geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r794752 [2/3] - in /geronimo/server/trunk/plugins/tomcat: geronimo-tomcat6-builder/src/test/java/org/apache/geronimo/tomcat/deployment/ geronimo-tomcat6-builder/src/test/resources/deployables/war4/WEB-INF/ geronimo-tomcat6/src/main/java/org...
Date Thu, 16 Jul 2009 17:03:51 GMT
Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/ServerAuthException.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/ServerAuthException.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/ServerAuthException.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/TomcatAuthStatus.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/TomcatAuthStatus.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/TomcatAuthStatus.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/TomcatAuthStatus.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,30 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat.security;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public enum TomcatAuthStatus {
+
+    SUCCESS, SEND_SUCCESS, SEND_CONTINUE, SEND_FAILURE, FAILURE
+    
+}

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/TomcatAuthStatus.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/TomcatAuthStatus.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/TomcatAuthStatus.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/UserIdentity.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/UserIdentity.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/UserIdentity.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/UserIdentity.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,32 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat.security;
+
+import javax.security.auth.Subject;
+import java.security.Principal;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public interface UserIdentity {
+    Principal getUserPrincipal();
+    Subject getSubject();
+}

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/UserIdentity.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/UserIdentity.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/UserIdentity.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/BasicAuthenticator.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/BasicAuthenticator.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/BasicAuthenticator.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/BasicAuthenticator.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,142 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat.security.authentication;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.apache.catalina.util.Base64;
+import org.apache.geronimo.tomcat.security.AuthResult;
+import org.apache.geronimo.tomcat.security.TomcatAuthStatus;
+import org.apache.geronimo.tomcat.security.Authenticator;
+import org.apache.geronimo.tomcat.security.LoginService;
+import org.apache.geronimo.tomcat.security.ServerAuthException;
+import org.apache.geronimo.tomcat.security.UserIdentity;
+import org.apache.tomcat.util.buf.ByteChunk;
+import org.apache.tomcat.util.buf.CharChunk;
+import org.apache.tomcat.util.buf.MessageBytes;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class BasicAuthenticator implements Authenticator {
+    private static final byte[] AUTHENTICATE_BYTES = {
+        (byte) 'W',
+        (byte) 'W',
+        (byte) 'W',
+        (byte) '-',
+        (byte) 'A',
+        (byte) 'u',
+        (byte) 't',
+        (byte) 'h',
+        (byte) 'e',
+        (byte) 'n',
+        (byte) 't',
+        (byte) 'i',
+        (byte) 'c',
+        (byte) 'a',
+        (byte) 't',
+        (byte) 'e'
+    };
+
+
+    private final LoginService loginService;
+    private final String realmName;
+    private final UserIdentity unauthenticatedIdentity;
+
+    public BasicAuthenticator(LoginService loginService, String realmName, UserIdentity unauthenticatedIdentity) {
+        this.loginService = loginService;
+        this.realmName = realmName;
+        this.unauthenticatedIdentity = unauthenticatedIdentity;
+    }
+
+    public AuthResult validateRequest(Request request, Response response, boolean isAuthMandatory) throws ServerAuthException {
+        // Validate any credentials already included with this request
+        String username = null;
+        String password = null;
+
+        MessageBytes authorization =
+            request.getCoyoteRequest().getMimeHeaders()
+            .getValue("authorization");
+
+        if (authorization != null) {
+            authorization.toBytes();
+            ByteChunk authorizationBC = authorization.getByteChunk();
+            if (authorizationBC.startsWithIgnoreCase("basic ", 0)) {
+                authorizationBC.setOffset(authorizationBC.getOffset() + 6);
+                // FIXME: Add trimming
+                // authorizationBC.trim();
+
+                CharChunk authorizationCC = authorization.getCharChunk();
+                Base64.decode(authorizationBC, authorizationCC);
+
+                // Get username and password
+                int colon = authorizationCC.indexOf(':');
+                if (colon < 0) {
+                    username = authorizationCC.toString();
+                } else {
+                    char[] buf = authorizationCC.getBuffer();
+                    username = new String(buf, 0, colon);
+                    password = new String(buf, colon + 1,
+                            authorizationCC.getEnd() - colon - 1);
+                }
+
+                authorizationBC.setOffset(authorizationBC.getOffset() - 6);
+            }
+
+            UserIdentity userIdentity = loginService.login(username, password);
+            if (userIdentity != null) {
+                return new AuthResult(TomcatAuthStatus.SUCCESS, userIdentity);
+            }
+        }
+
+
+        // Send an "unauthorized" response and an appropriate challenge
+        if (isAuthMandatory) {
+            try {
+                MessageBytes authenticate =
+                        response.getCoyoteResponse().getMimeHeaders()
+                        .addValue(AUTHENTICATE_BYTES, 0, AUTHENTICATE_BYTES.length);
+                CharChunk authenticateCC = authenticate.getCharChunk();
+                authenticateCC.append("Basic realm=\"");
+                authenticateCC.append(realmName);
+                authenticateCC.append('\"');
+                authenticate.toChars();
+                response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+                return new AuthResult(TomcatAuthStatus.SEND_CONTINUE, null);
+            } catch (IOException e) {
+                throw new ServerAuthException(e);
+            }
+        }
+        return new AuthResult(TomcatAuthStatus.SUCCESS, unauthenticatedIdentity);
+    }
+
+    public boolean secureResponse(Request request, Response response, AuthResult authResult) {
+        return true;
+    }
+
+    public String getAuthType() {
+        return "BASIC";
+    }
+}
\ No newline at end of file

