Return-Path: X-Original-To: apmail-directory-commits-archive@www.apache.org Delivered-To: apmail-directory-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 481AC1080D for ; Tue, 25 Nov 2014 09:43:57 +0000 (UTC) Received: (qmail 43953 invoked by uid 500); 25 Nov 2014 09:43:57 -0000 Delivered-To: apmail-directory-commits-archive@directory.apache.org Received: (qmail 43921 invoked by uid 500); 25 Nov 2014 09:43:57 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 43874 invoked by uid 99); 25 Nov 2014 09:43:57 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 25 Nov 2014 09:43:57 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id 9911AA18CD9; Tue, 25 Nov 2014 09:43:56 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: elecharny@apache.org To: commits@directory.apache.org Date: Tue, 25 Nov 2014 09:43:56 -0000 Message-Id: X-Mailer: ASF-Git Admin Mailer Subject: [1/3] directory-fortress-realm git commit: o Formatted the pom.xml file (2 spaces instead of 4) o Applied the Directory formatter o The static final 'log' filed is renamed to 'LOG' (all the static final fields should be upper-cased o Fixed the logs by us Repository: directory-fortress-realm Updated Branches: refs/heads/master e014bfbf4 -> 3691dac85 o Formatted the pom.xml file (2 spaces instead of 4) o Applied the Directory formatter o The static final 'log' filed is renamed to 'LOG' (all the static final fields should be upper-cased o Fixed the logs by using {} o Used a Map instead of Map in TcPrincipal and J2eePolicyMgrImpl Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-realm/repo Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-realm/commit/805bc4cd Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-realm/tree/805bc4cd Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-realm/diff/805bc4cd Branch: refs/heads/master Commit: 805bc4cdb69c1ed4c55d8e43a3715b435904b711 Parents: 4d2e0d0 Author: Shawn McKinney Authored: Fri Nov 14 07:27:40 2014 -0600 Committer: Emmanuel Lécharny Committed: Tue Nov 25 10:14:57 2014 +0100 ---------------------------------------------------------------------- impl/pom.xml | 109 ++++++++++--------- .../directory/fortress/realm/J2eePolicyMgr.java | 33 ++---- .../fortress/realm/J2eePolicyMgrFactory.java | 39 ++++--- .../fortress/realm/J2eePolicyMgrImpl.java | 87 +++++++-------- .../realm/tomcat/TC7AccessMgrFascade.java | 58 +++++----- .../fortress/realm/tomcat/TcAccessMgrImpl.java | 80 +++++++------- .../fortress/realm/tomcat/TcPrincipal.java | 38 +++++-- pom.xml | 4 +- proxy/pom.xml | 2 +- 9 files changed, 221 insertions(+), 229 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/directory-fortress-realm/blob/805bc4cd/impl/pom.xml ---------------------------------------------------------------------- diff --git a/impl/pom.xml b/impl/pom.xml index 8ee93df..e84f2cb 100644 --- a/impl/pom.xml +++ b/impl/pom.xml @@ -8,7 +8,7 @@ "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an @@ -18,64 +18,65 @@ under the License. --> - 4.0.0 - - org.apache.directory - fortress-realm - 1.0-RC40 - + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> + 4.0.0 + + org.apache.directory + fortress-realm + 1.0-RC40-SNAPSHOT + - fortress-realm-impl - Apache Fortress Realm Implementation - jar - - Implementation classes for the Fortress Realm Component. - + fortress-realm-impl + Apache Fortress Realm Implementation + jar + + Implementation classes for the Fortress Realm Component. + - - 1.0-RC40 - + + 1.0-RC40-SNAPSHOT + - - - org.apache.directory.junit - junit-addons - test - 0.1 - + + + org.apache.directory.junit + junit-addons + test + 0.1 + - - ${project.groupId} - fortress-realm-proxy - ${project.version} - provided - + + ${project.groupId} + fortress-realm-proxy + ${project.version} + provided + - - ${project.groupId} - fortress-core - ${fortress-core.version} - + + ${project.groupId} + fortress-core + ${fortress-core.version} + - - - - - org.apache.maven.plugins - maven-compiler-plugin - 3.1 - - 1.7 - 1.7 - - + + + + + + org.apache.maven.plugins + maven-compiler-plugin + 3.1 + + 1.7 + 1.7 + + - - org.apache.maven.plugins - maven-jar-plugin - 2.5 - - - + + org.apache.maven.plugins + maven-jar-plugin + 2.5 + + + http://git-wip-us.apache.org/repos/asf/directory-fortress-realm/blob/805bc4cd/impl/src/main/java/org/apache/directory/fortress/realm/J2eePolicyMgr.java ---------------------------------------------------------------------- diff --git a/impl/src/main/java/org/apache/directory/fortress/realm/J2eePolicyMgr.java b/impl/src/main/java/org/apache/directory/fortress/realm/J2eePolicyMgr.java index ee79046..591327f 100644 --- a/impl/src/main/java/org/apache/directory/fortress/realm/J2eePolicyMgr.java +++ b/impl/src/main/java/org/apache/directory/fortress/realm/J2eePolicyMgr.java @@ -46,8 +46,7 @@ public interface J2eePolicyMgr * @throws org.apache.directory.fortress.core.SecurityException * in the event of data validation failure, security policy violation or DAO error. */ - public boolean authenticate(String userId, char[] password) - throws SecurityException; + public boolean authenticate( String userId, char[] password ) throws SecurityException; /** @@ -105,8 +104,7 @@ public interface J2eePolicyMgr * @throws org.apache.directory.fortress.core.SecurityException * in the event of data validation failure, security policy violation or DAO error. */ - public TcPrincipal createSession(String userId, char[] password) - throws SecurityException; + public TcPrincipal createSession( String userId, char[] password ) throws SecurityException; /** @@ -165,8 +163,7 @@ public interface J2eePolicyMgr * @throws org.apache.directory.fortress.core.SecurityException * in the event of data validation failure, security policy violation or DAO error. */ - public TcPrincipal createSession(String userId, char[] password, List roles) - throws SecurityException; + public TcPrincipal createSession( String userId, char[] password, List roles ) throws SecurityException; /** @@ -224,8 +221,7 @@ public interface J2eePolicyMgr * @throws org.apache.directory.fortress.core.SecurityException * in the event of data validation failure, security policy violation or DAO error. */ - public Session createSession(User user, boolean isTrusted) - throws SecurityException; + public Session createSession( User user, boolean isTrusted ) throws SecurityException; /** @@ -238,8 +234,7 @@ public interface J2eePolicyMgr * @throws org.apache.directory.fortress.core.SecurityException * data validation failure or system error.. */ - public boolean hasRole(Principal principal, String roleName) - throws SecurityException; + public boolean hasRole( Principal principal, String roleName ) throws SecurityException; /** @@ -250,8 +245,7 @@ public interface J2eePolicyMgr * @throws org.apache.directory.fortress.core.SecurityException * will be thrown if role not found or system error occurs. */ - public Role readRole(String roleName) - throws SecurityException; + public Role readRole( String roleName ) throws SecurityException; /** @@ -263,8 +257,7 @@ public interface J2eePolicyMgr * @throws org.apache.directory.fortress.core.SecurityException * in the event of data validation failure or DAO error. */ - public List searchRoles(String userId, int limit) - throws SecurityException; + public List searchRoles( String userId, int limit ) throws SecurityException; /** @@ -275,8 +268,7 @@ public interface J2eePolicyMgr * @return entity containing matching user data. * @throws SecurityException if record not found or system error occurs. */ - public User readUser(String userId) - throws SecurityException; + public User readUser( String userId ) throws SecurityException; /** @@ -288,8 +280,7 @@ public interface J2eePolicyMgr * @return List of type String containing matching userIds. * @throws SecurityException in the event of system error. */ - public List searchUsers(String userId, int limit) - throws SecurityException; + public List searchUsers( String userId, int limit ) throws SecurityException; /** @@ -304,8 +295,7 @@ public interface J2eePolicyMgr * @throws org.apache.directory.fortress.core.SecurityException * in the event of data validation or system error. */ - public List assignedUsers(String roleName, int limit) - throws SecurityException; + public List assignedUsers( String roleName, int limit ) throws SecurityException; /** @@ -316,7 +306,6 @@ public interface J2eePolicyMgr * @return Set of type String containing the roles assigned and roles inherited. * @throws SecurityException If user not found or system error occurs. */ - public List authorizedRoles(String userId) - throws SecurityException; + public List authorizedRoles( String userId ) throws SecurityException; } http://git-wip-us.apache.org/repos/asf/directory-fortress-realm/blob/805bc4cd/impl/src/main/java/org/apache/directory/fortress/realm/J2eePolicyMgrFactory.java ---------------------------------------------------------------------- diff --git a/impl/src/main/java/org/apache/directory/fortress/realm/J2eePolicyMgrFactory.java b/impl/src/main/java/org/apache/directory/fortress/realm/J2eePolicyMgrFactory.java index 03801fc..c049b26 100644 --- a/impl/src/main/java/org/apache/directory/fortress/realm/J2eePolicyMgrFactory.java +++ b/impl/src/main/java/org/apache/directory/fortress/realm/J2eePolicyMgrFactory.java @@ -22,8 +22,8 @@ package org.apache.directory.fortress.realm; import org.apache.directory.fortress.core.cfg.Config; import org.apache.directory.fortress.core.SecurityException; import org.apache.directory.fortress.core.GlobalErrIds; -import