geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r367263 - in /geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty: JAASJettyRealm.java JettyContainer.java JettyContainerImpl.java JettyServer.java JettyWebAppContext.java interceptor/SecurityContextBeforeAfter.java
Date Mon, 09 Jan 2006 10:19:11 GMT
Author: djencks
Date: Mon Jan  9 02:19:08 2006
New Revision: 367263

URL: http://svn.apache.org/viewcvs?rev=367263&view=rev
Log:
GERONIMO-1425, GERONIMO-1440.  Remember subject for access to unsecured resources after login,
fix a bunch of problems with JAASJettyRealm, simplify the SecurityBeforeAfter

Modified:
    geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyRealm.java
    geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainer.java
    geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainerImpl.java
    geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServer.java
    geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java
    geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java

Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyRealm.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyRealm.java?rev=367263&r1=367262&r2=367263&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyRealm.java (original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyRealm.java Mon
Jan  9 02:19:08 2006
@@ -43,17 +43,17 @@
 public class JAASJettyRealm implements UserRealm {
     private static Log log = LogFactory.getLog(JAASJettyRealm.class);
 
-    private final String realmName;
-    private final String loginDomainName;
+    private final String webRealmName;
+    private final String geronimoRealmName;
     private final HashMap userMap = new HashMap();
 
-    public JAASJettyRealm(String realmName, String loginDomainName) {
-        this.realmName = realmName;
-        this.loginDomainName = loginDomainName;
+    public JAASJettyRealm(String realmName, String geronimoRealmName) {
+        this.webRealmName = realmName;
+        this.geronimoRealmName = geronimoRealmName;
     }
 
     public String getName() {
-        return realmName;
+        return webRealmName;
     }
 
     public Principal getPrincipal(String username) {
@@ -90,7 +90,7 @@
                 }
 
                 //set up the login context
-                LoginContext loginContext = new LoginContext(loginDomainName, callbackHandler);
+                LoginContext loginContext = new LoginContext(geronimoRealmName, callbackHandler);
                 loginContext.login();
                 callbackHandler.clear();
 
@@ -165,6 +165,18 @@
     public Principal popRole(Principal user) {
         ContextManager.setCurrentCaller(((JAASJettyPrincipal) user).pop());
         return user;
+    }
+
+    public int hashCode() {
+        return webRealmName.hashCode() * 37 ^ geronimoRealmName.hashCode();
+    }
+
+    public boolean equals(Object other) {
+        if (other == null || other.getClass() != JAASJettyRealm.class) {
+            return false;
+        }
+        JAASJettyRealm otherRealm = (JAASJettyRealm) other;
+        return webRealmName.equals(otherRealm.webRealmName) && geronimoRealmName.equals(otherRealm.geronimoRealmName);
     }
 
 }

Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainer.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainer.java?rev=367263&r1=367262&r2=367263&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainer.java (original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainer.java Mon
Jan  9 02:19:08 2006
@@ -35,7 +35,7 @@
 
     void removeContext(HttpContext context);
 
-    void addRealm(UserRealm realm);
+    UserRealm addRealm(UserRealm realm);
 
     void removeRealm(UserRealm realm);
 

Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainerImpl.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainerImpl.java?rev=367263&r1=367262&r2=367263&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainerImpl.java
(original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainerImpl.java
Mon Jan  9 02:19:08 2006
@@ -143,8 +143,8 @@
         server.removeContext(context);
     }
 
-    public void addRealm(UserRealm realm) {
-        server.addRealm(realm);
+    public UserRealm addRealm(UserRealm realm) {
+        return server.addRealm(realm);
     }
 
     public void removeRealm(UserRealm realm) {

Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServer.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServer.java?rev=367263&r1=367262&r2=367263&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServer.java (original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServer.java Mon Jan
 9 02:19:08 2006
@@ -20,7 +20,6 @@
 import java.util.HashMap;
 import java.util.Map;
 