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/BasicAuthenticator.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/BasicAuthenticator.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/BasicAuthenticator.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/ClientCertAuthenticator.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/ClientCertAuthenticator.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/ClientCertAuthenticator.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/ClientCertAuthenticator.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,106 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat.security.authentication;
+
+import java.security.cert.X509Certificate;
+import java.security.Principal;
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.geronimo.tomcat.security.Authenticator;
+import org.apache.geronimo.tomcat.security.AuthResult;
+import org.apache.geronimo.tomcat.security.ServerAuthException;
+import org.apache.geronimo.tomcat.security.UserIdentity;
+import org.apache.geronimo.tomcat.security.LoginService;
+import org.apache.geronimo.tomcat.security.TomcatAuthStatus;
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.apache.catalina.Globals;
+import org.apache.catalina.authenticator.Constants;
+import org.apache.catalina.util.StringManager;
+import org.apache.catalina.util.Base64;
+import org.apache.coyote.ActionCode;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class ClientCertAuthenticator implements Authenticator {
+
+    protected static final StringManager sm =
+        StringManager.getManager(Constants.Package);
+
+    private final LoginService loginService;
+    private final UserIdentity unauthenticatedIdentity;
+
+    public ClientCertAuthenticator(LoginService loginService, UserIdentity unauthenticatedIdentity) {
+        this.loginService = loginService;
+        this.unauthenticatedIdentity = unauthenticatedIdentity;
+    }
+
+    public AuthResult validateRequest(Request request, Response response, boolean isAuthMandatory) throws ServerAuthException {
+        X509Certificate certs[] = (X509Certificate[])
+            request.getAttribute(Globals.CERTIFICATES_ATTR);
+        if ((certs == null) || (certs.length < 1)) {
+            request.getCoyoteRequest().action
+                              (ActionCode.ACTION_REQ_SSL_CERTIFICATE, null);
+            certs = (X509Certificate[])
+                request.getAttribute(Globals.CERTIFICATES_ATTR);
+        }
+        try {
+            if ((certs == null) || (certs.length < 1)) {
+                if (isAuthMandatory) {
+                    response.sendError(HttpServletResponse.SC_BAD_REQUEST,
+                                   sm.getString("authenticator.certificates"));
+                    return new AuthResult(TomcatAuthStatus.SEND_FAILURE, null);
+                } else {
+                    return new AuthResult(TomcatAuthStatus.SUCCESS, unauthenticatedIdentity);
+                }
+            }
+
+            // Authenticate the specified certificate chain
+            //TODO almost certainly wrong
+            Principal p = certs[0].getSubjectDN();
+            byte[] sig = certs[0].getSignature();
+            String cred = new String(Base64.encode(sig));
+            UserIdentity userIdentity = loginService.login(p.getName(), cred);
+            if (userIdentity != null) {
+                return new AuthResult(TomcatAuthStatus.SUCCESS, userIdentity);
+            }
+            if (isAuthMandatory) {
+                response.sendError(HttpServletResponse.SC_UNAUTHORIZED,
+                                   sm.getString("authenticator.unauthorized"));
+                return new AuthResult(TomcatAuthStatus.SEND_CONTINUE, null);
+            }
+        } catch (IOException e) {
+            throw new ServerAuthException(e);
+        }
+        return new AuthResult(TomcatAuthStatus.SUCCESS, unauthenticatedIdentity);
+    }
+
+    public boolean secureResponse(Request request, Response response, AuthResult authResult) throws ServerAuthException {
+        return true;
+    }
+
+    public String getAuthType() {
+        return "CLIENT-CERT";
+    }
+}