org.apache.log4j.Level; -import org.apache.log4j.Logger; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * Creates an instance of the J2eePolicyMgr object. @@ -42,8 +42,8 @@ public class J2eePolicyMgrFactory private static final String J2EE_POLICYMGR_IMPLEMENTATION = "realmImplementation"; private static final String J2EE_POLICYMGR_DEFAULT_CLASS = J2eePolicyMgrImpl.class.getName(); private static final String CLS_NM = J2eePolicyMgrFactory.class.getName(); - private static final Logger log = Logger.getLogger(CLS_NM); - private static String j2eeClassName = Config.getProperty(J2EE_POLICYMGR_IMPLEMENTATION); + private static final Logger LOG = LoggerFactory.getLogger( CLS_NM ); + private static String j2eeClassName = Config.getProperty( J2EE_POLICYMGR_IMPLEMENTATION ); /** * Create and return a reference to {@link J2eePolicyMgr} object. @@ -51,39 +51,38 @@ public class J2eePolicyMgrFactory * @return instance of {@link J2eePolicyMgr}. * @throws org.apache.directory.fortress.core.SecurityException in the event of failure during instantiation. */ - public static J2eePolicyMgr createInstance() - throws SecurityException + public static J2eePolicyMgr createInstance() throws SecurityException { J2eePolicyMgr realmMgr; + try { - if (j2eeClassName == null || j2eeClassName.compareTo("") == 0) + if ( ( j2eeClassName == null ) || ( j2eeClassName.length() == 0 ) ) { j2eeClassName = J2EE_POLICYMGR_DEFAULT_CLASS; - if (log.isEnabledFor(Level.DEBUG)) - { - log.debug(CLS_NM + ".createInstance <" + J2EE_POLICYMGR_IMPLEMENTATION + "> not found."); - log.debug(CLS_NM + ".createInstance use default <" + J2EE_POLICYMGR_DEFAULT_CLASS + ">"); - } + LOG.debug( "{}.createInstance [{}], not found.", CLS_NM, J2EE_POLICYMGR_IMPLEMENTATION ); + LOG.debug( "{}.createInstance use default [{}], not found.", CLS_NM, J2EE_POLICYMGR_DEFAULT_CLASS ); } - realmMgr = (J2eePolicyMgr) Class.forName(j2eeClassName).newInstance(); + + realmMgr = (J2eePolicyMgr) Class.forName( j2eeClassName ).newInstance(); } - catch (java.lang.ClassNotFoundException e) + catch ( ClassNotFoundException e ) { String error = CLS_NM + ".createInstance caught java.lang.ClassNotFoundException=" + e; - throw new SecurityException(GlobalErrIds.FT_MGR_CLASS_NOT_FOUND, error, e); + throw new SecurityException( GlobalErrIds.FT_MGR_CLASS_NOT_FOUND, error, e ); } - catch (java.lang.InstantiationException e) + catch ( InstantiationException e ) { String error = CLS_NM + ".createInstance caught java.lang.InstantiationException=" + e; - throw new SecurityException(GlobalErrIds.FT_MGR_INST_EXCEPTION, error, e); + throw new SecurityException( GlobalErrIds.FT_MGR_INST_EXCEPTION, error, e ); } - catch (java.lang.IllegalAccessException e) + catch ( IllegalAccessException e ) { String error = CLS_NM + ".createInstance caught java.lang.IllegalAccessException=" + e; - log.fatal(error); - throw new SecurityException(GlobalErrIds.FT_MGR_ILLEGAL_ACCESS, error, e); + LOG.error( error ); + throw new SecurityException( GlobalErrIds.FT_MGR_ILLEGAL_ACCESS, error, e ); } + return realmMgr; } } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/directory-fortress-realm/blob/805bc4cd/impl/src/main/java/org/apache/directory/fortress/realm/J2eePolicyMgrImpl.java ---------------------------------------------------------------------- diff --git a/impl/src/main/java/org/apache/directory/fortress/realm/J2eePolicyMgrImpl.java b/impl/src/main/java/org/apache/directory/fortress/realm/J2eePolicyMgrImpl.java index 2f3790a..9b016a1 100644 --- a/impl/src/main/java/org/apache/directory/fortress/realm/J2eePolicyMgrImpl.java +++ b/impl/src/main/java/org/apache/directory/fortress/realm/J2eePolicyMgrImpl.java @@ -40,9 +40,8 @@ import org.apache.directory.fortress.core.rbac.Role; import org.apache.directory.fortress.core.rbac.Session; import org.apache.directory.fortress.realm.tomcat.TcPrincipal; import org.apache.directory.fortress.core.util.attr.VUtil; -import org.apache.directory.fortress.core.util.time.CUtil; -import org.apache.log4j.Level; -import org.apache.log4j.Logger; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * This class is for components that use Websphere and Tomcat Container SPI's to provide @@ -54,7 +53,7 @@ import org.apache.log4j.Logger; public class J2eePolicyMgrImpl implements J2eePolicyMgr { private static final String CLS_NM = J2eePolicyMgrImpl.class.getName(); - private static final Logger log = Logger.getLogger( CLS_NM ); + private static final Logger LOG = LoggerFactory.getLogger( CLS_NM ); private static AccessMgr accessMgr; private static ReviewMgr reviewMgr; private static final String SESSION = "session"; @@ -66,12 +65,11 @@ public class J2eePolicyMgrImpl implements J2eePolicyMgr { accessMgr = AccessMgrFactory.createInstance( GlobalIds.HOME ); reviewMgr = ReviewMgrFactory.createInstance( GlobalIds.HOME ); - log.info( J2eePolicyMgrImpl.class.getName() + " - Initialized successfully" ); + LOG.info( "{} - Initialized successfully", CLS_NM ); } catch ( SecurityException se ) { - String error = CLS_NM + " caught SecurityException=" + se; - log.fatal( error ); + LOG.error( "{} caught SecurityException={}", CLS_NM, se ); } } @@ -90,20 +88,15 @@ public class J2eePolicyMgrImpl implements J2eePolicyMgr { boolean result = false; Session session = accessMgr.authenticate( userId, password ); + if ( session != null ) { result = true; - if ( log.isEnabledFor( Level.DEBUG ) ) - { - log.debug( CLS_NM + ".authenticate userId [" + userId + "] successful" ); - } + LOG.debug( "{}.authenticate userId [{}], successful", CLS_NM, userId ); } else { - if ( log.isEnabledFor( Level.DEBUG ) ) - { - log.debug( CLS_NM + ".authenticate userId [" + userId + "] failed" ); - } + LOG.debug( "{}.authenticate userId [{}], failed", CLS_NM, userId ); } return result; @@ -184,6 +177,7 @@ public class J2eePolicyMgrImpl implements J2eePolicyMgr public TcPrincipal createSession( String userId, char[] password ) throws SecurityException { User user = new User( userId, password ); + return createSession( user ); } @@ -244,18 +238,19 @@ public class J2eePolicyMgrImpl implements J2eePolicyMgr * @throws org.apache.directory.fortress.core.SecurityException * in the event of data validation failure, security policy violation or DAO error. */ - public TcPrincipal createSession(String userId, char[] password, List roles) - throws SecurityException + public TcPrincipal createSession( String userId, char[] password, List roles ) throws SecurityException { User user = new User( userId, password ); + // Load the passed in role list into list of User requested roles: - if(VUtil.isNotNullOrEmpty( roles )) + if ( VUtil.isNotNullOrEmpty( roles ) ) { for(String role : roles) { user.setRole( role ); } } + return createSession( user ); } @@ -270,11 +265,8 @@ public class J2eePolicyMgrImpl implements J2eePolicyMgr private TcPrincipal createSession( User user ) throws SecurityException { Session session = accessMgr.createSession( user, false ); - if ( log.isEnabledFor( Level.DEBUG ) ) - { - log.debug( CLS_NM + ".createSession userId [" + user.getUserId() + "] successful" ); - } - HashMap context = new HashMap(); + LOG.debug( "{}.createSession userId [{}], successful", CLS_NM, user.getUserId() ); + HashMap context = new HashMap(); context.put( SESSION, session ); // now serialize the principal: @@ -284,6 +276,7 @@ public class J2eePolicyMgrImpl implements J2eePolicyMgr // which allows overriden toString to return it later, from within an application thread. // This facilitates assertion of rbac session from the tomcat realm into the web application session. context.put( TcPrincipal.SERIALIZED, ser ); + return new TcPrincipal( user.getUserId(), context ); } @@ -365,10 +358,8 @@ public class J2eePolicyMgrImpl implements J2eePolicyMgr @Override public Session createSession( User user, boolean isTrusted ) throws SecurityException { - if ( log.isDebugEnabled() ) - { - log.debug( CLS_NM + ".createSession userId [" + user.getUserId() + "] " ); - } + LOG.debug( "{}.createSession userId [{}], isTrusted [{}]", CLS_NM, user.getUserId(), isTrusted ); + return accessMgr.createSession( user, isTrusted ); } @@ -388,51 +379,42 @@ public class J2eePolicyMgrImpl implements J2eePolicyMgr public boolean hasRole( Principal principal, String roleName ) throws SecurityException { String fullMethodName = CLS_NM + ".hasRole"; - if ( log.isDebugEnabled() ) - { - log.debug( fullMethodName + " userId [" + principal.getName() + "] role [" + roleName + "]" ); - } + LOG.debug( "{}.hasRole userId [{}], role [{}]", CLS_NM, principal.getName(), roleName ); // Fail closed boolean result = false; // Principal must contain a HashMap that contains a Fortress session object. - HashMap context = ( ( TcPrincipal ) principal ).getContext(); + HashMap context = ( ( TcPrincipal ) principal ).getContext(); VUtil.assertNotNull( context, GlobalErrIds.SESS_CTXT_NULL, fullMethodName ); // This Map must contain a Fortress Session: - Session session = context.get( SESSION ); + Session session = (Session)context.get( SESSION ); VUtil.assertNotNull( session, GlobalErrIds.USER_SESS_NULL, fullMethodName ); Set authZRoles = accessMgr.authorizedRoles( session ); - if ( authZRoles != null && authZRoles.size() > 0 ) + + if ( ( authZRoles != null ) && ( authZRoles.size() > 0 ) ) { // Does the set of authorized roles contain a name matched to the one passed in? if ( authZRoles.contains( roleName ) ) { // Yes, we have a match. - if ( log.isEnabledFor( Level.DEBUG ) ) - { - log.debug( fullMethodName + " userId [" + principal.getName() + "] role [" + roleName + "] " + - "successful" ); - } + LOG.debug( "{} userId [{}], role [{}], successful", fullMethodName, principal.getName(), roleName ); result = true; } else { - if ( log.isEnabledFor( Level.DEBUG ) ) - { - // User is not authorized in their Session.. - log.debug( fullMethodName + " userId [" + principal.getName() + "] is not authorized role [" + - roleName + "]" ); - } + // User is not authorized in their Session.. + LOG.debug( "{} userId [{}], is not authorized role [{}]", fullMethodName, principal.getName(), roleName ); } } else { // User does not have any authorized Roles in their Session.. - log.info( fullMethodName + " userId [" + principal.getName() + "], role [" + roleName + "], has no authorized roles" ); + LOG.info( "{} userId [{}], role [{}], has no authorized roles", fullMethodName, principal.getName(), roleName ); } + return result; } @@ -537,14 +519,17 @@ public class J2eePolicyMgrImpl implements J2eePolicyMgr Session session = createSession( new User( userId ), true ); // Get the Set of authorized Roles. Set authZRoleSet = accessMgr.authorizedRoles( session ); + // If User has authorized roles. - if ( authZRoleSet != null && authZRoleSet.size() > 0 ) + if ( ( authZRoleSet != null ) && ( authZRoleSet.size() > 0 ) ) { // Convert the Set into a List before returning: list = new ArrayList( authZRoleSet ); } + return list; } + /** * Utility to write any object into a Base64 string. Used by this class to serialize {@link TcPrincipal} object to be returned by its toString method.. @@ -552,7 +537,8 @@ public class J2eePolicyMgrImpl implements J2eePolicyMgr private String serialize( Object obj ) throws SecurityException { String szRetVal = null; - if( obj != null ) + + if ( obj != null ) { try { @@ -560,6 +546,7 @@ public class J2eePolicyMgrImpl implements J2eePolicyMgr ObjectOutputStream so = new ObjectOutputStream( bo ); so.writeObject( obj ); so.flush(); + // This encoding induces a bijection between byte[] and String (unlike UTF-8) szRetVal = bo.toString( "ISO-8859-1" ); } @@ -569,7 +556,7 @@ public class J2eePolicyMgrImpl implements J2eePolicyMgr throw new SecurityException(CONTEXT_SERIALIZATION_FAILED, error); } } + return szRetVal; } -} - +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/directory-fortress-realm/blob/805bc4cd/impl/src/main/java/org/apache/directory/fortress/realm/tomcat/TC7AccessMgrFascade.java ---------------------------------------------------------------------- diff --git a/impl/src/main/java/org/apache/directory/fortress/realm/tomcat/TC7AccessMgrFascade.java b/impl/src/main/java/org/apache/directory/fortress/realm/tomcat/TC7AccessMgrFascade.java index dccf5c0..858da2f 100644 --- a/impl/src/main/java/org/apache/directory/fortress/realm/tomcat/TC7AccessMgrFascade.java +++ b/impl/src/main/java/org/apache/directory/fortress/realm/tomcat/TC7AccessMgrFascade.java @@ -19,18 +19,13 @@ */ package org.apache.directory.fortress.realm.tomcat; -import org.apache.directory.fortress.realm.util.CpUtil; import org.apache.catalina.LifecycleException; import org.apache.catalina.Wrapper; import org.apache.catalina.realm.RealmBase; -import java.net.URL; import java.security.Principal; -import java.net.URLClassLoader; import java.util.logging.Logger; -import org.apache.directory.fortress.realm.util.ChildFirstUrlClassLoader; - /** * This class extends the Tomcat 7 and beyond RealmBase class and provides Java EE security services within the Tomcat container. * This class is a "proxy" for the {@link org.apache.directory.fortress.realm.tomcat.TcAccessMgrImpl} class which isolates dependencies from the Tomcat @@ -41,7 +36,7 @@ import org.apache.directory.fortress.realm.util.ChildFirstUrlClassLoader; public class TC7AccessMgrFascade extends RealmBase { private static final String CLS_NM = TC7AccessMgrFascade.class.getName(); - private static final Logger log = Logger.getLogger(CLS_NM); + private static final Logger LOG = Logger.getLogger( CLS_NM ); private static final String REALM_IMPL = "org.apache.directory.fortress.realm.tomcat.TcAccessMgrImpl"; private static final String REALM_CLASSPATH = "REALM_CLASSPATH"; private static final String JBOSS_AGENT = "jboss"; @@ -71,13 +66,14 @@ public class TC7AccessMgrFascade extends RealmBase * wrapped by methods on this class and are accessed via the {@code realm} instance variable of this class. */ @Override - public Principal authenticate(String userId, String password) + public Principal authenticate( String userId, String password ) { - if(realm == null) + if ( realm == null ) { - throw new RuntimeException(CLS_NM + "authenticate detected Fortress Tomcat7 Realm not initialized correctly. Check your Fortress Realm configuration"); + throw new RuntimeException( CLS_NM + "authenticate detected Fortress