geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a..@apache.org
Subject svn commit: r280164 - /geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/
Date Sun, 11 Sep 2005 18:55:30 GMT
Author: adc
Date: Sun Sep 11 11:55:15 2005
New Revision: 280164

URL: http://svn.apache.org/viewcvs?rev=280164&view=rev
Log:
Some notes put in when re-familiarizing myself with the code plus some fussy code cleanups.

Modified:
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DecouplingCallbackHandler.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginServiceMBean.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java
    geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleConfiguration.java

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DecouplingCallbackHandler.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DecouplingCallbackHandler.java?rev=280164&r1=280163&r2=280164&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DecouplingCallbackHandler.java
(original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/DecouplingCallbackHandler.java
Sun Sep 11 11:55:15 2005
@@ -37,8 +37,7 @@
     public DecouplingCallbackHandler() {
     }
 
-    public void handle(Callback[] callbacks)
-            throws IllegalArgumentException, UnsupportedCallbackException {
+    public void handle(Callback[] callbacks) throws IllegalArgumentException, UnsupportedCallbackException
{
         if (exploring) {
             source = callbacks;
             throw new UnsupportedCallbackException(callbacks != null && callbacks.length
> 0 ? callbacks[0] : null, "DO NOT PROCEED WITH THIS LOGIN");

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java?rev=280164&r1=280163&r2=280164&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java
(original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginCoordinator.java
Sun Sep 11 11:55:15 2005
@@ -24,25 +24,26 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
+import javax.management.MalformedObjectNameException;
+import javax.management.ObjectName;
 import javax.security.auth.Subject;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.login.LoginException;
 import javax.security.auth.spi.LoginModule;
-import javax.management.ObjectName;
-import javax.management.MalformedObjectNameException;
 
-import org.apache.geronimo.kernel.KernelRegistry;
 import org.apache.geronimo.kernel.Kernel;
+import org.apache.geronimo.kernel.KernelRegistry;
 import org.apache.geronimo.security.remoting.jmx.JaasLoginServiceRemotingClient;
 
+
 /**
  * A LoginModule implementation which connects to a Geronimo server under
  * the covers, and uses Geronimo realms to resolve the login.  It handles a
  * mix of client-side and server-side login modules.  It treats any client
  * side module as something it should manage and execute, while a server side
  * login module would be managed and executed by the Geronimo server.
- *
+ * <p/>
  * Note that this can actually be run from within a Geronimo server, in which
  * case the client/server distinction is somewhat less important, and the
  * communication is optimized by avoiding network traffic.
@@ -64,16 +65,14 @@
     private CallbackHandler handler;
     private Subject subject;
     private Set processedPrincipals = new HashSet();
-    private JaasLoginModuleConfiguration[] config;
-    private JaasClientId client;
+    private JaasClientId clientHandle;
     LoginModuleConfiguration[] workers;
 
-    public void initialize(Subject subject, CallbackHandler callbackHandler,
-                           Map sharedState, Map options) {
+    public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState,
Map options) {
         serverHost = (String) options.get(OPTION_HOST);
         Object port = options.get(OPTION_PORT);
-        if(port != null) {
-            serverPort = Integer.parseInt((String)port);
+        if (port != null) {
+            serverPort = Integer.parseInt((String) port);
         }
         realmName = (String) options.get(OPTION_REALM);
         kernelName = (String) options.get(OPTION_KERNEL);
@@ -85,7 +84,7 @@
         }
         service = connect();
         handler = callbackHandler;
-        if(subject == null) {
+        if (subject == null) {
             this.subject = new Subject();
         } else {
             this.subject = subject;
@@ -94,12 +93,13 @@
     }
 
     public boolean login() throws LoginException {
-        client = service.connectToRealm(realmName);
-        config = service.getLoginConfiguration(client);
+        clientHandle = service.connectToRealm(realmName);
+        JaasLoginModuleConfiguration[] config = service.getLoginConfiguration(clientHandle);
         workers = new LoginModuleConfiguration[config.length];
+
         for (int i = 0; i < workers.length; i++) {
             LoginModule wrapper;
-            if(config[i].isServerSide()) { 
+            if (config[i].isServerSide()) {
                 wrapper = new ServerLoginModule(i);
             } else {
                 LoginModule source = config[i].getLoginModule(JaasLoginCoordinator.class.getClassLoader());
@@ -108,14 +108,14 @@
             workers[i] = new LoginModuleConfiguration(wrapper, config[i].getFlag());
             workers[i].getModule().initialize(subject, handler, new HashMap(), config[i].getOptions());
         }
-        return LoginUtils.computeLogin(workers);
+        return performLogin(workers);
     }
 