-import org.apache.geronimo.security.ContextManager;
 import org.mortbay.http.HttpRequest;
 import org.mortbay.http.UserRealm;
 import org.mortbay.jetty.Server;
@@ -33,14 +32,9 @@
     private final Map realmDelegates = new HashMap();
 
     public UserRealm addRealm(UserRealm realm) {
-        RealmDelegate delegate = (RealmDelegate) realmDelegates.get(realm.getName());
-        if (delegate == null) {
-            delegate = new RealmDelegate(realm.getName());
-            realmDelegates.put(realm.getName(), delegate);
-        }
-        delegate.delegate = realm;
-
-        return delegate;
+        RealmDelegate delegate = (RealmDelegate) getRealm(realm.getName());
+        delegate.addDelegate(realm);
+        return delegate.delegate;
     }
 
     public UserRealm getRealm(String realmName) {
@@ -53,17 +47,37 @@
         return delegate;
     }
 
-    public void removeRealm(UserRealm realm) {
-        realmDelegates.remove(realm.getName());
+    public synchronized void removeRealm(UserRealm realm) {
+        RealmDelegate delegate = (RealmDelegate) realmDelegates.get(realm.getName());
+        if (delegate != null) {
+            if (delegate.removeDelegate() == 0) {
+                realmDelegates.remove(realm.getName());
+            }
+        }
     }
 
-    private class RealmDelegate implements UserRealm {
+    private static class RealmDelegate implements UserRealm {
 
         private UserRealm delegate;
         private final String name;
+        private int  count;
 
         private RealmDelegate(String name) {
             this.name = name;
+        }
+
+        private synchronized void addDelegate(UserRealm newDelegate) {
+            if (delegate != null && !delegate.equals(newDelegate)) {
+                throw new IllegalArgumentException("Inconsistent assigment of user realm:
old: " + delegate + ", new: " + newDelegate);
+            }
+            if (delegate == null) {
+                delegate = newDelegate;
+            }
+            count++;
+        }
+
+        private int removeDelegate() {
+            return count--;
         }
 
         public String getName() {

Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java?rev=367263&r1=367262&r2=367263&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java
(original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java
Mon Jan  9 02:19:08 2006
@@ -62,10 +62,7 @@
 import org.apache.geronimo.transaction.TrackedConnectionAssociator;
 import org.apache.geronimo.transaction.context.OnlineUserTransaction;
 import org.apache.geronimo.transaction.context.TransactionContextManager;
-import org.mortbay.http.Authenticator;
-import org.mortbay.http.HttpException;
-import org.mortbay.http.HttpRequest;
-import org.mortbay.http.HttpResponse;
+import org.mortbay.http.*;
 import org.mortbay.jetty.servlet.AbstractSessionManager;
 import org.mortbay.jetty.servlet.Dispatcher;
 import org.mortbay.jetty.servlet.FilterHolder;
@@ -107,45 +104,44 @@
 
     private String sessionManager;
 
-    
+
     public static class SessionManagerConfiguration implements WebApplicationContext.Configuration
{
 
-    	private WebApplicationContext webAppContext;
-    	
-        
-    	
-		public SessionManagerConfiguration() {
+        private WebApplicationContext webAppContext;
+
+
+        public SessionManagerConfiguration() {
         }
 
         public void setWebApplicationContext(WebApplicationContext webAppContext) {
-			this.webAppContext = webAppContext;
-		}
+            this.webAppContext = webAppContext;
+        }
+
+        public WebApplicationContext getWebApplicationContext() {
+            return this.webAppContext;
+        }
+
+        public void configureClassPath() throws Exception {
+        }
 
