You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by dj...@apache.org on 2005/07/28 10:03:57 UTC
svn commit: r225726 - in /geronimo/branches/v1_0_M4-QA/modules/security/src:
java/org/apache/geronimo/security/jaas/
test/org/apache/geronimo/security/jaas/
Author: djencks
Date: Thu Jul 28 01:03:54 2005
New Revision: 225726
URL: http://svn.apache.org/viewcvs?rev=225726&view=rev
Log:
GERONIMO-677 dont reuse login modules
Modified:
geronimo/branches/v1_0_M4-QA/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java
geronimo/branches/v1_0_M4-QA/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java
geronimo/branches/v1_0_M4-QA/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java
geronimo/branches/v1_0_M4-QA/modules/security/src/test/org/apache/geronimo/security/jaas/MultipleLoginDomainTest.java
Modified: geronimo/branches/v1_0_M4-QA/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java
URL: http://svn.apache.org/viewcvs/geronimo/branches/v1_0_M4-QA/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java?rev=225726&r1=225725&r2=225726&view=diff
==============================================================================
--- geronimo/branches/v1_0_M4-QA/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java (original)
+++ geronimo/branches/v1_0_M4-QA/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java Thu Jul 28 01:03:54 2005
@@ -39,7 +39,6 @@
private LoginModuleControlFlag flag;
private String loginModuleName;
private Map options;
- private transient LoginModule loginModule;
public JaasLoginModuleConfiguration(String loginModuleName, LoginModuleControlFlag flag, Map options, boolean serverSide, String loginDomainName) {
this.serverSide = serverSide;
@@ -48,6 +47,7 @@
this.options = options;
this.loginDomainName = loginDomainName;
}
+
public JaasLoginModuleConfiguration(String loginModuleName, LoginModuleControlFlag flag, Map options, boolean serverSide) {
this(loginModuleName, flag, options, serverSide, null);
}
@@ -57,14 +57,11 @@
}
public LoginModule getLoginModule(ClassLoader loader) throws GeronimoSecurityException {
- if(loginModule == null) {
- try {
- loginModule = (LoginModule) loader.loadClass(loginModuleName).newInstance();
- } catch (Exception e) {
- throw new GeronimoSecurityException("Unable to instantiate login module", e);
- }
+ try {
+ return (LoginModule) loader.loadClass(loginModuleName).newInstance();
+ } catch (Exception e) {
+ throw new GeronimoSecurityException("Unable to instantiate login module", e);
}
- return loginModule;
}
public boolean isServerSide() {
@@ -92,7 +89,7 @@
for (Iterator it = options.keySet().iterator(); it.hasNext();) {
String key = (String) it.next();
Object value = options.get(key);
- if(value instanceof Serializable || value instanceof Externalizable || value instanceof Remote) {
+ if (value instanceof Serializable || value instanceof Externalizable || value instanceof Remote) {
other.put(key, value);
}
}
Modified: geronimo/branches/v1_0_M4-QA/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java
URL: http://svn.apache.org/viewcvs/geronimo/branches/v1_0_M4-QA/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java?rev=225726&r1=225725&r2=225726&view=diff
==============================================================================
--- geronimo/branches/v1_0_M4-QA/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java (original)
+++ geronimo/branches/v1_0_M4-QA/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java Thu Jul 28 01:03:54 2005
@@ -65,7 +65,7 @@
public static final ObjectName OBJECT_NAME = JMXUtil.getObjectName("geronimo.server:J2EEApplication=null,J2EEModule=org/apache/geronimo/Server,J2EEServer=geronimo,j2eeType=GBean,name=JaasLoginService");
public static final Log log = LogFactory.getLog(JaasLoginService.class);
private final static int DEFAULT_EXPIRED_LOGIN_SCAN_INTERVAL = 300000; // 5 mins
- private final static int DEFAULT_MAX_LOGIN_DURATION = 1000 * 3600 * 24; // 1 day
+ private final static int DEFAULT_MAX_LOGIN_DURATION = 1000 * 3600 * 24; // 1 day
private final static ClockDaemon clockDaemon;
private static long nextLoginModuleId = System.currentTimeMillis();
private ReferenceCollection realms;
