You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by ad...@apache.org on 2005/09/11 20:55:30 UTC
svn commit: r280164 -
/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/
Author: adc
Date: Sun Sep 11 11:55:15 2005
New Revision: 280164
URL: http://svn.apache.org/viewcvs?rev=280164&view=rev
Log:
Some notes put in when re-familiarizing myself with the code plus some fussy code cleanups.
Modified:
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DecouplingCallbackHandler.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginServiceMBean.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java
geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleConfiguration.java
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DecouplingCallbackHandler.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DecouplingCallbackHandler.java?rev=280164&r1=280163&r2=280164&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DecouplingCallbackHandler.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DecouplingCallbackHandler.java Sun Sep 11 11:55:15 2005
@@ -37,8 +37,7 @@
public DecouplingCallbackHandler() {
}
- public void handle(Callback[] callbacks)
- throws IllegalArgumentException, UnsupportedCallbackException {
+ public void handle(Callback[] callbacks) throws IllegalArgumentException, UnsupportedCallbackException {
if (exploring) {
source = callbacks;
throw new UnsupportedCallbackException(callbacks != null && callbacks.length > 0 ? callbacks[0] : null, "DO NOT PROCEED WITH THIS LOGIN");
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java?rev=280164&r1=280163&r2=280164&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java Sun Sep 11 11:55:15 2005
@@ -24,25 +24,26 @@
import java.util.List;
import java.util.Map;
import java.util.Set;
+import javax.management.MalformedObjectNameException;
+import javax.management.ObjectName;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
-import javax.management.ObjectName;
-import javax.management.MalformedObjectNameException;
-import org.apache.geronimo.kernel.KernelRegistry;
import org.apache.geronimo.kernel.Kernel;
+import org.apache.geronimo.kernel.KernelRegistry;
import org.apache.geronimo.security.remoting.jmx.JaasLoginServiceRemotingClient;
+
/**
* A LoginModule implementation which connects to a Geronimo server under
* the covers, and uses Geronimo realms to resolve the login. It handles a
* mix of client-side and server-side login modules. It treats any client
* side module as something it should manage and execute, while a server side
* login module would be managed and executed by the Geronimo server.
- *
+ * <p/>
* Note that this can actually be run from within a Geronimo server, in which
* case the client/server distinction is somewhat less important, and the
* communication is optimized by avoiding network traffic.
@@ -64,16 +65,14 @@
private CallbackHandler handler;
private Subject subject;
private Set processedPrincipals = new HashSet();
- private JaasLoginModuleConfiguration[] config;
- private JaasClientId client;
+ private JaasClientId clientHandle;
LoginModuleConfiguration[] workers;
- public void initialize(Subject subject, CallbackHandler callbackHandler,
- Map sharedState, Map options) {
+ public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
serverHost = (String) options.get(OPTION_HOST);
Object port = options.get(OPTION_PORT);
- if(port != null) {
- serverPort = Integer.parseInt((String)port);
+ if (port != null) {
+ serverPort = Integer.parseInt((String) port);
}
realmName = (String) options.get(OPTION_REALM);
kernelName = (String) options.get(OPTION_KERNEL);
@@ -85,7 +84,7 @@
}
service = connect();
handler = callbackHandler;
- if(subject == null) {
+ if (subject == null) {
this.subject = new Subject();
} else {
this.subject = subject;
@@ -94,12 +93,13 @@
}
public boolean login() throws LoginException {
- client = service.connectToRealm(realmName);
- config = service.getLoginConfiguration(client);
