Return-Path: Delivered-To: apmail-geronimo-scm-archive@www.apache.org Received: (qmail 83973 invoked from network); 18 Dec 2005 05:40:55 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 18 Dec 2005 05:40:55 -0000 Received: (qmail 66074 invoked by uid 500); 18 Dec 2005 05:40:55 -0000 Delivered-To: apmail-geronimo-scm-archive@geronimo.apache.org Received: (qmail 66066 invoked by uid 500); 18 Dec 2005 05:40:54 -0000 Mailing-List: contact scm-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list scm@geronimo.apache.org Received: (qmail 66053 invoked by uid 99); 18 Dec 2005 05:40:54 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 17 Dec 2005 21:40:54 -0800 X-ASF-Spam-Status: No, hits=-9.4 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [209.237.227.194] (HELO minotaur.apache.org) (209.237.227.194) by apache.org (qpsmtpd/0.29) with SMTP; Sat, 17 Dec 2005 21:40:53 -0800 Received: (qmail 83770 invoked by uid 65534); 18 Dec 2005 05:40:33 -0000 Message-ID: <20051218054032.83766.qmail@minotaur.apache.org> Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r357441 - in /geronimo/branches/1.0/modules: jetty/src/java/org/apache/geronimo/jetty/ security/src/java/org/apache/geronimo/security/jaas/client/ tomcat/src/java/org/apache/geronimo/tomcat/realm/ Date: Sun, 18 Dec 2005 05:40:31 -0000 To: scm@geronimo.apache.org From: hogstrom@apache.org X-Mailer: svnmailer-1.0.5 X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Author: hogstrom Date: Sat Dec 17 21:40:22 2005 New Revision: 357441 URL: http://svn.apache.org/viewcvs?rev=357441&view=rev Log: GERONIMO-1375 Login should not produce stack trace Modified: geronimo/branches/1.0/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyRealm.java geronimo/branches/1.0/modules/security/src/java/org/apache/geronimo/security/jaas/client/ServerLoginProxy.java geronimo/branches/1.0/modules/tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java Modified: geronimo/branches/1.0/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyRealm.java URL: http://svn.apache.org/viewcvs/geronimo/branches/1.0/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyRealm.java?rev=357441&r1=357440&r2=357441&view=diff ============================================================================== --- geronimo/branches/1.0/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyRealm.java (original) +++ geronimo/branches/1.0/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyRealm.java Sat Dec 17 21:40:22 2005 @@ -62,48 +62,57 @@ public Principal authenticate(String username, Object credentials, HttpRequest request) { try { - JAASJettyPrincipal userPrincipal = (JAASJettyPrincipal) userMap.get(username); + if ( (username!=null) && (!username.equals("")) ) { - //user has been previously authenticated, but - //re-authentication has been requested, so remove them - if (userPrincipal != null) { - userMap.remove(username); - } + JAASJettyPrincipal userPrincipal = (JAASJettyPrincipal) userMap.get(username); - ClearableCallbackHandler callbackHandler; - if (credentials instanceof char[]) { - char[] password = (char[]) credentials; - callbackHandler = new PasswordCallbackHandler(username, password); - } else if (credentials instanceof String) { - char[] password = ((String) credentials).toCharArray(); - callbackHandler = new PasswordCallbackHandler(username, password); - } else if (credentials instanceof X509Certificate[]) { - X509Certificate[] certs = (X509Certificate[]) credentials; - if (certs.length < 1) { - throw new LoginException("no certificates supplied"); + //user has been previously authenticated, but + //re-authentication has been requested, so remove them + if (userPrincipal != null) { + userMap.remove(username); + } + + ClearableCallbackHandler callbackHandler; + if (credentials instanceof char[]) { + char[] password = (char[]) credentials; + callbackHandler = new PasswordCallbackHandler(username, password); + } else if (credentials instanceof String) { + char[] password = ((String) credentials).toCharArray(); + callbackHandler = new PasswordCallbackHandler(username, password); + } else if (credentials instanceof X509Certificate[]) { + X509Certificate[] certs = (X509Certificate[]) credentials; + if (certs.length < 1) { + throw new LoginException("no certificates supplied"); + } + callbackHandler = new CertificateCallbackHandler(certs[0]); + } else { + throw new LoginException("Cannot extract credentials from