geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a..@apache.org
Subject svn commit: r431930 - in /geronimo/branches/1.1.1/modules: jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java
Date Wed, 16 Aug 2006 15:57:27 GMT
Author: adc
Date: Wed Aug 16 08:57:27 2006
New Revision: 431930

URL: http://svn.apache.org/viewvc?rev=431930&view=rev
Log:
GERONIMO-2327 Need to encode colons for JACC web permissions

Modified:
    geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java
    geronimo/branches/1.1.1/modules/tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java

Modified: geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java?rev=431930&r1=431929&r2=431930&view=diff
==============================================================================
--- geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java
(original)
+++ geronimo/branches/1.1.1/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java
Wed Aug 16 08:57:27 2006
@@ -1,6 +1,6 @@
 /**
  *
- * Copyright 2003-2005 The Apache Software Foundation
+ * Copyright 2003-2006 The Apache Software Foundation
  *
  *  Licensed under the Apache License, Version 2.0 (the "License");
  *  you may not use this file except in compliance with the License.
@@ -16,30 +16,34 @@
  */
 package org.apache.geronimo.jetty.interceptor;
 
+import java.io.IOException;
+import java.security.AccessControlContext;
+import java.security.AccessControlException;
+import java.security.PermissionCollection;
+import java.security.Principal;
+import javax.security.auth.Subject;
+import javax.security.jacc.PolicyContext;
+import javax.security.jacc.WebResourcePermission;
+import javax.security.jacc.WebUserDataPermission;
+
+import org.mortbay.http.Authenticator;
+import org.mortbay.http.HttpException;
+import org.mortbay.http.HttpRequest;
+import org.mortbay.http.HttpResponse;
+import org.mortbay.http.SecurityConstraint;
+import org.mortbay.jetty.servlet.FormAuthenticator;
+import org.mortbay.jetty.servlet.ServletHttpRequest;
+
 import org.apache.geronimo.common.DeploymentException;
 import org.apache.geronimo.common.GeronimoSecurityException;
 import org.apache.geronimo.jetty.JAASJettyPrincipal;
-import org.apache.geronimo.jetty.JettyContainer;
 import org.apache.geronimo.jetty.JAASJettyRealm;
+import org.apache.geronimo.jetty.JettyContainer;
 import org.apache.geronimo.security.ContextManager;
 import org.apache.geronimo.security.IdentificationPrincipal;
 import org.apache.geronimo.security.SubjectId;
 import org.apache.geronimo.security.deploy.DefaultPrincipal;
 import org.apache.geronimo.security.util.ConfigurationUtil;
-import org.mortbay.http.*;
-import org.mortbay.jetty.servlet.FormAuthenticator;
-import org.mortbay.jetty.servlet.ServletHttpRequest;
-
-import javax.security.auth.Subject;
-import javax.security.jacc.PolicyContext;
-import javax.security.jacc.WebResourcePermission;
-import javax.security.jacc.WebUserDataPermission;
-import java.io.IOException;
-import java.security.AccessControlContext;
-import java.security.AccessControlException;
-import java.security.PermissionCollection;
-import java.security.Principal;
-import java.util.Map;
 
 
 /**
@@ -52,7 +56,6 @@
     private final int webAppContextIndex;
     private final String policyContextID;
     private final static ThreadLocal currentWebAppContext = new ThreadLocal();
-    private final Map roleDesignates;
     private final JAASJettyPrincipal defaultPrincipal;
 
     private final String formLoginPath;
@@ -71,9 +74,9 @@
                                       Authenticator authenticator,
                                       PermissionCollection checkedPermissions,
                                       PermissionCollection excludedPermissions,
-                                      Map roleDesignates,
                                       JAASJettyRealm realm,
-                                      ClassLoader classLoader) {
+                                      ClassLoader classLoader)
+    {
         assert realm != null;
         assert authenticator != null;
 
@@ -83,7 +86,6 @@
         this.policyContextID = policyContextID;
 
         this.defaultPrincipal = generateDefaultPrincipal(defaultPrincipal, classLoader);
-        this.roleDesignates = roleDesignates;
         this.checked = checkedPermissions;
         this.excludedPermissions = excludedPermissions;
 
