geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r225726 - in /geronimo/branches/v1_0_M4-QA/modules/security/src: java/org/apache/geronimo/security/jaas/ test/org/apache/geronimo/security/jaas/
Date Thu, 28 Jul 2005 08:03:57 GMT
Author: djencks
Date: Thu Jul 28 01:03:54 2005
New Revision: 225726

URL: http://svn.apache.org/viewcvs?rev=225726&view=rev
Log:
GERONIMO-677 dont reuse login modules

Modified:
    geronimo/branches/v1_0_M4-QA/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java
    geronimo/branches/v1_0_M4-QA/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java
    geronimo/branches/v1_0_M4-QA/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java
    geronimo/branches/v1_0_M4-QA/modules/security/src/test/org/apache/geronimo/security/jaas/MultipleLoginDomainTest.java

Modified: geronimo/branches/v1_0_M4-QA/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java
URL: http://svn.apache.org/viewcvs/geronimo/branches/v1_0_M4-QA/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java?rev=225726&r1=225725&r2=225726&view=diff
==============================================================================
--- geronimo/branches/v1_0_M4-QA/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java
(original)
+++ geronimo/branches/v1_0_M4-QA/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginModuleConfiguration.java
Thu Jul 28 01:03:54 2005
@@ -39,7 +39,6 @@
     private LoginModuleControlFlag flag;
     private String loginModuleName;
     private Map options;
-    private transient LoginModule loginModule;
 
     public JaasLoginModuleConfiguration(String loginModuleName, LoginModuleControlFlag flag,
Map options, boolean serverSide, String loginDomainName) {
         this.serverSide = serverSide;
@@ -48,6 +47,7 @@
         this.options = options;
         this.loginDomainName = loginDomainName;
     }
+
     public JaasLoginModuleConfiguration(String loginModuleName, LoginModuleControlFlag flag,
Map options, boolean serverSide) {
         this(loginModuleName, flag, options, serverSide, null);
     }
@@ -57,14 +57,11 @@
     }
 
     public LoginModule getLoginModule(ClassLoader loader) throws GeronimoSecurityException
{
-        if(loginModule == null) {
-            try {
-                loginModule = (LoginModule) loader.loadClass(loginModuleName).newInstance();
-            } catch (Exception e) {
-                throw new GeronimoSecurityException("Unable to instantiate login module",
e);
-            }
+        try {
+            return (LoginModule) loader.loadClass(loginModuleName).newInstance();
+        } catch (Exception e) {
+            throw new GeronimoSecurityException("Unable to instantiate login module", e);
         }
-        return loginModule;
     }
 
     public boolean isServerSide() {
@@ -92,7 +89,7 @@
         for (Iterator it = options.keySet().iterator(); it.hasNext();) {
             String key = (String) it.next();
             Object value = options.get(key);
-            if(value instanceof Serializable || value instanceof Externalizable || value
instanceof Remote) {
+            if (value instanceof Serializable || value instanceof Externalizable || value
instanceof Remote) {
                 other.put(key, value);
             }
         }

