geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject Re: svn commit: r565599 - in /geronimo/server/trunk: applications/console/geronimo-console-core/src/main/java/org/apache/geronimo/console/core/security/ applications/console/geronimo-console-standard/src/main/java/org/apache/geronimo/console/securitymanage...
Date Tue, 14 Aug 2007 06:29:14 GMT

On Aug 13, 2007, at 9:33 PM, Kevan Miller wrote:

> I'd also make the following changes.
>
> Comments? The Test updates are optional, but may as well clean  
> those up.

I agree with all of these except the  
CallerIdentityPasswordCredentialLoginModule.  I think there are two  
choices:

1. throw a FailedLoginException() in login if  resourcePrincipalName  
== null || userName == null || password == null
2. do nothing except return false in commit if resourcePrincipalName  
== null || userName == null || password == null.

I lean towards the second.  Normally we will already have verified  
that all the necessary info is present in a previous login module.   
If its not present, then if we don't add a PasswordCredential then I  
believe the authentication for the connector will use whatever  
default is configured which seems to me like a reasonable fallback.

thanks
david jencks

>
> --kevan
>
> coltrane:~/geronimo/server/trunk kevan$ svn diff
> Index: testsuite/enterprise-testsuite/sec-tests/sec-ejb/src/main/ 
> java/org/apache/geronimo/itest/TestLoginModule.java
> ===================================================================
> --- testsuite/enterprise-testsuite/sec-tests/sec-ejb/src/main/java/ 
> org/apache/geronimo/itest/TestLoginModule.java	(revision 565610)
> +++ testsuite/enterprise-testsuite/sec-tests/sec-ejb/src/main/java/ 
> org/apache/geronimo/itest/TestLoginModule.java	(working copy)
> @@ -69,7 +69,10 @@
>          }
>          user = ((NameCallback)callbacks[0]).getName();
>          String password = new String(((PasswordCallback)callbacks 
> [1]).getPassword());
> -        return user.equals(password) && users.contains(user);
> +        if (user.equals(password) && users.contains(user)) {
> +            return true;
> +        }
> +        throw new LoginException();
>      }
>      public boolean commit() throws LoginException {
> Index: modules/geronimo-security/src/main/java/org/apache/geronimo/ 
> security/jaas/UPCredentialLoginModule.java
> ===================================================================
> --- modules/geronimo-security/src/main/java/org/apache/geronimo/ 
> security/jaas/UPCredentialLoginModule.java	(revision 565610)
> +++ modules/geronimo-security/src/main/java/org/apache/geronimo/ 
> security/jaas/UPCredentialLoginModule.java	(working copy)
> @@ -72,7 +72,7 @@
>          String username = ((NameCallback) callbacks[0]).getName();
>          char[] password = ((PasswordCallback) callbacks 
> [1]).getPassword();
> -        if (username == null || password == null) return true;
> +        if (username == null || password == null) return false;
>          upCredential = new UsernamePasswordCredential(username,  
> password);
> Index: modules/geronimo-connector/src/main/java/org/apache/geronimo/ 
> connector/outbound/security/ 
> CallerIdentityPasswordCredentialLoginModule.java
> ===================================================================
> --- modules/geronimo-connector/src/main/java/org/apache/geronimo/ 
> connector/outbound/security/ 
> CallerIdentityPasswordCredentialLoginModule.java	(revision 565610)
> +++ modules/geronimo-connector/src/main/java/org/apache/geronimo/ 
> connector/outbound/security/ 
> CallerIdentityPasswordCredentialLoginModule.java	(working copy)
> @@ -81,10 +81,13 @@
>          resourcePrincipalName = ((NameCallback) callbacks 
> [0]).getName();
>          userName = ((NameCallback) callbacks[0]).getName();
>          password = ((PasswordCallback) callbacks[1]).getPassword();
> -        return resourcePrincipalName != null && userName != null  
> && password != null;
> +        return false;
>      }
>      public boolean commit() throws LoginException {
> +        if (resourcePrincipalName == null || userName == null ||  
> password == null) {
> +            throw new LoginException();
> +        }
>          subject.getPrincipals().add(new ResourcePrincipal 
> (resourcePrincipalName));
>          PasswordCredential passwordCredential = new  
> PasswordCredential(userName, password);
>          passwordCredential.setManagedConnectionFactory 
> (managedConnectionFactory);
> Index: modules/geronimo-jmx-remoting/src/test/java/org/apache/ 
> geronimo/jmxremoting/AuthenticatorTest.java
> ===================================================================
> --- modules/geronimo-jmx-remoting/src/test/java/org/apache/geronimo/ 
> jmxremoting/AuthenticatorTest.java	(revision 565610)
> +++ modules/geronimo-jmx-remoting/src/test/java/org/apache/geronimo/ 
> jmxremoting/AuthenticatorTest.java	(working copy)
> @@ -112,7 +112,10 @@
>                  if (password == null) {
>                      throw new FailedLoginException();
>                  }
> -                return password.equals(new String 
> (passwordCallback.getPassword()));
> +                if (password.equals(new String 
> (passwordCallback.getPassword()))) {
> +                    return true;
> +                }
> +                throw new FailedLoginException();
>              } catch (java.io.IOException e) {
>                  throw new FailedLoginException();
>              } catch (UnsupportedCallbackException e) {
>


Mime
View raw message