geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r657967 - in /geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas: ClassOptionLoginModule.java JaasLoginModuleUse.java
Date Mon, 19 May 2008 20:47:02 GMT
Author: djencks
Date: Mon May 19 13:47:01 2008
New Revision: 657967

URL: http://svn.apache.org/viewvc?rev=657967&view=rev
Log:
GERONIMO-3965 Supply the correct classloader for a login module by delegation

Added:
    geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/ClassOptionLoginModule.java
      - copied, changed from r657575, geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/WrappingLoginModule.java
Modified:
    geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/JaasLoginModuleUse.java

Copied: geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/ClassOptionLoginModule.java
(from r657575, geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/WrappingLoginModule.java)
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/ClassOptionLoginModule.java?p2=geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/ClassOptionLoginModule.java&p1=geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/WrappingLoginModule.java&r1=657575&r2=657967&rev=657967&view=diff
==============================================================================
--- geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/WrappingLoginModule.java
(original)
+++ geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/ClassOptionLoginModule.java
Mon May 19 13:47:01 2008
@@ -20,39 +20,29 @@
 
 package org.apache.geronimo.security.jaas;
 
-import java.security.Principal;
 import java.util.Arrays;
 import java.util.Collections;
-import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
-import java.util.Set;
 
 import javax.security.auth.Subject;
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.login.LoginException;
 import javax.security.auth.spi.LoginModule;
 
-import org.apache.geronimo.security.DomainPrincipal;
-import org.apache.geronimo.security.RealmPrincipal;
-
 /**
+ * This provides a workaround to the problem of the LoginContext not knowing what classloader
to use for creating LoginModules.
+ *
  * @version $Revision$ $Date$
  */
-public class WrappingLoginModule implements LoginModule {
+public class ClassOptionLoginModule implements LoginModule {
     public static final String CLASS_OPTION = WrappingLoginModule.class.getName() + ".LoginModuleClass";
-    public static final String DOMAIN_OPTION = WrappingLoginModule.class.getName() + ".DomainName";
-    public static final String REALM_OPTION = WrappingLoginModule.class.getName() + ".RealmName";
-    public static final List<String> supportedOptions = Collections.unmodifiableList(Arrays.asList(CLASS_OPTION,
DOMAIN_OPTION, REALM_OPTION));
-    private String loginDomainName;
-    private String realmName;
-    private final Subject localSubject = new Subject();
+    public static final List<String> supportedOptions = Collections.unmodifiableList(Arrays.asList(CLASS_OPTION));
     private Subject subject;
     private LoginModule delegate;
-    private final Set<Principal> wrapped = new HashSet<Principal>();
 
 
-    public WrappingLoginModule() {
+    public ClassOptionLoginModule() {
     }
 
     public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String,
?> sharedState, Map<String, ?> options) {
@@ -63,9 +53,7 @@
         } catch (Exception e) {
             throw new RuntimeException("Could not create login module instance", e);
         }
-        delegate.initialize(localSubject, callbackHandler, sharedState, options);
-        loginDomainName = (String) options.get(DOMAIN_OPTION);
-        realmName = (String) options.get(REALM_OPTION);
+        delegate.initialize(subject, callbackHandler, sharedState, options);
     }
 
     public boolean login() throws LoginException {
@@ -77,32 +65,10 @@
     }
 
     public boolean commit() throws LoginException {
-        boolean result = delegate.commit();
-
-        for (Principal principal: localSubject.getPrincipals()) {
-            wrapped.add(new DomainPrincipal(loginDomainName, principal));
-            wrapped.add(new RealmPrincipal(realmName, loginDomainName, principal));
-        }
-        subject.getPrincipals().addAll(wrapped);
-        subject.getPrincipals().addAll(localSubject.getPrincipals());
-        subject.getPrivateCredentials().addAll(localSubject.getPrivateCredentials());
-        subject.getPublicCredentials().addAll(localSubject.getPublicCredentials());
-        return result;
+        return delegate.commit();
     }
 
     public boolean logout() throws LoginException {
-        if(!subject.isReadOnly()) {
-            subject.getPrincipals().removeAll(wrapped);
-            subject.getPrincipals().removeAll(localSubject.getPrincipals());
-            subject.getPrivateCredentials().removeAll(localSubject.getPrivateCredentials());
-            subject.getPublicCredentials().removeAll(localSubject.getPublicCredentials());
-            wrapped.clear();
-        } else {
-            wrapped.clear();
-            localSubject.getPrincipals().clear();
-            localSubject.setReadOnly(); // This will ensure that credentails are destroyed
by the delegate's logout method
-        }
-        
         return delegate.logout();
     }
-}
+}
\ No newline at end of file

Modified: geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/JaasLoginModuleUse.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/JaasLoginModuleUse.java?rev=657967&r1=657966&r2=657967&view=diff
==============================================================================
--- geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/JaasLoginModuleUse.java
(original)
+++ geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/JaasLoginModuleUse.java
Mon May 19 13:47:01 2008
@@ -96,15 +96,15 @@
             options.put(CLASSLOADER_LM_OPTION, classLoader);
         }
         AppConfigurationEntry entry;
+        Class loginModuleClass;
+        loginModuleClass = classLoader.loadClass(loginModule.getLoginModuleClass());
+        options.put(WrappingLoginModule.CLASS_OPTION, loginModuleClass);
         if (loginModule.isWrapPrincipals()) {
-            Class loginModuleClass;
-            loginModuleClass = classLoader.loadClass(loginModule.getLoginModuleClass());
-            options.put(WrappingLoginModule.CLASS_OPTION, loginModuleClass);
             options.put(WrappingLoginModule.DOMAIN_OPTION, loginModule.getLoginDomainName());
             options.put(WrappingLoginModule.REALM_OPTION, realmName);
             entry = new AppConfigurationEntry(WrappingLoginModule.class.getName(), controlFlag.getFlag(),
options);
         } else {
-            entry = new AppConfigurationEntry(loginModule.getLoginModuleClass(), controlFlag.getFlag(),
options);
+            entry = new AppConfigurationEntry(ClassOptionLoginModule.class.getName(), controlFlag.getFlag(),
options);
         }
         if (loginModule.getLoginDomainName() != null) {
             if (domainNames.contains(loginModule.getLoginDomainName())) {



Mime
View raw message