Tomcat7 Realm not initialized correctly. Check your Fortress Realm configuration" ); } - return realm.authenticate(userId, password.toCharArray()); + + return realm.authenticate( userId, password.toCharArray()) ; } @@ -90,14 +86,16 @@ public class TC7AccessMgrFascade extends RealmBase * @return True if Role is found in TcPrincipal, false otherwise. */ @Override - public boolean hasRole(Wrapper wrapper, Principal principal, String role) + public boolean hasRole( Wrapper wrapper, Principal principal, String role ) { - if(realm == null) + if ( realm == null ) { - throw new RuntimeException(CLS_NM + "authenticate detected Fortress Tomcat7 Realm not initialized correctly. Check your Fortress Realm configuration"); + throw new RuntimeException( CLS_NM + "authenticate detected Fortress Tomcat7 Realm not initialized correctly. Check your Fortress Realm configuration" ); } - return realm.hasRole(principal, role); + + return realm.hasRole( principal, role ); } + /** * Gets the name attribute of the TcAccessMgrProxy object @@ -107,7 +105,7 @@ public class TC7AccessMgrFascade extends RealmBase @Override protected String getName() { - return (CLS_NM); + return ( CLS_NM ); } @@ -118,9 +116,9 @@ public class TC7AccessMgrFascade extends RealmBase * @return The password value */ @Override - protected String getPassword(String username) + protected String getPassword( String username ) { - return (null); + return null; } @@ -131,9 +129,9 @@ public class TC7AccessMgrFascade extends RealmBase * @return The principal value */ @Override - protected Principal getPrincipal(String username) + protected Principal getPrincipal( String username ) { - return (null); + return null; } @@ -151,6 +149,7 @@ public class TC7AccessMgrFascade extends RealmBase super.startInternal(); } + /** * Gracefully terminate the active use of the public methods of this * component and implement the requirements of @@ -171,6 +170,7 @@ public class TC7AccessMgrFascade extends RealmBase } + /** * Gets the containerType attribute of the TcAccessMgrProxy object * @@ -181,16 +181,18 @@ public class TC7AccessMgrFascade extends RealmBase return container; } + /** * Sets the containerType attribute of the TcAccessMgrProxy object * * @param container The new containerType value */ - public void setContainerType(String container) + public void setContainerType( String container ) { - log.info(CLS_NM + ".setContainerType <" + container + ">"); + LOG.info( CLS_NM + ".setContainerType <" + container + ">" ); this.container = container; } + /** * Gets the realmClasspath attribute of the TcAccessMgrProxy object @@ -199,18 +201,21 @@ public class TC7AccessMgrFascade extends RealmBase */ public String getRealmClasspath() { - log.info(CLS_NM + ".getRealmClasspath <" + realmClasspath + ">"); + LOG.info( CLS_NM + ".getRealmClasspath <" + realmClasspath + ">" ); + return realmClasspath; } + /** * Sets the realmClasspath attribute of the TcAccessMgrProxy object * * @param rCpth The new realmClasspath value */ - public void setRealmClasspath(String rCpth) + public void setRealmClasspath( String rCpth ) { - log.info(CLS_NM + ".setRealmClasspath <" + rCpth + ">"); + LOG.info( CLS_NM + ".setRealmClasspath <" + rCpth + ">" ); + this.realmClasspath = rCpth; } @@ -221,7 +226,8 @@ public class TC7AccessMgrFascade extends RealmBase */ public static String getDefaultRoles() { - log.info(CLS_NM + ".getDefaultRoles <" + defaultRoles + ">"); + LOG.info( CLS_NM + ".getDefaultRoles <" + defaultRoles + ">" ); + return defaultRoles; } @@ -232,7 +238,7 @@ public class TC7AccessMgrFascade extends RealmBase */ public static void setDefaultRoles( String defaultRoles ) { - log.info(CLS_NM + ".setDefaultRoles <" + defaultRoles + ">"); + LOG.info( CLS_NM + ".setDefaultRoles <" + defaultRoles + ">" ); TC7AccessMgrFascade.defaultRoles = defaultRoles; } } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/directory-fortress-realm/blob/805bc4cd/impl/src/main/java/org/apache/directory/fortress/realm/tomcat/TcAccessMgrImpl.java ---------------------------------------------------------------------- diff --git a/impl/src/main/java/org/apache/directory/fortress/realm/tomcat/TcAccessMgrImpl.java b/impl/src/main/java/org/apache/directory/fortress/realm/tomcat/TcAccessMgrImpl.java index c0628ec..0368458 100644 --- a/impl/src/main/java/org/apache/directory/fortress/realm/tomcat/TcAccessMgrImpl.java +++ b/impl/src/main/java/org/apache/directory/fortress/realm/tomcat/TcAccessMgrImpl.java @@ -23,8 +23,8 @@ import org.apache.directory.fortress.core.SecurityException; import org.apache.directory.fortress.core.util.attr.VUtil; import org.apache.directory.fortress.realm.J2eePolicyMgr; import org.apache.directory.fortress.realm.J2eePolicyMgrFactory; -import org.apache.log4j.Level; -import