You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jspwiki.apache.org by aj...@apache.org on 2008/08/07 05:25:22 UTC
svn commit: r683490 -
/incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/auth/SecurityVerifier.java
Author: ajaquith
Date: Wed Aug 6 20:25:22 2008
New Revision: 683490
URL: http://svn.apache.org/viewvc?rev=683490&view=rev
Log:
JSPWIKI-316: fixed SecurityConfig.jsp so that it compiles, and added some sensible checks for the new JAAS scheme.
Modified:
incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/auth/SecurityVerifier.java
Modified: incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/auth/SecurityVerifier.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/auth/SecurityVerifier.java?rev=683490&r1=683489&r2=683490&view=diff
==============================================================================
--- incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/auth/SecurityVerifier.java (original)
+++ incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/auth/SecurityVerifier.java Wed Aug 6 20:25:22 2008
@@ -30,6 +30,7 @@
import java.util.Set;
import javax.security.auth.Subject;
+import javax.security.auth.spi.LoginModule;
import org.apache.commons.lang.ArrayUtils;
import org.apache.log4j.Logger;
@@ -583,11 +584,10 @@
}
/**
- * Verfies the JAAS configuration. The configuration is valid if value of
- * the system property <code>java.security.auth.login.config</code>
- * resolves to an existing file, and we can find the JAAS login
- * configurations for <code>JSPWiki-container</code> and
- * <code>JSPWiki-custom</code>.
+ * Verfies the JAAS configuration. The configuration is valid if value of the
+ * <code>jspwiki.properties<code> property
+ * {@value com.ecyrd.jspwiki.auth.AuthenticationManager#PROP_LOGIN_MODULE}
+ * resolves to a valid class on the classpath.
*/
protected final void verifyJaas()
{
@@ -596,13 +596,49 @@
if ( !authMgr.isJAASAuthorized() )
{
m_session.addMessage( ERROR_JAAS, "JSPWiki's JAAS-based authentication " +
- "and authorization system is turned off (your <code>jspwiki.properties</code> " +
+ "and authorization system is turned off (your jspwiki.properties file " +
"contains the setting 'jspwiki.security = container'. This " +
"setting disables authorization checks and is meant for testing " +
"and troubleshooting only. The test results on this page will not " +
"be reliable as a result. You should set this to 'jaas' " +
"so that security works properly." );
}
+
+ // Verify that the specified JAAS moduie corresponds to a class we can load successfully.
+ String jaasClass = m_engine.getWikiProperties().getProperty( AuthenticationManager.PROP_LOGIN_MODULE );
+ if ( jaasClass == null || jaasClass.length() == 0 )
+ {
+ m_session.addMessage( ERROR_JAAS, "The value of the '" + AuthenticationManager.PROP_LOGIN_MODULE +
+ "' property was null or blank. This is a fatal error. This value should be set to a valid LoginModule implementation " +
+ "on the classpath." );
+ return;
+ }
+
+ // See if we can find the LoginModule on the classpath
+ Class c = null;
+ try
+ {
+ m_session.addMessage( INFO_JAAS, "The property '" + AuthenticationManager.PROP_LOGIN_MODULE +
+ "' specified the class '" + jaasClass + ".'" );
+ c = Class.forName( jaasClass );
+ }
+ catch( ClassNotFoundException e )
+ {
+ m_session.addMessage( ERROR_JAAS, "We could not find the the class '" + jaasClass + "' on the " +
+ "classpath. This is fatal error." );
+ }
+
+ // Is the specified class actually a LoginModule?
+ if ( LoginModule.class.isAssignableFrom( c ) )
+ {
+ m_session.addMessage( INFO_JAAS, "We found the the class '" + jaasClass + "' on the " +
+ "classpath, and it is a LoginModule implementation. Good!" );
+ }
+ else
+ {
+ m_session.addMessage( ERROR_JAAS, "We found the the class '" + jaasClass + "' on the " +
+ "classpath, but it does not seem to be LoginModule implementation! This is fatal error." );
+ }
}
/**
@@ -697,8 +733,9 @@
KeyStore ks = policy.getKeyStore();
if ( ks == null )
{
- m_session.addMessage( ERROR_POLICY,
- "Policy file does not have a keystore... at least not one that we can locate." );
+ m_session.addMessage( WARNING_POLICY,
+ "Policy file does not have a keystore... at least not one that we can locate. If your policy file " +
+ "does not contain any 'signedBy' blocks, this is probably ok." );
}
else
{