geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r670236 - in /geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src: main/java/org/apache/geronimo/tomcat/interceptor/ main/java/org/apache/geronimo/tomcat/listener/ main/java/org/apache/geronimo/tomcat/realm/ test/java/org/apache/geron...
Date Sat, 21 Jun 2008 17:39:11 GMT
Author: djencks
Date: Sat Jun 21 10:39:10 2008
New Revision: 670236

URL: http://svn.apache.org/viewvc?rev=670236&view=rev
Log:
GERONIMO-4124 clean up jacc usage

Modified:
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/listener/DispatchListener.java
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java
    geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/JACCSecurityTest.java

Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java?rev=670236&r1=670235&r2=670236&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java
(original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/interceptor/PolicyContextBeforeAfter.java
Sat Jun 21 10:39:10 2008
@@ -72,6 +72,7 @@
 
         //Replace the old
         PolicyContext.setContextID((String)context[policyContextIDIndex]);
+        PolicyContext.setHandlerData(httpRequest);
         ContextManager.popCallers((Callers) context[callersIndex]);
         if (httpRequest != null)
             httpRequest.setAttribute(DEFAULT_SUBJECT, context[defaultSubjectIndex]);

Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/listener/DispatchListener.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/listener/DispatchListener.java?rev=670236&r1=670235&r2=670236&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/listener/DispatchListener.java
(original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/listener/DispatchListener.java
Sat Jun 21 10:39:10 2008
@@ -38,8 +38,8 @@
 
     private static final Logger log = LoggerFactory.getLogger(DispatchListener.class);
 
-    private static ThreadLocal currentContext = new ThreadLocal() {
-        protected Object initialValue() {
+    private static ThreadLocal<Stack<Object[]>> currentContext = new ThreadLocal<Stack<Object[]>>()
{
+        protected Stack<Object[]> initialValue() {
             return new Stack<Object[]>();
         }
     };
@@ -65,7 +65,7 @@
 
         BeforeAfter beforeAfter = webContext.getBeforeAfter();
         if (beforeAfter != null) {
-            Stack<Object[]> stack = (Stack<Object[]>) currentContext.get();
+            Stack<Object[]> stack = currentContext.get();
             Object context[] = new Object[webContext.getContextCount() + 1];
             String wrapperName = getWrapperName(request, webContext);
             context[webContext.getContextCount()] = TomcatGeronimoRealm.setRequestWrapperName(wrapperName);
@@ -80,8 +80,8 @@
 
         BeforeAfter beforeAfter = webContext.getBeforeAfter();
         if (beforeAfter != null) {
-            Stack stack = (Stack) currentContext.get();
-            Object context[] = (Object[]) stack.pop();
+            Stack<Object[]> stack = currentContext.get();
+            Object context[] = stack.pop();
 
             beforeAfter.after(context, request, response, BeforeAfter.DISPATCHED);
 

Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java?rev=670236&r1=670235&r2=670236&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java
(original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java
Sat Jun 21 10:39:10 2008
@@ -29,8 +29,6 @@
 import javax.security.auth.login.FailedLoginException;
 import javax.security.auth.login.LoginContext;
 import javax.security.auth.login.LoginException;
-import javax.security.jacc.PolicyContext;
-import javax.security.jacc.PolicyContextException;
 import javax.security.jacc.WebResourcePermission;
 import javax.security.jacc.WebRoleRefPermission;
 import javax.security.jacc.WebUserDataPermission;
@@ -42,14 +40,13 @@
 import org.apache.catalina.deploy.LoginConfig;
 import org.apache.catalina.deploy.SecurityConstraint;
 import org.apache.catalina.realm.JAASRealm;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.apache.geronimo.security.ContextManager;
-import org.apache.geronimo.security.jacc.PolicyContextHandlerContainerSubject;
 import org.apache.geronimo.security.realm.providers.CertificateChainCallbackHandler;
 import org.apache.geronimo.security.realm.providers.PasswordCallbackHandler;
 import org.apache.geronimo.tomcat.JAASTomcatPrincipal;
 import org.apache.geronimo.tomcat.interceptor.PolicyContextBeforeAfter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 /**
  * This class adapts the tomcat framework to use JACC security.
@@ -96,25 +93,7 @@
                                          SecurityConstraint[] constraints)
             throws IOException {
 