org.apache.log4j.Logger; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import java.security.Principal; import java.util.Arrays; @@ -38,7 +38,9 @@ import java.util.List; public class TcAccessMgrImpl implements TcAccessMgr { private static final String CLS_NM = TcAccessMgrImpl.class.getName(); - private static final Logger log = Logger.getLogger(CLS_NM); + + /** The logger for this class */ + private static final Logger LOG = LoggerFactory.getLogger( CLS_NM ); private static int count = 0; private J2eePolicyMgr j2eeMgr; // If this field gets set, use for all subsequent calls to authenticate: @@ -52,16 +54,17 @@ public class TcAccessMgrImpl implements TcAccessMgr try { j2eeMgr = J2eePolicyMgrFactory.createInstance(); - log.info(CLS_NM + " constructor <" + count++ + ">"); + LOG.info( "{} constructor <{}>", CLS_NM, count++ ); } - catch (SecurityException se) + catch ( SecurityException se ) { String error = CLS_NM + " constructor caught SecurityException=" + se; - log.fatal(error); + LOG.error( error ); se.printStackTrace(); - throw new java.lang.RuntimeException(error, se); + throw new java.lang.RuntimeException( error, se ); } } + /** * Perform user authentication and evaluate password policies. @@ -70,37 +73,33 @@ public class TcAccessMgrImpl implements TcAccessMgr * @param password Contains the user's password. * @return Principal which contains the Fortress RBAC session data. */ - public Principal authenticate(String userId, char[] password) + public Principal authenticate( String userId, char[] password ) { - TcPrincipal prin = null; + TcPrincipal principal = null; + try { // If a 'default.roles' property set in config, user them - if( VUtil.isNotNullOrEmpty( defaultRoles )) + if ( VUtil.isNotNullOrEmpty( defaultRoles ) ) { - prin = j2eeMgr.createSession( userId, password, defaultRoles ); - if (log.isEnabledFor(Level.DEBUG)) - { - log.debug(CLS_NM + ".authenticate userId [" + userId + "], with default roles [" + defaultRoles + "], successful"); - } + principal = j2eeMgr.createSession( userId, password, defaultRoles ); + LOG.debug( "{}.authenticate userId [{}], with default roles[{}], successful", CLS_NM, userId, defaultRoles ); } else { - prin = j2eeMgr.createSession(userId, password); - if (log.isEnabledFor(Level.DEBUG)) - { - log.debug(CLS_NM + ".authenticate userId [" + userId + "] successful"); - } + principal = j2eeMgr.createSession(userId, password); + LOG.debug( "{}.authenticate userId [{}], successful", CLS_NM, userId ); } } catch (SecurityException se) { - String warning = CLS_NM + ".authenticate userId <" + userId + "> caught SecurityException=" + se; - log.warn(warning); + LOG.warn( "{}.authenticate userId <{}> caught SecurityException=", CLS_NM, userId, se ); } - return prin; + + return principal; } + /** * Determine if given Role is contained within User's Tomcat Principal object. This method does not need to hit * the ldap server as the User's activated Roles are loaded into {@link TcPrincipal#setContext(java.util.HashMap)} @@ -109,35 +108,30 @@ public class TcAccessMgrImpl implements TcAccessMgr * @param roleName Maps to {@code org.apache.directory.fortress.core.rbac.Role#name}. * @return True if Role is found in TcPrincipal, false otherwise. */ - public boolean hasRole(Principal principal, String roleName) + public boolean hasRole( Principal principal, String roleName ) { boolean result = false; String userId = principal.getName(); + try { - if (j2eeMgr.hasRole(principal, roleName)) + if ( j2eeMgr.hasRole( principal, roleName ) ) { - if (log.isEnabledFor(Level.DEBUG)) - { - log.debug(CLS_NM + ".hasRole userId <" + principal.getName() + "> role <" + roleName + "> successful"); - } + LOG.debug( "{}.hasRole userId [{}], role[{}], successful", CLS_NM, principal.getName(), roleName ); result = true; } else { - if (log.isEnabledFor(Level.DEBUG)) - { - log.debug(CLS_NM + ".hasRole userId <" + principal.getName() + "> role <" + roleName + "> failed"); - } + LOG.debug( "{}.hasRole userId [{}], role[{}], failed", CLS_NM, principal.getName(), roleName ); } } - catch (SecurityException se) + catch ( SecurityException se ) { - String warning = CLS_NM + ".hasRole userId <" + userId + "> role <" + roleName + "> caught SecurityException=" + se; - log.warn(warning); - } - return result; - } + LOG.warn( "{}.hasRole userId <{}> role <{}> caught SecurityException= {}", CLS_NM, userId, roleName, se); + } + + return result; + } /** * When the 'defaultRoles' parameter is set on realm proxy config (e.g. in server.xml or context.xml) it will be used to pass into @@ -145,12 +139,12 @@ public class TcAccessMgrImpl implements TcAccessMgr * * @param szDefaultRoles contains a String containing comma delimited roles names. */ - public void setDefaultRoles(String szDefaultRoles) + public