     public boolean commit() throws LoginException {
         for (int i = 0; i < workers.length; i++) {
             workers[i].getModule().commit();
         }
-        Principal[] principals = service.loginSucceeded(client);
+        Principal[] principals = service.loginSucceeded(clientHandle);
         for (int i = 0; i < principals.length; i++) {
             Principal principal = principals[i];
             subject.getPrincipals().add(principal);
@@ -129,7 +129,7 @@
                 workers[i].getModule().abort();
             }
         } finally {
-            service.loginFailed(client);
+            service.loginFailed(clientHandle);
         }
         clear();
         return true;
@@ -141,7 +141,7 @@
                 workers[i].getModule().logout();
             }
         } finally {
-            service.logout(client);
+            service.logout(clientHandle);
         }
         clear();
         return true;
@@ -160,13 +160,12 @@
         handler = null;
         subject = null;
         processedPrincipals.clear();
-        config = null;
-        client = null;
+        clientHandle = null;
         workers = null;
     }
 
     private JaasLoginServiceMBean connect() {
-        if(serverHost != null && serverPort > 0) {
+        if (serverHost != null && serverPort > 0) {
             return JaasLoginServiceRemotingClient.create(serverHost, serverPort);
         } else {
             Kernel kernel = KernelRegistry.getKernel(kernelName);
@@ -174,6 +173,52 @@
         }
     }
 
+    /**
+     * See http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/login/Configuration.html
+     *
+     * @param modules
+     * @return
+     * @throws LoginException
+     */
+    private static boolean performLogin(LoginModuleConfiguration[] modules) throws LoginException
{
+        Boolean success = null;
+        Boolean backup = null;
+
+        for (int i = 0; i < modules.length; i++) {
+            LoginModuleConfiguration module = modules[i];
+            boolean result = module.getModule().login();
+            if (module.getControlFlag() == LoginModuleControlFlag.REQUIRED) {
+                if (success == null || success.booleanValue()) {
+                    success = result ? Boolean.TRUE : Boolean.FALSE;
+                }
+            } else if (module.getControlFlag() == LoginModuleControlFlag.REQUISITE) {
+                if (!result) {
+                    return false;
+                } else if (success == null) {
+                    success = Boolean.TRUE;
+                }
+            } else if (module.getControlFlag() == LoginModuleControlFlag.SUFFICIENT) {
+                if (result && (success == null || success.booleanValue())) {
+                    return true;
+                }
+            } else if (module.getControlFlag() == LoginModuleControlFlag.OPTIONAL) {
+                if (backup == null || backup.booleanValue()) {
+                    backup = result ? Boolean.TRUE : Boolean.FALSE;
+                }
+            }
+        }
+        // all required and requisite modules succeeded, or at least one required module
failed
+        if (success != null) {
+            return success.booleanValue();
+        }
+        // no required or requisite modules, no sufficient modules succeeded, fall back to
optional modules
+        if (backup != null) {
+            return backup.booleanValue();
+        }
+        // perhaps only a sufficient module, and it failed
+        return false;
+    }
+
     private class ClientLoginModule implements LoginModule {
         private LoginModule source;
         int index;
@@ -183,26 +228,33 @@
             this.index = index;
         }
 
-        public void initialize(Subject subject, CallbackHandler callbackHandler,
-                               Map sharedState, Map options) {
+        public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState,
Map options) {
             source.initialize(subject, callbackHandler, sharedState, options);
         }
 
         public boolean login() throws LoginException {
-           return source.login();
+            return source.login();
         }
 
