geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ashishj...@apache.org
Subject svn commit: r958495 - in /geronimo/server/branches/2.1: framework/modules/geronimo-security/ framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/ plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geroni...
Date Mon, 28 Jun 2010 08:01:11 GMT
Author: ashishjain
Date: Mon Jun 28 08:01:10 2010
New Revision: 958495

URL: http://svn.apache.org/viewvc?rev=958495&view=rev
Log:
GERONIMO-5197 Add Geronimo own HTTP authenticator. Added a RequestCallbackHandler. Add header
authentication mechanism
for SiteminderHeaderHandler. As of now only header being utilized is SM_USER. Moving ahead
support will be added for other headers.

Added:
    geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/HeaderHandler.java
  (with props)
    geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/HeaderMismatchException.java
  (with props)
    geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/RequestCallback.java
  (with props)
    geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/RequestCallbackHandler.java
  (with props)
    geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SiteminderHeaderHandler.java
  (with props)
    geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/authenticator/
    geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/authenticator/GenericHeaderAuthenticator.java
  (with props)
    geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/resources/org/apache/geronimo/tomcat/GeronimoCustomAuthenticator.properties
  (with props)
Modified:
    geronimo/server/branches/2.1/framework/modules/geronimo-security/pom.xml
    geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatGeronimoEmbedded.java
    geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java

Modified: geronimo/server/branches/2.1/framework/modules/geronimo-security/pom.xml
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.1/framework/modules/geronimo-security/pom.xml?rev=958495&r1=958494&r2=958495&view=diff
==============================================================================
--- geronimo/server/branches/2.1/framework/modules/geronimo-security/pom.xml (original)
+++ geronimo/server/branches/2.1/framework/modules/geronimo-security/pom.xml Mon Jun 28 08:01:10
2010
@@ -56,6 +56,11 @@
             <groupId>org.apache.geronimo.specs</groupId>
             <artifactId>geronimo-jacc_1.1_spec</artifactId>
         </dependency>
+		
+        <dependency>
+            <groupId>org.apache.geronimo.specs</groupId>
+            <artifactId>geronimo-servlet_2.5_spec</artifactId>
+        </dependency>
         
         <dependency>
             <groupId>hsqldb</groupId>

Added: geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/HeaderHandler.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/HeaderHandler.java?rev=958495&view=auto
==============================================================================
--- geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/HeaderHandler.java
(added)
+++ geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/HeaderHandler.java
Mon Jun 28 08:01:10 2010
@@ -0,0 +1,10 @@
+package org.apache.geronimo.security.realm.providers;
+
+import java.util.Map;
+
+public interface HeaderHandler {
+    public String getUser(Map<String,String> headerMap);
+    public String getSession(Map<String,String> headerMap);
+    /* Add new methods as the work progresses */
+
+}

Propchange: geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/HeaderHandler.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/HeaderHandler.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/HeaderHandler.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/HeaderMismatchException.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/HeaderMismatchException.java?rev=958495&view=auto
==============================================================================
--- geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/HeaderMismatchException.java
(added)
+++ geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/HeaderMismatchException.java
Mon Jun 28 08:01:10 2010
@@ -0,0 +1,10 @@
+package org.apache.geronimo.security.realm.providers;
+
+public class HeaderMismatchException extends Exception {
+
+    public HeaderMismatchException(String hostName){
+        super("The request originated from Host " + 
+                hostName +
+                "does not have valid headers.");
+    }
+}

Propchange: geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/HeaderMismatchException.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/HeaderMismatchException.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/HeaderMismatchException.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/RequestCallback.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/RequestCallback.java?rev=958495&view=auto
==============================================================================
--- geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/RequestCallback.java
(added)
+++ geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/RequestCallback.java
Mon Jun 28 08:01:10 2010
@@ -0,0 +1,17 @@
+package org.apache.geronimo.security.realm.providers;
+
+import javax.security.auth.callback.Callback;
+import javax.servlet.http.HttpServletRequest;
+
+public class RequestCallback implements Callback {
+    private HttpServletRequest httpRequest;
+    
+    public HttpServletRequest getRequest(){
+        return httpRequest;
+    }
+    
+    public void setRequest(HttpServletRequest httpRequest){
+        this.httpRequest=httpRequest;
+    }
+
+}