+ clientHandle = service.connectToRealm(realmName);
+ JaasLoginModuleConfiguration[] config = service.getLoginConfiguration(clientHandle);
workers = new LoginModuleConfiguration[config.length];
+
for (int i = 0; i < workers.length; i++) {
LoginModule wrapper;
- if(config[i].isServerSide()) {
+ if (config[i].isServerSide()) {
wrapper = new ServerLoginModule(i);
} else {
LoginModule source = config[i].getLoginModule(JaasLoginCoordinator.class.getClassLoader());
@@ -108,14 +108,14 @@
workers[i] = new LoginModuleConfiguration(wrapper, config[i].getFlag());
workers[i].getModule().initialize(subject, handler, new HashMap(), config[i].getOptions());
}
- return LoginUtils.computeLogin(workers);
+ return performLogin(workers);
}
public boolean commit() throws LoginException {
for (int i = 0; i < workers.length; i++) {
workers[i].getModule().commit();
}
- Principal[] principals = service.loginSucceeded(client);
+ Principal[] principals = service.loginSucceeded(clientHandle);
for (int i = 0; i < principals.length; i++) {
Principal principal = principals[i];
subject.getPrincipals().add(principal);
@@ -129,7 +129,7 @@
workers[i].getModule().abort();
}
} finally {
- service.loginFailed(client);
+ service.loginFailed(clientHandle);
}
clear();
return true;
@@ -141,7 +141,7 @@
workers[i].getModule().logout();
}
} finally {
- service.logout(client);
+ service.logout(clientHandle);
}
clear();
return true;
@@ -160,13 +160,12 @@
handler = null;
subject = null;
processedPrincipals.clear();
- config = null;
- client = null;
+ clientHandle = null;
workers = null;
}
private JaasLoginServiceMBean connect() {
- if(serverHost != null && serverPort > 0) {
+ if (serverHost != null && serverPort > 0) {
return JaasLoginServiceRemotingClient.create(serverHost, serverPort);
} else {
Kernel kernel = KernelRegistry.getKernel(kernelName);
@@ -174,6 +173,52 @@
}
}
+ /**
+ * See http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/login/Configuration.html
+ *
+ * @param modules
+ * @return
+ * @throws LoginException
+ */
+ private static boolean performLogin(LoginModuleConfiguration[] modules) throws LoginException {
+ Boolean success = null;
+ Boolean backup = null;
+
+ for (int i = 0; i < modules.length; i++) {
+ LoginModuleConfiguration module = modules[i];
+ boolean result = module.getModule().login();
+ if (module.getControlFlag() == LoginModuleControlFlag.REQUIRED) {
+ if (success == null || success.booleanValue()) {
+ success = result ? Boolean.TRUE : Boolean.FALSE;
+ }
+ } else if (module.getControlFlag() == LoginModuleControlFlag.REQUISITE) {
+ if (!result) {
+ return false;
+ } else if (success == null) {
+ success = Boolean.TRUE;
+ }
+ } else if (module.getControlFlag() == LoginModuleControlFlag.SUFFICIENT) {
+ if (result && (success == null || success.booleanValue())) {
+ return true;
+ }
+ } else if (module.getControlFlag() == LoginModuleControlFlag.OPTIONAL) {
+ if (backup == null || backup.booleanValue()) {
+ backup = result ? Boolean.TRUE : Boolean.FALSE;
+ }
+ }
+ }
+ // all required and requisite modules succeeded, or at least one required module failed
+ if (success != null) {
+ return success.booleanValue();
+ }
+ // no required or requisite modules, no sufficient modules succeeded, fall back to optional modules
+ if (backup != null) {
+ return backup.booleanValue();
+ }
+ // perhaps only a sufficient module, and it failed
+ return false;
+ }
+
private class ClientLoginModule implements LoginModule {
private LoginModule source;
int index;
@@ -183,26 +228,33 @@
this.index = index;
}
- public void initialize(Subject subject, CallbackHandler callbackHandler,
- Map sharedState, Map options) {
+ public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
source.initialize(subject, callbackHandler, sharedState, options);
}
public boolean login() throws LoginException {
- return source.login();
+ return source.login();
}
+ /**
+ * Commit the LoginModule that is being wrapped. Send the resulting
+ * principals that are obtained back to the server.