-		public WebApplicationContext getWebApplicationContext() {
-			return this.webAppContext;
-		}
-
-		public void configureClassPath() throws Exception {
-		}
-
-		public void configureDefaults() throws Exception {	
-		}
-
-	
-		public void configureWebApp() throws Exception {
-		    //setup a SessionManager
+        public void configureDefaults() throws Exception {
+        }
+
+
+        public void configureWebApp() throws Exception {
+            //setup a SessionManager
             log.debug("About to configure a SessionManager");
-            String sessionManagerClassName = ((JettyWebAppContext)webAppContext).getSessionManager();
-		    if (sessionManagerClassName != null) {
-		        Class clazz = Thread.currentThread().getContextClassLoader().loadClass(sessionManagerClassName);
-		        Object o = clazz.newInstance();
-                log.debug("Setting SessionManager type="+clazz.getName()+" instance="+o);
-		        this.webAppContext.getServletHandler().setSessionManager((SessionManager)o);
-		    }
-		}
-    	
+            String sessionManagerClassName = ((JettyWebAppContext) webAppContext).getSessionManager();
+            if (sessionManagerClassName != null) {
+                Class clazz = Thread.currentThread().getContextClassLoader().loadClass(sessionManagerClassName);
+                Object o = clazz.newInstance();
+                log.debug("Setting SessionManager type=" + clazz.getName() + " instance="
+ o);
+                this.webAppContext.getServletHandler().setSessionManager((SessionManager)
o);
+            }
+        }
+
     }
-    
+
     /**
      * @deprecated never use this... this is only here because Jetty WebApplicationContext
is externalizable
      */
@@ -232,7 +228,7 @@
 
         setConfigurationClassNames(new String[]{});
 
-        URI root = null;
+        URI root;
         //TODO is there a simpler way to do this?
         if (configurationBaseUrl.getProtocol().equalsIgnoreCase("file")) {
             root = new URI("file", configurationBaseUrl.getPath(), null);
@@ -252,7 +248,7 @@
         setClassLoader(this.webClassLoader);
 
         setHosts(virtualHosts);
-        
+
         handler = new WebApplicationHandler();
         addHandler(handler);
 
@@ -273,19 +269,16 @@
         setSessionTimeoutSeconds(sessionTimeoutSeconds);
 
         // create ReadOnlyContext
-        Context enc = null;
-        if (componentContext != null) {
-            for (Iterator iterator = componentContext.values().iterator(); iterator.hasNext();)
{
-                Object value = iterator.next();
-                if (value instanceof KernelAwareReference) {
-                    ((KernelAwareReference) value).setKernel(kernel);
-                }
-                if (value instanceof ClassLoaderAwareReference) {
-                    ((ClassLoaderAwareReference) value).setClassLoader(this.webClassLoader);
-                }
+        for (Iterator iterator = componentContext.values().iterator(); iterator.hasNext();)
{
+            Object value = iterator.next();
+            if (value instanceof KernelAwareReference) {
+                ((KernelAwareReference) value).setKernel(kernel);
+            }
+            if (value instanceof ClassLoaderAwareReference) {
+                ((ClassLoaderAwareReference) value).setClassLoader(this.webClassLoader);
             }
-            enc = EnterpriseNamingContext.createEnterpriseNamingContext(componentContext);
         }
+        Context enc = EnterpriseNamingContext.createEnterpriseNamingContext(componentContext);
 