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/ClientCertAuthenticator.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/ClientCertAuthenticator.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/ClientCertAuthenticator.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/DigestAuthenticator.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/DigestAuthenticator.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/DigestAuthenticator.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/DigestAuthenticator.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,323 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat.security.authentication;
+
+import java.io.IOException;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.StringTokenizer;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.apache.catalina.util.MD5Encoder;
+import org.apache.geronimo.tomcat.security.AuthResult;
+import org.apache.geronimo.tomcat.security.TomcatAuthStatus;
+import org.apache.geronimo.tomcat.security.Authenticator;
+import org.apache.geronimo.tomcat.security.LoginService;
+import org.apache.geronimo.tomcat.security.ServerAuthException;
+import org.apache.geronimo.tomcat.security.UserIdentity;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class DigestAuthenticator implements Authenticator {
+
+    private static final MD5Encoder md5Encoder = new MD5Encoder();
+    /**
+     * MD5 message digest provider.
+     */
+    private static final MessageDigest md5Helper;
+
+    static {
+        try {
+            md5Helper = MessageDigest.getInstance("MD5");
+        } catch (NoSuchAlgorithmException e) {
+            throw new IllegalStateException(e);
+        }
+
+    }
+
+    /**
+     * Private key.
+     */
+    private static final String key = "Catalina";
+
+    private final LoginService loginService;
+    private final String realmName;
+    private final UserIdentity unauthenticatedIdentity;
+
+    public DigestAuthenticator(LoginService loginService, String realmName, UserIdentity unauthenticatedIdentity) {
+        this.loginService = loginService;
+        this.realmName = realmName;
+        this.unauthenticatedIdentity = unauthenticatedIdentity;
+    }
+
+    public AuthResult validateRequest(Request request, Response response, boolean isAuthMandatory) throws ServerAuthException {
+        String authorization = request.getHeader("authorization");
+        if (authorization != null) {
+            UserIdentity userIdentity = findPrincipal(request, authorization);
+            if (userIdentity != null) {
+                return new AuthResult(TomcatAuthStatus.SUCCESS, userIdentity);
+            }
+        }
+
+
+
+        // Send an "unauthorized" response and an appropriate challenge
+
+        // Next, generate a nOnce token (that is a token which is supposed
+        // to be unique).
+        if (isAuthMandatory) {
+            String nOnce = generateNOnce(request);
+
+            setAuthenticateHeader(response, nOnce);
+            try {
+                response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+            } catch (IOException e) {
+                throw new ServerAuthException(e);
+            }
+            return new AuthResult(TomcatAuthStatus.SEND_CONTINUE, null);
+        }
+        return new AuthResult(TomcatAuthStatus.SUCCESS, unauthenticatedIdentity);
+
+    }
+
+    public boolean secureResponse(Request request, Response response, AuthResult authResult) throws ServerAuthException {
+        return true;
+    }
+
+    public String getAuthType() {
+        return "DIGEST";
+    }
+
+    /**
+     * Parse the specified authorization credentials, and return the
+     * associated Principal that these credentials authenticate (if any)
+     * from the specified Realm.  If there is no such Principal, return
+     * <code>null</code>.
+     *
+     * @param request       HTTP servlet request
+     * @param authorization Authorization credentials from this request
+     */
+    protected UserIdentity findPrincipal(Request request,
+                                             String authorization) {
+
+        //System.out.println("Authorization token : " + authorization);
+        // Validate the authorization credentials format
+        if (authorization == null)
+            return (null);
+        if (!authorization.startsWith("Digest "))
+            return (null);
+        authorization = authorization.substring(7).trim();
+
+        // Bugzilla 37132: http://issues.apache.org/bugzilla/show_bug.cgi?id=37132
+        String[] tokens = authorization.split(",(?=(?:[^\"]*\"[^\"]*\")+$)");
+
+        String userName = null;
+        String realmName = null;
+        String nOnce = null;
+        String nc = null;
+        String cnonce = null;
+        String qop = null;
+        String uri = null;
+        String response = null;
+        String method = request.getMethod();
+
+        for (int i = 0; i < tokens.length; i++) {
+            String currentToken = tokens[i];
+            if (currentToken.length() == 0)
+                continue;
+
+            int equalSign = currentToken.indexOf('=');
+            if (equalSign < 0)
+                return null;
+            String currentTokenName =
+                    currentToken.substring(0, equalSign).trim();
+            String currentTokenValue =
+                    currentToken.substring(equalSign + 1).trim();
+            if ("username".equals(currentTokenName))
+                userName = removeQuotes(currentTokenValue);
+            if ("realm".equals(currentTokenName))
+                realmName = removeQuotes(currentTokenValue, true);
+            if ("nonce".equals(currentTokenName))
+                nOnce = removeQuotes(currentTokenValue);
+            if ("nc".equals(currentTokenName))
+                nc = removeQuotes(currentTokenValue);
+            if ("cnonce".equals(currentTokenName))
+                cnonce = removeQuotes(currentTokenValue);
+            if ("qop".equals(currentTokenName))
+                qop = removeQuotes(currentTokenValue);
+            if ("uri".equals(currentTokenName))
+                uri = removeQuotes(currentTokenValue);
+            if ("response".equals(currentTokenName))
+                response = removeQuotes(currentTokenValue);
+        }
+
+        if ((userName == null) || (realmName == null) || (nOnce == null)
+                || (uri == null) || (response == null))
+            return null;
+
+        // Second MD5 digest used to calculate the digest :
+        // MD5(Method + ":" + uri)
+        String a2 = method + ":" + uri;
+        //System.out.println("A2:" + a2);
+
+        byte[] buffer = null;
+        synchronized (md5Helper) {
+            buffer = md5Helper.digest(a2.getBytes());
+        }
+        String md5a2 = md5Encoder.encode(buffer);
+
+        //TODO this is totally wrong
+        return loginService.login(userName, md5a2);
+
+    }
+
+
+    /**
+     * Parse the username from the specified authorization string.  If none
+     * can be identified, return <code>null</code>
+     *
+     * @param authorization Authorization string to be parsed
+     */
+    protected String parseUsername(String authorization) {
+
+        //System.out.println("Authorization token : " + authorization);
+        // Validate the authorization credentials format
+        if (authorization == null)
+            return (null);
+        if (!authorization.startsWith("Digest "))
+            return (null);
+        authorization = authorization.substring(7).trim();
+
+        StringTokenizer commaTokenizer =
+                new StringTokenizer(authorization, ",");
+
+        while (commaTokenizer.hasMoreTokens()) {
+            String currentToken = commaTokenizer.nextToken();
+            int equalSign = currentToken.indexOf('=');
+            if (equalSign < 0)
+                return null;
+            String currentTokenName =
+                    currentToken.substring(0, equalSign).trim();
+            String currentTokenValue =
+                    currentToken.substring(equalSign + 1).trim();
+            if ("username".equals(currentTokenName))
+                return (removeQuotes(currentTokenValue));
+        }
+
+        return (null);
+
+    }
+
+
+    /**
+     * Removes the quotes on a string. RFC2617 states quotes are optional for
+     * all parameters except realm.
+     */
+    protected static String removeQuotes(String quotedString,
+                                         boolean quotesRequired) {
+        //support both quoted and non-quoted
+        if (quotedString.length() > 0 && quotedString.charAt(0) != '"' &&
+                !quotesRequired) {
+            return quotedString;
+        } else if (quotedString.length() > 2) {
+            return quotedString.substring(1, quotedString.length() - 1);
+        } else {
+            return new String();
+        }
+    }
+
+    /**
+     * Removes the quotes on a string.
+     */
+    protected static String removeQuotes(String quotedString) {
+        return removeQuotes(quotedString, false);
+    }
+
+    /**
+     * Generate a unique token. The token is generated according to the
+     * following pattern. NOnceToken = Base64 ( MD5 ( client-IP ":"
+     * time-stamp ":" private-key ) ).
+     *
+     * @param request HTTP Servlet request
+     */
+    protected String generateNOnce(Request request) {
+
+        long currentTime = System.currentTimeMillis();
+
+        String nOnceValue = request.getRemoteAddr() + ":" +
+                currentTime + ":" + key;
+
+        byte[] buffer = null;
+        synchronized (md5Helper) {
+            buffer = md5Helper.digest(nOnceValue.getBytes());
+        }
+        nOnceValue = md5Encoder.encode(buffer);
+
+        return nOnceValue;
+    }
+
+
+    /**
+     * Generates the WWW-Authenticate header.
+     * <p/>
+     * The header MUST follow this template :
+     * <pre>
+     *      WWW-Authenticate    = "WWW-Authenticate" ":" "Digest"
+     *                            digest-challenge
+     * <p/>
+     *      digest-challenge    = 1#( realm | [ domain ] | nOnce |
+     *                  [ digest-opaque ] |[ stale ] | [ algorithm ] )
+     * <p/>
+     *      realm               = "realm" "=" realm-value
+     *      realm-value         = quoted-string
+     *      domain              = "domain" "=" <"> 1#URI <">
+     *      nonce               = "nonce" "=" nonce-value
+     *      nonce-value         = quoted-string
+     *      opaque              = "opaque" "=" quoted-string
+     *      stale               = "stale" "=" ( "true" | "false" )
+     *      algorithm           = "algorithm" "=" ( "MD5" | token )
+     * </pre>
+     *
+     * @param response HTTP Servlet response
+     * @param nOnce    nonce token
+     */
+    protected void setAuthenticateHeader(
+            Response response,
+            String nOnce) {
+
+        // Get the realm name
+        byte[] buffer;
+        synchronized (md5Helper) {
+            buffer = md5Helper.digest(nOnce.getBytes());
+        }
+
+        String authenticateHeader = "Digest realm=\"" + realmName + "\", "
+                + "qop=\"auth\", nonce=\"" + nOnce + "\", " + "opaque=\""
+                + md5Encoder.encode(buffer) + "\"";
+        response.setHeader("WWW-Authenticate", authenticateHeader);
+
+    }
+
+}