+ *
+ * @return true if this method succeeded, or false if this
+ * <code>LoginModule</code> should be ignored.
+ * @throws LoginException if commit fails
+ */
public boolean commit() throws LoginException {
boolean result = source.commit();
List list = new ArrayList();
for (Iterator it = subject.getPrincipals().iterator(); it.hasNext();) {
Principal p = (Principal) it.next();
- if(!processedPrincipals.contains(p)) {
+ if (!processedPrincipals.contains(p)) {
list.add(p);
processedPrincipals.add(p);
}
}
- service.clientLoginModuleCommit(client, index, (Principal[]) list.toArray(new Principal[list.size()]));
+ service.clientLoginModuleCommit(clientHandle, index, (Principal[]) list.toArray(new Principal[list.size()]));
return result;
}
@@ -224,30 +276,41 @@
this.index = index;
}
- public void initialize(Subject subject, CallbackHandler handler,
- Map sharedState, Map options) {
+ public void initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options) {
this.handler = handler;
}
+ /**
+ * Perform a login on the server side.
+ * <p/>
+ * Here we get the Callbacks from the server side, pass them to the
+ * local handler so that they may be filled. We pass the resulting
+ * set of Callbacks back to the server.
+ *
+ * @return true if the authentication succeeded, or false if this
+ * <code>LoginModule</code> should be ignored.
+ * @throws LoginException if the authentication fails
+ */
public boolean login() throws LoginException {
try {
- callbacks = service.getServerLoginCallbacks(client, index);
- if(handler != null) {
+ callbacks = service.getServerLoginCallbacks(clientHandle, index);
+ if (handler != null) {
handler.handle(callbacks);
- } else if(callbacks != null && callbacks.length > 0) {
- System.err.println("No callback handler available for "+callbacks.length+" callbacks!");
+ } else if (callbacks != null && callbacks.length > 0) {
+ System.err.println("No callback handler available for " + callbacks.length + " callbacks!");
}
- return service.performServerLogin(client, index, callbacks);
- } catch (LoginException e) {
- throw e;
+ return service.performServerLogin(clientHandle, index, callbacks);
+ } catch (LoginException le) {
+ throw le;
} catch (Exception e) {
- e.printStackTrace();
- throw new LoginException("Unable to log in: "+e.getMessage());
+ LoginException le = new LoginException("Error filling callback list");
+ le.initCause(e);
+ throw le;
}
}
public boolean commit() throws LoginException {
- return service.serverLoginModuleCommit(client, index);
+ return service.serverLoginModuleCommit(clientHandle, index);
}
public boolean abort() throws LoginException {
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java?rev=280164&r1=280163&r2=280164&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java Sun Sep 11 11:55:15 2005
@@ -30,7 +30,6 @@
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
-import javax.management.ObjectName;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.login.LoginException;
@@ -38,20 +37,20 @@
import EDU.oswego.cs.dl.util.concurrent.ClockDaemon;
import EDU.oswego.cs.dl.util.concurrent.ThreadFactory;
-
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+
import org.apache.geronimo.common.GeronimoSecurityException;
import org.apache.geronimo.gbean.GBeanInfo;
import org.apache.geronimo.gbean.GBeanInfoBuilder;
import org.apache.geronimo.gbean.GBeanLifecycle;
import org.apache.geronimo.gbean.ReferenceCollection;
-import org.apache.geronimo.kernel.jmx.JMXUtil;
+import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
import org.apache.geronimo.security.ContextManager;
import org.apache.geronimo.security.IdentificationPrincipal;
import org.apache.geronimo.security.SubjectId;
import org.apache.geronimo.security.realm.SecurityRealm;
-import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
+
/**
* The single point of contact for Geronimo JAAS realms. Instead of attempting
@@ -77,10 +76,10 @@
private int expiredLoginScanIntervalMillis = DEFAULT_EXPIRED_LOGIN_SCAN_INTERVAL;
private int maxLoginDurationMillis = DEFAULT_MAX_LOGIN_DURATION;
+
public JaasLoginService(String algorithm, String password, ClassLoader classLoader, String objectName) {
this.classLoader = classLoader;
this.algorithm = algorithm;
- //todo: password could just be randomly generated??
key = new SecretKeySpec(password.getBytes(), algorithm);
this.objectName = objectName;
}
@@ -157,7 +156,7 @@
* with the server. On the server side, that means maintaining the
* Subject and Principals for the user.