Modified: geronimo/branches/v1_0_M4-QA/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java
URL: http://svn.apache.org/viewcvs/geronimo/branches/v1_0_M4-QA/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java?rev=225726&r1=225725&r2=225726&view=diff
==============================================================================
--- geronimo/branches/v1_0_M4-QA/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java
(original)
+++ geronimo/branches/v1_0_M4-QA/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java
Thu Jul 28 01:03:54 2005
@@ -65,7 +65,7 @@
     public static final ObjectName OBJECT_NAME = JMXUtil.getObjectName("geronimo.server:J2EEApplication=null,J2EEModule=org/apache/geronimo/Server,J2EEServer=geronimo,j2eeType=GBean,name=JaasLoginService");
     public static final Log log = LogFactory.getLog(JaasLoginService.class);
     private final static int DEFAULT_EXPIRED_LOGIN_SCAN_INTERVAL = 300000; // 5 mins
-    private final static int DEFAULT_MAX_LOGIN_DURATION =  1000 * 3600 * 24; // 1 day
+    private final static int DEFAULT_MAX_LOGIN_DURATION = 1000 * 3600 * 24; // 1 day
     private final static ClockDaemon clockDaemon;
     private static long nextLoginModuleId = System.currentTimeMillis();
     private ReferenceCollection realms;
@@ -110,7 +110,7 @@
      * GBean property
      */
     public void setMaxLoginDurationMillis(int maxLoginDurationMillis) {
-        if(maxLoginDurationMillis == 0) {
+        if (maxLoginDurationMillis == 0) {
             maxLoginDurationMillis = DEFAULT_MAX_LOGIN_DURATION;
         }
         this.maxLoginDurationMillis = maxLoginDurationMillis;
@@ -127,7 +127,7 @@
      * GBean property
      */
     public void setExpiredLoginScanIntervalMillis(int expiredLoginScanIntervalMillis) {
-        if(expiredLoginScanIntervalMillis == 0) {
+        if (expiredLoginScanIntervalMillis == 0) {
             expiredLoginScanIntervalMillis = DEFAULT_EXPIRED_LOGIN_SCAN_INTERVAL;
         }
         this.expiredLoginScanIntervalMillis = expiredLoginScanIntervalMillis;
@@ -158,8 +158,8 @@
     public JaasClientId connectToRealm(String realmName) {
         SecurityRealm realm = null;
         realm = getRealm(realmName);
-        if(realm == null) {
-            throw new GeronimoSecurityException("No such realm ("+realmName+")");
+        if (realm == null) {
+            throw new GeronimoSecurityException("No such realm (" + realmName + ")");
         } else {
             return initializeClient(realm);
         }
@@ -171,7 +171,7 @@
      */
     public JaasLoginModuleConfiguration[] getLoginConfiguration(JaasClientId userIdentifier)
throws LoginException {
         JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(userIdentifier);
-        if(context == null) {
+        if (context == null) {
             throw new ExpiredLoginModuleException();
         }
         JaasLoginModuleConfiguration[] config = context.getModules();
@@ -192,31 +192,36 @@
      */
     public Callback[] getServerLoginCallbacks(JaasClientId userIdentifier, int loginModuleIndex)
throws LoginException {
         JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(userIdentifier);
-        if(context == null) {
-            throw new ExpiredLoginModuleException();
-        }
-        if(loginModuleIndex < 0 || loginModuleIndex >= context.getModules().length
|| !context.getModules()[loginModuleIndex].isServerSide()) {
-            throw new LoginException("Invalid login module specified");
-        }
-        JaasLoginModuleConfiguration config = context.getModules()[loginModuleIndex];
-        LoginModule module = config.getLoginModule(classLoader);
+        checkContext(context, loginModuleIndex, true);
+        LoginModule module = context.getLoginModule(loginModuleIndex);
         //todo: properly handle shared state
         context.getHandler().setExploring();
         try {
-            module.initialize(context.getSubject(), context.getHandler(), new HashMap(),
config.getOptions());
+            module.initialize(context.getSubject(), context.getHandler(), new HashMap(),
context.getOptions(loginModuleIndex));
         } catch (Exception e) {
             System.err.println("Failed to initialize module");
             e.printStackTrace();
         }
         try {
             module.login();
-        } catch (LoginException e) {}
+        } catch (LoginException e) {
+        }
         try {
             module.abort();
-        } catch(LoginException e) {}
+        } catch (LoginException e) {
+        }
         return context.getHandler().finalizeCallbackList();
     }
 