Propchange: geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/RequestCallback.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/RequestCallback.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/RequestCallback.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/RequestCallbackHandler.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/RequestCallbackHandler.java?rev=958495&view=auto
==============================================================================
--- geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/RequestCallbackHandler.java
(added)
+++ geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/RequestCallbackHandler.java
Mon Jun 28 08:01:10 2010
@@ -0,0 +1,27 @@
+package org.apache.geronimo.security.realm.providers;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.servlet.http.HttpServletRequest;
+
+public class RequestCallbackHandler implements CallbackHandler{
+
+    HttpServletRequest httpRequest;
+    
+    public RequestCallbackHandler(HttpServletRequest httpRequest){
+        this.httpRequest=httpRequest;
+    }
+    
+    public void handle(Callback callbacks[]) throws UnsupportedCallbackException{
+        for (int i = 0; i < callbacks.length; i++) {
+            Callback callback = callbacks[i];
+            if (callback instanceof RequestCallback) {
+                RequestCallback rc = (RequestCallback) callback;
+                rc.setRequest(httpRequest);
+            } else {
+                throw new UnsupportedCallbackException(callback);
+            }
+        }
+    }
+}

Propchange: geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/RequestCallbackHandler.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/RequestCallbackHandler.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/RequestCallbackHandler.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SiteminderHeaderHandler.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SiteminderHeaderHandler.java?rev=958495&view=auto
==============================================================================
--- geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SiteminderHeaderHandler.java
(added)
+++ geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SiteminderHeaderHandler.java
Mon Jun 28 08:01:10 2010
@@ -0,0 +1,15 @@
+package org.apache.geronimo.security.realm.providers;
+
+import java.util.Map;
+
+public class SiteminderHeaderHandler implements HeaderHandler {
+      
+    public String getSession(Map<String,String> headerMap) {
+        return null;
+    }
+
+    public String getUser(Map<String, String> headerMap) {
+        String username=headerMap.get("SM_USER");
+        return username;
+    }
+}

Propchange: geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SiteminderHeaderHandler.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SiteminderHeaderHandler.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SiteminderHeaderHandler.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatGeronimoEmbedded.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatGeronimoEmbedded.java?rev=958495&r1=958494&r2=958495&view=diff
==============================================================================
--- geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatGeronimoEmbedded.java
(original)
+++ geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatGeronimoEmbedded.java
Mon Jun 28 08:01:10 2010
@@ -16,8 +16,16 @@
  */
 package org.apache.geronimo.tomcat;
 
+import java.io.IOException;
+import java.io.InputStream;
+import java.text.MessageFormat;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Properties;
 import org.apache.catalina.Context;
 import org.apache.catalina.Lifecycle;
+import org.apache.catalina.Valve;
 import org.apache.catalina.startup.ContextConfig;
 import org.apache.catalina.startup.Embedded;
 import org.apache.commons.logging.Log;
@@ -45,13 +53,42 @@ public class TomcatGeronimoEmbedded exte
         if (cl != null)
             context.setParentClassLoader(cl);
         