class: " + credentials.getClass().getName()); } - callbackHandler = new CertificateCallbackHandler(certs[0]); - } else { - throw new LoginException("Cannot extract credentials from class: " + credentials.getClass().getName()); - } - //set up the login context - LoginContext loginContext = new LoginContext(loginDomainName, callbackHandler); - loginContext.login(); - callbackHandler.clear(); + //set up the login context + LoginContext loginContext = new LoginContext(loginDomainName, callbackHandler); + loginContext.login(); + callbackHandler.clear(); - Subject subject = ContextManager.getServerSideSubject(loginContext.getSubject()); - ContextManager.setCurrentCaller(subject); + Subject subject = ContextManager.getServerSideSubject(loginContext.getSubject()); + ContextManager.setCurrentCaller(subject); - //login success - userPrincipal = new JAASJettyPrincipal(username); - userPrincipal.setSubject(subject); + //login success + userPrincipal = new JAASJettyPrincipal(username); + userPrincipal.setSubject(subject); - userMap.put(username, userPrincipal); + userMap.put(username, userPrincipal); + + return userPrincipal; + } + else { + log.debug("Login Failed - null userID"); + return null; + } - return userPrincipal; } catch (LoginException e) { - log.warn("Login Failed", e); +// log.warn("Login Failed", e); + log.debug("Login Failed", e); return null; } } Modified: geronimo/branches/1.0/modules/security/src/java/org/apache/geronimo/security/jaas/client/ServerLoginProxy.java URL: http://svn.apache.org/viewcvs/geronimo/branches/1.0/modules/security/src/java/org/apache/geronimo/security/jaas/client/ServerLoginProxy.java?rev=357441&r1=357440&r2=357441&view=diff ============================================================================== --- geronimo/branches/1.0/modules/security/src/java/org/apache/geronimo/security/jaas/client/ServerLoginProxy.java (original) +++ geronimo/branches/1.0/modules/security/src/java/org/apache/geronimo/security/jaas/client/ServerLoginProxy.java Sat Dec 17 21:40:22 2005 @@ -21,6 +21,7 @@ import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.login.LoginException; +import javax.security.auth.login.FailedLoginException; import org.apache.geronimo.security.jaas.server.JaasSessionId; import org.apache.geronimo.security.jaas.server.JaasLoginServiceMBean; @@ -71,6 +72,8 @@ System.err.println("No callback handler available for " + callbacks.length + " callbacks!"); } return service.performLogin(sessionHandle, lmIndex, callbacks); + } catch (FailedLoginException e) { + throw e; } catch (Exception e) { LoginException le = new LoginException("Error filling callback list"); le.initCause(e); Modified: geronimo/branches/1.0/modules/tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java URL: http://svn.apache.org/viewcvs/geronimo/branches/1.0/modules/tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java?rev=357441&r1=357440&r2=357441&view=diff ============================================================================== --- geronimo/branches/1.0/modules/tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java (original) +++ geronimo/branches/1.0/modules/tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java Sat Dec 17 21:40:22 2005 @@ -337,92 +337,100 @@ // Establish a LoginContext to use for authentication try { - LoginContext loginContext = null; - if (appName == null) - appName = "Tomcat"; - - if (log.isDebugEnabled()) - log.debug(sm.getString("jaasRealm.beginLogin", principalName, appName)); - - // What if the LoginModule is in the container class loader ? - ClassLoader ocl = null; - - if (isUseContextClassLoader()) { - ocl = Thread.currentThread().getContextClassLoader(); - Thread.currentThread().setContextClassLoader(this.getClass().getClassLoader()); - } - - try { - loginContext = new LoginContext(appName, callbackHandler); - } catch (Throwable e) { - log.error(sm.getString("jaasRealm.unexpectedError"), e); - return (null); - } finally { - if (isUseContextClassLoader()) { - Thread.currentThread().setContextClassLoader(ocl); - } - } - - if (log.isDebugEnabled()) - log.debug("Login context created " + principalName); - // Negotiate a login via this LoginContext - Subject subject = null; - try { - loginContext.login(); - Subject tempSubject = loginContext.getSubject(); - if (tempSubject == null) { - if (log.isDebugEnabled()) - log.debug(sm.getString("jaasRealm.failedLogin", principalName)); - return (null); - } - - subject = ContextManager.getServerSideSubject(tempSubject); - if (subject == null) { - if (log.isDebugEnabled()) - log.debug(sm.getString("jaasRealm.failedLogin", principalName)); - return (null); - } + if ( (principalName!