+    private void checkContext(JaasSecurityContext context, int loginModuleIndex, boolean
expectServerSide) throws LoginException {
+        if (context == null) {
+            throw new ExpiredLoginModuleException();
+        }
+        if (loginModuleIndex < 0 || loginModuleIndex >= context.getModules().length
|| (context.isServerSide(loginModuleIndex) != expectServerSide)) {
+            throw new LoginException("Invalid login module specified");
+        }
+    }
+
     /**
      * Returns populated callbacks for a server side login module.  When the
      * client is going through the configured login modules, if a specific
@@ -226,19 +231,13 @@
      */
     public boolean performServerLogin(JaasClientId userIdentifier, int loginModuleIndex,
Callback[] results) throws LoginException {
         JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(userIdentifier);
-        if(context == null) {
-            throw new ExpiredLoginModuleException();
-        }
-        if (loginModuleIndex < 0 || loginModuleIndex >= context.getModules().length
|| !context.getModules()[loginModuleIndex].isServerSide()) {
-            throw new LoginException("Invalid login module specified");
-        }
-        JaasLoginModuleConfiguration module = context.getModules()[loginModuleIndex];
+        checkContext(context, loginModuleIndex, true);
         try {
             context.getHandler().setClientResponse(results);
         } catch (IllegalArgumentException iae) {
             throw new LoginException(iae.toString());
         }
-        return module.getLoginModule(classLoader).login();
+        return context.getLoginModule(loginModuleIndex).login();
     }
 
     /**
@@ -249,13 +248,8 @@
      */
     public void clientLoginModuleCommit(JaasClientId userIdentifier, int loginModuleIndex,
Principal[] clientLoginModulePrincipals) throws LoginException {
         JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(userIdentifier);
-        if(context == null) {
-            throw new ExpiredLoginModuleException();
-        }
-        if(loginModuleIndex < 0 || loginModuleIndex >= context.getModules().length
|| context.getModules()[loginModuleIndex].isServerSide()) {
-            throw new LoginException("Invalid login module specified");
-        }
-        context.processPrincipals(clientLoginModulePrincipals, context.getModules()[loginModuleIndex].getLoginDomainName());
+        checkContext(context, loginModuleIndex, false);
+        context.processPrincipals(clientLoginModulePrincipals, context.getLoginDomainName(loginModuleIndex));
     }
 
     /**
@@ -266,15 +260,9 @@
      */
     public boolean serverLoginModuleCommit(JaasClientId userIdentifier, int loginModuleIndex)
throws LoginException {
         JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(userIdentifier);
-        if(context == null) {
-            throw new ExpiredLoginModuleException();
-        }
-        if(loginModuleIndex < 0 || loginModuleIndex >= context.getModules().length
|| !context.getModules()[loginModuleIndex].isServerSide()) {
-            throw new LoginException("Invalid login module specified");
-        }
-        JaasLoginModuleConfiguration module = context.getModules()[loginModuleIndex];
-        boolean result = module.getLoginModule(classLoader).commit();
-        context.processPrincipals(context.getModules()[loginModuleIndex].getLoginDomainName());
+        checkContext(context, loginModuleIndex, true);
+        boolean result = context.getLoginModule(loginModuleIndex).commit();
+        context.processPrincipals(context.getLoginDomainName(loginModuleIndex));
         return result;
     }
 
@@ -284,7 +272,7 @@
      */
     public Principal[] loginSucceeded(JaasClientId userIdentifier) throws LoginException
{
         JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(userIdentifier);
-        if(context == null) {
+        if (context == null) {
             throw new ExpiredLoginModuleException();
         }
 
