geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jgenen...@apache.org
Subject svn commit: r493193 - in /geronimo/server/branches/1.2/modules/geronimo-tomcat/src/main/java/org/apache/geronimo/tomcat: GeronimoStandardContext.java interceptor/PolicyContextBeforeAfter.java realm/TomcatGeronimoRealm.java
Date Fri, 05 Jan 2007 21:05:02 GMT
Author: jgenender
Date: Fri Jan  5 13:05:01 2007
New Revision: 493193

URL: http://svn.apache.org/viewvc?view=rev&rev=493193
Log:
GERONIMO-2695 - Use default principal when no authentication has occurred

Modified:
    geronimo/server/branches/1.2/modules/geronimo-tomcat/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java
    geronimo/server/branches/1.2/modules/geronimo-tomcat/src/main/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java
    geronimo/server/branches/1.2/modules/geronimo-tomcat/src/main/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java

Modified: geronimo/server/branches/1.2/modules/geronimo-tomcat/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/1.2/modules/geronimo-tomcat/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java?view=diff&rev=493193&r1=493192&r2=493193
==============================================================================
--- geronimo/server/branches/1.2/modules/geronimo-tomcat/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java
(original)
+++ geronimo/server/branches/1.2/modules/geronimo-tomcat/src/main/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java
Fri Jan  5 13:05:01 2007
@@ -42,6 +42,7 @@
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.geronimo.common.DeploymentException;
+import org.apache.geronimo.common.GeronimoSecurityException;
 import org.apache.geronimo.naming.enc.EnterpriseNamingContext;
 import org.apache.geronimo.security.ContextManager;
 import org.apache.geronimo.security.IdentificationPrincipal;
@@ -118,14 +119,15 @@
                  * Register our default subject with the ContextManager
                  */
                 DefaultPrincipal defaultPrincipal = securityHolder.getDefaultPrincipal();
-                if (defaultPrincipal != null) {
-                    defaultSubject = ConfigurationUtil.generateDefaultSubject(defaultPrincipal,
ctx.getClassLoader());
-                    ContextManager.registerSubject(defaultSubject);
-                    SubjectId id = ContextManager.getSubjectId(defaultSubject);
-                    defaultSubject.getPrincipals().add(new IdentificationPrincipal(id));
+                if (defaultPrincipal == null) {
+                    throw new GeronimoSecurityException("Unable to generate default principal");
                 }
+                defaultSubject = ConfigurationUtil.generateDefaultSubject(defaultPrincipal,
ctx.getClassLoader());
+                ContextManager.registerSubject(defaultSubject);
+                SubjectId id = ContextManager.getSubjectId(defaultSubject);
+                defaultSubject.getPrincipals().add(new IdentificationPrincipal(id));
 
-                interceptor = new PolicyContextBeforeAfter(interceptor, index++, index++,
securityHolder.getPolicyContextID());
+                interceptor = new PolicyContextBeforeAfter(interceptor, index++, index++,
index++, securityHolder.getPolicyContextID(), defaultSubject);
             }
         }
 

Modified: geronimo/server/branches/1.2/modules/geronimo-tomcat/src/main/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/1.2/modules/geronimo-tomcat/src/main/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java?view=diff&rev=493193&r1=493192&r2=493193
==============================================================================
--- geronimo/server/branches/1.2/modules/geronimo-tomcat/src/main/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java
(original)
+++ geronimo/server/branches/1.2/modules/geronimo-tomcat/src/main/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java
Fri Jan  5 13:05:01 2007
@@ -17,6 +17,7 @@
 package org.apache.geronimo.tomcat.interceptor;
 
 import javax.security.jacc.PolicyContext;
+import javax.security.auth.Subject;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 
@@ -25,20 +26,27 @@
 
 public class PolicyContextBeforeAfter implements BeforeAfter{
 
+    public static final String DEFAULT_SUBJECT = "~DEFAULT_SUBJECT";
+
     private final BeforeAfter next;
     private final String policyContextID;
     private final int policyContextIDIndex;
     private final int callersIndex;
+    private final int defaultSubjectIndex;
+    private final Subject defaultSubject;
 
-    public PolicyContextBeforeAfter(BeforeAfter next, int policyContextIDIndex, int callersIndex,
String policyContextID) {
+    public PolicyContextBeforeAfter(BeforeAfter next, int policyContextIDIndex, int callersIndex,
int defaultSubjectIndex, String policyContextID, Subject defaultSubject) {
         this.next = next;
         this.policyContextIDIndex = policyContextIDIndex;
         this.callersIndex = callersIndex;
+        this.defaultSubjectIndex = defaultSubjectIndex;
         this.policyContextID = policyContextID;
+        this.defaultSubject = defaultSubject;
     }
 
     public void before(Object[] context, ServletRequest httpRequest, ServletResponse httpResponse)
{
 
+
         //Save the old
 
         context[policyContextIDIndex] = PolicyContext.getContextID();
@@ -47,6 +55,10 @@
         //Set the new
         PolicyContext.setContextID(policyContextID);
         PolicyContext.setHandlerData(httpRequest);
+        if (httpRequest != null){
+            httpRequest.setAttribute(DEFAULT_SUBJECT, defaultSubject);
+            context[defaultSubjectIndex] = httpRequest.getAttribute(DEFAULT_SUBJECT);
+        }
 
         if (next != null) {
             next.before(context, httpRequest, httpResponse);
@@ -61,6 +73,8 @@
         //Replace the old
         PolicyContext.setContextID((String)context[policyContextIDIndex]);
         ContextManager.popCallers((Callers) context[callersIndex]);
+        if (httpRequest != null)
+            httpRequest.setAttribute(DEFAULT_SUBJECT, context[defaultSubjectIndex]);
     }
 
 }

Modified: geronimo/server/branches/1.2/modules/geronimo-tomcat/src/main/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/1.2/modules/geronimo-tomcat/src/main/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java?view=diff&rev=493193&r1=493192&r2=493193
==============================================================================
--- geronimo/server/branches/1.2/modules/geronimo-tomcat/src/main/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java
(original)
+++ geronimo/server/branches/1.2/modules/geronimo-tomcat/src/main/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java
Fri Jan  5 13:05:01 2007
@@ -31,6 +31,7 @@
 import org.apache.geronimo.security.realm.providers.CertificateChainCallbackHandler;
 import org.apache.geronimo.security.realm.providers.PasswordCallbackHandler;
 import org.apache.geronimo.tomcat.JAASTomcatPrincipal;
+import org.apache.geronimo.tomcat.interceptor.PolicyContextBeforeAfter;
 
 import javax.security.auth.Subject;
 import javax.security.auth.callback.CallbackHandler;
@@ -57,6 +58,7 @@
 
     private static final Log log = LogFactory.getLog(TomcatGeronimoRealm.class);
 
+
     private static ThreadLocal currentRequestWrapperName = new ThreadLocal();
 
     /**
@@ -182,7 +184,8 @@
 
         //If we have no principal, then we should use the default.
         if (principal == null) {
-            return request.isSecure();
+            Subject defaultSubject = (Subject)request.getAttribute(PolicyContextBeforeAfter.DEFAULT_SUBJECT);
+            ContextManager.setCallers(defaultSubject, defaultSubject);
 
         } else {
             Subject currentCaller = ((JAASTomcatPrincipal) principal).getSubject();



Mime
View raw message