geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vamsic...@apache.org
Subject svn commit: r597730 - in /geronimo/server: branches/2.0/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/ trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/
Date Fri, 23 Nov 2007 20:16:43 GMT
Author: vamsic007
Date: Fri Nov 23 12:16:41 2007
New Revision: 597730

URL: http://svn.apache.org/viewvc?rev=597730&view=rev
Log:
GERONIMO-3625 Review WrappingLoginModule
o logout() should remove principals only when the subject is not read-only.
o logout() should remove/destroy credentials.
o Changes to bring WrappingLoginModule in line with http://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/JAASLMDevGuide.html

Modified:
    geronimo/server/branches/2.0/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/WrappingLoginModule.java
    geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/WrappingLoginModule.java

Modified: geronimo/server/branches/2.0/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/WrappingLoginModule.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.0/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/WrappingLoginModule.java?rev=597730&r1=597729&r2=597730&view=diff
==============================================================================
--- geronimo/server/branches/2.0/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/WrappingLoginModule.java
(original)
+++ geronimo/server/branches/2.0/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/WrappingLoginModule.java
Fri Nov 23 12:16:41 2007
@@ -49,6 +49,7 @@
     private final Subject localSubject = new Subject();
     private Subject subject;
     private LoginModule delegate;
+    private final Set<Principal> wrapped = new HashSet<Principal>();
 
 
     public WrappingLoginModule() {
@@ -78,12 +79,11 @@
     public boolean commit() throws LoginException {
         boolean result = delegate.commit();
 
-        Set<Principal> wrapped = new HashSet<Principal>();
         for (Principal principal: localSubject.getPrincipals()) {
             wrapped.add(new DomainPrincipal(loginDomainName, principal));
             wrapped.add(new RealmPrincipal(realmName, loginDomainName, principal));
         }
-        localSubject.getPrincipals().addAll(wrapped);
+        subject.getPrincipals().addAll(wrapped);
         subject.getPrincipals().addAll(localSubject.getPrincipals());
         subject.getPrivateCredentials().addAll(localSubject.getPrivateCredentials());
         subject.getPublicCredentials().addAll(localSubject.getPublicCredentials());
@@ -91,11 +91,18 @@
     }
 
     public boolean logout() throws LoginException {
-        subject.getPrincipals().removeAll(localSubject.getPrincipals());
-        boolean result = delegate.logout();
-                                             
-        localSubject.getPrincipals().clear();
-
-        return result;
+        if(!subject.isReadOnly()) {
+            subject.getPrincipals().removeAll(wrapped);
+            subject.getPrincipals().removeAll(localSubject.getPrincipals());
+            subject.getPrivateCredentials().removeAll(localSubject.getPrivateCredentials());
+            subject.getPublicCredentials().removeAll(localSubject.getPublicCredentials());
+            wrapped.clear();
+        } else {
+            wrapped.clear();
+            localSubject.getPrincipals().clear();
+            localSubject.setReadOnly(); // This will ensure that credentails are destroyed
by the delegate's logout method
+        }
+        
+        return delegate.logout();
     }
 }

Modified: geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/WrappingLoginModule.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/WrappingLoginModule.java?rev=597730&r1=597729&r2=597730&view=diff
==============================================================================
--- geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/WrappingLoginModule.java
(original)
+++ geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/WrappingLoginModule.java
Fri Nov 23 12:16:41 2007
@@ -49,6 +49,7 @@
     private final Subject localSubject = new Subject();
     private Subject subject;
     private LoginModule delegate;
+    private final Set<Principal> wrapped = new HashSet<Principal>();
 
 
     public WrappingLoginModule() {
@@ -78,12 +79,11 @@
     public boolean commit() throws LoginException {
         boolean result = delegate.commit();
 
-        Set<Principal> wrapped = new HashSet<Principal>();
         for (Principal principal: localSubject.getPrincipals()) {
             wrapped.add(new DomainPrincipal(loginDomainName, principal));
             wrapped.add(new RealmPrincipal(realmName, loginDomainName, principal));
         }
-        localSubject.getPrincipals().addAll(wrapped);
+        subject.getPrincipals().addAll(wrapped);
         subject.getPrincipals().addAll(localSubject.getPrincipals());
         subject.getPrivateCredentials().addAll(localSubject.getPrivateCredentials());
         subject.getPublicCredentials().addAll(localSubject.getPublicCredentials());
@@ -91,11 +91,18 @@
     }
 
     public boolean logout() throws LoginException {
-        subject.getPrincipals().removeAll(localSubject.getPrincipals());
-        boolean result = delegate.logout();
-                                             
-        localSubject.getPrincipals().clear();
-
-        return result;
+        if(!subject.isReadOnly()) {
+            subject.getPrincipals().removeAll(wrapped);
+            subject.getPrincipals().removeAll(localSubject.getPrincipals());
+            subject.getPrivateCredentials().removeAll(localSubject.getPrivateCredentials());
+            subject.getPublicCredentials().removeAll(localSubject.getPublicCredentials());
+            wrapped.clear();
+        } else {
+            wrapped.clear();
+            localSubject.getPrincipals().clear();
+            localSubject.setReadOnly(); // This will ensure that credentails are destroyed
by the delegate's logout method
+        }
+        
+        return delegate.logout();
     }
 }



Mime
View raw message