         int index = 0;
         BeforeAfter interceptor = new InstanceContextBeforeAfter(null, index++, unshareableResources,
applicationManagedSecurityResources, trackedConnectionAssociator);
@@ -294,14 +287,15 @@
         interceptor = new ThreadClassloaderBeforeAfter(interceptor, index++, index++, this.webClassLoader);
         interceptor = new WebApplicationContextBeforeAfter(interceptor, index++, this);
 //JACC
+
         if (securityRealmName != null) {
             if (roleDesignateSource == null) {
                 throw new IllegalArgumentException("RoleDesignateSource must be supplied
for a secure web app");
             }
             Map roleDesignates = roleDesignateSource.getRoleDesignateMap();
             //set the JAASJettyRealm as our realm.
-            JAASJettyRealm realm = new JAASJettyRealm(realmName, securityRealmName);
-            setRealm(realm);
+            UserRealm realm = new JAASJettyRealm(realmName, securityRealmName);
+            realm = jettyContainer.addRealm(realm);
             this.securityInterceptor = new SecurityContextBeforeAfter(interceptor, index++,
index++, policyContextID, defaultPrincipal, authenticator, checkedPermissions, excludedPermissions,
roleDesignates, realm, classLoader);
             interceptor = this.securityInterceptor;
         } else {
@@ -311,18 +305,17 @@
         interceptor = new RequestWrappingBeforeAfter(interceptor, handler);
         chain = interceptor;
         contextLength = index;
-        
+
         //cheat -- add jsr154 filter not as a gbean
         FilterHolder jsr154FilterHolder = new FilterHolder(handler, "jsr154", JSR154Filter.class.getName());
         handler.addFilterHolder(jsr154FilterHolder);
         jsr154FilterHolder.setInitParameter("unwrappedDispatch", "true");
         handler.addFilterPathMapping("/*", "jsr154", Dispatcher.__REQUEST | Dispatcher.__FORWARD
| Dispatcher.__INCLUDE | Dispatcher.__ERROR);
-        
-        configureSessionManager (sessionManager);
-      
+
+        configureSessionManager(sessionManager);
+
     }
 
-    
 
     public String getObjectName() {
         return objectName;
@@ -363,8 +356,7 @@
     public void doStart() throws Exception {
         // reset the classsloader... jetty likes to set it to null when stopping
         setClassLoader(webClassLoader);
-        
- 
+
         // merge Geronimo and Jetty Lifecycles
         if (!isStarting()) {
             super.start();
@@ -397,7 +389,7 @@
         }
 
         if (securityInterceptor != null) {
-            securityInterceptor.stop();
+            securityInterceptor.stop(jettyContainer);
         }
         Object context = enterContextScope(null, null);
         try {
@@ -423,7 +415,6 @@
         log.warn("JettyWebAppContext failed");
     }
 
-
     //pass through attributes.  They should be constructor params
 
     //TODO encourage jetty to improve their naming convention.
@@ -519,32 +510,34 @@
     }
 
 
-    public String getSessionManager(){
-    	return this.sessionManager;
+    public String getSessionManager() {
+        return this.sessionManager;
     }
 
 
-    private void configureSessionManager (String sessionManagerClassName) {
-    	  this.sessionManager = sessionManagerClassName;
-          log.debug("SessionManager classname="+sessionManagerClassName);
-          if (this.sessionManager != null) {
-        	  addConfiguration (SessionManagerConfiguration.class.getName());
-          }
-    }
-    
-    private void addConfiguration (String configClassName) {
-          String[] configClassNames = getConfigurationClassNames();
-          String[] newConfigClassNames = new String[configClassNames==null?1:configClassNames.length+1];
-          for (int i=0;i<configClassNames.length;i++)
-        	  newConfigClassNames[i] = configClassNames[i];
-          
-          newConfigClassNames[newConfigClassNames.length-1] = configClassName;
-          setConfigurationClassNames(newConfigClassNames);
-          log.debug("Configs:");
-          for (int i=0; i<newConfigClassNames.length;i++)
-              log.debug(newConfigClassNames[i]+" ");
+    private void configureSessionManager(String sessionManagerClassName) {
+        this.sessionManager = sessionManagerClassName;
+        log.debug("SessionManager classname=" + sessionManagerClassName);
+        if (this.sessionManager != null) {
+            addConfiguration(SessionManagerConfiguration.class.getName());
+        }
     }
-    
+
+    private void addConfiguration(String configClassName) {
+        String[] configClassNames = getConfigurationClassNames();
+        String[] newConfigClassNames = new String[configClassNames == null ? 1 : configClassNames.length
+ 1];
+//        System.arraycopy(configClassNames, 0, newConfigClassNames, 0, configClassNames.length);
+        //TODO expect an NPE if there are no configClassNames.
+        for (int i = 0; i < configClassNames.length; i++)
+            newConfigClassNames[i] = configClassNames[i];
+
+        newConfigClassNames[newConfigClassNames.length - 1] = configClassName;
+        setConfigurationClassNames(newConfigClassNames);
+        log.debug("Configs:");
+        for (int i = 0; i < newConfigClassNames.length; i++)
+            log.debug(newConfigClassNames[i] + " ");
+    }
+
     /**
      * ObjectName must match this pattern:
      * <p/>
@@ -600,7 +593,6 @@
     }
 
