geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vamsic...@apache.org
Subject svn commit: r599565 - in /geronimo/server: branches/2.0/modules/geronimo-connector/src/main/java/org/apache/geronimo/connector/outbound/security/ trunk/plugins/connector/geronimo-connector/src/main/java/org/apache/geronimo/connector/outbound/security/
Date Thu, 29 Nov 2007 20:02:27 GMT
Author: vamsic007
Date: Thu Nov 29 12:02:24 2007
New Revision: 599565

URL: http://svn.apache.org/viewvc?rev=599565&view=rev
Log:
GERONIMO-3652 Review CallerIdentityPasswordCredentialLoginModule
o logout() should remove principals and credentials when the subject is not read-only.
o Changes to bring CallerIdentityPasswordCredentialLoginModule in line with http://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/JAASLMDevGuide.html

Modified:
    geronimo/server/branches/2.0/modules/geronimo-connector/src/main/java/org/apache/geronimo/connector/outbound/security/CallerIdentityPasswordCredentialLoginModule.java
    geronimo/server/trunk/plugins/connector/geronimo-connector/src/main/java/org/apache/geronimo/connector/outbound/security/CallerIdentityPasswordCredentialLoginModule.java

Modified: geronimo/server/branches/2.0/modules/geronimo-connector/src/main/java/org/apache/geronimo/connector/outbound/security/CallerIdentityPasswordCredentialLoginModule.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.0/modules/geronimo-connector/src/main/java/org/apache/geronimo/connector/outbound/security/CallerIdentityPasswordCredentialLoginModule.java?rev=599565&r1=599564&r2=599565&view=diff
==============================================================================
--- geronimo/server/branches/2.0/modules/geronimo-connector/src/main/java/org/apache/geronimo/connector/outbound/security/CallerIdentityPasswordCredentialLoginModule.java
(original)
+++ geronimo/server/branches/2.0/modules/geronimo-connector/src/main/java/org/apache/geronimo/connector/outbound/security/CallerIdentityPasswordCredentialLoginModule.java
Thu Nov 29 12:02:24 2007
@@ -52,6 +52,8 @@
     private String resourcePrincipalName;
     private String userName;
     private char[] password;
+    private ResourcePrincipal resourcePrincipal;
+    private PasswordCredential passwordCredential;
 
     public void initialize(Subject subject, CallbackHandler callbackHandler,
             Map sharedState, Map options) {
@@ -88,21 +90,38 @@
         if (resourcePrincipalName == null || userName == null || password == null) {
             return false;
         }
-        subject.getPrincipals().add(new ResourcePrincipal(resourcePrincipalName));
-        PasswordCredential passwordCredential = new PasswordCredential(userName, password);
+        resourcePrincipal = new ResourcePrincipal(resourcePrincipalName);
+        subject.getPrincipals().add(resourcePrincipal);
+        passwordCredential = new PasswordCredential(userName, password);
         passwordCredential.setManagedConnectionFactory(managedConnectionFactory);
         subject.getPrivateCredentials().add(passwordCredential);
+        
+        // Clear private state
+        resourcePrincipalName = null;
+        userName = null;
+        password = null;
         return false;
     }
 
     public boolean abort() throws LoginException {
+        resourcePrincipalName = null;
         userName = null;
         password = null;
         return false;
     }
 
     public boolean logout() throws LoginException {
-        subject = null;
+        if(!subject.isReadOnly()) {
+            subject.getPrincipals().remove(resourcePrincipal);
+            subject.getPrivateCredentials().remove(passwordCredential);
+        }
+        
+        // TODO: Destroy the credential when subject is read-only.
+        resourcePrincipal = null;
+        passwordCredential = null;
+
+        // Clear private state
+        resourcePrincipalName = null;
         userName = null;
         password = null;
         return false;

Modified: geronimo/server/trunk/plugins/connector/geronimo-connector/src/main/java/org/apache/geronimo/connector/outbound/security/CallerIdentityPasswordCredentialLoginModule.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/connector/geronimo-connector/src/main/java/org/apache/geronimo/connector/outbound/security/CallerIdentityPasswordCredentialLoginModule.java?rev=599565&r1=599564&r2=599565&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/connector/geronimo-connector/src/main/java/org/apache/geronimo/connector/outbound/security/CallerIdentityPasswordCredentialLoginModule.java
(original)
+++ geronimo/server/trunk/plugins/connector/geronimo-connector/src/main/java/org/apache/geronimo/connector/outbound/security/CallerIdentityPasswordCredentialLoginModule.java
Thu Nov 29 12:02:24 2007
@@ -52,6 +52,8 @@
     private String resourcePrincipalName;
     private String userName;
     private char[] password;
+    private ResourcePrincipal resourcePrincipal;
+    private PasswordCredential passwordCredential;
 
     public void initialize(Subject subject, CallbackHandler callbackHandler,
             Map sharedState, Map options) {
@@ -88,21 +90,38 @@
         if (resourcePrincipalName == null || userName == null || password == null) {
             return false;
         }
-        subject.getPrincipals().add(new ResourcePrincipal(resourcePrincipalName));
-        PasswordCredential passwordCredential = new PasswordCredential(userName, password);
+        resourcePrincipal = new ResourcePrincipal(resourcePrincipalName);
+        subject.getPrincipals().add(resourcePrincipal);
+        passwordCredential = new PasswordCredential(userName, password);
         passwordCredential.setManagedConnectionFactory(managedConnectionFactory);
         subject.getPrivateCredentials().add(passwordCredential);
+        
+        // Clear private state
+        resourcePrincipalName = null;
+        userName = null;
+        password = null;
         return false;
     }
 
     public boolean abort() throws LoginException {
+        resourcePrincipalName = null;
         userName = null;
         password = null;
         return false;
     }
 
     public boolean logout() throws LoginException {
-        subject = null;
+        if(!subject.isReadOnly()) {
+            subject.getPrincipals().remove(resourcePrincipal);
+            subject.getPrivateCredentials().remove(passwordCredential);
+        }
+        
+        // TODO: Destroy the credential when subject is read-only.
+        resourcePrincipal = null;
+        passwordCredential = null;
+
+        // Clear private state
+        resourcePrincipalName = null;
         userName = null;
         password = null;
         return false;



Mime
View raw message