*
- * @return The UserIdentifier used as an argument for the rest of the
+ * @return The client handle used as an argument for the rest of the
* methods in this class.
*/
public JaasClientId connectToRealm(String realmName) {
@@ -174,8 +173,8 @@
* Gets the login module configuration for the specified realm. The
* caller needs that in order to perform the authentication process.
*/
- public JaasLoginModuleConfiguration[] getLoginConfiguration(JaasClientId userIdentifier) throws LoginException {
- JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(userIdentifier);
+ public JaasLoginModuleConfiguration[] getLoginConfiguration(JaasClientId clientHandle) throws LoginException {
+ JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(clientHandle);
if (context == null) {
throw new ExpiredLoginModuleException();
}
@@ -195,11 +194,11 @@
* server-side, the client gets the callbacks (using this method),
* populates them, and sends them back to the server.
*/
- public Callback[] getServerLoginCallbacks(JaasClientId userIdentifier, int loginModuleIndex) throws LoginException {
- JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(userIdentifier);
+ public Callback[] getServerLoginCallbacks(JaasClientId clientHandle, int loginModuleIndex) throws LoginException {
+ JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(clientHandle);
checkContext(context, loginModuleIndex, true);
LoginModule module = context.getLoginModule(loginModuleIndex);
- //todo: properly handle shared state
+
context.getHandler().setExploring();
try {
module.initialize(context.getSubject(), context.getHandler(), new HashMap(), context.getOptions(loginModuleIndex));
@@ -218,15 +217,6 @@
return context.getHandler().finalizeCallbackList();
}
- private void checkContext(JaasSecurityContext context, int loginModuleIndex, boolean expectServerSide) throws LoginException {
- if (context == null) {
- throw new ExpiredLoginModuleException();
- }
- if (loginModuleIndex < 0 || loginModuleIndex >= context.getModules().length || (context.isServerSide(loginModuleIndex) != expectServerSide)) {
- throw new LoginException("Invalid login module specified");
- }
- }
-
/**
* Returns populated callbacks for a server side login module. When the
* client is going through the configured login modules, if a specific
@@ -234,8 +224,8 @@
* server-side, the client gets the callbacks, populates them, and sends
* them back to the server (using this method).
*/
- public boolean performServerLogin(JaasClientId userIdentifier, int loginModuleIndex, Callback[] results) throws LoginException {
- JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(userIdentifier);
+ public boolean performServerLogin(JaasClientId clientHandle, int loginModuleIndex, Callback[] results) throws LoginException {
+ JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(clientHandle);
checkContext(context, loginModuleIndex, true);
try {
context.getHandler().setClientResponse(results);
@@ -251,8 +241,8 @@
* once for each client-side login module, to specify Principals for each
* module.
*/
- public void clientLoginModuleCommit(JaasClientId userIdentifier, int loginModuleIndex, Principal[] clientLoginModulePrincipals) throws LoginException {
- JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(userIdentifier);
+ public void clientLoginModuleCommit(JaasClientId clientHandle, int loginModuleIndex, Principal[] clientLoginModulePrincipals) throws LoginException {
+ JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(clientHandle);
checkContext(context, loginModuleIndex, false);
context.processPrincipals(clientLoginModulePrincipals, context.getLoginDomainName(loginModuleIndex));
}
@@ -263,8 +253,8 @@
* once for each server-side login module that was processed before the
* overall authentication succeeded.
