You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by re...@apache.org on 2015/10/21 12:16:17 UTC
svn commit: r1709787 - in /tomcat/trunk:
java/org/apache/catalina/authenticator/jaspic/
java/org/apache/catalina/authenticator/jaspic/provider/
java/org/apache/catalina/authenticator/jaspic/provider/modules/
java/org/apache/catalina/startup/ test/org/a...
Author: remm
Date: Wed Oct 21 10:16:17 2015
New Revision: 1709787
URL: http://svn.apache.org/viewvc?rev=1709787&view=rev
Log:
Add properties for the JASPIC modules, plus some cleanups (more properties will be needed). Patch from Fjodor Vershinin with some changes.
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfigProvider.java
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatServerAuthContext.java
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/FormAuthModule.java
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/TomcatAuthModule.java
tomcat/trunk/java/org/apache/catalina/startup/ContextConfig.java
tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicBasicAuthenticator.java
tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicDigestAuthenticator.java
tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicFormAuthenticator.java
Modified: tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java?rev=1709787&r1=1709786&r2=1709787&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java (original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java Wed Oct 21 10:16:17 2015
@@ -17,6 +17,8 @@
package org.apache.catalina.authenticator.jaspic;
import java.io.IOException;
+import java.util.Collections;
+import java.util.HashMap;
import java.util.Map;
import java.util.Set;
@@ -49,8 +51,7 @@ public class JaspicAuthenticator extends
private Subject serviceSubject;
- @SuppressWarnings("rawtypes")
- private Map authProperties = null;
+ private Map<String, String> authProperties = new HashMap<>();
private JaspicCallbackHandler callbackHandler;
@@ -157,4 +158,15 @@ public class JaspicAuthenticator extends
protected String getAuthMethod() {
return context.getLoginConfig().getAuthMethod();
}
+
+
+ public void setProperty(String key, String value) {
+ this.authProperties.put(key, value);
+ }
+
+
+ public Map<String, String> getAuthProperties() {
+ return Collections.unmodifiableMap(authProperties);
+ }
+
}
Modified: tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java?rev=1709787&r1=1709786&r2=1709787&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java (original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java Wed Oct 21 10:16:17 2015
@@ -46,16 +46,18 @@ public class TomcatAuthConfig implements
private Context context;
private LoginConfig loginConfig;
private Realm realm;
-
+ private Map<String, String> properties;
public TomcatAuthConfig(String layer, String appContext, CallbackHandler callbackHandler,
- Context context) {
+ Context context, Map<String, String> properties) throws AuthException {
this.messageLayer = layer;
this.appContext = appContext;
this.handler = callbackHandler;
this.context = context;
+ this.properties = properties;
this.realm = context.getRealm();
this.loginConfig = context.getLoginConfig();
+ initializeAuthContext(properties);
}
@@ -90,21 +92,31 @@ public class TomcatAuthConfig implements
@Override
- @SuppressWarnings("rawtypes")
+ @SuppressWarnings({ "rawtypes", "unchecked" })
public synchronized ServerAuthContext getAuthContext(String authContextID,
Subject serviceSubject, Map properties) throws AuthException {
if (this.tomcatServerAuthContext == null) {
- this.tomcatServerAuthContext = new TomcatServerAuthContext(handler, getModule(),
- getOptions());
+ initializeAuthContext(properties);
}
return tomcatServerAuthContext;
}
- private Map<String, String> getOptions() {
- Map<String, String> options = new HashMap<>();
- options.put(TomcatAuthModule.REALM_NAME, getRealmName());
- return options;
+ private void initializeAuthContext(Map<String, String> properties) throws AuthException {
+ TomcatAuthModule module = getModule();
+ module.initialize(null, null, handler, getMergedProperties(properties));
+ this.tomcatServerAuthContext = new TomcatServerAuthContext(module);
+ }
+
+
+ @SuppressWarnings({ "rawtypes", "unchecked" })
+ private Map<String, String> getMergedProperties(Map properties) {
+ Map<String, String> mergedProperties = new HashMap<>(this.properties);
+ mergedProperties.put(TomcatAuthModule.REALM_NAME, getRealmName());
+ if (properties != null) {
+ mergedProperties.putAll(properties);
+ }
+ return mergedProperties;
}