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/DigestAuthenticator.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/DigestAuthenticator.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/DigestAuthenticator.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/FormAuthenticator.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/FormAuthenticator.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/FormAuthenticator.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/FormAuthenticator.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,437 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat.security.authentication;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Iterator;
+import java.util.Locale;
+import java.util.Enumeration;
+
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.Cookie;
+import javax.servlet.RequestDispatcher;
+
+import org.apache.geronimo.tomcat.security.Authenticator;
+import org.apache.geronimo.tomcat.security.AuthResult;
+import org.apache.geronimo.tomcat.security.ServerAuthException;
+import org.apache.geronimo.tomcat.security.LoginService;
+import org.apache.geronimo.tomcat.security.UserIdentity;
+import org.apache.geronimo.tomcat.security.TomcatAuthStatus;
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.apache.catalina.authenticator.Constants;
+import org.apache.catalina.authenticator.SavedRequest;
+import org.apache.catalina.Session;
+import org.apache.catalina.util.StringManager;
+import org.apache.tomcat.util.buf.MessageBytes;
+import org.apache.tomcat.util.buf.CharChunk;
+import org.apache.tomcat.util.buf.ByteChunk;
+import org.apache.tomcat.util.http.MimeHeaders;
+import org.apache.coyote.ActionCode;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class FormAuthenticator implements Authenticator {
+    protected static final StringManager sm =
+            StringManager.getManager(Constants.Package);
+
+    private final LoginService loginService;
+    private final UserIdentity unauthenticatedIdentity;
+    private final String loginPage;
+    private final String erroryPage;
+
+    public FormAuthenticator(LoginService loginService, UserIdentity unauthenticatedIdentity, String loginPage, String erroryPage) {
+        this.loginService = loginService;
+        this.unauthenticatedIdentity = unauthenticatedIdentity;
+        this.loginPage = loginPage;
+        this.erroryPage = erroryPage;
+    }
+
+    public AuthResult validateRequest(Request request, Response response, boolean isAuthMandatory) throws ServerAuthException {
+        try {
+            Session session = request.getSessionInternal(isAuthMandatory);
+            if (session == null) {
+                //default identity??
+                return new AuthResult(TomcatAuthStatus.SUCCESS, null);
+            }
+            if (matchRequest(request, session)) {
+                //            if (log.isDebugEnabled())
+                //                log.debug("Restore request from session '"
+                //                          + session.getIdInternal()
+                //                          + "'");
+//                UserIdentity userIdentity = (UserIdentity)
+//                        session.getNote(Constants.FORM_PRINCIPAL_NOTE);
+                //            register(request, response, principal, Constants.FORM_METHOD,
+                //                     (String) session.getNote(Constants.SESS_USERNAME_NOTE),
+                //                     (String) session.getNote(Constants.SESS_PASSWORD_NOTE));
+                //             If we're caching principals we no longer need the username
+                // and password in the session, so remove them
+                //            if (cache) {
+                //                session.removeNote(Constants.SESS_USERNAME_NOTE);
+                //                session.removeNote(Constants.SESS_PASSWORD_NOTE);
+                //            }
+                if (!restoreRequest(request, session)) {
+//                    if (log.isDebugEnabled())
+//                        log.debug("Proceed to restored request");
+//                    return new AuthResult(TomcatAuthStatus.SUCCESS, userIdentity);
+//                } else {
+//                    if (log.isDebugEnabled())
+//                        log.debug("Restore of original request failed");
+                    response.sendError(HttpServletResponse.SC_BAD_REQUEST);
+                    return new AuthResult(TomcatAuthStatus.SEND_FAILURE, null);
+                }
+            }
+            UserIdentity userIdentity = (UserIdentity) session.getNote(Constants.FORM_PRINCIPAL_NOTE);
+            if (userIdentity != null) {
+                return new AuthResult(TomcatAuthStatus.SUCCESS, userIdentity);
+            }
+
+            //we have not yet completed authentication.
+            // Acquire references to objects we will need to evaluate
+            MessageBytes uriMB = MessageBytes.newInstance();
+            CharChunk uriCC = uriMB.getCharChunk();
+            uriCC.setLimit(-1);
+            String contextPath = request.getContextPath();
+            String requestURI = request.getDecodedRequestURI();
+            response.setContext(request.getContext());
+
+            // Is this the action request from the login page?
+            boolean loginAction =
+                    requestURI.startsWith(contextPath) &&
+                            requestURI.endsWith(Constants.FORM_ACTION);
+
+            // No -- Save this request and redirect to the form login page
+            if (!loginAction) {
+//                session = request.getSessionInternal(true);
+//                if (log.isDebugEnabled())
+//                    log.debug("Save request in session '" + session.getIdInternal() + "'");
+                if (!isAuthMandatory) {
+                    return new AuthResult(TomcatAuthStatus.SUCCESS, null);
+                }
+                try {
+                    saveRequest(request, session);
+                } catch (IOException ioe) {
+//                    log.debug("Request body too big to save during authentication");
+                    response.sendError(HttpServletResponse.SC_BAD_REQUEST,
+                            sm.getString("authenticator.requestBodyTooBig"));
+                    return new AuthResult(TomcatAuthStatus.SEND_FAILURE, null);
+                }
+                forwardToLoginPage(request, response);
+                return new AuthResult(TomcatAuthStatus.SEND_CONTINUE, unauthenticatedIdentity);
+            }
+
+            // Yes -- Validate the specified credentials and redirect
+            // to the error page if they are not correct
+//            if (characterEncoding != null) {
+//                request.setCharacterEncoding(characterEncoding);
+//            }
+            String username = request.getParameter(Constants.FORM_USERNAME);
+            String password = request.getParameter(Constants.FORM_PASSWORD);
+//            if (log.isDebugEnabled())
+//                log.debug("Authenticating username '" + username + "'");
+            userIdentity = loginService.login(username, password);
+            if (userIdentity == null) {
+//                if (isAuthMandatory) {
+                    forwardToErrorPage(request, response);
+                    //TODO right status?
+                    return new AuthResult(TomcatAuthStatus.SEND_FAILURE, unauthenticatedIdentity);
+//                } else {
+//                    userIdentity = unauthenticatedIdentity;
+//                }
+            }
+
+//            if (log.isDebugEnabled())
+//                log.debug("Authentication of '" + username + "' was successful");
+
+            if (session == null)
+                session = request.getSessionInternal(false);
+            if (session == null) {
+//                if (containerLog.isDebugEnabled())
+//                    containerLog.debug
+//                        ("User took so long to log on the session expired");
+                response.sendError(HttpServletResponse.SC_REQUEST_TIMEOUT,
+                        sm.getString("authenticator.sessionExpired"));
+                return new AuthResult(TomcatAuthStatus.SEND_FAILURE, unauthenticatedIdentity);
+            }
+
+            // Save the authenticated Principal in our session
+            session.setNote(Constants.FORM_PRINCIPAL_NOTE, userIdentity);
+
+            // Save the username and password as well
+            session.setNote(Constants.SESS_USERNAME_NOTE, username);
+            session.setNote(Constants.SESS_PASSWORD_NOTE, password);
+
+            // Redirect the user to the original request URI (which will cause
+            // the original request to be restored)
+            requestURI = savedRequestURL(session);
+//            if (log.isDebugEnabled())
+//                log.debug("Redirecting to original '" + requestURI + "'");
+            if (requestURI == null) {