+        /**
+         * Commit the LoginModule that is being wrapped.  Send the resulting
+         * principals that are obtained back to the server.
+         *
+         * @return true if this method succeeded, or false if this
+         *         <code>LoginModule</code> should be ignored.
+         * @throws LoginException if commit fails
+         */
         public boolean commit() throws LoginException {
             boolean result = source.commit();
             List list = new ArrayList();
             for (Iterator it = subject.getPrincipals().iterator(); it.hasNext();) {
                 Principal p = (Principal) it.next();
-                if(!processedPrincipals.contains(p)) {
+                if (!processedPrincipals.contains(p)) {
                     list.add(p);
                     processedPrincipals.add(p);
                 }
             }
-            service.clientLoginModuleCommit(client, index, (Principal[]) list.toArray(new
Principal[list.size()]));
+            service.clientLoginModuleCommit(clientHandle, index, (Principal[]) list.toArray(new
Principal[list.size()]));
             return result;
         }
 
@@ -224,30 +276,41 @@
             this.index = index;
         }
 
-        public void initialize(Subject subject, CallbackHandler handler,
-                               Map sharedState, Map options) {
+        public void initialize(Subject subject, CallbackHandler handler, Map sharedState,
Map options) {
             this.handler = handler;
         }
 
+        /**
+         * Perform a login on the server side.
+         * <p/>
+         * Here we get the Callbacks from the server side, pass them to the
+         * local handler so that they may be filled.  We pass the resulting
+         * set of Callbacks back to the server.
+         *
+         * @return true if the authentication succeeded, or false if this
+         *         <code>LoginModule</code> should be ignored.
+         * @throws LoginException if the authentication fails
+         */
         public boolean login() throws LoginException {
             try {
-                callbacks = service.getServerLoginCallbacks(client, index);
-                if(handler != null) {
+                callbacks = service.getServerLoginCallbacks(clientHandle, index);
+                if (handler != null) {
                     handler.handle(callbacks);
-                } else if(callbacks != null && callbacks.length > 0) {
-                    System.err.println("No callback handler available for "+callbacks.length+"
callbacks!");
+                } else if (callbacks != null && callbacks.length > 0) {
+                    System.err.println("No callback handler available for " + callbacks.length
+ " callbacks!");
                 }
-                return service.performServerLogin(client, index, callbacks);
-            } catch (LoginException e) {
-                throw e;
+                return service.performServerLogin(clientHandle, index, callbacks);
+            } catch (LoginException le) {
+                throw le;
             } catch (Exception e) {
-                e.printStackTrace();
-                throw new LoginException("Unable to log in: "+e.getMessage());
+                LoginException le = new LoginException("Error filling callback list");
+                le.initCause(e);
+                throw le;
             }
         }
 
         public boolean commit() throws LoginException {
-            return service.serverLoginModuleCommit(client, index);
+            return service.serverLoginModuleCommit(clientHandle, index);
         }
 
         public boolean abort() throws LoginException {

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java?rev=280164&r1=280163&r2=280164&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java
(original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginService.java
Sun Sep 11 11:55:15 2005
@@ -30,7 +30,6 @@
 import javax.crypto.Mac;
 import javax.crypto.SecretKey;
 import javax.crypto.spec.SecretKeySpec;
-import javax.management.ObjectName;
 import javax.security.auth.Subject;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.login.LoginException;
@@ -38,20 +37,20 @@
 
 import EDU.oswego.cs.dl.util.concurrent.ClockDaemon;
 import EDU.oswego.cs.dl.util.concurrent.ThreadFactory;
-
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+
 import org.apache.geronimo.common.GeronimoSecurityException;
 import org.apache.geronimo.gbean.GBeanInfo;
 import org.apache.geronimo.gbean.GBeanInfoBuilder;
 import org.apache.geronimo.gbean.GBeanLifecycle;
 import org.apache.geronimo.gbean.ReferenceCollection;
-import org.apache.geronimo.kernel.jmx.JMXUtil;
+import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
 import org.apache.geronimo.security.ContextManager;
 import org.apache.geronimo.security.IdentificationPrincipal;
 import org.apache.geronimo.security.SubjectId;
 import org.apache.geronimo.security.realm.SecurityRealm;
-import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
+
 