Modified: tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfigProvider.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfigProvider.java?rev=1709787&r1=1709786&r2=1709787&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfigProvider.java (original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfigProvider.java Wed Oct 21 10:16:17 2015
@@ -38,8 +38,9 @@ public class TomcatAuthConfigProvider im
private Context context;
- public TomcatAuthConfigProvider(Context context) {
+ public TomcatAuthConfigProvider(Context context, Map<String, String> properties) {
this.context = context;
+ this.providerProperties = properties;
}
@@ -62,7 +63,7 @@ public class TomcatAuthConfigProvider im
public synchronized ServerAuthConfig getServerAuthConfig(String layer, String appContext,
CallbackHandler handler) throws AuthException {
if (this.serverAuthConfig == null) {
- this.serverAuthConfig = new TomcatAuthConfig(layer, appContext, handler, context);
+ this.serverAuthConfig = new TomcatAuthConfig(layer, appContext, handler, context, providerProperties);
}
return this.serverAuthConfig;
}
Modified: tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatServerAuthContext.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatServerAuthContext.java?rev=1709787&r1=1709786&r2=1709787&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatServerAuthContext.java (original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatServerAuthContext.java Wed Oct 21 10:16:17 2015
@@ -16,10 +16,7 @@
*/
package org.apache.catalina.authenticator.jaspic.provider;
-import java.util.Map;
-
import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.MessageInfo;
@@ -39,10 +36,8 @@ public class TomcatServerAuthContext imp
private ServerAuthModule module;
- public TomcatServerAuthContext(CallbackHandler handler, ServerAuthModule module,
- Map<String, String> options) throws AuthException {
+ public TomcatServerAuthContext(ServerAuthModule module) {
this.module = module;
- this.module.initialize(null, null, handler, options);
}
Modified: tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/FormAuthModule.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/FormAuthModule.java?rev=1709787&r1=1709786&r2=1709787&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/FormAuthModule.java (original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/FormAuthModule.java Wed Oct 21 10:16:17 2015
@@ -70,8 +70,6 @@ public class FormAuthModule extends Tomc
private Realm realm;
private LoginConfig loginConfig;
- private boolean changeSessionIdOnAuthenication = true;
-
public FormAuthModule(Context context) {
super(context);
@@ -80,10 +78,11 @@ public class FormAuthModule extends Tomc
}
- @SuppressWarnings("rawtypes")
@Override
public void initializeModule(MessagePolicy requestPolicy, MessagePolicy responsePolicy,
- CallbackHandler handler, Map options) throws AuthException {
+ CallbackHandler handler, Map<String, String> options) throws AuthException {
+ this.characterEncoding = options.get("characterEncoding");
+ this.landingPage = options.get("landingPage");
}
@@ -106,7 +105,7 @@ public class FormAuthModule extends Tomc
Request request = (Request) messageInfo.getRequestMessage();
HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
- if (!cachePrincipalsInSession && isUserAuthenicatedBefore(request)) {
+ if (!cache && isUserAuthenticatedBefore(request)) {
return handleSavedCredentials(clientSubject, request, response);
}
@@ -118,13 +117,14 @@ public class FormAuthModule extends Tomc
}
if (!isLoginActionRequest(request)) {
- return handleNoLoginAction(request, response);
+ return handleRedirectToLoginPage(request, response);
}
- return handleLoginAction(request, response);
+ return handleLoginFormAction(request, response);
}
+ // TODO Extract common patterns in processing cached principal and cached credentials
private AuthStatus handleSavedCredentials(Subject clientSubject, Request request,
HttpServletResponse response) throws IOException, UnsupportedCallbackException {
Session session = request.getSessionInternal(true);
@@ -154,7 +154,7 @@ public class FormAuthModule extends Tomc
}
- private boolean isUserAuthenicatedBefore(Request request) {
+ private boolean isUserAuthenticatedBefore(Request request) {
Session session = request.getSessionInternal(true);
String username = (String) session.getNote(Constants.SESS_USERNAME_NOTE);
String password = (String) session.getNote(Constants.SESS_PASSWORD_NOTE);
@@ -174,7 +174,7 @@ public class FormAuthModule extends Tomc
// If we're caching principals we no longer need getPrincipal the
// username
// and password in the session, so remove them
- if (cachePrincipalsInSession) {