+                response.sendError(HttpServletResponse.SC_BAD_REQUEST,
+                        sm.getString("authenticator.formlogin"));
+                return new AuthResult(TomcatAuthStatus.SEND_FAILURE, null);
+            } else {
+                response.sendRedirect(response.encodeRedirectURL(requestURI));
+                return new AuthResult(TomcatAuthStatus.SEND_CONTINUE, userIdentity);
+            }
+        } catch (IOException e) {
+            throw new ServerAuthException(e);
+        }
+
+    }
+
+    public boolean secureResponse(Request request, Response response, AuthResult authResult) throws ServerAuthException {
+        return true;
+    }
+
+    public String getAuthType() {
+        return "FORM";
+    }
+
+    /**
+     * Called to forward to the login page
+     *
+     * @param request  Request we are processing
+     * @param response Response we are creating
+     */
+    protected void forwardToLoginPage(Request request, Response response) {
+        RequestDispatcher disp = request.getRequestDispatcher(loginPage);
+        try {
+            disp.forward(request.getRequest(), response.getResponse());
+            response.finishResponse();
+        } catch (Throwable t) {
+//            log.warn("Unexpected error forwarding to login page", t);
+        }
+    }
+
+
+    /**
+     * Called to forward to the error page
+     *
+     * @param request  Request we are processing
+     * @param response Response we are creating
+     */
+    protected void forwardToErrorPage(Request request, Response response) {
+        RequestDispatcher disp = request.getRequestDispatcher(erroryPage);
+        try {
+            disp.forward(request.getRequest(), response.getResponse());
+            response.finishResponse();
+        } catch (Throwable t) {
+//            log.warn("Unexpected error forwarding to error page", t);
+        }
+    }
+
+
+    /**
+     * Does this request match the saved one (so that it must be the redirect
+     * we signalled after successful authentication?
+     *
+     * @param request The request to be verified
+     * @param session
+     */
+    protected boolean matchRequest(Request request, Session session) {
+
+        // Is there a saved request?
+        SavedRequest sreq = (SavedRequest)
+                session.getNote(Constants.FORM_REQUEST_NOTE);
+        if (sreq == null)
+            return (false);
+
+        // Is there a saved principal?
+        if (session.getNote(Constants.FORM_PRINCIPAL_NOTE) == null)
+            return (false);
+
+        // Does the request URI match?
+        String requestURI = request.getRequestURI();
+        if (requestURI == null)
+            return (false);
+        return (requestURI.equals(sreq.getRequestURI()));
+
+    }
+
+
+    /**
+     * Restore the original request from information stored in our session.
+     * If the original request is no longer present (because the session
+     * timed out), return <code>false</code>; otherwise, return
+     * <code>true</code>.
+     *
+     * @param request The request to be restored
+     * @param session The session containing the saved information
+     */
+    protected boolean restoreRequest(Request request, Session session)
+            throws IOException {
+
+        // Retrieve and remove the SavedRequest object from our session
+        SavedRequest saved = (SavedRequest)
+                session.getNote(Constants.FORM_REQUEST_NOTE);
+        session.removeNote(Constants.FORM_REQUEST_NOTE);
+//        session.removeNote(Constants.FORM_PRINCIPAL_NOTE);
+        if (saved == null)
+            return (false);
+
+        // Modify our current request to reflect the original one
+        request.clearCookies();
+        Iterator cookies = saved.getCookies();
+        while (cookies.hasNext()) {
+            request.addCookie((Cookie) cookies.next());
+        }
+
+        MimeHeaders rmh = request.getCoyoteRequest().getMimeHeaders();
+        rmh.recycle();
+        boolean cachable = "GET".equalsIgnoreCase(saved.getMethod()) ||
+                "HEAD".equalsIgnoreCase(saved.getMethod());
+        Iterator names = saved.getHeaderNames();
+        while (names.hasNext()) {
+            String name = (String) names.next();
+            // The browser isn't expecting this conditional response now.
+            // Assuming that it can quietly recover from an unexpected 412.
+            // BZ 43687
+            if (!("If-Modified-Since".equalsIgnoreCase(name) ||
+                    (cachable && "If-None-Match".equalsIgnoreCase(name)))) {
+                Iterator values = saved.getHeaderValues(name);
+                while (values.hasNext()) {
+                    rmh.addValue(name).setString((String) values.next());
+                }
+            }
+        }
+
+        request.clearLocales();
+        Iterator locales = saved.getLocales();
+        while (locales.hasNext()) {
+            request.addLocale((Locale) locales.next());
+        }
+
+        request.getCoyoteRequest().getParameters().recycle();
+
+        if ("POST".equalsIgnoreCase(saved.getMethod())) {
+            ByteChunk body = saved.getBody();
+
+            if (body != null) {
+                request.getCoyoteRequest().action
+                        (ActionCode.ACTION_REQ_SET_BODY_REPLAY, body);
+
+                // Set content type
+                MessageBytes contentType = MessageBytes.newInstance();
+
+                //If no content type specified, use default for POST
+                String savedContentType = saved.getContentType();
+                if (savedContentType == null) {
+                    savedContentType = "application/x-www-form-urlencoded";
+                }
+
+                contentType.setString(savedContentType);
+                request.getCoyoteRequest().setContentType(contentType);
+            }
+        }
+        request.getCoyoteRequest().method().setString(saved.getMethod());
+
+        request.getCoyoteRequest().queryString().setString
+                (saved.getQueryString());
+
+        request.getCoyoteRequest().requestURI().setString
+                (saved.getRequestURI());
+        return (true);
+
+    }
+
+
+    /**
+     * Save the original request information into our session.
+     *
+     * @param request The request to be saved
+     * @param session The session to contain the saved information
+     * @throws IOException
+     */
+    protected void saveRequest(Request request, Session session)
+            throws IOException {
+
+        // Create and populate a SavedRequest object for this request
+        SavedRequest saved = new SavedRequest();
+        Cookie cookies[] = request.getCookies();
+        if (cookies != null) {
+            for (int i = 0; i < cookies.length; i++)
+                saved.addCookie(cookies[i]);
+        }
+        Enumeration names = request.getHeaderNames();
+        while (names.hasMoreElements()) {
+            String name = (String) names.nextElement();
+            Enumeration values = request.getHeaders(name);
+            while (values.hasMoreElements()) {
+                String value = (String) values.nextElement();
+                saved.addHeader(name, value);
+            }
+        }
+        Enumeration locales = request.getLocales();
+        while (locales.hasMoreElements()) {
+            Locale locale = (Locale) locales.nextElement();
+            saved.addLocale(locale);
+        }
+
+        if ("POST".equalsIgnoreCase(request.getMethod())) {
+            ByteChunk body = new ByteChunk();
+            body.setLimit(request.getConnector().getMaxSavePostSize());
+
+            byte[] buffer = new byte[4096];
+            int bytesRead;
+            InputStream is = request.getInputStream();
+
+            while ((bytesRead = is.read(buffer)) >= 0) {
+                body.append(buffer, 0, bytesRead);
+            }
+            saved.setContentType(request.getContentType());
+            saved.setBody(body);
+        }
+
+        saved.setMethod(request.getMethod());
+        saved.setQueryString(request.getQueryString());
+        saved.setRequestURI(request.getRequestURI());
+
+        // Stash the SavedRequest in our session for later use
+        session.setNote(Constants.FORM_REQUEST_NOTE, saved);
+
+    }
+
+
+    /**
+     * Return the request URI (with the corresponding query string, if any)
+     * from the saved request so that we can redirect to it.
+     *
+     * @param session Our current session
+     */
+    protected String savedRequestURL(Session session) {
+
+        SavedRequest saved =
+                (SavedRequest) session.getNote(Constants.FORM_REQUEST_NOTE);
+        if (saved == null)
+            return (null);
+        StringBuffer sb = new StringBuffer(saved.getRequestURI());
+        if (saved.getQueryString() != null) {
+            sb.append('?');
+            sb.append(saved.getQueryString());
+        }
+        return (sb.toString());
+
+    }
+
+}