@@ -294,7 +282,7 @@
         IdentificationPrincipal principal = new IdentificationPrincipal(id);
         subject.getPrincipals().add(principal);
         SecurityRealm realm = getRealm(context.getRealmName());
-        if(realm.isRestrictPrincipalsToServer()) {
+        if (realm.isRestrictPrincipalsToServer()) {
             return new Principal[]{principal};
         } else {
             List list = new ArrayList();
@@ -318,14 +306,14 @@
      */
     public void logout(JaasClientId userIdentifier) throws LoginException {
         JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(userIdentifier);
-        if(context == null) {
+        if (context == null) {
             throw new ExpiredLoginModuleException();
         }
         ContextManager.unregisterSubject(context.getSubject());
         activeLogins.remove(userIdentifier);
         for (int i = 0; i < context.getModules().length; i++) {
-            if(context.getModules()[i].isServerSide()) {
-                context.getModules()[i].getLoginModule(classLoader).logout();
+            if (context.isServerSide(i)) {
+                context.getLoginModule(i).logout();
             }
         }
     }
@@ -339,12 +327,13 @@
      */
     private JaasClientId initializeClient(SecurityRealm realm) {
         long id;
-        synchronized(JaasLoginService.class) {
+        synchronized (JaasLoginService.class) {
             id = ++nextLoginModuleId;
         }
         JaasClientId clientId = new JaasClientId(id, hash(id));
         JaasLoginModuleConfiguration[] modules = realm.getAppConfigurationEntries();
-        JaasSecurityContext context = new JaasSecurityContext(realm.getRealmName(), modules);
+        //TODO use of this classloader severely limits extensibility!!!
+        JaasSecurityContext context = new JaasSecurityContext(realm.getRealmName(), modules,
classLoader);
         activeLogins.put(clientId, context);
         return clientId;
     }
@@ -352,7 +341,7 @@
     private SecurityRealm getRealm(String realmName) {
         for (Iterator it = realms.iterator(); it.hasNext();) {
             SecurityRealm test = (SecurityRealm) it.next();
-            if(test.getRealmName().equals(realmName)) {
+            if (test.getRealmName().equals(realmName)) {
                 return test;
             }
         }
@@ -385,7 +374,6 @@
     }
 
 
-
     // This stuff takes care of whacking old logins
     static {
         clockDaemon = new ClockDaemon();
@@ -397,16 +385,17 @@
             }
         });
     }
+
     private class ExpirationMonitor implements Runnable { //todo: different timeouts per
realm?
         public void run() {
             long now = System.currentTimeMillis();
             List list = new LinkedList();
-            synchronized(activeLogins) {
+            synchronized (activeLogins) {
                 for (Iterator it = activeLogins.keySet().iterator(); it.hasNext();) {
                     JaasClientId id = (JaasClientId) it.next();
                     JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(id);
-                    int age = (int)(now-context.getCreated());
-                    if(context.isDone() || age > maxLoginDurationMillis) {
+                    int age = (int) (now - context.getCreated());
+                    if (context.isDone() || age > maxLoginDurationMillis) {
                         list.add(context);
                         context.setDone(true);
                         it.remove();
@@ -421,7 +410,6 @@
     }
 
 
-
     // This stuff takes care of making this object into a GBean
     public static final GBeanInfo GBEAN_INFO;
 
@@ -446,7 +434,7 @@
 
         infoFactory.addReference("Realms", SecurityRealm.class, NameFactory.SECURITY_REALM);
 
-        infoFactory.setConstructor(new String[] {"algorithm", "password", "classLoader"});
+        infoFactory.setConstructor(new String[]{"algorithm", "password", "classLoader"});
 
         GBEAN_INFO = infoFactory.getBeanInfo();
     }

Modified: geronimo/branches/v1_0_M4-QA/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java
URL: http://svn.apache.org/viewcvs/geronimo/branches/v1_0_M4-QA/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java?rev=225726&r1=225725&r2=225726&view=diff
==============================================================================
--- geronimo/branches/v1_0_M4-QA/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java
(original)
+++ geronimo/branches/v1_0_M4-QA/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java
Thu Jul 28 01:03:54 2005
@@ -22,7 +22,10 @@
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Set;
+import java.util.Map;
 import javax.security.auth.Subject;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
 
 import org.apache.geronimo.security.ContextManager;
 import org.apache.geronimo.security.RealmPrincipal;
@@ -34,20 +37,25 @@
  * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $
  */
 public class JaasSecurityContext {
-    private String realmName;
-    private Subject subject;
-    private long created;
+    private final String realmName;
+    private final Subject subject;
+    private final long created;
     private boolean done;
-    private JaasLoginModuleConfiguration[] modules;
+    private final JaasLoginModuleConfiguration[] modules;
+    private final LoginModule[] loginModules;
     private DecouplingCallbackHandler handler;
-    private Set processedPrincipals = new HashSet();
+    private final Set processedPrincipals = new HashSet();
 