=null) && (!principalName.equals("")) ) { + LoginContext loginContext = null; + if (appName == null) + appName = "Tomcat"; + + if (log.isDebugEnabled()) + log.debug(sm.getString("jaasRealm.beginLogin", principalName, appName)); + + // What if the LoginModule is in the container class loader ? + ClassLoader ocl = null; + + if (isUseContextClassLoader()) { + ocl = Thread.currentThread().getContextClassLoader(); + Thread.currentThread().setContextClassLoader(this.getClass().getClassLoader()); + } + + try { + loginContext = new LoginContext(appName, callbackHandler); + } catch (Throwable e) { + log.error(sm.getString("jaasRealm.unexpectedError"), e); + return (null); + } finally { + if (isUseContextClassLoader()) { + Thread.currentThread().setContextClassLoader(ocl); + } + } + + if (log.isDebugEnabled()) + log.debug("Login context created " + principalName); + + // Negotiate a login via this LoginContext + Subject subject = null; + try { + loginContext.login(); + Subject tempSubject = loginContext.getSubject(); + if (tempSubject == null) { + if (log.isDebugEnabled()) + log.debug(sm.getString("jaasRealm.failedLogin", principalName)); + return (null); + } + + subject = ContextManager.getServerSideSubject(tempSubject); + if (subject == null) { + if (log.isDebugEnabled()) + log.debug(sm.getString("jaasRealm.failedLogin", principalName)); + return (null); + } + + ContextManager.setCurrentCaller(subject); + + } catch (AccountExpiredException e) { + if (log.isDebugEnabled()) + log.debug(sm.getString("jaasRealm.accountExpired", principalName)); + return (null); + } catch (CredentialExpiredException e) { + if (log.isDebugEnabled()) + log.debug(sm.getString("jaasRealm.credentialExpired", principalName)); + return (null); + } catch (FailedLoginException e) { + if (log.isDebugEnabled()) + log.debug(sm.getString("jaasRealm.failedLogin", principalName)); + return (null); + } catch (LoginException e) { + log.warn(sm.getString("jaasRealm.loginException", principalName), e); + return (null); + } catch (Throwable e) { + log.error(sm.getString("jaasRealm.unexpectedError"), e); + return (null); + } + + if (log.isDebugEnabled()) + log.debug(sm.getString("jaasRealm.loginContextCreated", principalName)); + + // Return the appropriate Principal for this authenticated Subject + /* Principal principal = createPrincipal(username, subject); + if (principal == null) { + log.debug(sm.getString("jaasRealm.authenticateFailure", username)); + return (null); + } + if (log.isDebugEnabled()) { + log.debug(sm.getString("jaasRealm.authenticateSuccess", username)); + } + */ + JAASTomcatPrincipal jaasPrincipal = new JAASTomcatPrincipal(principalName); + jaasPrincipal.setSubject(subject); - ContextManager.setCurrentCaller(subject); - - } catch (AccountExpiredException e) { - if (log.isDebugEnabled()) - log.debug(sm.getString("jaasRealm.accountExpired", principalName)); - return (null); - } catch (CredentialExpiredException e) { - if (log.isDebugEnabled()) - log.debug(sm.getString("jaasRealm.credentialExpired", principalName)); - return (null); - } catch (FailedLoginException e) { - if (log.isDebugEnabled()) - log.debug(sm.getString("jaasRealm.failedLogin", principalName)); - return (null); - } catch (LoginException e) { - log.warn(sm.getString("jaasRealm.loginException", principalName), e); - return (null); - } catch (Throwable e) { - log.error(sm.getString("jaasRealm.unexpectedError"), e); - return (null); - } - - if (log.isDebugEnabled()) - log.debug(sm.getString("jaasRealm.loginContextCreated", principalName)); - - // Return the appropriate Principal for this authenticated Subject -/* Principal principal = createPrincipal(username, subject); - if (principal == null) { - log.debug(sm.getString("jaasRealm.authenticateFailure", username)); - return (null); + return (jaasPrincipal); } - if (log.isDebugEnabled()) { - log.debug(sm.getString("jaasRealm.authenticateSuccess", username)); + else { + if (log.isDebugEnabled()) + log.debug("Login Failed - null userID"); + return null; } -*/ - JAASTomcatPrincipal jaasPrincipal = new JAASTomcatPrincipal(principalName); - jaasPrincipal.setSubject(subject); - - return (jaasPrincipal); } catch (Throwable t) { log.error("error ", t);