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/FormAuthenticator.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/FormAuthenticator.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/FormAuthenticator.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/NoneAuthenticator.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/NoneAuthenticator.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/NoneAuthenticator.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/NoneAuthenticator.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat.security.authentication;
+
+import org.apache.geronimo.tomcat.security.Authenticator;
+import org.apache.geronimo.tomcat.security.AuthResult;
+import org.apache.geronimo.tomcat.security.ServerAuthException;
+import org.apache.geronimo.tomcat.security.TomcatAuthStatus;
+import org.apache.geronimo.tomcat.security.UserIdentity;
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class NoneAuthenticator implements Authenticator {
+
+    private final AuthResult unauthenticated;
+
+    public NoneAuthenticator(UserIdentity unauthenticatedIdentity) {
+        unauthenticated = new AuthResult(TomcatAuthStatus.SUCCESS, unauthenticatedIdentity);
+    }
+
+    public AuthResult validateRequest(Request request, Response response, boolean isAuthMandatory) throws ServerAuthException {
+        return unauthenticated;
+    }
+
+    public boolean secureResponse(Request request, Response response, AuthResult authResult) throws ServerAuthException {
+        return true;
+    }
+
+    public String getAuthType() {
+        return "NONE";
+    }
+}

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/NoneAuthenticator.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/NoneAuthenticator.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/NoneAuthenticator.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicAuthenticator.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicAuthenticator.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicAuthenticator.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicAuthenticator.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,140 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat.security.authentication.jaspic;
+
+import java.util.Map;
+import java.util.Set;
+import java.util.Arrays;
+import java.security.Principal;
+
+import javax.security.auth.message.config.ServerAuthContext;
+import javax.security.auth.message.config.ServerAuthConfig;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.callback.CallerPrincipalCallback;
+import javax.security.auth.message.callback.GroupPrincipalCallback;
+import javax.security.auth.Subject;
+
+import org.apache.geronimo.tomcat.security.Authenticator;
+import org.apache.geronimo.tomcat.security.AuthResult;
+import org.apache.geronimo.tomcat.security.ServerAuthException;
+import org.apache.geronimo.tomcat.security.TomcatAuthStatus;
+import org.apache.geronimo.tomcat.security.UserIdentity;
+import org.apache.geronimo.tomcat.security.IdentityService;
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class JaspicAuthenticator implements Authenticator {
+    private static final String MESSAGE_INFO_KEY = "org.apache.geronimo.tomcat.jaspic.message.info";
+
+    private final ServerAuthConfig serverAuthConfig;
+    private final Map authProperties;
+    private final Subject serviceSubject;
+    private final JaspicCallbackHandler callbackHandler;
+    private final IdentityService identityService;
+
+    public JaspicAuthenticator(ServerAuthConfig serverAuthConfig, Map authProperties, Subject serviceSubject, JaspicCallbackHandler callbackHandler, IdentityService identityService) {
+        this.serverAuthConfig = serverAuthConfig;
+        this.authProperties = authProperties;
+        this.serviceSubject = serviceSubject;
+        this.callbackHandler = callbackHandler;
+        this.identityService = identityService;
+    }
+
+    public AuthResult validateRequest(Request request, Response response, boolean isAuthMandatory) throws ServerAuthException {
+        try {
+            MessageInfo messageInfo = new JaspicMessageInfo(request, response, isAuthMandatory);
+            request.setNote(MESSAGE_INFO_KEY, messageInfo);
+            String authContextId = serverAuthConfig.getAuthContextID(messageInfo);
+            ServerAuthContext authContext = serverAuthConfig.getAuthContext(authContextId, serviceSubject, authProperties);
+            Subject clientSubject = new Subject();
+
+            AuthStatus authStatus = authContext.validateRequest(messageInfo, clientSubject, serviceSubject);
+            if (authStatus == AuthStatus.SEND_CONTINUE)
+                return new AuthResult(TomcatAuthStatus.SEND_CONTINUE, null);
+            if (authStatus == AuthStatus.SEND_FAILURE)
+                return new AuthResult(TomcatAuthStatus.SEND_FAILURE, null);
+
+            if (authStatus == AuthStatus.SUCCESS) {
+                Set<UserIdentity> ids = clientSubject.getPrivateCredentials(UserIdentity.class);
+                UserIdentity userIdentity;
+                if (ids.size() > 0) {
+                    userIdentity = ids.iterator().next();
+                } else {
+                    CallerPrincipalCallback principalCallback = callbackHandler.getThreadCallerPrincipalCallback();
+                    if (principalCallback == null) throw new NullPointerException("No CallerPrincipalCallback");
+                    Principal principal = principalCallback.getPrincipal();
+                    if (principal == null) {
+                        String principalName = principalCallback.getName();
+                        Set<Principal> principals = principalCallback.getSubject().getPrincipals();
+                        for (Principal p : principals) {
+                            if (p.getName().equals(principalName)) {
+                                principal = p;
+                                break;
+                            }
+                        }
+                        if (principal == null) {
+                            //TODO not clear what to do here.
+                            return new AuthResult(TomcatAuthStatus.SUCCESS, null);
+                        }
+                    }
+                    GroupPrincipalCallback groupPrincipalCallback = callbackHandler.getThreadGroupPrincipalCallback();
+                    String[] groups = groupPrincipalCallback == null ? null : groupPrincipalCallback.getGroups();
+                    userIdentity = identityService.newUserIdentity(clientSubject, principal, Arrays.asList(groups));
+                }
+                return new AuthResult(TomcatAuthStatus.SUCCESS, userIdentity);
+            }
+            if (authStatus == AuthStatus.SEND_SUCCESS) {
+                //we are processing a message in a secureResponse dialog.
+                return new AuthResult(TomcatAuthStatus.SEND_SUCCESS, null);
+            }
+            //should not happen
+            throw new NullPointerException("No AuthStatus returned");
+        } catch (AuthException e) {
+            throw new ServerAuthException(e);
+        }
+    }
+
+    public boolean secureResponse(Request request, Response response, AuthResult authResult) throws ServerAuthException {
+        JaspicMessageInfo messageInfo = (JaspicMessageInfo)request.getNote(MESSAGE_INFO_KEY);
+        if (messageInfo==null) throw new NullPointerException("MeesageInfo from request missing: " + request);
+        try
+        {
+            String authContextId = serverAuthConfig.getAuthContextID(messageInfo);
+            ServerAuthContext authContext = serverAuthConfig.getAuthContext(authContextId,serviceSubject,authProperties);
+            // TODO authContext.cleanSubject(messageInfo,validatedUser.getUserIdentity().getSubject());
+            AuthStatus status = authContext.secureResponse(messageInfo,serviceSubject);
+            return (AuthStatus.SEND_SUCCESS.equals(status));
+        }
+        catch (AuthException e)
+        {
+            throw new ServerAuthException(e);
+        }
+    }
+
+    public String getAuthType() {
+        return "JASPIC";
+    }
+}

