You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by ch...@apache.org on 2014/08/26 07:45:04 UTC
svn commit: r1620512 - in
/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak:
security/authentication/ spi/security/authentication/
Author: chetanm
Date: Tue Aug 26 05:45:03 2014
New Revision: 1620512
URL: http://svn.apache.org/r1620512
Log:
OAK-2051 - Provide option to use Configuration SPI in JAAS authentication when running within AppServer
Modifying LoginContextProviderImpl to use SPI based Configuration API to fetch JAAS Configuration
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationConfigurationImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AuthenticationConfiguration.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationConfigurationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationConfigurationImpl.java?rev=1620512&r1=1620511&r2=1620512&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationConfigurationImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationConfigurationImpl.java Tue Aug 26 05:45:03 2014
@@ -21,6 +21,8 @@ import javax.annotation.Nonnull;
import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
+import org.apache.felix.scr.annotations.Properties;
+import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.Service;
import org.apache.jackrabbit.oak.api.ContentRepository;
import org.apache.jackrabbit.oak.spi.security.ConfigurationBase;
@@ -47,8 +49,19 @@ import org.slf4j.LoggerFactory;
* </ul>
*
*/
-@Component
+@Component(metatype = true, label = "Apache Jackrabbit Oak AuthenticationConfiguration")
@Service({AuthenticationConfiguration.class, SecurityConfiguration.class})
+@Properties({
+ @Property(name = AuthenticationConfiguration.PARAM_APP_NAME,
+ label = "Application Name",
+ value = AuthenticationConfiguration.DEFAULT_APP_NAME,
+ description = "Application named used for JAAS authentication"),
+ @Property(name = AuthenticationConfiguration.PARAM_CONFIG_SPI_NAME,
+ label = "JAAS Config SPI Name",
+ description = "Name of JAAS Configuration Spi. This needs to be set to JAAS config provider " +
+ "name if JAAS authentication " +
+ "is managed by Felix JAAS Support with its Global Configuration Policy set to 'default'.")
+})
public class AuthenticationConfigurationImpl extends ConfigurationBase implements AuthenticationConfiguration {
private static final Logger log = LoggerFactory.getLogger(AuthenticationConfigurationImpl.class);
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java?rev=1620512&r1=1620511&r2=1620512&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java Tue Aug 26 05:45:03 2014
@@ -17,6 +17,9 @@
package org.apache.jackrabbit.oak.security.authentication;
import java.security.AccessController;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.jcr.Credentials;
@@ -37,6 +40,8 @@ import org.apache.jackrabbit.oak.spi.whi
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import static org.apache.jackrabbit.oak.spi.security.authentication.AuthenticationConfiguration.PARAM_CONFIG_SPI_NAME;
+
/**
* {@code LoginContextProvider}
*/
@@ -101,15 +106,40 @@ class LoginContextProviderImpl implement
private Configuration getConfiguration() {
if (configuration == null) {
Configuration loginConfig = null;
- try {
- loginConfig = Configuration.getConfiguration();
- // NOTE: workaround for Java7 behavior (see OAK-497)
- if (loginConfig.getAppConfigurationEntry(appName) == null) {
- loginConfig = null;
+
+ //Default value cannot be set to null so using a sentinel to determine
+ //case when its not set
+ String configSpiName = params.getConfigValue(PARAM_CONFIG_SPI_NAME, "NA");
+ if(!"NA".equals(configSpiName)){
+ try {
+ loginConfig = Configuration.getInstance(
+ "JavaLoginConfig", //Algorithm name
+ null, //Extra params to be passed. For this impl its null
+ configSpiName //Name of the config provider
+ );
+ if (loginConfig.getAppConfigurationEntry(appName) == null) {
+ log.warn("No configuration found for application {} though fetching JAAS " +
+ "configuration from SPI {} is enabled.", appName, configSpiName);
+ }
+ } catch (NoSuchAlgorithmException e) {
+ log.warn("Error fetching JAAS config from SPI {}", configSpiName, e);
+ } catch (NoSuchProviderException e) {
+ log.warn("Error fetching JAAS config from SPI {}", configSpiName, e);
}
- } catch (SecurityException e) {
- log.info("Failed to retrieve login configuration: using default. " + e);
}
+
+ if(loginConfig == null) {
+ try {
+ loginConfig = Configuration.getConfiguration();
+ // NOTE: workaround for Java7 behavior (see OAK-497)
+ if (loginConfig.getAppConfigurationEntry(appName) == null) {
+ loginConfig = null;
+ }
+ } catch (SecurityException e) {
+ log.info("Failed to retrieve login configuration: using default. " + e);
+ }
+ }
+
if (loginConfig == null) {
log.debug("No login configuration available for {}; using default", appName);
loginConfig = ConfigurationUtil.getDefaultConfiguration(params);
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AuthenticationConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AuthenticationConfiguration.java?rev=1620512&r1=1620511&r2=1620512&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AuthenticationConfiguration.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AuthenticationConfiguration.java Tue Aug 26 05:45:03 2014
@@ -31,6 +31,8 @@ public interface AuthenticationConfigura
String PARAM_APP_NAME = "org.apache.jackrabbit.oak.authentication.appName";
String DEFAULT_APP_NAME = "jackrabbit.oak";
+ String PARAM_CONFIG_SPI_NAME = "org.apache.jackrabbit.oak.authentication.configSpiName";
+
@Nonnull
LoginContextProvider getLoginContextProvider(ContentRepository contentRepository);
}