You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by na...@locus.apache.org on 2000/09/01 02:48:16 UTC
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/request JDBCRealm.java SimpleRealm.java StaticInterceptor.java
nacho 00/08/31 17:48:15
Modified: src/etc server.xml
src/share/org/apache/tomcat/request JDBCRealm.java
SimpleRealm.java StaticInterceptor.java
Added: src/etc admin-users.xml example-users.xml global-users.xml
Log:
Make use of perCtx/ReqInt, to provide 3 different users files:
* admin-users.xml for the access to the admin context
* example-users.xml for access to examples context
* global-users.xml for access to the entire tomcat
Changed Realms to support this type of config,
do not delete the original tomcat-users to not be agressive for
pre 3.3 config and shell scripts, this file can be deprecated on
a later version.
Revision Changes Path
1.40 +10 -0 jakarta-tomcat/src/etc/server.xml
Index: server.xml
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/etc/server.xml,v
retrieving revision 1.39
retrieving revision 1.40
diff -u -r1.39 -r1.40
--- server.xml 2000/08/27 20:46:56 1.39
+++ server.xml 2000/09/01 00:48:08 1.40
@@ -180,9 +180,11 @@
<!-- Check permissions using the simple xml file. You can
plug more advanced authentication modules.
+ uncomment below to have a global tomcat Realm.
-->
<RequestInterceptor
className="org.apache.tomcat.request.SimpleRealm"
+ filename="conf/global-users.xml"
debug="0" />
<!-- UnComment the following and comment out the
@@ -275,6 +277,10 @@
docBase="webapps/examples"
debug="0"
reloadable="true" >
+ <RequestInterceptor
+ className="org.apache.tomcat.request.SimpleRealm"
+ filename="conf/example-users.xml"
+ debug="0" />
</Context>
<!-- Admin context will use tomcat.core to add/remove/get info about
@@ -290,6 +296,10 @@
debug="0"
reloadable="true"
trusted="false" >
+ <RequestInterceptor
+ className="org.apache.tomcat.request.SimpleRealm"
+ filename="conf/admin-users.xml"
+ debug="0" />
</Context>
<!-- Virtual host example -
1.1 jakarta-tomcat/src/etc/admin-users.xml
Index: admin-users.xml
===================================================================
<tomcat-users>
<user name="admin" password="changethis" roles="tomcat_admin,tomcat,role1" />
</tomcat-users>
1.1 jakarta-tomcat/src/etc/example-users.xml
Index: example-users.xml
===================================================================
<tomcat-users>
<user name="tomcat" password="tomcat" roles="tomcat" />
<user name="role1" password="tomcat" roles="role1" />
<user name="both" password="tomcat" roles="tomcat,role1" />
</tomcat-users>
1.1 jakarta-tomcat/src/etc/global-users.xml
Index: global-users.xml
===================================================================
<tomcat-users>
<user name="root" password="changethis" roles="tomcat,role1,tomcat_admin,tomcat_root" />
</tomcat-users>
1.18 +12 -3 jakarta-tomcat/src/share/org/apache/tomcat/request/JDBCRealm.java
Index: JDBCRealm.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/request/JDBCRealm.java,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- JDBCRealm.java 2000/08/22 06:56:51 1.17
+++ JDBCRealm.java 2000/09/01 00:48:11 1.18
@@ -1,4 +1,5 @@
/*
+ *
* The Apache Software License, Version 1.1
*
* Copyright (c) 1999 The Apache Software Foundation. All rights
@@ -25,7 +26,7 @@
*
* 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
* Foundation" must not be used to endorse or promote products derived
- * from this software without prior written permission. For written
+ * from this software without prior written permission. For written
* permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache"
@@ -98,7 +99,7 @@
ContextManager cm;
int reqRolesNote;
-
+ int reqRealmSignNote;
// ----------------------------------------------------- Instance Variables
/**
@@ -509,6 +510,8 @@
// XXX make the name a "global" static - after everything is stable!
reqRolesNote = cm.getNoteId( ContextManager.REQUEST_NOTE
, "required.roles");
+ reqRealmSignNote = cm.getNoteId( ContextManager.REQUEST_NOTE
+ , "realm.sign");
} catch( TomcatException ex ) {
log("setting up note for " + cm, ex);
throw new RuntimeException( "Invalid state ");
@@ -522,10 +525,11 @@
// This realm will use only username and password callbacks
String user=(String)cred.get("username");
String password=(String)cred.get("password");
-
+
if( checkPassword( user, password ) ) {
if( debug > 0 ) log( "Auth ok, user=" + user );
req.setRemoteUser( user );
+ req.setNote(reqRealmSignNote,this);
}
return 0;
}
@@ -542,8 +546,13 @@
String userRoles[]=null;
String user=req.getRemoteUser();
+
if( user==null )
return 401; //HttpServletResponse.SC_UNAUTHORIZED
+
+ if( this.equals(req.getNote(reqRealmSignNote)) ){
+ return 0;
+ }
if( debug > 0 )
log( "Controled access for " + user + " " + req + " "
1.9 +42 -17 jakarta-tomcat/src/share/org/apache/tomcat/request/SimpleRealm.java
Index: SimpleRealm.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/request/SimpleRealm.java,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- SimpleRealm.java 2000/08/22 06:56:52 1.8
+++ SimpleRealm.java 2000/09/01 00:48:12 1.9
@@ -1,4 +1,5 @@
/*
+ *
* ====================================================================
*
* The Apache Software License, Version 1.1
@@ -84,12 +85,13 @@
MemoryRealm memoryRealm;
ContextManager cm;
int reqRolesNote;
-
+ int reqRealmSignNote;
+ String filename;
public SimpleRealm() {
}
/** Set the context manager. To keep it simple we don't support
- * dynamic add/remove for this interceptor.