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicAuthenticator.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicAuthenticator.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicAuthenticator.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicCallbackHandler.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicCallbackHandler.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicCallbackHandler.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicCallbackHandler.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,95 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat.security.authentication.jaspic;
+
+import java.io.IOException;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.message.callback.CallerPrincipalCallback;
+import javax.security.auth.message.callback.GroupPrincipalCallback;
+import javax.security.auth.message.callback.PasswordValidationCallback;
+import javax.security.auth.message.callback.CertStoreCallback;
+import javax.security.auth.message.callback.PrivateKeyCallback;
+import javax.security.auth.message.callback.SecretKeyCallback;
+import javax.security.auth.message.callback.TrustStoreCallback;
+import javax.security.auth.Subject;
+
+import org.apache.geronimo.tomcat.security.LoginService;
+import org.apache.geronimo.tomcat.security.UserIdentity;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class JaspicCallbackHandler implements CallbackHandler {
+    private final LoginService loginService;
+
+    private final ThreadLocal<CallerPrincipalCallback> callerPrincipals = new ThreadLocal<CallerPrincipalCallback>();
+    private final ThreadLocal<GroupPrincipalCallback> groupPrincipals = new ThreadLocal<GroupPrincipalCallback>();
+
+    public JaspicCallbackHandler(LoginService loginService) {
+        this.loginService = loginService;
+    }
+
+    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+        for (Callback callback : callbacks) {
+            // jaspi to server communication
+            if (callback instanceof CallerPrincipalCallback) {
+                callerPrincipals.set((CallerPrincipalCallback) callback);
+            } else if (callback instanceof GroupPrincipalCallback) {
+                groupPrincipals.set((GroupPrincipalCallback) callback);
+            } else if (callback instanceof PasswordValidationCallback) {
+                PasswordValidationCallback passwordValidationCallback = (PasswordValidationCallback) callback;
+                Subject subject = passwordValidationCallback.getSubject();
+
+                UserIdentity user = loginService.login(passwordValidationCallback.getUsername(), new String(passwordValidationCallback.getPassword()));
+
+                if (user != null) {
+                    passwordValidationCallback.setResult(true);
+                    passwordValidationCallback.getSubject().getPrincipals().addAll(user.getSubject().getPrincipals());
+                    passwordValidationCallback.getSubject().getPrivateCredentials().add(user);
+                }
+            }
+            // server to jaspi communication
+            // TODO implement these
+            else if (callback instanceof CertStoreCallback) {
+            } else if (callback instanceof PrivateKeyCallback) {
+            } else if (callback instanceof SecretKeyCallback) {
+            } else if (callback instanceof TrustStoreCallback) {
+            } else {
+                throw new UnsupportedCallbackException(callback);
+            }
+        }
+    }
+
+    public CallerPrincipalCallback getThreadCallerPrincipalCallback() {
+        CallerPrincipalCallback callerPrincipalCallback = callerPrincipals.get();
+        callerPrincipals.remove();
+        return callerPrincipalCallback;
+    }
+
+    public GroupPrincipalCallback getThreadGroupPrincipalCallback() {
+        GroupPrincipalCallback groupPrincipalCallback = groupPrincipals.get();
+        groupPrincipals.remove();
+        return groupPrincipalCallback;
+    }
+}

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicCallbackHandler.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicCallbackHandler.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicCallbackHandler.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicMessageInfo.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicMessageInfo.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicMessageInfo.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicMessageInfo.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,73 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat.security.authentication.jaspic;
+
+import java.util.Map;
+import java.util.HashMap;
+
+import javax.security.auth.message.MessageInfo;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class JaspicMessageInfo implements MessageInfo {
+    private static final String MANDATORY_KEY = "javax.security.auth.message.MessagePolicy.isMandatory";
+
+    private final Map map = new HashMap();
+    private HttpServletRequest request;
+    private HttpServletResponse response;
+
+    public JaspicMessageInfo() {
+    }
+
+    public JaspicMessageInfo(Request request, Response response, boolean authMandatory) {
+        this.request = request;
+        this.response = response;
+        map.put(MANDATORY_KEY, authMandatory);
+    }
+
+    public Map getMap() {
+        return map;
+    }
+
+    public Object getRequestMessage() {
+        return request;
+    }
+
+    public Object getResponseMessage() {
+        return response;
+    }
+
+    public void setRequestMessage(Object request) {
+        if (!(request instanceof HttpServletRequest)) throw new IllegalArgumentException("Request in not a servlet request but " + request.getClass().getName());
+        this.request = (HttpServletRequest) request;
+    }
+
+    public void setResponseMessage(Object response) {
+        if (!(response instanceof HttpServletResponse)) throw new IllegalArgumentException("response in not a servlet response but " + response.getClass().getName());
+        this.response = (HttpServletResponse) response;
+    }
+}