@@ -110,7 +110,7 @@
* GBean property
*/
public void setMaxLoginDurationMillis(int maxLoginDurationMillis) {
- if(maxLoginDurationMillis == 0) {
+ if (maxLoginDurationMillis == 0) {
maxLoginDurationMillis = DEFAULT_MAX_LOGIN_DURATION;
}
this.maxLoginDurationMillis = maxLoginDurationMillis;
@@ -127,7 +127,7 @@
* GBean property
*/
public void setExpiredLoginScanIntervalMillis(int expiredLoginScanIntervalMillis) {
- if(expiredLoginScanIntervalMillis == 0) {
+ if (expiredLoginScanIntervalMillis == 0) {
expiredLoginScanIntervalMillis = DEFAULT_EXPIRED_LOGIN_SCAN_INTERVAL;
}
this.expiredLoginScanIntervalMillis = expiredLoginScanIntervalMillis;
@@ -158,8 +158,8 @@
public JaasClientId connectToRealm(String realmName) {
SecurityRealm realm = null;
realm = getRealm(realmName);
- if(realm == null) {
- throw new GeronimoSecurityException("No such realm ("+realmName+")");
+ if (realm == null) {
+ throw new GeronimoSecurityException("No such realm (" + realmName + ")");
} else {
return initializeClient(realm);
}
@@ -171,7 +171,7 @@
*/
public JaasLoginModuleConfiguration[] getLoginConfiguration(JaasClientId userIdentifier) throws LoginException {
JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(userIdentifier);
- if(context == null) {
+ if (context == null) {
throw new ExpiredLoginModuleException();
}
JaasLoginModuleConfiguration[] config = context.getModules();
@@ -192,31 +192,36 @@
*/
public Callback[] getServerLoginCallbacks(JaasClientId userIdentifier, int loginModuleIndex) throws LoginException {
JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(userIdentifier);
- if(context == null) {
- throw new ExpiredLoginModuleException();
- }
- if(loginModuleIndex < 0 || loginModuleIndex >= context.getModules().length || !context.getModules()[loginModuleIndex].isServerSide()) {
- throw new LoginException("Invalid login module specified");
- }
- JaasLoginModuleConfiguration config = context.getModules()[loginModuleIndex];
- LoginModule module = config.getLoginModule(classLoader);
+ checkContext(context, loginModuleIndex, true);
+ LoginModule module = context.getLoginModule(loginModuleIndex);
//todo: properly handle shared state
context.getHandler().setExploring();
try {
- module.initialize(context.getSubject(), context.getHandler(), new HashMap(), config.getOptions());
+ module.initialize(context.getSubject(), context.getHandler(), new HashMap(), context.getOptions(loginModuleIndex));
} catch (Exception e) {
System.err.println("Failed to initialize module");
e.printStackTrace();
}
try {
module.login();
- } catch (LoginException e) {}
+ } catch (LoginException e) {
+ }
try {
module.abort();
- } catch(LoginException e) {}
+ } catch (LoginException e) {
+ }
return context.getHandler().finalizeCallbackList();
}
+ private void checkContext(JaasSecurityContext context, int loginModuleIndex, boolean expectServerSide) throws LoginException {
+ if (context == null) {
+ throw new ExpiredLoginModuleException();
+ }
+ if (loginModuleIndex < 0 || loginModuleIndex >= context.getModules().length || (context.isServerSide(loginModuleIndex) != expectServerSide)) {
+ throw new LoginException("Invalid login module specified");
+ }
+ }
+
/**
* Returns populated callbacks for a server side login module. When the
* client is going through the configured login modules, if a specific
@@ -226,19 +231,13 @@
*/
public boolean performServerLogin(JaasClientId userIdentifier, int loginModuleIndex, Callback[] results) throws LoginException {
JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(userIdentifier);
- if(context == null) {
- throw new ExpiredLoginModuleException();
- }
- if (loginModuleIndex < 0 || loginModuleIndex >= context.getModules().length || !context.getModules()[loginModuleIndex].isServerSide()) {
- throw new LoginException("Invalid login module specified");
- }
- JaasLoginModuleConfiguration module = context.getModules()[loginModuleIndex];
+ checkContext(context, loginModuleIndex, true);
try {
context.getHandler().setClientResponse(results);
} catch (IllegalArgumentException iae) {
throw new LoginException(iae.toString());
}
- return module.getLoginModule(classLoader).login();