+ * dynamic add/remove for this interceptor.
*/
public void setContextManager( ContextManager cm ) {
super.setContextManager( cm );
@@ -97,9 +99,11 @@
this.cm=cm;
// set-up a per/container note for maps
try {
- // XXX make the name a "global" static -
+ // XXX make the name a "global" static -
reqRolesNote = cm.getNoteId( ContextManager.REQUEST_NOTE,
"required.roles");
+ reqRealmSignNote = cm.getNoteId( ContextManager.REQUEST_NOTE
+ , "realm.sign");
} catch( TomcatException ex ) {
log("getting note for " + cm, ex);
throw new RuntimeException( "Invalid state ");
@@ -110,7 +114,7 @@
throws TomcatException
{
if( memoryRealm==null) {
- memoryRealm = new MemoryRealm(ctx);
+ memoryRealm = new MemoryRealm(ctx,filename);
try {
memoryRealm.readMemoryRealm(ctx);
} catch(Exception ex ) {
@@ -119,7 +123,7 @@
}
}
}
-
+
public int authenticate( Request req, Response response )
{
// Extract the credentials
@@ -133,25 +137,32 @@
if( debug > 0 ) log( "Verify user=" + user + " pass=" + password );
if( memoryRealm.checkPassword( user, password ) ) {
req.setRemoteUser( user );
+ req.setNote(reqRealmSignNote,this);
if( debug > 0 ) log( "Auth ok, user=" + user );
}
return 0;
}
-
+
public int authorize( Request req, Response response, String roles[] )
{
if( roles==null || roles.length==0 ) {
// request doesn't need authentication
return 0;
}
-
+
Context ctx=req.getContext();
String userRoles[]=null;
- String user=req.getRemoteUser();
+ String user=req.getRemoteUser();
if( user==null )
return 401;
+ if( ! this.equals(req.getNote(reqRealmSignNote)) ){
+ return 0;
+ }
+
+
+
if( debug > 0 ) log( "Controled access for " + user + " " +
req + " " + req.getContainer() );
@@ -162,10 +173,18 @@
if( SecurityTools.haveRole( userRoles, roles ))
return 0;
-
+
if( debug > 0 ) log( "UnAuthorized " + roles[0] );
return 401;
}
+
+ public String getFilename() {
+ return filename;
+ }
+
+ public void setFilename(String newFilename) {
+ filename = newFilename;
+ }
}
class MemoryRealm {
@@ -175,17 +194,19 @@
Hashtable roles=new Hashtable();
// user -> roles
Hashtable userRoles= new Hashtable();
+ String filename;
Context ctx;
int debug=0;
-
- MemoryRealm(Context ctx) {
+
+ MemoryRealm(Context ctx,String fn) {
this.ctx=ctx;
+ filename=fn;
}
public Hashtable getRoles() {
return roles;
}
-
+
public void addUser(String name, String pass, String groups ) {
if( ctx.getDebug() > 0 ) ctx.log( "Add user " + name + " " + pass + " " + groups );
passwords.put( name, pass );
@@ -214,7 +235,7 @@
}
thisUserRoles.addElement( role );
}
-
+
public boolean checkPassword( String user, String pass ) {
if( user==null ) return false;
if( debug > 0 ) ctx.log( "check " + user+ " " + pass + " " + passwords.get( user ));
@@ -230,18 +251,22 @@
}
return roles;
}
-
+
public boolean userInRole( String user, String role ) {
Vector users=(Vector)roles.get(role);
if( debug > 0 ) ctx.log( "check role " + user+ " " + role + " " );
if(users==null) return false;
return users.indexOf( user ) >=0 ;
}
-
void readMemoryRealm(Context ctx) throws Exception {
ContextManager cm=ctx.getContextManager();
String home=cm.getHome();
- File f=new File( home + "/conf/tomcat-users.xml");
+ File f;
+ if (filename != null)
+ f=new File( home + File.separator + filename );
+ else
+ f=new File( home + "/conf/tomcat-users.xml");
+
if( ! f.exists() ) {
ctx.log( "File not found " + f );
return;
@@ -249,7 +274,7 @@
XmlMapper xh=new XmlMapper();
if( ctx.getDebug() > 5 ) xh.setDebug( 2 );
- // call addUser using attributes as parameters
+ // call addUser using attributes as parameters
xh.addRule("tomcat-users/user",
new XmlAction() {
public void start(SaxContext sctx) throws Exception {
1.17 +1 -1 jakarta-tomcat/src/share/org/apache/tomcat/request/StaticInterceptor.java
Index: StaticInterceptor.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/request/StaticInterceptor.java,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- StaticInterceptor.java 2000/08/29 03:44:28 1.16
+++ StaticInterceptor.java 2000/09/01 00:48:13 1.17
@@ -355,7 +355,7 @@
Request subReq=req;
if( inInclude ) subReq = req.getChild();
Context ctx=req.getContext();
- String pathInfo=subReq.getPathInfo();
+ String pathInfo=subReq.getServletPath();
if( pathInfo == null ) pathInfo="";
String absPath=ctx.getRealPath( pathInfo );
File file = new File( absPath );