@@ -153,14 +155,6 @@
         return (SecurityContextBeforeAfter) currentWebAppContext.get();
     }
 
-    public static Subject getCurrentRoleDesignate(String role) {
-        return getCurrentSecurityInterceptor().getRoleDesignate(role);
-    }
-
-    private Subject getRoleDesignate(String roleName) {
-        return (Subject) roleDesignates.get(roleName);
-    }
-
     //security check methods, delegated from WebAppContext
 
     /**
@@ -183,16 +177,7 @@
 
         try {
             ServletHttpRequest servletHttpRequest = (ServletHttpRequest) request.getWrapper();
-            String transportType;
-            if (request.isConfidential()) {
-                transportType = "CONFIDENTIAL";
-            } else if (request.isIntegral()) {
-                transportType = "INTEGRAL";
-            } else {
-                transportType = "NONE";
-            }
-            WebUserDataPermission wudp = new WebUserDataPermission(servletHttpRequest.getServletPath()
+ (servletHttpRequest.getPathInfo() == null ? "" : servletHttpRequest.getPathInfo()),
-                                                                   new String[]{servletHttpRequest.getMethod()},
transportType);
+            WebUserDataPermission wudp = new WebUserDataPermission(servletHttpRequest);
             WebResourcePermission webResourcePermission = new WebResourcePermission(servletHttpRequest);
             Principal user = obtainUser(pathInContext, request, response, webResourcePermission,
wudp);
 
@@ -269,7 +254,8 @@
         /**
          * No authentication is required.  Return the defaultPrincipal.
          */
-        ContextManager.setCurrentCaller(defaultPrincipal.getSubject());
+        //TODO use run-as as nextCaller if present
+        ContextManager.setCallers(defaultPrincipal.getSubject(), defaultPrincipal.getSubject());
         return defaultPrincipal;
     }
 

Modified: geronimo/branches/1.1.1/modules/tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1.1/modules/tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java?rev=431930&r1=431929&r2=431930&view=diff
==============================================================================
--- geronimo/branches/1.1.1/modules/tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java
(original)
+++ geronimo/branches/1.1.1/modules/tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java
Wed Aug 16 08:57:27 2006
@@ -112,7 +112,7 @@
         if (subject == null)
             return super.hasUserDataPermission(request, response, constraints);
 
-        ContextManager.setCurrentCaller(subject);
+        ContextManager.setCallers(subject, subject);
 
         try {
 
@@ -121,14 +121,7 @@
             /**
              * JACC v1.0 secion 4.1.1
              */
-            String transportType;
-            if (request.isSecure()) {
-                transportType = "CONFIDENTIAL";
-                //What about INTEGRAL?? Does Tomcat support it??
-            } else {
-                transportType = "NONE";
-            }
-            WebUserDataPermission wudp = new WebUserDataPermission(request.getServletPath()
+ (request.getPathInfo() == null ? "" : request.getPathInfo()), new String[]{request.getMethod()},
transportType);
+            WebUserDataPermission wudp = new WebUserDataPermission(request);
             acc.checkPermission(wudp);
 
         } catch (AccessControlException ace) {
@@ -192,7 +185,8 @@
             return request.isSecure();
 
         } else {
-            ContextManager.setCurrentCaller(((JAASTomcatPrincipal) principal).getSubject());
+            Subject currentCaller = ((JAASTomcatPrincipal) principal).getSubject();
+            ContextManager.setCallers(currentCaller, currentCaller);
         }
 
         try {
@@ -238,7 +232,8 @@
         }
 
         //Set the caller
-        ContextManager.setCurrentCaller(((JAASTomcatPrincipal) principal).getSubject());
+        Subject currentCaller = ((JAASTomcatPrincipal) principal).getSubject();
+        ContextManager.setCallers(currentCaller, currentCaller);
 
         AccessControlContext acc = ContextManager.getCurrentContext();
 
@@ -337,7 +332,7 @@
                       return (null);
                   }
 
-                  ContextManager.setCurrentCaller(subject);
+                  ContextManager.setCallers(subject, subject);
 
               } catch (AccountExpiredException e) {
                   if (log.isDebugEnabled())



Mime
View raw message