Return-Path: Delivered-To: apmail-geronimo-scm-archive@www.apache.org Received: (qmail 49922 invoked from network); 9 Jan 2006 10:19:36 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 9 Jan 2006 10:19:36 -0000 Received: (qmail 86776 invoked by uid 500); 9 Jan 2006 10:19:35 -0000 Delivered-To: apmail-geronimo-scm-archive@geronimo.apache.org Received: (qmail 86757 invoked by uid 500); 9 Jan 2006 10:19:35 -0000 Mailing-List: contact scm-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list scm@geronimo.apache.org Received: (qmail 86746 invoked by uid 99); 9 Jan 2006 10:19:35 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 09 Jan 2006 02:19:35 -0800 X-ASF-Spam-Status: No, hits=-9.4 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [209.237.227.194] (HELO minotaur.apache.org) (209.237.227.194) by apache.org (qpsmtpd/0.29) with SMTP; Mon, 09 Jan 2006 02:19:33 -0800 Received: (qmail 49805 invoked by uid 65534); 9 Jan 2006 10:19:13 -0000 Message-ID: <20060109101913.49804.qmail@minotaur.apache.org> Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r367263 - in /geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty: JAASJettyRealm.java JettyContainer.java JettyContainerImpl.java JettyServer.java JettyWebAppContext.java interceptor/SecurityContextBeforeAfter.java Date: Mon, 09 Jan 2006 10:19:11 -0000 To: scm@geronimo.apache.org From: djencks@apache.org X-Mailer: svnmailer-1.0.5 X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Author: djencks Date: Mon Jan 9 02:19:08 2006 New Revision: 367263 URL: http://svn.apache.org/viewcvs?rev=367263&view=rev Log: GERONIMO-1425, GERONIMO-1440. Remember subject for access to unsecured resources after login, fix a bunch of problems with JAASJettyRealm, simplify the SecurityBeforeAfter Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyRealm.java geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainer.java geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainerImpl.java geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServer.java geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyRealm.java URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyRealm.java?rev=367263&r1=367262&r2=367263&view=diff ============================================================================== --- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyRealm.java (original) +++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyRealm.java Mon Jan 9 02:19:08 2006 @@ -43,17 +43,17 @@ public class JAASJettyRealm implements UserRealm { private static Log log = LogFactory.getLog(JAASJettyRealm.class); - private final String realmName; - private final String loginDomainName; + private final String webRealmName; + private final String geronimoRealmName; private final HashMap userMap = new HashMap(); - public JAASJettyRealm(String realmName, String loginDomainName) { - this.realmName = realmName; - this.loginDomainName = loginDomainName; + public JAASJettyRealm(String realmName, String geronimoRealmName) { + this.webRealmName = realmName; + this.geronimoRealmName = geronimoRealmName; } public String getName() { - return realmName; + return webRealmName; } public Principal getPrincipal(String username) { @@ -90,7 +90,7 @@ } //set up the login context - LoginContext loginContext = new LoginContext(loginDomainName, callbackHandler); + LoginContext loginContext = new LoginContext(geronimoRealmName, callbackHandler); loginContext.login(); callbackHandler.clear(); @@ -165,6 +165,18 @@ public Principal popRole(Principal user) { ContextManager.setCurrentCaller(((JAASJettyPrincipal) user).pop()); return user; + } + + public int hashCode() { + return webRealmName.hashCode() * 37 ^ geronimoRealmName.hashCode(); + } + + public boolean equals(Object other) { + if (other == null || other.getClass() != JAASJettyRealm.class) { + return false; + } + JAASJettyRealm otherRealm = (JAASJettyRealm) other; + return webRealmName.equals(otherRealm.webRealmName) && geronimoRealmName.equals(otherRealm.geronimoRealmName); } } Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainer.java URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainer.java?rev=367263&r1=367262&r2=367263&view=diff ============================================================================== --- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainer.java (original) +++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainer.java Mon Jan 9 02:19:08 2006 @@ -35,7 +35,7 @@ void removeContext(HttpContext context); - void addRealm(UserRealm realm); + UserRealm addRealm(UserRealm realm); void removeRealm(UserRealm realm); Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainerImpl.java URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainerImpl.java?rev=367263&r1=367262&r2=367263&view=diff ============================================================================== --- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainerImpl.java (original) +++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainerImpl.java Mon Jan 9 02:19:08 2006 @@ -143,8 +143,8 @@ server.removeContext(context); } - public void addRealm(UserRealm realm) { - server.addRealm(realm); + public UserRealm addRealm(UserRealm realm) { + return server.addRealm(realm); } public void removeRealm(UserRealm realm) { Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServer.java URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServer.java?rev=367263&r1=367262&r2=367263&view=diff ============================================================================== --- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServer.java (original) +++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyServer.java Mon Jan 9 02:19:08 2006 @@ -20,7 +20,6 @@ import java.util.HashMap; import java.util.Map; -import org.apache.geronimo.security.ContextManager; import org.mortbay.http.HttpRequest; import org.mortbay.http.UserRealm; import org.mortbay.jetty.Server; @@ -33,14 +32,9 @@ private final Map realmDelegates = new HashMap(); public UserRealm addRealm(UserRealm realm) { - RealmDelegate delegate = (RealmDelegate) realmDelegates.get(realm.getName()); - if (delegate == null) { - delegate = new RealmDelegate(realm.getName()); - realmDelegates.put(realm.getName(), delegate); - } - delegate.delegate = realm; - - return delegate; + RealmDelegate delegate = (RealmDelegate) getRealm(realm.getName()); + delegate.addDelegate(realm); + return delegate.delegate; } public UserRealm getRealm(String realmName) { @@ -53,17 +47,37 @@ return delegate; } - public void removeRealm(UserRealm realm) { - realmDelegates.remove(realm.getName()); + public synchronized void removeRealm(UserRealm realm) { + RealmDelegate delegate = (RealmDelegate) realmDelegates.get(realm.getName()); + if (delegate != null) { + if (delegate.removeDelegate() == 0) { + realmDelegates.remove(realm.getName()); + } + } } - private class RealmDelegate implements UserRealm { + private static class RealmDelegate implements UserRealm { private UserRealm delegate; private final String name; + private int count; private RealmDelegate(String name) { this.name = name; + } + + private synchronized void addDelegate(UserRealm newDelegate) { + if (delegate != null && !delegate.equals(newDelegate)) { + throw new IllegalArgumentException("Inconsistent assigment of user realm: old: " + delegate + ", new: " + newDelegate); + } + if (delegate == null) { + delegate = newDelegate; + } + count++; + } + + private int removeDelegate() { + return count--; } public String getName() { Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java?rev=367263&r1=367262&r2=367263&view=diff ============================================================================== --- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java (original) +++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java Mon Jan 9 02:19:08 2006 @@ -62,10 +62,7 @@ import org.apache.geronimo.transaction.TrackedConnectionAssociator; import org.apache.geronimo.transaction.context.OnlineUserTransaction; import org.apache.geronimo.transaction.context.TransactionContextManager; -import org.mortbay.http.Authenticator; -import org.mortbay.http.HttpException; -import org.mortbay.http.HttpRequest; -import org.mortbay.http.HttpResponse; +import org.mortbay.http.