+ if (cache) {
session.removeNote(Constants.SESS_USERNAME_NOTE);
session.removeNote(Constants.SESS_PASSWORD_NOTE);
}
@@ -201,7 +201,7 @@ public class FormAuthModule extends Tomc
* @return
* @throws IOException
*/
- private AuthStatus handleNoLoginAction(Request request, HttpServletResponse response)
+ private AuthStatus handleRedirectToLoginPage(Request request, HttpServletResponse response)
throws IOException {
Session session = request.getSessionInternal(true);
if (log.isDebugEnabled()) {
@@ -230,7 +230,7 @@ public class FormAuthModule extends Tomc
* @return
* @throws IOException
*/
- private AuthStatus handleLoginAction(Request request, HttpServletResponse response)
+ private AuthStatus handleLoginFormAction(Request request, HttpServletResponse response)
throws IOException {
request.getResponse().sendAcknowledgement();
@@ -374,7 +374,7 @@ public class FormAuthModule extends Tomc
return;
}
- if (getChangeSessionIdOnAuthentication()) {
+ if (changeSessionIdOnAuthentication) {
Session session = request.getSessionInternal(false);
if (session != null) {
Manager manager = request.getContext().getManager();
@@ -406,11 +406,6 @@ public class FormAuthModule extends Tomc
}
- private boolean getChangeSessionIdOnAuthentication() {
- return changeSessionIdOnAuthenication ;
- }
-
-
/**
* Called to forward to the error page
*
Modified: tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/TomcatAuthModule.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/TomcatAuthModule.java?rev=1709787&r1=1709786&r2=1709787&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/TomcatAuthModule.java (original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/TomcatAuthModule.java Wed Oct 21 10:16:17 2015
@@ -57,7 +57,8 @@ public abstract class TomcatAuthModule i
protected Context context;
- protected boolean cachePrincipalsInSession = true;
+ protected boolean cache = true;
+ protected boolean changeSessionIdOnAuthentication = true;
public TomcatAuthModule(Context context) {
@@ -71,11 +72,13 @@ public abstract class TomcatAuthModule i
}
- @SuppressWarnings("rawtypes")
+ @SuppressWarnings({ "rawtypes", "unchecked" })
@Override
public final void initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy,
CallbackHandler handler, Map options) throws AuthException {
this.handler = handler;
+ this.cache = (Boolean.parseBoolean((String) options.get("cache")));
+ this.changeSessionIdOnAuthentication = Boolean.parseBoolean((String) options.get("changeSessionIdOnAuthentication"));
String name = (String) options.get(REALM_NAME);
if (name != null) {
this.realmName = name;
@@ -99,9 +102,8 @@ public abstract class TomcatAuthModule i
* @param options
* @throws AuthException
*/
- @SuppressWarnings("rawtypes")
public abstract void initializeModule(MessagePolicy requestPolicy,
- MessagePolicy responsePolicy, CallbackHandler handler, Map options)
+ MessagePolicy responsePolicy, CallbackHandler handler, Map<String, String> options)
throws AuthException;
Modified: tomcat/trunk/java/org/apache/catalina/startup/ContextConfig.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/startup/ContextConfig.java?rev=1709787&r1=1709786&r2=1709787&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/startup/ContextConfig.java (original)
+++ tomcat/trunk/java/org/apache/catalina/startup/ContextConfig.java Wed Oct 21 10:16:17 2015
@@ -395,8 +395,7 @@ public class ContextConfig implements Li
if (authenticator == null) {
String authMethod = loginConfig.getAuthMethod();
if (authMethod != null && authMethod.contains("JASPIC")) {
- //TODO temporary workaround, Jaspic should be enabled by default
- authenticator = configureDefaultJaspicAuthModules();
+ authenticator = new JaspicAuthenticator();
}
}
@@ -408,9 +407,7 @@ public class ContextConfig implements Li
}
// Identify the class name of the Valve we should configure
- String authenticatorName = null;
- authenticatorName =
- authenticators.getProperty(loginConfig.getAuthMethod());
+ String authenticatorName = authenticators.getProperty(loginConfig.getAuthMethod());
if (authenticatorName == null) {
log.error(sm.getString("contextConfig.authenticatorMissing",
loginConfig.getAuthMethod()));
@@ -448,14 +445,20 @@ public class ContextConfig implements Li
/**
* Configure and register default JASPIC modules
- * @return
*/
- private JaspicAuthenticator configureDefaultJaspicAuthModules() {
+ private void configureDefaultJaspicAuthModules() {
+ if (!(context.getAuthenticator() instanceof JaspicAuthenticator)) {
+ return;
+ }
+ // TODO currently we setup default provider if we have
+ // JaspicAuthenicator registred.
