principalName, appName));
-
- // What if the LoginModule is in the container class loader ?
- ClassLoader ocl = null;
-
- if (isUseContextClassLoader()) {
- ocl = Thread.currentThread().getContextClassLoader();
- Thread.currentThread().setContextClassLoader(this.getClass().getClassLoader());
- }
-
- try {
- loginContext = new LoginContext(appName, callbackHandler);
- } catch (Throwable e) {
- log.error(sm.getString("jaasRealm.unexpectedError"), e);
- return (null);
- } finally {
- if (isUseContextClassLoader()) {
- Thread.currentThread().setContextClassLoader(ocl);
- }
- }
-
- if (log.isDebugEnabled())
- log.debug("Login context created " + principalName);
- // Negotiate a login via this LoginContext
- Subject subject = null;
- try {
- loginContext.login();
- Subject tempSubject = loginContext.getSubject();
- if (tempSubject == null) {
- if (log.isDebugEnabled())
- log.debug(sm.getString("jaasRealm.failedLogin", principalName));
- return (null);
- }
-
- subject = ContextManager.getServerSideSubject(tempSubject);
- if (subject == null) {
- if (log.isDebugEnabled())
- log.debug(sm.getString("jaasRealm.failedLogin", principalName));
- return (null);
- }
+ if ( (principalName!=null) && (!principalName.equals("")) ) {
+ LoginContext loginContext = null;
+ if (appName == null)
+ appName = "Tomcat";
+
+ if (log.isDebugEnabled())
+ log.debug(sm.getString("jaasRealm.beginLogin", principalName, appName));
+
+ // What if the LoginModule is in the container class loader ?
+ ClassLoader ocl = null;
+
+ if (isUseContextClassLoader()) {
+ ocl = Thread.currentThread().getContextClassLoader();
+ Thread.currentThread().setContextClassLoader(this.getClass().getClassLoader());
+ }
+
+ try {
+ loginContext = new LoginContext(appName, callbackHandler);
+ } catch (Throwable e) {
+ log.error(sm.getString("jaasRealm.unexpectedError"), e);
+ return (null);
+ } finally {
+ if (isUseContextClassLoader()) {
+ Thread.currentThread().setContextClassLoader(ocl);
+ }
+ }
+
+ if (log.isDebugEnabled())
+ log.debug("Login context created " + principalName);
+
+ // Negotiate a login via this LoginContext
+ Subject subject = null;
+ try {
+ loginContext.login();
+ Subject tempSubject = loginContext.getSubject();
+ if (tempSubject == null) {
+ if (log.isDebugEnabled())
+ log.debug(sm.getString("jaasRealm.failedLogin", principalName));
+ return (null);
+ }
+
+ subject = ContextManager.getServerSideSubject(tempSubject);
+ if (subject == null) {
+ if (log.isDebugEnabled())
+ log.debug(sm.getString("jaasRealm.failedLogin", principalName));
+ return (null);
+ }
+
+ ContextManager.setCurrentCaller(subject);
+
+ } catch (AccountExpiredException e) {
+ if (log.isDebugEnabled())
+ log.debug(sm.getString("jaasRealm.accountExpired", principalName));
+ return (null);
+ } catch (CredentialExpiredException e) {
+ if (log.isDebugEnabled())
+ log.debug(sm.getString("jaasRealm.credentialExpired", principalName));
+ return (null);
+ } catch (FailedLoginException e) {
+ if (log.isDebugEnabled())
+ log.debug(sm.getString("jaasRealm.failedLogin", principalName));
+ return (null);
+ } catch (LoginException e) {
+ log.warn(sm.getString("jaasRealm.loginException", principalName), e);
+ return (null);
+ } catch (Throwable e) {
+ log.error(sm.getString("jaasRealm.unexpectedError"), e);
+ return (null);
+ }
+
+ if (log.isDebugEnabled())
+ log.debug(sm.getString("jaasRealm.loginContextCreated", principalName));
+
+ // Return the appropriate Principal for this authenticated Subject
+ /* Principal principal = createPrincipal(username, subject);
+ if (principal == null) {
+ log.debug(sm.getString("jaasRealm.authenticateFailure", username));
+ return (null);
+ }
+ if (log.isDebugEnabled()) {
+ log.debug(sm.getString("jaasRealm.authenticateSuccess", username));
+ }
+ */
+ JAASTomcatPrincipal jaasPrincipal = new JAASTomcatPrincipal(principalName);
+ jaasPrincipal.setSubject(subject);
- ContextManager.setCurrentCaller(subject);
-
- } catch (AccountExpiredException e) {
- if (log.isDebugEnabled())
- log.debug(sm.getString("jaasRealm.accountExpired", principalName));
- return (null);
- } catch (CredentialExpiredException e) {
- if (log.isDebugEnabled())
- log.debug(sm.getString("jaasRealm.credentialExpired", principalName));
- return (null);
- } catch (FailedLoginException e) {
- if (log.isDebugEnabled())
- log.debug(sm.getString("jaasRealm.failedLogin", principalName));
- return (null);
- } catch (LoginException e) {
- log.warn(sm.getString("jaasRealm.loginException", principalName), e);
- return (null);
- } catch (Throwable e) {
- log.error(sm.getString("jaasRealm.unexpectedError"), e);
- return (null);
- }
-
- if (log.isDebugEnabled())
- log.debug(sm.getString("jaasRealm.loginContextCreated", principalName));
-
- // Return the appropriate Principal for this authenticated Subject
-/* Principal principal = createPrincipal(username, subject);
- if (principal == null) {
- log.debug(sm.getString("jaasRealm.authenticateFailure", username));
- return (null);
+ return (jaasPrincipal);
}
- if (log.isDebugEnabled()) {
- log.debug(sm.getString("jaasRealm.authenticateSuccess", username));
+ else {
+ if (log.isDebugEnabled())
+ log.debug("Login Failed - null userID");
+ return null;
}
-*/
- JAASTomcatPrincipal jaasPrincipal = new JAASTomcatPrincipal(principalName);
- jaasPrincipal.setSubject(subject);
-
- return (jaasPrincipal);
} catch (Throwable t) {
log.error("error ", t);