*/
- public boolean serverLoginModuleCommit(JaasClientId userIdentifier, int loginModuleIndex) throws LoginException {
- JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(userIdentifier);
+ public boolean serverLoginModuleCommit(JaasClientId clientHandle, int loginModuleIndex) throws LoginException {
+ JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(clientHandle);
checkContext(context, loginModuleIndex, true);
boolean result = context.getLoginModule(loginModuleIndex).commit();
context.processPrincipals(context.getLoginDomainName(loginModuleIndex));
@@ -275,8 +265,8 @@
* Indicates that the overall login succeeded. All login modules that were
* touched should have been logged in and committed before calling this.
*/
- public Principal[] loginSucceeded(JaasClientId userIdentifier) throws LoginException {
- JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(userIdentifier);
+ public Principal[] loginSucceeded(JaasClientId clientHandle) throws LoginException {
+ JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(clientHandle);
if (context == null) {
throw new ExpiredLoginModuleException();
}
@@ -301,21 +291,21 @@
* Indicates that the overall login failed, and the server should release
* any resources associated with the user ID.
*/
- public void loginFailed(JaasClientId userIdentifier) {
- activeLogins.remove(userIdentifier);
+ public void loginFailed(JaasClientId clientHandle) {
+ activeLogins.remove(clientHandle);
}
/**
* Indicates that the client has logged out, and the server should release
* any resources associated with the user ID.
*/
- public void logout(JaasClientId userIdentifier) throws LoginException {
- JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(userIdentifier);
+ public void logout(JaasClientId clientHandle) throws LoginException {
+ JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(clientHandle);
if (context == null) {
throw new ExpiredLoginModuleException();
}
ContextManager.unregisterSubject(context.getSubject());
- activeLogins.remove(userIdentifier);
+ activeLogins.remove(clientHandle);
for (int i = 0; i < context.getModules().length; i++) {
if (context.isServerSide(i)) {
context.getLoginModule(i).logout();
@@ -323,6 +313,15 @@
}
}
+ private void checkContext(JaasSecurityContext context, int loginModuleIndex, boolean expectServerSide) throws LoginException {
+ if (context == null) {
+ throw new ExpiredLoginModuleException();
+ }
+ if (loginModuleIndex < 0 || loginModuleIndex >= context.getModules().length || (context.isServerSide(loginModuleIndex) != expectServerSide)) {
+ throw new LoginException("Invalid login module specified");
+ }
+ }
+
/**
* Prepares a new security context for a new client. Each client uses a
* unique security context to sture their authentication progress,
@@ -392,6 +391,7 @@
}
private class ExpirationMonitor implements Runnable { //todo: different timeouts per realm?
+
public void run() {
long now = System.currentTimeMillis();
List list = new LinkedList();
@@ -419,7 +419,7 @@
public static final GBeanInfo GBEAN_INFO;
static {
- GBeanInfoBuilder infoFactory = new GBeanInfoBuilder(JaasLoginService.class, "JaasLoginService"); //just a gbean
+ GBeanInfoBuilder infoFactory = new GBeanInfoBuilder(JaasLoginService.class, "JaasLoginService");
infoFactory.addAttribute("algorithm", String.class, true);
infoFactory.addAttribute("password", String.class, true);
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginServiceMBean.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginServiceMBean.java?rev=280164&r1=280163&r2=280164&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginServiceMBean.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginServiceMBean.java Sun Sep 11 11:55:15 2005
@@ -81,7 +81,7 @@
* Gets the login module configuration for the specified realm. The
* caller needs that in order to perform the authentication process.
*/
- public JaasLoginModuleConfiguration[] getLoginConfiguration(JaasClientId userIdentifier) throws LoginException ;
+ public JaasLoginModuleConfiguration[] getLoginConfiguration(JaasClientId clientHandle) throws LoginException ;
/**
* Retrieves callbacks for a server side login module. When the client
@@ -90,7 +90,7 @@
* server-side, the client gets the callbacks (using this method),
* populates them, and sends them back to the server.