+        // Add WAS CE specific authenticators
+        InputStream is=this.getClass().getClassLoader().getResourceAsStream("org/apache/geronimo/tomcat/GeronimoCustomAuthenticator.properties");
+        Properties props= new Properties();
+        try {
+            props.load(is);
+        } catch (IOException e) {
+           log.error("Unable to access GeronimoCustomAuthenticator.properties",e );
+        }
+        Map<String,String> customAuthenticators= new HashMap<String,String>((Map)props);
+        Map<String,Valve> customAuthenticatorValves=new HashMap<String,Valve>();
+        Iterator iterator=customAuthenticators.keySet().iterator();
+        while(iterator.hasNext()){
+            Object key=iterator.next();
+            String value=customAuthenticators.get(key);
+            Class authenticatorClass=null;
+            Valve valve=null;
+            try {
+                authenticatorClass = Class.forName(value);
+            } catch (ClassNotFoundException e) {
+                log.error(MessageFormat.format("Unable to access class {0}",value),e);
+            }
+            try {
+                valve = (Valve)authenticatorClass.newInstance();
+            } catch (IllegalAccessException e) {
+                log.error(MessageFormat.format("Unable to create an instance of the class
{0}",value),e);
+            } catch (InstantiationException e) {
+                log.error(MessageFormat.format("Unable to access the constructor for the
class {0}",value),e);
+            }            
+            customAuthenticatorValves.put((String)key, valve);
+        }
         ContextConfig config = new ContextConfig();
-        config.setCustomAuthenticators(authenticators);
+        config.setCustomAuthenticators(customAuthenticatorValves);
         ((Lifecycle) context).addLifecycleListener(config);
 
         context.setDelegate(true);
         return (context);
-
     }
 
    public Context createEJBWebServiceContext(String contextPath, 

Added: geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/authenticator/GenericHeaderAuthenticator.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/authenticator/GenericHeaderAuthenticator.java?rev=958495&view=auto
==============================================================================
--- geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/authenticator/GenericHeaderAuthenticator.java
(added)
+++ geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/authenticator/GenericHeaderAuthenticator.java
Mon Jun 28 08:01:10 2010
@@ -0,0 +1,35 @@
+package org.apache.geronimo.tomcat.authenticator;
+
+import java.io.IOException;
+import java.security.Principal;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.catalina.authenticator.AuthenticatorBase;
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.apache.catalina.deploy.LoginConfig;
+import org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm;
+
+/*
+ * An Authenticator which utilizes HttpRequest to perform authentication. This authentication
+ * is non-interactive and does not require any user intervention.
+ */
+public class GenericHeaderAuthenticator extends AuthenticatorBase {
+   
+    private static final String GENERIC_METHOD="GENERIC";
+    protected boolean authenticate(Request request, Response response, LoginConfig config)
throws IOException {
+        HttpServletRequest httpRequest=request.getRequest(); 
+        Principal principal = request.getUserPrincipal();
+        if(context.getRealm() instanceof TomcatGeronimoRealm)
+        principal =((TomcatGeronimoRealm)context.getRealm()).authenticate(httpRequest);
+        if (principal != null) {
+            register(request, response, principal, GENERIC_METHOD,
+                     null, null);
+            return (true);
+        }
+        else
+            response.setStatus(401);
+        return false;
+    }
+}

Propchange: geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/authenticator/GenericHeaderAuthenticator.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/authenticator/GenericHeaderAuthenticator.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/authenticator/GenericHeaderAuthenticator.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java?rev=958495&r1=958494&r2=958495&view=diff
==============================================================================
--- geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java
(original)
+++ geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java
Mon Jun 28 08:01:10 2010
@@ -21,6 +21,8 @@ import java.security.AccessControlContex
 import java.security.AccessControlException;
 import java.security.Principal;
 import java.security.cert.X509Certificate;
+import java.text.MessageFormat;
+import java.util.Set;
 
 import javax.security.auth.Subject;
 import javax.security.auth.callback.CallbackHandler;
@@ -34,6 +36,7 @@ import javax.security.jacc.PolicyContext
 import javax.security.jacc.WebResourcePermission;
 import javax.security.jacc.WebRoleRefPermission;
 import javax.security.jacc.WebUserDataPermission;
+import javax.servlet.http.HttpServletRequest;
 
 import org.apache.catalina.Context;
 import org.apache.catalina.LifecycleException;
@@ -48,10 +51,10 @@ import org.apache.geronimo.security.Cont
 import org.apache.geronimo.security.jacc.PolicyContextHandlerContainerSubject;
 import org.apache.geronimo.security.realm.providers.CertificateChainCallbackHandler;
 import org.apache.geronimo.security.realm.providers.PasswordCallbackHandler;
+import org.apache.geronimo.security.realm.providers.RequestCallbackHandler;
 import org.apache.geronimo.tomcat.JAASTomcatPrincipal;
 import org.apache.geronimo.tomcat.interceptor.PolicyContextBeforeAfter;
 