+ return context.getLoginModule(loginModuleIndex).login();
}
/**
@@ -249,13 +248,8 @@
*/
public void clientLoginModuleCommit(JaasClientId userIdentifier, int loginModuleIndex, Principal[] clientLoginModulePrincipals) throws LoginException {
JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(userIdentifier);
- if(context == null) {
- throw new ExpiredLoginModuleException();
- }
- if(loginModuleIndex < 0 || loginModuleIndex >= context.getModules().length || context.getModules()[loginModuleIndex].isServerSide()) {
- throw new LoginException("Invalid login module specified");
- }
- context.processPrincipals(clientLoginModulePrincipals, context.getModules()[loginModuleIndex].getLoginDomainName());
+ checkContext(context, loginModuleIndex, false);
+ context.processPrincipals(clientLoginModulePrincipals, context.getLoginDomainName(loginModuleIndex));
}
/**
@@ -266,15 +260,9 @@
*/
public boolean serverLoginModuleCommit(JaasClientId userIdentifier, int loginModuleIndex) throws LoginException {
JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(userIdentifier);
- if(context == null) {
- throw new ExpiredLoginModuleException();
- }
- if(loginModuleIndex < 0 || loginModuleIndex >= context.getModules().length || !context.getModules()[loginModuleIndex].isServerSide()) {
- throw new LoginException("Invalid login module specified");
- }
- JaasLoginModuleConfiguration module = context.getModules()[loginModuleIndex];
- boolean result = module.getLoginModule(classLoader).commit();
- context.processPrincipals(context.getModules()[loginModuleIndex].getLoginDomainName());
+ checkContext(context, loginModuleIndex, true);
+ boolean result = context.getLoginModule(loginModuleIndex).commit();
+ context.processPrincipals(context.getLoginDomainName(loginModuleIndex));
return result;
}
@@ -284,7 +272,7 @@
*/
public Principal[] loginSucceeded(JaasClientId userIdentifier) throws LoginException {
JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(userIdentifier);
- if(context == null) {
+ if (context == null) {
throw new ExpiredLoginModuleException();
}
@@ -294,7 +282,7 @@
IdentificationPrincipal principal = new IdentificationPrincipal(id);
subject.getPrincipals().add(principal);
SecurityRealm realm = getRealm(context.getRealmName());
- if(realm.isRestrictPrincipalsToServer()) {
+ if (realm.isRestrictPrincipalsToServer()) {
return new Principal[]{principal};
} else {
List list = new ArrayList();
@@ -318,14 +306,14 @@
*/
public void logout(JaasClientId userIdentifier) throws LoginException {
JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(userIdentifier);
- if(context == null) {
+ if (context == null) {
throw new ExpiredLoginModuleException();
}
ContextManager.unregisterSubject(context.getSubject());
activeLogins.remove(userIdentifier);
for (int i = 0; i < context.getModules().length; i++) {
- if(context.getModules()[i].isServerSide()) {
- context.getModules()[i].getLoginModule(classLoader).logout();
+ if (context.isServerSide(i)) {
+ context.getLoginModule(i).logout();
}
}
}
@@ -339,12 +327,13 @@
*/
private JaasClientId initializeClient(SecurityRealm realm) {
long id;
- synchronized(JaasLoginService.class) {
+ synchronized (JaasLoginService.class) {
id = ++nextLoginModuleId;
}
JaasClientId clientId = new JaasClientId(id, hash(id));
JaasLoginModuleConfiguration[] modules = realm.getAppConfigurationEntries();
- JaasSecurityContext context = new JaasSecurityContext(realm.getRealmName(), modules);
+ //TODO use of this classloader severely limits extensibility!!!
+ JaasSecurityContext context = new JaasSecurityContext(realm.getRealmName(), modules, classLoader);
activeLogins.put(clientId, context);
return clientId;
}
@@ -352,7 +341,7 @@
private SecurityRealm getRealm(String realmName) {
for (Iterator it = realms.iterator(); it.hasNext();) {
SecurityRealm test = (SecurityRealm) it.next();
- if(test.getRealmName().equals(realmName)) {
+ if (test.getRealmName().equals(realmName)) {
return test;
}
}
@@ -385,7 +374,6 @@
}
-
// This stuff takes care of whacking old logins
static {
clockDaemon = new ClockDaemon();
@@ -397,16 +385,17 @@
}
});
}
+
private class ExpirationMonitor implements Runnable { //todo: different timeouts per realm?