 
-
     public static final GBeanInfo GBEAN_INFO;
 
     static {
@@ -664,48 +656,48 @@
         infoBuilder.addInterface(WebModule.class);
 
         infoBuilder.setConstructor(new String[]{
-            "objectName",
-            "deploymentDescriptor",
-            "uri",
-            "virtualHosts",
-            "sessionManager",
-            "componentContext",
-            "userTransaction",
-            "classLoader",
-            "webClassPath",
-            "contextPriorityClassLoader",
-            "configurationBaseUrl",
-            "unshareableResources",
-            "applicationManagedSecurityResources",
-
-            "displayName",
-            "contextParamMap",
-            "listenerClassNames",
-            "distributable",
-            "mimeMap",
-            "welcomeFiles",
-            "localeEncodingMapping",
-            "errorPages",
-            "authenticator",
-            "realmName",
-            "tagLibMap",
-            "sessionTimeoutSeconds",
-
-            "policyContextID",
-            "securityRealmName",
-            "defaultPrincipal",
-
-            "checkedPermissions",
-            "excludedPermissions",
-
-            "TransactionContextManager",
-            "TrackedConnectionAssociator",
-            "JettyContainer",
-            "RoleDesignateSource",
-
-            "J2EEServer",
-            "J2EEApplication",
-            "kernel"
+                "objectName",
+                "deploymentDescriptor",
+                "uri",
+                "virtualHosts",
+                "sessionManager",
+                "componentContext",
+                "userTransaction",
+                "classLoader",
+                "webClassPath",
+                "contextPriorityClassLoader",
+                "configurationBaseUrl",
+                "unshareableResources",
+                "applicationManagedSecurityResources",
+
+                "displayName",
+                "contextParamMap",
+                "listenerClassNames",
+                "distributable",
+                "mimeMap",
+                "welcomeFiles",
+                "localeEncodingMapping",
+                "errorPages",
+                "authenticator",
+                "realmName",
+                "tagLibMap",
+                "sessionTimeoutSeconds",
+
+                "policyContextID",
+                "securityRealmName",
+                "defaultPrincipal",
+
+                "checkedPermissions",
+                "excludedPermissions",
+
+                "TransactionContextManager",
+                "TrackedConnectionAssociator",
+                "JettyContainer",
+                "RoleDesignateSource",
+
+                "J2EEServer",
+                "J2EEApplication",
+                "kernel"
         });
 
         GBEAN_INFO = infoBuilder.getBeanInfo();

Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java?rev=367263&r1=367262&r2=367263&view=diff
==============================================================================
--- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java
(original)
+++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java
Mon Jan  9 02:19:08 2006
@@ -16,35 +16,29 @@
  */
 package org.apache.geronimo.jetty.interceptor;
 