*/
- public Callback[] getServerLoginCallbacks(JaasClientId userIdentifier, int loginModuleIndex) throws LoginException;
+ public Callback[] getServerLoginCallbacks(JaasClientId clientHandle, int loginModuleIndex) throws LoginException;
/**
* Returns populated callbacks for a server side login module. When the
@@ -99,7 +99,7 @@
* server-side, the client gets the callbacks, populates them, and sends
* them back to the server (using this method).
*/
- public boolean performServerLogin(JaasClientId userIdentifier, int loginModuleIndex, Callback[] results) throws LoginException;
+ public boolean performServerLogin(JaasClientId clientHandle, int loginModuleIndex, Callback[] results) throws LoginException;
/**
* Indicates that the overall login succeeded, and some principals were
@@ -107,7 +107,7 @@
* once for each client-side login module, to specify Principals for each
* module.
*/
- public void clientLoginModuleCommit(JaasClientId userIdentifier, int loginModuleIndex, Principal[] clientLoginModulePrincipals) throws LoginException;
+ public void clientLoginModuleCommit(JaasClientId clientHandle, int loginModuleIndex, Principal[] clientLoginModulePrincipals) throws LoginException;
/**
* Indicates that the overall login succeeded, and a particular server-side
@@ -115,23 +115,23 @@
* once for each server-side login module that was processed before the
* overall authentication succeeded.
*/
- public boolean serverLoginModuleCommit(JaasClientId userIdentifier, int loginModuleIndex) throws LoginException;
+ public boolean serverLoginModuleCommit(JaasClientId clientHandle, int loginModuleIndex) throws LoginException;
/**
* Indicates that the overall login succeeded. All login modules that were
* touched should have been logged in and committed before calling this.
*/
- public Principal[] loginSucceeded(JaasClientId userIdentifier) throws LoginException;
+ public Principal[] loginSucceeded(JaasClientId clientHandle) throws LoginException;
/**
* Indicates that the overall login failed, and the server should release
* any resources associated with the user ID.
*/
- public void loginFailed(JaasClientId userIdentifier);
+ public void loginFailed(JaasClientId clientHandle);
/**
* Indicates that the client has logged out, and the server should release
* any resources associated with the user ID.
*/
- public void logout(JaasClientId userIdentifier) throws LoginException;
+ public void logout(JaasClientId clientHandle) throws LoginException;
}
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java?rev=280164&r1=280163&r2=280164&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java Sun Sep 11 11:55:15 2005
@@ -43,7 +43,7 @@
private boolean done;
private final JaasLoginModuleConfiguration[] modules;
private final LoginModule[] loginModules;
- private DecouplingCallbackHandler handler;
+ private DecouplingCallbackHandler handler = new DecouplingCallbackHandler();
private final Set processedPrincipals = new HashSet();
public JaasSecurityContext(String realmName, JaasLoginModuleConfiguration[] modules, ClassLoader classLoader) {
@@ -103,10 +103,8 @@
checkRange(index);
return modules[index].getOptions();
}
+
public DecouplingCallbackHandler getHandler() {
- if(handler == null) { //lazy create
- handler = new DecouplingCallbackHandler();
- }
return handler;
}
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleConfiguration.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleConfiguration.java?rev=280164&r1=280163&r2=280164&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleConfiguration.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleConfiguration.java Sun Sep 11 11:55:15 2005
@@ -24,8 +24,8 @@
* @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $
*/
public class LoginModuleConfiguration {
- private LoginModule module;
- private LoginModuleControlFlag controlFlag;
+ private final LoginModule module;
+ private final LoginModuleControlFlag controlFlag;
public LoginModuleConfiguration(LoginModule module, LoginModuleControlFlag controlFlag) {
this.module = module;