 /**
  * The single point of contact for Geronimo JAAS realms.  Instead of attempting
@@ -77,10 +76,10 @@
     private int expiredLoginScanIntervalMillis = DEFAULT_EXPIRED_LOGIN_SCAN_INTERVAL;
     private int maxLoginDurationMillis = DEFAULT_MAX_LOGIN_DURATION;
 
+
     public JaasLoginService(String algorithm, String password, ClassLoader classLoader, String
objectName) {
         this.classLoader = classLoader;
         this.algorithm = algorithm;
-        //todo: password could just be randomly generated??
         key = new SecretKeySpec(password.getBytes(), algorithm);
         this.objectName = objectName;
     }
@@ -157,7 +156,7 @@
      * with the server.  On the server side, that means maintaining the
      * Subject and Principals for the user.
      *
-     * @return The UserIdentifier used as an argument for the rest of the
+     * @return The client handle used as an argument for the rest of the
      *         methods in this class.
      */
     public JaasClientId connectToRealm(String realmName) {
@@ -174,8 +173,8 @@
      * Gets the login module configuration for the specified realm.  The
      * caller needs that in order to perform the authentication process.
      */
-    public JaasLoginModuleConfiguration[] getLoginConfiguration(JaasClientId userIdentifier)
throws LoginException {
-        JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(userIdentifier);
+    public JaasLoginModuleConfiguration[] getLoginConfiguration(JaasClientId clientHandle)
throws LoginException {
+        JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(clientHandle);
         if (context == null) {
             throw new ExpiredLoginModuleException();
         }
@@ -195,11 +194,11 @@
      * server-side, the client gets the callbacks (using this method),
      * populates them, and sends them back to the server.
      */
-    public Callback[] getServerLoginCallbacks(JaasClientId userIdentifier, int loginModuleIndex)
throws LoginException {
-        JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(userIdentifier);
+    public Callback[] getServerLoginCallbacks(JaasClientId clientHandle, int loginModuleIndex)
throws LoginException {
+        JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(clientHandle);
         checkContext(context, loginModuleIndex, true);
         LoginModule module = context.getLoginModule(loginModuleIndex);
-        //todo: properly handle shared state
+
         context.getHandler().setExploring();
         try {
             module.initialize(context.getSubject(), context.getHandler(), new HashMap(),
context.getOptions(loginModuleIndex));
@@ -218,15 +217,6 @@
         return context.getHandler().finalizeCallbackList();
     }
 
-    private void checkContext(JaasSecurityContext context, int loginModuleIndex, boolean
expectServerSide) throws LoginException {
-        if (context == null) {
-            throw new ExpiredLoginModuleException();
-        }
-        if (loginModuleIndex < 0 || loginModuleIndex >= context.getModules().length
|| (context.isServerSide(loginModuleIndex) != expectServerSide)) {
-            throw new LoginException("Invalid login module specified");
-        }
-    }
-
     /**
      * Returns populated callbacks for a server side login module.  When the
      * client is going through the configured login modules, if a specific
@@ -234,8 +224,8 @@
      * server-side, the client gets the callbacks, populates them, and sends
      * them back to the server (using this method).
      */
-    public boolean performServerLogin(JaasClientId userIdentifier, int loginModuleIndex,
Callback[] results) throws LoginException {
-        JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(userIdentifier);
+    public boolean performServerLogin(JaasClientId clientHandle, int loginModuleIndex, Callback[]
results) throws LoginException {
+        JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(clientHandle);
         checkContext(context, loginModuleIndex, true);
         try {
             context.getHandler().setClientResponse(results);
@@ -251,8 +241,8 @@
      * once for each client-side login module, to specify Principals for each
      * module.
      */
-    public void clientLoginModuleCommit(JaasClientId userIdentifier, int loginModuleIndex,
Principal[] clientLoginModulePrincipals) throws LoginException {
-        JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(userIdentifier);
+    public void clientLoginModuleCommit(JaasClientId clientHandle, int loginModuleIndex,
Principal[] clientLoginModulePrincipals) throws LoginException {
+        JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(clientHandle);
         checkContext(context, loginModuleIndex, false);
         context.processPrincipals(clientLoginModulePrincipals, context.getLoginDomainName(loginModuleIndex));
     }
@@ -263,8 +253,8 @@
      * once for each server-side login module that was processed before the
      * overall authentication succeeded.
      */
-    public boolean serverLoginModuleCommit(JaasClientId userIdentifier, int loginModuleIndex)
throws LoginException {
-        JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(userIdentifier);
+    public boolean serverLoginModuleCommit(JaasClientId clientHandle, int loginModuleIndex)
throws LoginException {
+        JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(clientHandle);
         checkContext(context, loginModuleIndex, true);
         boolean result = context.getLoginModule(loginModuleIndex).commit();
         context.processPrincipals(context.getLoginDomainName(loginModuleIndex));
@@ -275,8 +265,8 @@
      * Indicates that the overall login succeeded.  All login modules that were
      * touched should have been logged in and committed before calling this.
      */
-    public Principal[] loginSucceeded(JaasClientId userIdentifier) throws LoginException
{
-        JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(userIdentifier);
+    public Principal[] loginSucceeded(JaasClientId clientHandle) throws LoginException {
+        JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(clientHandle);
         if (context == null) {
             throw new ExpiredLoginModuleException();
         }
@@ -301,21 +291,21 @@
      * Indicates that the overall login failed, and the server should release
      * any resources associated with the user ID.
      */
-    public void loginFailed(JaasClientId userIdentifier) {
-        activeLogins.remove(userIdentifier);
+    public void loginFailed(JaasClientId clientHandle) {
+        activeLogins.remove(clientHandle);
     }
 