public void run() {
long now = System.currentTimeMillis();
List list = new LinkedList();
- synchronized(activeLogins) {
+ synchronized (activeLogins) {
for (Iterator it = activeLogins.keySet().iterator(); it.hasNext();) {
JaasClientId id = (JaasClientId) it.next();
JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(id);
- int age = (int)(now-context.getCreated());
- if(context.isDone() || age > maxLoginDurationMillis) {
+ int age = (int) (now - context.getCreated());
+ if (context.isDone() || age > maxLoginDurationMillis) {
list.add(context);
context.setDone(true);
it.remove();
@@ -421,7 +410,6 @@
}
-
// This stuff takes care of making this object into a GBean
public static final GBeanInfo GBEAN_INFO;
@@ -446,7 +434,7 @@
infoFactory.addReference("Realms", SecurityRealm.class, NameFactory.SECURITY_REALM);
- infoFactory.setConstructor(new String[] {"algorithm", "password", "classLoader"});
+ infoFactory.setConstructor(new String[]{"algorithm", "password", "classLoader"});
GBEAN_INFO = infoFactory.getBeanInfo();
}
Modified: geronimo/branches/v1_0_M4-QA/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java
URL: http://svn.apache.org/viewcvs/geronimo/branches/v1_0_M4-QA/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java?rev=225726&r1=225725&r2=225726&view=diff
==============================================================================
--- geronimo/branches/v1_0_M4-QA/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java (original)
+++ geronimo/branches/v1_0_M4-QA/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java Thu Jul 28 01:03:54 2005
@@ -22,7 +22,10 @@
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
+import java.util.Map;
import javax.security.auth.Subject;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
import org.apache.geronimo.security.ContextManager;
import org.apache.geronimo.security.RealmPrincipal;
@@ -34,20 +37,25 @@
* @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $
*/
public class JaasSecurityContext {
- private String realmName;
- private Subject subject;
- private long created;
+ private final String realmName;
+ private final Subject subject;
+ private final long created;
private boolean done;
- private JaasLoginModuleConfiguration[] modules;
+ private final JaasLoginModuleConfiguration[] modules;
+ private final LoginModule[] loginModules;
private DecouplingCallbackHandler handler;
- private Set processedPrincipals = new HashSet();
+ private final Set processedPrincipals = new HashSet();
- public JaasSecurityContext(String realmName, JaasLoginModuleConfiguration[] modules) {
+ public JaasSecurityContext(String realmName, JaasLoginModuleConfiguration[] modules, ClassLoader classLoader) {
this.realmName = realmName;
this.created = System.currentTimeMillis();
this.done = false;
this.modules = modules;
subject = new Subject();
+ loginModules = new LoginModule[modules.length];
+ for (int i = 0; i < modules.length; i++) {
+ loginModules[i] = modules[i].getLoginModule(classLoader);
+ }
}
public Subject getSubject() {
@@ -70,6 +78,31 @@
return modules;
}
+ public LoginModule getLoginModule(int index) throws LoginException {
+ checkRange(index);
+ return loginModules[index];
+ }
+
+ private void checkRange(int index) throws LoginException {
+ if (index < 0 || index >= loginModules.length) {
+ throw new LoginException("Invalid index: " + index);
+ }
+ }
+
+ public boolean isServerSide(int index) throws LoginException {
+ checkRange(index);
+ return modules[index].isServerSide();
+ }
+
+ public String getLoginDomainName(int index) throws LoginException {
+ checkRange(index);
+ return modules[index].getLoginDomainName();
+ }
+
+ public Map getOptions(int index) throws LoginException {
+ checkRange(index);
+ return modules[index].getOptions();
+ }
public DecouplingCallbackHandler getHandler() {
if(handler == null) { //lazy create
handler = new DecouplingCallbackHandler();
Modified: geronimo/branches/v1_0_M4-QA/modules/security/src/test/org/apache/geronimo/security/jaas/MultipleLoginDomainTest.java
URL: http://svn.apache.org/viewcvs/geronimo/branches/v1_0_M4-QA/modules/security/src/test/org/apache/geronimo/security/jaas/MultipleLoginDomainTest.java?rev=225726&r1=225725&r2=225726&view=diff
==============================================================================
--- geronimo/branches/v1_0_M4-QA/modules/security/src/test/org/apache/geronimo/security/jaas/MultipleLoginDomainTest.java (original)
+++ geronimo/branches/v1_0_M4-QA/modules/security/src/test/org/apache/geronimo/security/jaas/MultipleLoginDomainTest.java Thu Jul 28 01:03:54 2005
@@ -33,7 +33,7 @@
public class MultipleLoginDomainTest extends TestCase {
public void testDummy() throws Exception { }
-
+
/** this test demonstrates that naming login domains does not actually separate principals from different login domains.
* The crucial line is commented out so as to avoid breaking the build.
* @throws Exception
@@ -42,7 +42,7 @@
JaasLoginModuleConfiguration m1 = new JaasLoginModuleConfiguration(MockLoginModule.class.getName(), LoginModuleControlFlag.REQUIRED, new HashMap(), true, "D1");
JaasLoginModuleConfiguration m2 = new JaasLoginModuleConfiguration(MockLoginModule.class.getName(), LoginModuleControlFlag.REQUIRED, new HashMap(), true, "D2");
JaasLoginModuleConfiguration m3 = new JaasLoginModuleConfiguration(MockLoginModule2.class.getName(), LoginModuleControlFlag.REQUIRED, new HashMap(), true, "D3");
- JaasSecurityContext c = new JaasSecurityContext("realm", new JaasLoginModuleConfiguration[] {m1, m2});
+ JaasSecurityContext c = new JaasSecurityContext("realm", new JaasLoginModuleConfiguration[] {m1, m2}, this.getClass().getClassLoader());
ClassLoader cl = this.getClass().getClassLoader();
Subject s = c.getSubject();
m1.getLoginModule(cl).initialize(s, null, null, null);