+ // we need to find a better way to decide, if we want embedded provider
+ // or not
+ JaspicAuthenticator authenticator = (JaspicAuthenticator) context.getAuthenticator();
AuthConfigFactory authConfigFactory = AuthConfigFactory.getFactory();
- TomcatAuthConfigProvider provider = new TomcatAuthConfigProvider(context);
+ TomcatAuthConfigProvider provider = new TomcatAuthConfigProvider(context, authenticator.getAuthProperties());
authConfigFactory.registerConfigProvider(provider, JaspicAuthenticator.MESSAGE_LAYER,
getJaspicAppContext(), "Tomcat Jaspic");
- return new JaspicAuthenticator();
}
private String getJaspicAppContext() {
@@ -807,6 +810,7 @@ public class ContextConfig implements Li
// Configure an authenticator if we need one
if (ok) {
authenticatorConfig();
+ configureDefaultJaspicAuthModules();
}
// Dump the contents of this pipeline if requested
Modified: tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicBasicAuthenticator.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicBasicAuthenticator.java?rev=1709787&r1=1709786&r2=1709787&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicBasicAuthenticator.java (original)
+++ tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicBasicAuthenticator.java Wed Oct 21 10:16:17 2015
@@ -87,11 +87,12 @@ public class TestJaspicBasicAuthenticato
lc.setRealmName(REALM);
ctxt.setLoginConfig(lc);
+ JaspicAuthenticator authenticator = new JaspicAuthenticator();
+ ctxt.getPipeline().addValve(authenticator);
AuthConfigFactory authConfigFactory = AuthConfigFactory.getFactory();
- TomcatAuthConfigProvider provider = new TomcatAuthConfigProvider(ctxt);
+ TomcatAuthConfigProvider provider = new TomcatAuthConfigProvider(ctxt, authenticator.getAuthProperties());
authConfigFactory.registerConfigProvider(provider, JaspicAuthenticator.MESSAGE_LAYER, null,
"Tomcat Jaspic");
- ctxt.getPipeline().addValve(new JaspicAuthenticator());
tomcat.start();
}
Modified: tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicDigestAuthenticator.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicDigestAuthenticator.java?rev=1709787&r1=1709786&r2=1709787&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicDigestAuthenticator.java (original)
+++ tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicDigestAuthenticator.java Wed Oct 21 10:16:17 2015
@@ -299,11 +299,12 @@ public class TestJaspicDigestAuthenticat
lc.setRealmName(REALM);
ctxt.setLoginConfig(lc);
+ JaspicAuthenticator authenticator = new JaspicAuthenticator();
+ ctxt.getPipeline().addValve(authenticator);
AuthConfigFactory authConfigFactory = AuthConfigFactory.getFactory();
- TomcatAuthConfigProvider provider = new TomcatAuthConfigProvider(ctxt);
+ TomcatAuthConfigProvider provider = new TomcatAuthConfigProvider(ctxt, authenticator.getAuthProperties());
authConfigFactory.registerConfigProvider(provider, JaspicAuthenticator.MESSAGE_LAYER,
null, "Tomcat Jaspic");
- ctxt.getPipeline().addValve(new JaspicAuthenticator());
}
Modified: tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicFormAuthenticator.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicFormAuthenticator.java?rev=1709787&r1=1709786&r2=1709787&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicFormAuthenticator.java (original)
+++ tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicFormAuthenticator.java Wed Oct 21 10:16:17 2015
@@ -636,11 +636,12 @@ public class TestJaspicFormAuthenticator
realm.addUserRole("tomcat", "tomcat");
ctx.setRealm(realm);
+ JaspicAuthenticator jaspicAuthenticator = new JaspicAuthenticator();
+ ctx.getPipeline().addValve(jaspicAuthenticator);
AuthConfigFactory authConfigFactory = AuthConfigFactory.getFactory();
- TomcatAuthConfigProvider provider = new TomcatAuthConfigProvider(ctx);
+ TomcatAuthConfigProvider provider = new TomcatAuthConfigProvider(ctx, jaspicAuthenticator.getAuthProperties());
authConfigFactory.registerConfigProvider(provider, JaspicAuthenticator.MESSAGE_LAYER,
null, "Tomcat Jaspic");
- ctx.getPipeline().addValve(new JaspicAuthenticator());
tomcat.start();
@@ -704,11 +705,12 @@ public class TestJaspicFormAuthenticator
realm.addUserRole("tomcat", "tomcat");
ctx.setRealm(realm);
+ JaspicAuthenticator authenticator = new JaspicAuthenticator();
+ ctx.getPipeline().addValve(authenticator);
AuthConfigFactory authConfigFactory = AuthConfigFactory.getFactory();
- TomcatAuthConfigProvider provider = new TomcatAuthConfigProvider(ctx);
+ TomcatAuthConfigProvider provider = new TomcatAuthConfigProvider(ctx, authenticator.getAuthProperties());
authConfigFactory.registerConfigProvider(provider, JaspicAuthenticator.MESSAGE_LAYER,
null, "Tomcat Jaspic");
- ctx.getPipeline().addValve(new JaspicAuthenticator());
tomcat.start();
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org