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicMessageInfo.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicMessageInfo.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/jaspic/JaspicMessageInfo.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoIdentityService.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoIdentityService.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoIdentityService.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoIdentityService.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,52 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat.security.impl;
+
+import java.security.Principal;
+import java.security.AccessControlContext;
+import java.util.List;
+
+import javax.security.auth.Subject;
+
+import org.apache.geronimo.tomcat.security.IdentityService;
+import org.apache.geronimo.tomcat.security.UserIdentity;
+import org.apache.geronimo.tomcat.security.jacc.JACCUserIdentity;
+import org.apache.geronimo.security.ContextManager;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class GeronimoIdentityService implements IdentityService {
+    public Object associate(UserIdentity userIdentity) {
+        Subject subject = userIdentity == null? ContextManager.EMPTY: userIdentity.getSubject();
+        ContextManager.setCallers(subject, subject);
+        return null;
+    }
+
+    public void dissociate(Object previous) {
+        ContextManager.clearCallers();
+    }
+
+    public UserIdentity newUserIdentity(Subject subject, Principal userPrincipal, List<String> groups) {
+        AccessControlContext acc = ContextManager.registerSubjectShort(subject, userPrincipal, groups);
+        return new JACCUserIdentity(subject, userPrincipal, groups, acc);
+    }
+}

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoIdentityService.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoIdentityService.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoIdentityService.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoLoginService.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoLoginService.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoLoginService.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoLoginService.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,64 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat.security.impl;
+
+import java.security.Principal;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.Subject;
+
+import org.apache.geronimo.tomcat.security.LoginService;
+import org.apache.geronimo.tomcat.security.UserIdentity;
+import org.apache.geronimo.tomcat.security.IdentityService;
+import org.apache.geronimo.security.jaas.ConfigurationFactory;
+import org.apache.geronimo.security.realm.providers.PasswordCallbackHandler;
+import org.apache.geronimo.security.ContextManager;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class GeronimoLoginService implements LoginService {
+
+    private final ConfigurationFactory configurationFactory;
+    private final IdentityService identityService;
+
+    public GeronimoLoginService(ConfigurationFactory configurationFactory, IdentityService identityService) {
+        this.configurationFactory = configurationFactory;
+        this.identityService = identityService;
+    }
+
+    public UserIdentity login(String userName, String password) {
+        CallbackHandler callbackHandler = new PasswordCallbackHandler(userName, password.toCharArray());
+        try {
+            LoginContext loginContext = ContextManager.login(configurationFactory.getConfigurationName(), callbackHandler, configurationFactory.getConfiguration());
+            Subject establishedSubject = loginContext.getSubject();
+            Principal userPrincipal = ContextManager.getCurrentPrincipal(establishedSubject);
+            return identityService.newUserIdentity(establishedSubject, userPrincipal, null);
+        } catch (LoginException e) {
+            return null;
+        }
+    }
+
+    public void logout(UserIdentity userIdentity) {
+    }
+}

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoLoginService.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoLoginService.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoLoginService.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCAuthorizer.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCAuthorizer.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCAuthorizer.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCAuthorizer.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,80 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat.security.jacc;
+
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.Realm;
+import org.apache.geronimo.tomcat.security.Authorizer;
+import org.apache.geronimo.tomcat.security.AuthResult;
+import org.apache.geronimo.tomcat.security.UserIdentity;
+
+import javax.security.jacc.WebUserDataPermission;
+import javax.security.jacc.WebResourcePermission;
+import java.security.AccessControlContext;
+import java.security.AccessControlException;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class JACCAuthorizer implements Authorizer {
+
+    private final AccessControlContext defaultACC;
+
+    public JACCAuthorizer(AccessControlContext defaultACC) {
+        this.defaultACC = defaultACC;
+    }
+
+    public Object getConstraints(Request request) {
+        return null;
+    }
+
+    public boolean hasUserDataPermissions(Request request, Object constraints) {
+        try {
+            defaultACC.checkPermission(new WebUserDataPermission(request));
+            return true;
+        } catch (AccessControlException e) {
+            return false;
+        }
+    }
+
+    public boolean isAuthMandatory(Request request, Object constraints) {
+        try {
+            defaultACC.checkPermission(new WebResourcePermission(request));
+            return false;
+        } catch (AccessControlException e) {
+            return true;
+        }
+    }
+
+    public boolean hasResourcePermissions(Request request, AuthResult authResult, Object constraints, UserIdentity userIdentity) {
+        if (!(userIdentity instanceof JACCUserIdentity)) {
+            return false;
+        }
+
+        AccessControlContext acc = ((JACCUserIdentity)userIdentity).getAccessControlContext();
+        try {
+            acc.checkPermission(new WebResourcePermission(request));
+            return true;
+        } catch (AccessControlException e) {
+            return false;
+        }
+    }
+}

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCAuthorizer.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCAuthorizer.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCAuthorizer.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCEJBWebServiceAuthorizer.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCEJBWebServiceAuthorizer.java?rev=794752&view=auto
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCEJBWebServiceAuthorizer.java (added)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCEJBWebServiceAuthorizer.java Thu Jul 16 17:03:50 2009
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.geronimo.tomcat.security.jacc;
+
+import java.security.AccessControlContext;
+
+import org.apache.catalina.connector.Request;
+import org.apache.geronimo.tomcat.security.AuthResult;
+import org.apache.geronimo.tomcat.security.UserIdentity;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class JACCEJBWebServiceAuthorizer extends JACCAuthorizer {
+
+    public JACCEJBWebServiceAuthorizer(AccessControlContext defaultACC) {
+        super(defaultACC);
+    }
+
+    @Override
+    public boolean hasResourcePermissions(Request request, AuthResult authResult, Object constraints, UserIdentity userIdentity) {
+        return true;
+    }
+    
+}

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCEJBWebServiceAuthorizer.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCEJBWebServiceAuthorizer.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/jacc/JACCEJBWebServiceAuthorizer.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain



Mime
View raw message