-        //Get an authenticated subject, if there is one
-        Subject subject = null;
-        try {
-
-            //We will use the PolicyContextHandlerContainerSubject.HANDLER_KEY to see if
a user
-            //has authenticated, since a request.getUserPrincipal() will not pick up the
user
-            //unless its using a cached session.
-            subject = (Subject) PolicyContext.getContext(PolicyContextHandlerContainerSubject.HANDLER_KEY);
-
-        } catch (PolicyContextException e) {
-            log.error("Failed to get subject from context", e);
-        }
-
-        //If nothing has authenticated yet, do the normal
-        if (subject == null)
-            return super.hasUserDataPermission(request, response, constraints);
-
-        ContextManager.setCallers(subject, subject);
-
+        setSubject(request);
         try {
 
             AccessControlContext acc = ContextManager.getCurrentContext();
@@ -175,21 +154,11 @@
             }
         }
 
+        setSubject(request);
+
         //Set the current wrapper name (Servlet mapping)
         currentRequestWrapperName.set(request.getWrapper().getName());
 
-        // Which user principal have we already authenticated?
-        Principal principal = request.getUserPrincipal();
-
-        //If we have no principal, then we should use the default.
-        if (principal == null) {
-            Subject defaultSubject = (Subject) request.getAttribute(PolicyContextBeforeAfter.DEFAULT_SUBJECT);
-            ContextManager.setCallers(defaultSubject, defaultSubject);
-        } else {
-            Subject currentCaller = ((JAASTomcatPrincipal) principal).getSubject();
-            ContextManager.setCallers(currentCaller, currentCaller);
-        }
-
         try {
 
             AccessControlContext acc = ContextManager.getCurrentContext();
@@ -208,6 +177,18 @@
 
     }
 
+    private void setSubject(Request request) {
+        Principal principal = request.getUserPrincipal();
+        //If we have no principal, then we should use the default.
+        if (principal == null) {
+            Subject defaultSubject = (Subject) request.getAttribute(PolicyContextBeforeAfter.DEFAULT_SUBJECT);
+            ContextManager.setCallers(defaultSubject, defaultSubject);
+        } else {
+            Subject subject = ((JAASTomcatPrincipal) principal).getSubject();
+            ContextManager.setCallers(subject, subject);
+        }
+    }
+
     /**
      * Return <code>true</code> if the specified Principal has the specified
      * security role, within the context of this Realm; otherwise return
@@ -323,6 +304,7 @@
 
                 // Negotiate a login via this LoginContext
                 Subject subject = loginContext.getSubject();
+                //very iffy -- see if needed for basic auth
                 ContextManager.setCallers(subject, subject);
 
                 if (log.isDebugEnabled())

Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/JACCSecurityTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/JACCSecurityTest.java?rev=670236&r1=670235&r2=670236&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/JACCSecurityTest.java
(original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/JACCSecurityTest.java
Sat Jun 21 10:39:10 2008
@@ -75,19 +75,19 @@
 
         securityConfig.getRoleMappings().put(role.getRoleName(), role);
 
-        Map roleDesignates = new HashMap();
-        Map principalRoleMap = new HashMap();
+        Map<String, SubjectInfo> roleDesignates = new HashMap<String, SubjectInfo>();
+        Map<String, Set<Principal>> principalRoleMap = new HashMap<String,
Set<Principal>>();
         buildPrincipalRoleMap(securityConfig, roleDesignates, principalRoleMap);
 
         PermissionCollection uncheckedPermissions = new Permissions();
+        uncheckedPermissions.add(new WebUserDataPermission("/protected/*", ""));
 
         PermissionCollection excludedPermissions = new Permissions();
-        excludedPermissions.add(new WebResourcePermission("/auth/login.html", ""));
-        excludedPermissions.add(new WebUserDataPermission("/auth/login.html", ""));
+        uncheckedPermissions.add(new WebResourcePermission("/auth/logon.html", ""));
+        uncheckedPermissions.add(new WebUserDataPermission("/auth/logon.html", ""));
 
-        Map rolePermissions = new HashMap();
+        Map<String, PermissionCollection> rolePermissions = new HashMap<String,
PermissionCollection>();
         PermissionCollection permissions = new Permissions();
-        permissions.add(new WebUserDataPermission("/protected/*", ""));
         permissions.add(new WebResourcePermission("/protected/*", ""));
         rolePermissions.put("content-administrator", permissions);
         rolePermissions.put("auto-administrator", permissions);



Mime
View raw message