-
 public class TomcatGeronimoRealm extends JAASRealm {
 
     private static final Log log = LogFactory.getLog(TomcatGeronimoRealm.class);
@@ -80,34 +83,38 @@ public class TomcatGeronimoRealm extends
 
     /**
      * Enforce any user data constraint required by the security constraint
-     * guarding this request URI.  Return <code>true</code> if this constraint
-     * was not violated and processing should continue, or <code>false</code>
-     * if we have created a response already.
-     *
-     * @param request     Request we are processing
-     * @param response    Response we are creating
-     * @param constraints Security constraint being checked
-     * @throws IOException if an input/output error occurs
+     * guarding this request URI. Return <code>true</code> if this constraint
+     * was not violated and processing should continue, or <code>false</code>
if
+     * we have created a response already.
+     * 
+     * @param request
+     *            Request we are processing
+     * @param response
+     *            Response we are creating
+     * @param constraints
+     *            Security constraint being checked
+     * @throws IOException
+     *             if an input/output error occurs
      */
-    public boolean hasUserDataPermission(Request request,
-                                         Response response,
-                                         SecurityConstraint[] constraints)
+    public boolean hasUserDataPermission(Request request, Response response, SecurityConstraint[]
constraints)
             throws IOException {
 
-        //Get an authenticated subject, if there is one
+        // Get an authenticated subject, if there is one
         Subject subject = null;
         try {
 
-            //We will use the PolicyContextHandlerContainerSubject.HANDLER_KEY to see if
a user
-            //has authenticated, since a request.getUserPrincipal() will not pick up the
user
-            //unless its using a cached session.
+            // We will use the PolicyContextHandlerContainerSubject.HANDLER_KEY
+            // to see if a user
+            // has authenticated, since a request.getUserPrincipal() will not
+            // pick up the user
+            // unless its using a cached session.
             subject = (Subject) PolicyContext.getContext(PolicyContextHandlerContainerSubject.HANDLER_KEY);
 
         } catch (PolicyContextException e) {
             log.error(e);
         }
 
-        //If nothing has authenticated yet, do the normal
+        // If nothing has authenticated yet, do the normal
         if (subject == null)
             return super.hasUserDataPermission(request, response, constraints);
 
@@ -135,24 +142,25 @@ public class TomcatGeronimoRealm extends
      * Perform access control based on the specified authorization constraint.
      * Return <code>true</code> if this constraint is satisfied and processing
      * should continue, or <code>false</code> otherwise.
-     *
-     * @param request     Request we are processing
-     * @param response    Response we are creating
-     * @param constraints Security constraints we are enforcing
-     * @param context     The Context to which client of this class is attached.
-     * @throws java.io.IOException if an input/output error occurs
+     * 
+     * @param request
+     *            Request we are processing
+     * @param response
+     *            Response we are creating
+     * @param constraints
+     *            Security constraints we are enforcing
+     * @param context
+     *            The Context to which client of this class is attached.
+     * @throws java.io.IOException
+     *             if an input/output error occurs
      */
-    public boolean hasResourcePermission(Request request,
-                                         Response response,
-                                         SecurityConstraint[] constraints,
-                                         Context context)
-            throws IOException {
+    public boolean hasResourcePermission(Request request, Response response, SecurityConstraint[]
constraints,
+            Context context) throws IOException {
 
         // Specifically allow access to the form login and form error pages
         // and the "j_security_check" action
         LoginConfig config = context.getLoginConfig();
-        if ((config != null) &&
-                (org.apache.catalina.realm.Constants.FORM_METHOD.equals(config.getAuthMethod())))
{
+        if ((config != null) && (org.apache.catalina.realm.Constants.FORM_METHOD.equals(config.getAuthMethod())))
{
             String requestURI = request.getDecodedRequestURI();
             String loginPage = context.getPath() + config.getLoginPage();
             if (loginPage.equals(requestURI)) {
@@ -173,13 +181,13 @@ public class TomcatGeronimoRealm extends
             }
         }
 