-    public JaasSecurityContext(String realmName, JaasLoginModuleConfiguration[] modules)
{
+    public JaasSecurityContext(String realmName, JaasLoginModuleConfiguration[] modules,
ClassLoader classLoader) {
         this.realmName = realmName;
         this.created = System.currentTimeMillis();
         this.done = false;
         this.modules = modules;
         subject = new Subject();
+        loginModules = new LoginModule[modules.length];
+        for (int i = 0; i < modules.length; i++) {
+            loginModules[i] = modules[i].getLoginModule(classLoader);
+        }
     }
 
     public Subject getSubject() {
@@ -70,6 +78,31 @@
         return modules;
     }
 
+    public LoginModule getLoginModule(int index) throws LoginException {
+        checkRange(index);
+        return loginModules[index];
+    }
+
+    private void checkRange(int index) throws LoginException {
+        if (index < 0 || index >= loginModules.length) {
+            throw new LoginException("Invalid index: " + index);
+        }
+    }
+
+    public boolean isServerSide(int index) throws LoginException {
+        checkRange(index);
+        return modules[index].isServerSide();
+    }
+
+    public String getLoginDomainName(int index) throws LoginException {
+        checkRange(index);
+        return modules[index].getLoginDomainName();
+    }
+
+    public Map getOptions(int index) throws LoginException {
+        checkRange(index);
+        return modules[index].getOptions();
+    }
     public DecouplingCallbackHandler getHandler() {
         if(handler == null) { //lazy create
             handler = new DecouplingCallbackHandler();

Modified: geronimo/branches/v1_0_M4-QA/modules/security/src/test/org/apache/geronimo/security/jaas/MultipleLoginDomainTest.java
URL: http://svn.apache.org/viewcvs/geronimo/branches/v1_0_M4-QA/modules/security/src/test/org/apache/geronimo/security/jaas/MultipleLoginDomainTest.java?rev=225726&r1=225725&r2=225726&view=diff
==============================================================================
--- geronimo/branches/v1_0_M4-QA/modules/security/src/test/org/apache/geronimo/security/jaas/MultipleLoginDomainTest.java
(original)
+++ geronimo/branches/v1_0_M4-QA/modules/security/src/test/org/apache/geronimo/security/jaas/MultipleLoginDomainTest.java
Thu Jul 28 01:03:54 2005
@@ -33,7 +33,7 @@
 public class MultipleLoginDomainTest extends TestCase {
 
     public void testDummy() throws Exception { }
-    
+
     /** this test demonstrates that naming login domains does not actually separate principals
from different login domains.
      * The crucial line is commented out so as to avoid breaking the build.
      * @throws Exception
@@ -42,7 +42,7 @@
         JaasLoginModuleConfiguration m1 = new JaasLoginModuleConfiguration(MockLoginModule.class.getName(),
LoginModuleControlFlag.REQUIRED, new HashMap(), true, "D1");
         JaasLoginModuleConfiguration m2 = new JaasLoginModuleConfiguration(MockLoginModule.class.getName(),
LoginModuleControlFlag.REQUIRED, new HashMap(), true, "D2");
         JaasLoginModuleConfiguration m3 = new JaasLoginModuleConfiguration(MockLoginModule2.class.getName(),
LoginModuleControlFlag.REQUIRED, new HashMap(), true, "D3");
-        JaasSecurityContext c = new JaasSecurityContext("realm", new JaasLoginModuleConfiguration[]
{m1, m2});
+        JaasSecurityContext c = new JaasSecurityContext("realm", new JaasLoginModuleConfiguration[]
{m1, m2}, this.getClass().getClassLoader());
         ClassLoader cl = this.getClass().getClassLoader();
         Subject s = c.getSubject();
         m1.getLoginModule(cl).initialize(s, null, null, null);



Mime
View raw message