void setDefaultRoles( String szDefaultRoles ) { - if( VUtil.isNotNullOrEmpty( szDefaultRoles )) + if( VUtil.isNotNullOrEmpty( szDefaultRoles ) ) { - defaultRoles = Arrays.asList(szDefaultRoles.split("\\s*,\\s*")); - log.info( "DEFAULT ROLES: " + defaultRoles ); + defaultRoles = Arrays.asList( szDefaultRoles.split( "\\s*,\\s*" ) ); + LOG.info( "DEFAULT ROLES: {}", defaultRoles ); } } } http://git-wip-us.apache.org/repos/asf/directory-fortress-realm/blob/805bc4cd/impl/src/main/java/org/apache/directory/fortress/realm/tomcat/TcPrincipal.java ---------------------------------------------------------------------- diff --git a/impl/src/main/java/org/apache/directory/fortress/realm/tomcat/TcPrincipal.java b/impl/src/main/java/org/apache/directory/fortress/realm/tomcat/TcPrincipal.java index 0c430c1..9e15481 100644 --- a/impl/src/main/java/org/apache/directory/fortress/realm/tomcat/TcPrincipal.java +++ b/impl/src/main/java/org/apache/directory/fortress/realm/tomcat/TcPrincipal.java @@ -19,8 +19,8 @@ */ package org.apache.directory.fortress.realm.tomcat; -import org.apache.directory.fortress.core.rbac.Session; - +import java.io.Serializable; +import java.security.Principal; import java.util.HashMap; /** @@ -29,10 +29,18 @@ import java.util.HashMap; * * @author Shawn McKinney */ -public class TcPrincipal implements java.security.Principal, java.io.Serializable +public class TcPrincipal implements Principal, Serializable { + /** Default serialVersionUID */ + private static final long serialVersionUID = 1L; + + /** The key when we store a serialiazed version of a Session into the context */ public static final String SERIALIZED = "SERIALIZED"; - private HashMap context; + + /** The context storing the session */ + private HashMap context; + + /** The userId */ private String name; @@ -43,23 +51,24 @@ public class TcPrincipal implements java.security.Principal, java.io.Serializabl * @param name contains the userId of User who signed onto Tomcat. * @param context Instantiated HashMap that contains the User's Fortress session data. */ - public TcPrincipal( String name, HashMap context ) + public TcPrincipal( String name, HashMap context ) { - if ( context == null || name == null ) + if ( ( context == null ) || ( name == null ) ) { - throw new NullPointerException( TcPrincipal.class.getName() + " Null Map passed to constructor" ); + throw new IllegalArgumentException( TcPrincipal.class.getName() + " Null Map passed to constructor" ); } + this.context = context; this.name = name; } /** - * Return the HashMap to the caller. This HashMap contains the User's Fortress session data. + * Return the HashMap to the caller. This HashMap contains the User's Fortress session data. * * @return HashMap reference to security session data. */ - public final HashMap getContext() + public final HashMap getContext() { return context; } @@ -81,7 +90,7 @@ public class TcPrincipal implements java.security.Principal, java.io.Serializabl * * @param context HashMap reference to security session data. */ - public final void setContext( HashMap context ) + public final void setContext( HashMap context ) { this.context = context; } @@ -95,13 +104,16 @@ public class TcPrincipal implements java.security.Principal, java.io.Serializabl public final String toString() { String ser = null; - HashMap context = getContext(); + HashMap context = getContext(); + if ( context != null ) { ser = (String)context.get( SERIALIZED ); } + return ser; } + /** * Determine if the caller supplied a reference to a security Principal that is equal to the current value. @@ -115,20 +127,24 @@ public class TcPrincipal implements java.security.Principal, java.io.Serializabl { return false; } + if ( this == o ) { return true; } + if ( !( o instanceof TcPrincipal ) ) { return false; } + TcPrincipal that = ( TcPrincipal ) o; if ( this.getName().equals( that.getName() ) ) { return true; } + return false; } http://git-wip-us.apache.org/repos/asf/directory-fortress-realm/blob/805bc4cd/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index bcd9df3..fa8cbec 100644 --- a/pom.xml +++ b/pom.xml @@ -26,7 +26,7 @@ Apache Fortress Realm Fortress Realm is an ANSI RBAC INCITS 359 compliant policy enforcement engine. http://directory.apache.org/foress/ - 1.0-RC40 + 1.0-RC40-SNAPSHOT apache-directory-fortress-realm @@ -42,7 +42,7 @@ 4.11 - 1.0-RC40 + 1.0-RC40-SNAPSHOT 1.0.0 http://git-wip-us.apache.org/repos/asf/directory-fortress-realm/blob/805bc4cd/proxy/pom.xml ---------------------------------------------------------------------- diff --git a/proxy/pom.xml b/proxy/pom.xml index 876e755..6329ec8 100644 --- a/proxy/pom.xml +++ b/proxy/pom.xml @@ -23,7 +23,7 @@ org.apache.directory fortress-realm - 1.0-RC40 + 1.0-RC40-SNAPSHOT fortress-realm-proxy