     /**
      * Indicates that the client has logged out, and the server should release
      * any resources associated with the user ID.
      */
-    public void logout(JaasClientId userIdentifier) throws LoginException {
-        JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(userIdentifier);
+    public void logout(JaasClientId clientHandle) throws LoginException {
+        JaasSecurityContext context = (JaasSecurityContext) activeLogins.get(clientHandle);
         if (context == null) {
             throw new ExpiredLoginModuleException();
         }
         ContextManager.unregisterSubject(context.getSubject());
-        activeLogins.remove(userIdentifier);
+        activeLogins.remove(clientHandle);
         for (int i = 0; i < context.getModules().length; i++) {
             if (context.isServerSide(i)) {
                 context.getLoginModule(i).logout();
@@ -323,6 +313,15 @@
         }
     }
 
+    private void checkContext(JaasSecurityContext context, int loginModuleIndex, boolean
expectServerSide) throws LoginException {
+        if (context == null) {
+            throw new ExpiredLoginModuleException();
+        }
+        if (loginModuleIndex < 0 || loginModuleIndex >= context.getModules().length
|| (context.isServerSide(loginModuleIndex) != expectServerSide)) {
+            throw new LoginException("Invalid login module specified");
+        }
+    }
+
     /**
      * Prepares a new security context for a new client.  Each client uses a
      * unique security context to sture their authentication progress,
@@ -392,6 +391,7 @@
     }
 
     private class ExpirationMonitor implements Runnable { //todo: different timeouts per
realm?
+
         public void run() {
             long now = System.currentTimeMillis();
             List list = new LinkedList();
@@ -419,7 +419,7 @@
     public static final GBeanInfo GBEAN_INFO;
 
     static {
-        GBeanInfoBuilder infoFactory = new GBeanInfoBuilder(JaasLoginService.class, "JaasLoginService");
//just a gbean
+        GBeanInfoBuilder infoFactory = new GBeanInfoBuilder(JaasLoginService.class, "JaasLoginService");
 
         infoFactory.addAttribute("algorithm", String.class, true);
         infoFactory.addAttribute("password", String.class, true);

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginServiceMBean.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginServiceMBean.java?rev=280164&r1=280163&r2=280164&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginServiceMBean.java
(original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasLoginServiceMBean.java
Sun Sep 11 11:55:15 2005
@@ -81,7 +81,7 @@
      * Gets the login module configuration for the specified realm.  The
      * caller needs that in order to perform the authentication process.
      */
-    public JaasLoginModuleConfiguration[] getLoginConfiguration(JaasClientId userIdentifier)
throws LoginException ;
+    public JaasLoginModuleConfiguration[] getLoginConfiguration(JaasClientId clientHandle)
throws LoginException ;
 