-        //Set the current wrapper name (Servlet mapping)
+        // Set the current wrapper name (Servlet mapping)
         currentRequestWrapperName.set(request.getWrapper().getName());
 
         // Which user principal have we already authenticated?
         Principal principal = request.getUserPrincipal();
 
-        //If we have no principal, then we should use the default.
+        // If we have no principal, then we should use the default.
         if (principal == null) {
             Subject defaultSubject = (Subject) request.getAttribute(PolicyContextBeforeAfter.DEFAULT_SUBJECT);
             ContextManager.setCallers(defaultSubject, defaultSubject);
@@ -210,9 +218,11 @@ public class TomcatGeronimoRealm extends
      * Return <code>true</code> if the specified Principal has the specified
      * security role, within the context of this Realm; otherwise return
      * <code>false</code>.
-     *
-     * @param principal Principal for whom the role is to be checked
-     * @param role      Security role to be checked
+     * 
+     * @param principal
+     *            Principal for whom the role is to be checked
+     * @param role
+     *            Security role to be checked
      */
     public boolean hasRole(Principal principal, String role) {
 
@@ -240,18 +250,19 @@ public class TomcatGeronimoRealm extends
     }
 
     /**
-     * Return the <code>Principal</code> associated with the specified
-     * username and credentials, if there is one; otherwise return
-     * <code>null</code>.
+     * Return the <code>Principal</code> associated with the specified username
+     * and credentials, if there is one; otherwise return <code>null</code>.
      * <p/>
      * If there are any errors with the JDBC connection, executing the query or
      * anything we return null (don't authenticate). This event is also logged,
      * and the connection will be closed so that a subsequent request will
      * automatically re-open it.
-     *
-     * @param username    Username of the <code>Principal</code> to look up
-     * @param credentials Password or other credentials to use in authenticating this
-     *                    username
+     * 
+     * @param username
+     *            Username of the <code>Principal</code> to look up
+     * @param credentials
+     *            Password or other credentials to use in authenticating this
+     *            username
      */
     public Principal authenticate(String username, String credentials) {
 
@@ -260,6 +271,84 @@ public class TomcatGeronimoRealm extends
         return authenticate(callbackHandler, username);
     }
 
+    /**
+     * Return the <code>Principal</code> associated with the specified HTTP
+     * request.
+     * 
+     * @param httpRequest
+     * @return
+     */
+    public Principal authenticate(HttpServletRequest httpRequest) {
+        if (httpRequest == null) {
+            return null;
+        }
+        CallbackHandler callbackHandler = new RequestCallbackHandler(httpRequest);
+        String hostName = httpRequest.getRemoteHost();
+        try {
+            LoginContext loginContext = null;
+            if (appName == null)
+                appName = "Tomcat";
+
+            if (log.isDebugEnabled())
+                log.debug(MessageFormat.format(
+                        "JAASRealm login requested for host {0} using LoginContext for application
{1} ", hostName,
+                        appName));
+
+            ClassLoader ocl = null;
+
+            if (isUseContextClassLoader()) {
+                ocl = Thread.currentThread().getContextClassLoader();
+                Thread.currentThread().setContextClassLoader(this.getClass().getClassLoader());
+            }
+
+            try {
+                loginContext = ContextManager.login(appName, callbackHandler);
+            } catch (AccountExpiredException e) {
+                if (log.isDebugEnabled())
+                    log.debug(MessageFormat.format("Host {0} NOT authenticated due to expired
account", hostName), e);
+                return (null);
+            } catch (CredentialExpiredException e) {
+                if (log.isDebugEnabled())
+                    log.debug(MessageFormat.format("Host {0} NOT authenticated due to expired
credential",hostName), e);
+                return (null);
+            } catch (FailedLoginException e) {
+                if (log.isDebugEnabled())
+                    log.debug(MessageFormat.format("Host {0} NOT authenticated due to failed
login", hostName), e);
+                return (null);
+            } catch (LoginException e) {
+                log.warn(MessageFormat.format("Login exception authenticating host {0} with
the following exception ",hostName), e);
+                return (null);
+            } catch (Throwable e) {
+                log.error(sm.getString("jaasRealm.unexpectedError"), e);
+                return (null);
+            } finally {
+                if (isUseContextClassLoader()) {
+                    Thread.currentThread().setContextClassLoader(ocl);
+                }
+            }
+
+            if (log.isDebugEnabled())
+                log.debug("Login context created for host " + hostName);
+
+            // Negotiate a login via this LoginContext
+            Subject subject = loginContext.getSubject();
+            ContextManager.setCallers(subject, subject);
+            String principal = subject.getPublicCredentials().iterator().toString();
+            if (log.isDebugEnabled())
+                log.debug(sm.getString("jaasRealm.loginContextCreated", principal));
+
+            // Return the appropriate Principal for this authenticated Subject
+            JAASTomcatPrincipal jaasPrincipal = new JAASTomcatPrincipal(principal);
+            jaasPrincipal.setSubject(subject);
+
+            return (jaasPrincipal);
+
+        } catch (Throwable t) {
+            log.error("error ", t);
+            return null;
+        }
+    }
+
     public Principal authenticate(X509Certificate[] certs) {
         if (certs == null || certs.length == 0) {
             return null;
@@ -326,7 +415,8 @@ public class TomcatGeronimoRealm extends
                 if (log.isDebugEnabled())
                     log.debug(sm.getString("jaasRealm.loginContextCreated", principalName));
 