-import java.io.IOException;
-import java.security.AccessControlContext;
-import java.security.AccessControlException;
-import java.security.PermissionCollection;
-import java.security.Principal;
-import java.util.Map;
-import javax.security.auth.Subject;
-import javax.security.jacc.PolicyContext;
-import javax.security.jacc.WebResourcePermission;
-import javax.security.jacc.WebUserDataPermission;
-import javax.servlet.http.HttpServletRequest;
-
-import org.mortbay.http.Authenticator;
-import org.mortbay.http.HttpException;
-import org.mortbay.http.HttpRequest;
-import org.mortbay.http.HttpResponse;
-import org.mortbay.http.SecurityConstraint;
-import org.mortbay.http.UserRealm;
-import org.mortbay.jetty.servlet.FormAuthenticator;
-import org.mortbay.jetty.servlet.ServletHttpRequest;
-
-import org.apache.geronimo.common.GeronimoSecurityException;
 import org.apache.geronimo.common.DeploymentException;
+import org.apache.geronimo.common.GeronimoSecurityException;
 import org.apache.geronimo.jetty.JAASJettyPrincipal;
+import org.apache.geronimo.jetty.JettyContainer;
 import org.apache.geronimo.security.ContextManager;
 import org.apache.geronimo.security.IdentificationPrincipal;
 import org.apache.geronimo.security.SubjectId;
 import org.apache.geronimo.security.deploy.DefaultPrincipal;
 import org.apache.geronimo.security.util.ConfigurationUtil;
+import org.mortbay.http.*;
+import org.mortbay.jetty.servlet.FormAuthenticator;
+import org.mortbay.jetty.servlet.ServletHttpRequest;
+
+import javax.security.auth.Subject;
+import javax.security.jacc.PolicyContext;
+import javax.security.jacc.WebResourcePermission;
+import javax.security.jacc.WebUserDataPermission;
+import java.io.IOException;
+import java.security.AccessControlContext;
+import java.security.AccessControlException;
+import java.security.PermissionCollection;
+import java.security.Principal;
+import java.util.Map;
 
 
 /**
@@ -77,8 +71,10 @@
                                       PermissionCollection checkedPermissions,
                                       PermissionCollection excludedPermissions,
                                       Map roleDesignates,
-                                      UserRealm realm, ClassLoader classLoader)
-    {
+                                      UserRealm realm, ClassLoader classLoader) {
+        assert realm != null;
+        assert authenticator != null;
+
         this.next = next;
         this.policyContextIDIndex = policyContextIDIndex;
         this.webAppContextIndex = webAppContextIndex;
@@ -107,17 +103,13 @@
         ContextManager.registerSubject(defaultSubject);
         SubjectId id = ContextManager.getSubjectId(defaultSubject);
         defaultSubject.getPrincipals().add(new IdentificationPrincipal(id));
-
-//        log.debug("Default subject " + id + " for JACC policy '" + policyContextID + "'
registered.");
-
-
         this.realm = realm;
-//        log.debug("JettyWebAppJACCContext started with JACC policy '" + policyContextID
+ "'");
     }
 
-    public void stop() {
+    public void stop(JettyContainer jettyContainer) {
         Subject defaultSubject = this.defaultPrincipal.getSubject();
         ContextManager.unregisterSubject(defaultSubject);
+        jettyContainer.removeRealm(realm);
     }
 
     public void before(Object[] context, HttpRequest httpRequest, HttpResponse httpResponse)
{
@@ -129,7 +121,7 @@
 
         if (httpRequest != null) {
             ServletHttpRequest request = (ServletHttpRequest) httpRequest.getWrapper();
-            PolicyContext.setHandlerData((HttpServletRequest) request);
+            PolicyContext.setHandlerData(request);
         }
 
         if (next != null) {
@@ -188,7 +180,18 @@
         }
 
         try {
-            Principal user = obtainUser(pathInContext, request, response);
+            ServletHttpRequest servletHttpRequest = (ServletHttpRequest) request.getWrapper();
+            String transportType;
+            if (request.isConfidential()) {
+                transportType = "CONFIDENTIAL";
+            } else if (request.isIntegral()) {
+                transportType = "INTEGRAL";
+            } else {
+                transportType = "NONE";
+            }
+            WebUserDataPermission wudp = new WebUserDataPermission(servletHttpRequest.getServletPath(),
new String[]{servletHttpRequest.getMethod()}, transportType);
+            WebResourcePermission webResourcePermission = new WebResourcePermission(servletHttpRequest);
+            Principal user = obtainUser(pathInContext, request, response, webResourcePermission,
wudp);
 
             if (user == null) {
                 return false;
@@ -198,27 +201,17 @@
             }
 