*; import org.mortbay.jetty.servlet.AbstractSessionManager; import org.mortbay.jetty.servlet.Dispatcher; import org.mortbay.jetty.servlet.FilterHolder; @@ -107,45 +104,44 @@ private String sessionManager; - + public static class SessionManagerConfiguration implements WebApplicationContext.Configuration { - private WebApplicationContext webAppContext; - - - - public SessionManagerConfiguration() { + private WebApplicationContext webAppContext; + + + public SessionManagerConfiguration() { } public void setWebApplicationContext(WebApplicationContext webAppContext) { - this.webAppContext = webAppContext; - } + this.webAppContext = webAppContext; + } + + public WebApplicationContext getWebApplicationContext() { + return this.webAppContext; + } + + public void configureClassPath() throws Exception { + } - public WebApplicationContext getWebApplicationContext() { - return this.webAppContext; - } - - public void configureClassPath() throws Exception { - } - - public void configureDefaults() throws Exception { - } - - - public void configureWebApp() throws Exception { - //setup a SessionManager + public void configureDefaults() throws Exception { + } + + + public void configureWebApp() throws Exception { + //setup a SessionManager log.debug("About to configure a SessionManager"); - String sessionManagerClassName = ((JettyWebAppContext)webAppContext).getSessionManager(); - if (sessionManagerClassName != null) { - Class clazz = Thread.currentThread().getContextClassLoader().loadClass(sessionManagerClassName); - Object o = clazz.newInstance(); - log.debug("Setting SessionManager type="+clazz.getName()+" instance="+o); - this.webAppContext.getServletHandler().setSessionManager((SessionManager)o); - } - } - + String sessionManagerClassName = ((JettyWebAppContext) webAppContext).getSessionManager(); + if (sessionManagerClassName != null) { + Class clazz = Thread.currentThread().getContextClassLoader().loadClass(sessionManagerClassName); + Object o = clazz.newInstance(); + log.debug("Setting SessionManager type=" + clazz.getName() + " instance=" + o); + this.webAppContext.getServletHandler().setSessionManager((SessionManager) o); + } + } + } - + /** * @deprecated never use this... this is only here because Jetty WebApplicationContext is externalizable */ @@ -232,7 +228,7 @@ setConfigurationClassNames(new String[]{}); - URI root = null; + URI root; //TODO is there a simpler way to do this? if (configurationBaseUrl.getProtocol().equalsIgnoreCase("file")) { root = new URI("file", configurationBaseUrl.getPath(), null); @@ -252,7 +248,7 @@ setClassLoader(this.webClassLoader); setHosts(virtualHosts); - + handler = new WebApplicationHandler(); addHandler(handler); @@ -273,19 +269,16 @@ setSessionTimeoutSeconds(sessionTimeoutSeconds); // create ReadOnlyContext - Context enc = null; - if (componentContext != null) { - for (Iterator iterator = componentContext.values().iterator(); iterator.hasNext();) { - Object value = iterator.next(); - if (value instanceof KernelAwareReference) { - ((KernelAwareReference) value).setKernel(kernel); - } - if (value instanceof ClassLoaderAwareReference) { - ((ClassLoaderAwareReference) value).setClassLoader(this.webClassLoader); - } + for (Iterator iterator = componentContext.values().iterator(); iterator.hasNext();) { + Object value = iterator.next(); + if (value instanceof KernelAwareReference) { + ((KernelAwareReference) value).setKernel(kernel); + } + if (value instanceof ClassLoaderAwareReference) { + ((ClassLoaderAwareReference) value).setClassLoader(this.webClassLoader); } - enc = EnterpriseNamingContext.createEnterpriseNamingContext(componentContext); } + Context enc = EnterpriseNamingContext.createEnterpriseNamingContext(componentContext); int index = 0; BeforeAfter interceptor = new InstanceContextBeforeAfter(null, index++, unshareableResources, applicationManagedSecurityResources, trackedConnectionAssociator); @@ -294,14 +287,15 @@ interceptor = new ThreadClassloaderBeforeAfter(interceptor, index++, index++, this.webClassLoader); interceptor = new WebApplicationContextBeforeAfter(interceptor, index++, this); //JACC + if (securityRealmName != null) { if (roleDesignateSource == null) { throw new IllegalArgumentException("RoleDesignateSource must be supplied for a secure web app"); } Map roleDesignates = roleDesignateSource.getRoleDesignateMap(); //set the JAASJettyRealm as our realm. - JAASJettyRealm realm = new JAASJettyRealm(realmName, securityRealmName); - setRealm(realm); + UserRealm realm = new JAASJettyRealm(realmName, securityRealmName); + realm = jettyContainer.addRealm(realm); this.securityInterceptor = new SecurityContextBeforeAfter(interceptor, index++, index++, policyContextID, defaultPrincipal, authenticator, checkedPermissions, excludedPermissions, roleDesignates, realm, classLoader); interceptor = this.securityInterceptor; } else { @@ -311,18 +305,17 @@ interceptor = new RequestWrappingBeforeAfter(interceptor, handler); chain = interceptor; contextLength = index; - + //cheat -- add jsr154 filter not as a gbean FilterHolder jsr154FilterHolder = new FilterHolder(handler, "jsr154", JSR154Filter.class.getName()); handler.addFilterHolder(jsr154FilterHolder); jsr154FilterHolder.setInitParameter("unwrappedDispatch", "true"); handler.addFilterPathMapping("/*", "jsr154", Dispatcher.__REQUEST | Dispatcher.__FORWARD | Dispatcher.__INCLUDE | Dispatcher.__ERROR); - - configureSessionManager (sessionManager); - + + configureSessionManager(sessionManager); + } - public String getObjectName() { return objectName; @@ -363,8 +356,7 @@ public void doStart() throws Exception { // reset the classsloader... jetty likes to set it to null when stopping setClassLoader(webClassLoader); - - + // merge Geronimo and Jetty Lifecycles if (!isStarting()) { super.start(); @@ -397,7 +389,7 @@ } if (securityInterceptor != null) { - securityInterceptor.stop(); + securityInterceptor.stop(jettyContainer); } Object context = enterContextScope(null, null); try { @@ -423,7 +415,6 @@ log.warn("JettyWebAppContext failed"); } - //pass through attributes. They should be constructor params //TODO encourage jetty to improve their naming convention. @@ -519,32 +510,34 @@ } - public String getSessionManager(){ - return this.sessionManager; + public String getSessionManager() { + return this.sessionManager; } - private void configureSessionManager (String sessionManagerClassName) { - this.sessionManager = sessionManagerClassName; - log.debug("SessionManager classname="+sessionManagerClassName); - if (this.sessionManager != null) { - addConfiguration (SessionManagerConfiguration.class.getName()); - } - } - - private void addConfiguration (String configClassName) { - String[] configClassNames = getConfigurationClassNames(); - String[] newConfigClassNames = new String[configClassNames==null?1:configClassNames.length+1]; - for (int i=0;i @@ -600,7 +593,6 @@ } - public static final GBeanInfo GBEAN_INFO; static { @@ -664,48 +656,48 @@ infoBuilder.addInterface(WebModule.class); infoBuilder.setConstructor(new String[]{ - "objectName", - "deploymentDescriptor", - "uri", - "virtualHosts", - "sessionManager", - "componentContext", - "userTransaction", - "classLoader", - "webClassPath", - "contextPriorityClassLoader", - "configurationBaseUrl", - "unshareableResources", - "applicationManagedSecurityResources", - - "displayName", - "contextParamMap", - "listenerClassNames", - "distributable", - "mimeMap", - "welcomeFiles", - "localeEncodingMapping", - "errorPages", - "authenticator", - "realmName", - "tagLibMap", - "sessionTimeoutSeconds", - - "policyContextID", - "securityRealmName", - "defaultPrincipal", - - "checkedPermissions", - "excludedPermissions", - - "TransactionContextManager", - "TrackedConnectionAssociator", - "JettyContainer", - "RoleDesignateSource", - - "J2EEServer", - "J2EEApplication", - "kernel" + "objectName", + "deploymentDescriptor", + "uri", + "virtualHosts", + "sessionManager", + "componentContext", + "userTransaction", + "classLoader", + "webClassPath", + "contextPriorityClassLoader", + "configurationBaseUrl", + "unshareableResources", + "applicationManagedSecurityResources", + + "displayName", + "contextParamMap", + "listenerClassNames", + "distributable", + "mimeMap", + "welcomeFiles", + "localeEncodingMapping", + "errorPages", + "authenticator", + "realmName", + "tagLibMap", + "sessionTimeoutSeconds", + + "policyContextID", + "securityRealmName", + "defaultPrincipal", + + "checkedPermissions", + "excludedPermissions", + + "TransactionContextManager", + "TrackedConnectionAssociator", + "JettyContainer", + "RoleDesignateSource", + + "J2EEServer", + "J2EEApplication", + "kernel" }); GBEAN_INFO = infoBuilder.getBeanInfo(); Modified: geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java?rev=367263&r1=367262&r2=367263&view=diff ============================================================================== --- geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java (original) +++ geronimo/trunk/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java Mon Jan 9 02:19:08 2006 @@ -16,35 +16,29 @@ */ package org.apache.geronimo.jetty.interceptor; -import java.io.IOException; -import java.security.AccessControlContext; -import java.security.AccessControlException; -import java.security.PermissionCollection; -import java.security.Principal; -import java.util.Map; -import javax.security.auth.Subject; -import javax.security.jacc.PolicyContext; -import javax.security.jacc.WebResourcePermission; -import javax.security.jacc.WebUserDataPermission; -import javax.servlet.http.HttpServletRequest; - -import org.mortbay.http.Authenticator; -import org.mortbay.http.HttpException; -import org.mortbay.http.HttpRequest; -import org.mortbay.http.HttpResponse; -import org.mortbay.http.SecurityConstraint; -import org.mortbay.http.UserRealm; -import org.mortbay.jetty.servlet.FormAuthenticator; -import org.mortbay.jetty.servlet.ServletHttpRequest; - -import org.apache.geronimo.common.GeronimoSecurityException; import org.apache.geronimo.common.DeploymentException; +import org.apache.geronimo.common.GeronimoSecurityException; import org.apache.geronimo.jetty.JAASJettyPrincipal; +import org.apache.geronimo.jetty.JettyContainer; import org.apache.geronimo.security.ContextManager; import org.apache.geronimo.security.IdentificationPrincipal; import org.apache.geronimo.security.SubjectId; import org.apache.geronimo.security.deploy.DefaultPrincipal; import org.apache.geronimo.security.util.ConfigurationUtil; +import org.mortbay.http.*; +import org.mortbay.jetty.servlet.FormAuthenticator; +import org.mortbay.jetty.servlet.ServletHttpRequest; + +import javax.security.auth.Subject; +import javax.security.jacc.PolicyContext; +import javax.security.jacc.WebResourcePermission; +import javax.security.jacc.WebUserDataPermission; +import java.io.IOException; +import java.security.AccessControlContext; +import java.security.AccessControlException; +import java.security.PermissionCollection; +import java.security.Principal; +import java.util.Map; /** @@ -77,8 +71,10 @@ PermissionCollection checkedPermissions, PermissionCollection excludedPermissions, Map roleDesignates, - UserRealm realm, ClassLoader classLoader) - { + UserRealm realm, ClassLoader classLoader) { + assert realm != null; + assert authenticator != null; + this.next = next; this.policyContextIDIndex = policyContextIDIndex; this.webAppContextIndex = webAppContextIndex; @@ -107,17 +103,13 @@ ContextManager.registerSubject(defaultSubject); SubjectId id = ContextManager.getSubjectId(defaultSubject); defaultSubject.getPrincipals().add(new IdentificationPrincipal(id)); - -// log.debug("Default subject " + id + " for JACC policy '" + policyContextID + "' registered."); - - this.realm = realm; -// log.debug("JettyWebAppJACCContext started with JACC policy '" + policyContextID + "'"); } - public void stop() { + public void stop(JettyContainer jettyContainer) { Subject defaultSubject = this.defaultPrincipal.getSubject(); ContextManager.unregisterSubject(defaultSubject); + jettyContainer.removeRealm(realm); } public void before(Object[] context, HttpRequest httpRequest, HttpResponse httpResponse) { @@ -129,7 +121,7 @@ if (httpRequest != null) { ServletHttpRequest request = (ServletHttpRequest) httpRequest.getWrapper(); - PolicyContext.setHandlerData((HttpServletRequest) request); + PolicyContext.setHandlerData(request); } if (next != null) { @@ -188,7 +180,18 @@ } try { - Principal user = obtainUser(pathInContext, request, response); + ServletHttpRequest servletHttpRequest = (ServletHttpRequest) request.getWrapper(); + String transportType; + if (request.isConfidential()) { + transportType = "CONFIDENTIAL"; + } else if (request.isIntegral()) { + transportType = "INTEGRAL"; + } else { + transportType = "NONE"; + } + WebUserDataPermission wudp = new WebUserDataPermission(servletHttpRequest.getServletPath(), new String[]{servletHttpRequest.getMethod()}, transportType); + WebResourcePermission webResourcePermission = new WebResourcePermission(servletHttpRequest); + Principal user = obtainUser(pathInContext, request, response, webResourcePermission, wudp); if (user == null) { return false; @@ -198,27 +201,17 @@ } AccessControlContext acc = ContextManager.getCurrentContext(); - ServletHttpRequest servletHttpRequest = (ServletHttpRequest) request.getWrapper(); /** * JACC v1.0 secion 4.1.1 */ - String transportType; - if (request.isConfidential()) { - transportType = "CONFIDENTIAL"; - } else if (request.isIntegral()) { - transportType = "INTEGRAL"; - } else { - transportType = "NONE"; - } - WebUserDataPermission wudp = new WebUserDataPermission(servletHttpRequest.getServletPath(), new String[]{servletHttpRequest.getMethod()}, transportType); acc.checkPermission(wudp); /** * JACC v1.0 secion 4.1.2 */ - acc.checkPermission(new WebResourcePermission(servletHttpRequest)); + acc.checkPermission(webResourcePermission); } catch (HttpException he) { response.sendError(he.getCode(), he.getReason()); return false; @@ -245,41 +238,29 @@ * security checking should not proceed and servlet handling should proceed, * e.g. login page. */ - private Principal obtainUser(String pathInContext, HttpRequest request, HttpResponse response) throws IOException, IOException { - ServletHttpRequest servletHttpRequest = (ServletHttpRequest) request.getWrapper(); - WebResourcePermission resourcePermission = new WebResourcePermission(servletHttpRequest); - WebUserDataPermission dataPermission = new WebUserDataPermission(servletHttpRequest); + private Principal obtainUser(String pathInContext, HttpRequest request, HttpResponse response, WebResourcePermission resourcePermission, WebUserDataPermission dataPermission) throws IOException, IOException { boolean unauthenticated = !(checked.implies(resourcePermission) || checked.implies(dataPermission)); boolean forbidden = excludedPermissions.implies(resourcePermission) || excludedPermissions.implies(dataPermission); -// Authenticator authenticator = getAuthenticator(); - Principal user = null; if (!unauthenticated && !forbidden) { - if (realm == null) { -// log.warn("Realm Not Configured"); - throw new HttpException(HttpResponse.__500_Internal_Server_Error, "Realm Not Configured"); - } - - // Handle pre-authenticated request - if (authenticator != null) { - // User authenticator. - user = authenticator.authenticate(realm, pathInContext, request, response); - } else { - // don't know how authenticate -// log.warn("Mis-configured Authenticator for " + request.getPath()); - throw new HttpException(HttpResponse.__500_Internal_Server_Error, "Mis-configured Authenticator for " + request.getPath()); - } - - return user; - } else if (authenticator instanceof FormAuthenticator && pathInContext.endsWith(FormAuthenticator.__J_SECURITY_CHECK)) { + return authenticator.authenticate(realm, pathInContext, request, response); + } else + if (authenticator instanceof FormAuthenticator && pathInContext.endsWith(FormAuthenticator.__J_SECURITY_CHECK)) + { /** * This could be a post request to __J_SECURITY_CHECK. */ - if (realm == null) { -// log.warn("Realm Not Configured"); - throw new HttpException(HttpResponse.__500_Internal_Server_Error, "Realm Not Configured"); - } return authenticator.authenticate(realm, pathInContext, request, response); + } + + //attempt to access an unprotected resource that is not the j_security_check. + //if we are logged in, return the logged in principal. + if (request != null) { + //null response appears to prevent redirect to login page + Principal user = authenticator.authenticate(realm, pathInContext, request, null); + if (user != null) { + return user; + } } /**