-                // Return the appropriate Principal for this authenticated Subject
+                // Return the appropriate Principal for this authenticated
+                // Subject
                 JAASTomcatPrincipal jaasPrincipal = new JAASTomcatPrincipal(principalName);
                 jaasPrincipal.setSubject(subject);
 
@@ -344,11 +434,12 @@ public class TomcatGeronimoRealm extends
     }
 
     /**
-     * Prepare for active use of the public methods of this <code>Component</code>.
-     *
+     * Prepare for active use of the public methods of this
+     * <code>Component</code>.
+     * 
      * @throws org.apache.catalina.LifecycleException
-     *          if this component detects a fatal error
-     *          that prevents it from being started
+     *             if this component detects a fatal error that prevents it from
+     *             being started
      */
     public void start() throws LifecycleException {
 
@@ -358,10 +449,12 @@ public class TomcatGeronimoRealm extends
     }
 
     /**
-     * Gracefully shut down active use of the public methods of this <code>Component</code>.
-     *
-     * @throws LifecycleException if this component detects a fatal error
-     *                            that needs to be reported
+     * Gracefully shut down active use of the public methods of this
+     * <code>Component</code>.
+     * 
+     * @throws LifecycleException
+     *             if this component detects a fatal error that needs to be
+     *             reported
      */
     public void stop() throws LifecycleException {
 

Added: geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/resources/org/apache/geronimo/tomcat/GeronimoCustomAuthenticator.properties
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/resources/org/apache/geronimo/tomcat/GeronimoCustomAuthenticator.properties?rev=958495&view=auto
==============================================================================
--- geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/resources/org/apache/geronimo/tomcat/GeronimoCustomAuthenticator.properties
(added)
+++ geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/resources/org/apache/geronimo/tomcat/GeronimoCustomAuthenticator.properties
Mon Jun 28 08:01:10 2010
@@ -0,0 +1 @@
+GENERIC=org.apache.geronimo.tomcat.authenticator.GenericHeaderAuthenticator
\ No newline at end of file

Propchange: geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/resources/org/apache/geronimo/tomcat/GeronimoCustomAuthenticator.properties
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/resources/org/apache/geronimo/tomcat/GeronimoCustomAuthenticator.properties
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/branches/2.1/plugins/tomcat/geronimo-tomcat6/src/main/resources/org/apache/geronimo/tomcat/GeronimoCustomAuthenticator.properties
------------------------------------------------------------------------------
    svn:mime-type = text/plain



Mime
View raw message