             AccessControlContext acc = ContextManager.getCurrentContext();
-            ServletHttpRequest servletHttpRequest = (ServletHttpRequest) request.getWrapper();
 
             /**
              * JACC v1.0 secion 4.1.1
              */
 
-            String transportType;
-            if (request.isConfidential()) {
-                transportType = "CONFIDENTIAL";
-            } else if (request.isIntegral()) {
-                transportType = "INTEGRAL";
-            } else {
-                transportType = "NONE";
-            }
-            WebUserDataPermission wudp = new WebUserDataPermission(servletHttpRequest.getServletPath(),
new String[]{servletHttpRequest.getMethod()}, transportType);
             acc.checkPermission(wudp);
 
             /**
              * JACC v1.0 secion 4.1.2
              */
-            acc.checkPermission(new WebResourcePermission(servletHttpRequest));
+            acc.checkPermission(webResourcePermission);
         } catch (HttpException he) {
             response.sendError(he.getCode(), he.getReason());
             return false;
@@ -245,41 +238,29 @@
      *         security checking should not proceed and servlet handling should proceed,
      *         e.g. login page.
      */
-    private Principal obtainUser(String pathInContext, HttpRequest request, HttpResponse
response) throws IOException, IOException {
-        ServletHttpRequest servletHttpRequest = (ServletHttpRequest) request.getWrapper();
-        WebResourcePermission resourcePermission = new WebResourcePermission(servletHttpRequest);
-        WebUserDataPermission dataPermission = new WebUserDataPermission(servletHttpRequest);
+    private Principal obtainUser(String pathInContext, HttpRequest request, HttpResponse
response, WebResourcePermission resourcePermission, WebUserDataPermission dataPermission)
throws IOException, IOException {
         boolean unauthenticated = !(checked.implies(resourcePermission) || checked.implies(dataPermission));
         boolean forbidden = excludedPermissions.implies(resourcePermission) || excludedPermissions.implies(dataPermission);
 
-//       Authenticator authenticator = getAuthenticator();
-        Principal user = null;
         if (!unauthenticated && !forbidden) {
-            if (realm == null) {
-//               log.warn("Realm Not Configured");
-                throw new HttpException(HttpResponse.__500_Internal_Server_Error, "Realm
Not Configured");
-            }
-
-            // Handle pre-authenticated request
-            if (authenticator != null) {
-                // User authenticator.
-                user = authenticator.authenticate(realm, pathInContext, request, response);
-            } else {
-                // don't know how authenticate
-//               log.warn("Mis-configured Authenticator for " + request.getPath());
-                throw new HttpException(HttpResponse.__500_Internal_Server_Error, "Mis-configured
Authenticator for " + request.getPath());
-            }
-
-            return user;
-        } else if (authenticator instanceof FormAuthenticator && pathInContext.endsWith(FormAuthenticator.__J_SECURITY_CHECK))
{
+            return authenticator.authenticate(realm, pathInContext, request, response);
+        } else
+        if (authenticator instanceof FormAuthenticator && pathInContext.endsWith(FormAuthenticator.__J_SECURITY_CHECK))
+        {
             /**
              * This could be a post request to __J_SECURITY_CHECK.
              */
-            if (realm == null) {
-//               log.warn("Realm Not Configured");
-                throw new HttpException(HttpResponse.__500_Internal_Server_Error, "Realm
Not Configured");
-            }
             return authenticator.authenticate(realm, pathInContext, request, response);
+        }
+
+        //attempt to access an unprotected resource that is not the j_security_check.
+        //if we are logged in, return the logged in principal.
+        if (request != null) {
+            //null response appears to prevent redirect to login page
+            Principal user = authenticator.authenticate(realm, pathInContext, request, null);
+            if (user != null) {
+                return user;
+            }
         }
 
         /**



Mime
View raw message