     /**
      * Retrieves callbacks for a server side login module.  When the client
@@ -90,7 +90,7 @@
      * server-side, the client gets the callbacks (using this method),
      * populates them, and sends them back to the server.
      */
-    public Callback[] getServerLoginCallbacks(JaasClientId userIdentifier, int loginModuleIndex)
throws LoginException;
+    public Callback[] getServerLoginCallbacks(JaasClientId clientHandle, int loginModuleIndex)
throws LoginException;
 
     /**
      * Returns populated callbacks for a server side login module.  When the
@@ -99,7 +99,7 @@
      * server-side, the client gets the callbacks, populates them, and sends
      * them back to the server (using this method).
      */
-    public boolean performServerLogin(JaasClientId userIdentifier, int loginModuleIndex,
Callback[] results) throws LoginException;
+    public boolean performServerLogin(JaasClientId clientHandle, int loginModuleIndex, Callback[]
results) throws LoginException;
 
     /**
      * Indicates that the overall login succeeded, and some principals were
@@ -107,7 +107,7 @@
      * once for each client-side login module, to specify Principals for each
      * module.
      */
-    public void clientLoginModuleCommit(JaasClientId userIdentifier, int loginModuleIndex,
Principal[] clientLoginModulePrincipals) throws LoginException;
+    public void clientLoginModuleCommit(JaasClientId clientHandle, int loginModuleIndex,
Principal[] clientLoginModulePrincipals) throws LoginException;
 
     /**
      * Indicates that the overall login succeeded, and a particular server-side
@@ -115,23 +115,23 @@
      * once for each server-side login module that was processed before the
      * overall authentication succeeded.
      */
-    public boolean serverLoginModuleCommit(JaasClientId userIdentifier, int loginModuleIndex)
throws LoginException;
+    public boolean serverLoginModuleCommit(JaasClientId clientHandle, int loginModuleIndex)
throws LoginException;
 
     /**
      * Indicates that the overall login succeeded.  All login modules that were
      * touched should have been logged in and committed before calling this.
      */
-    public Principal[] loginSucceeded(JaasClientId userIdentifier) throws LoginException;
+    public Principal[] loginSucceeded(JaasClientId clientHandle) throws LoginException;
 
     /**
      * Indicates that the overall login failed, and the server should release
      * any resources associated with the user ID.
      */
-    public void loginFailed(JaasClientId userIdentifier);
+    public void loginFailed(JaasClientId clientHandle);
 
     /**
      * Indicates that the client has logged out, and the server should release
      * any resources associated with the user ID.
      */
-    public void logout(JaasClientId userIdentifier) throws LoginException;
+    public void logout(JaasClientId clientHandle) throws LoginException;
 }

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java?rev=280164&r1=280163&r2=280164&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java
(original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/JaasSecurityContext.java
Sun Sep 11 11:55:15 2005
@@ -43,7 +43,7 @@
     private boolean done;
     private final JaasLoginModuleConfiguration[] modules;
     private final LoginModule[] loginModules;
-    private DecouplingCallbackHandler handler;
+    private DecouplingCallbackHandler handler = new DecouplingCallbackHandler();
     private final Set processedPrincipals = new HashSet();
 
     public JaasSecurityContext(String realmName, JaasLoginModuleConfiguration[] modules,
ClassLoader classLoader) {
@@ -103,10 +103,8 @@
         checkRange(index);
         return modules[index].getOptions();
     }
+
     public DecouplingCallbackHandler getHandler() {
-        if(handler == null) { //lazy create
-            handler = new DecouplingCallbackHandler();
-        }
         return handler;
     }
 

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleConfiguration.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleConfiguration.java?rev=280164&r1=280163&r2=280164&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleConfiguration.java
(original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/jaas/LoginModuleConfiguration.java
Sun Sep 11 11:55:15 2005
@@ -24,8 +24,8 @@
  * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $
  */
 public class LoginModuleConfiguration {
-    private LoginModule module;
-    private LoginModuleControlFlag controlFlag;
+    private final LoginModule module;
+    private final LoginModuleControlFlag controlFlag;
 
     public LoginModuleConfiguration(LoginModule module, LoginModuleControlFlag controlFlag)
{
         this.module = module;



Mime
View raw message