harmony-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From le...@apache.org
Subject svn commit: r588155 - in /harmony/enhanced/classlib/trunk/modules/auth/src: main/java/common/org/apache/harmony/auth/jgss/kerberos/KerberosUtils.java test/java/common/org/apache/harmony/auth/tests/jgss/kerberos/KerberosUtilsTest.java
Date Thu, 25 Oct 2007 07:15:51 GMT
Author: leoli
Date: Thu Oct 25 00:15:49 2007
New Revision: 588155

URL: http://svn.apache.org/viewvc?rev=588155&view=rev
Log:
Apply patch for HARMONY-4721([classlib][auth]Harmony lacks default JGSS provider)(3) Add ServicePermission
check in org.apache.harmony.auth.jgss.kerberos.KerberosUtils.getTGT().

Modified:
    harmony/enhanced/classlib/trunk/modules/auth/src/main/java/common/org/apache/harmony/auth/jgss/kerberos/KerberosUtils.java
    harmony/enhanced/classlib/trunk/modules/auth/src/test/java/common/org/apache/harmony/auth/tests/jgss/kerberos/KerberosUtilsTest.java

Modified: harmony/enhanced/classlib/trunk/modules/auth/src/main/java/common/org/apache/harmony/auth/jgss/kerberos/KerberosUtils.java
URL: http://svn.apache.org/viewvc/harmony/enhanced/classlib/trunk/modules/auth/src/main/java/common/org/apache/harmony/auth/jgss/kerberos/KerberosUtils.java?rev=588155&r1=588154&r2=588155&view=diff
==============================================================================
--- harmony/enhanced/classlib/trunk/modules/auth/src/main/java/common/org/apache/harmony/auth/jgss/kerberos/KerberosUtils.java
(original)
+++ harmony/enhanced/classlib/trunk/modules/auth/src/main/java/common/org/apache/harmony/auth/jgss/kerberos/KerberosUtils.java
Thu Oct 25 00:15:49 2007
@@ -28,6 +28,7 @@
 import javax.security.auth.Subject;
 import javax.security.auth.kerberos.KerberosPrincipal;
 import javax.security.auth.kerberos.KerberosTicket;
+import javax.security.auth.kerberos.ServicePermission;
 import javax.security.auth.login.LoginContext;
 import javax.security.auth.login.LoginException;
 
@@ -86,14 +87,16 @@
                         AccessControlContext acc = AccessController
                                 .getContext();
                         Subject subject = Subject.getSubject(acc);
-                        return getTicketFromSubject(subject, clientPrincipal, serverPrincipal);
+                        return getTicketFromSubject(subject, clientPrincipal,
+                                serverPrincipal);
                     }
                 }, acc);
 
     }
 
     private static KerberosTicket getTicketFromSubject(Subject subject,
-            final KerberosPrincipal clientPrincipal, final KerberosPrincipal serverPrincipal)
{        
+            final KerberosPrincipal clientPrincipal,
+            final KerberosPrincipal serverPrincipal) {
         if (null == subject) {
             return null;
         }
@@ -112,7 +115,7 @@
                 kerberosTickets.remove(tgt);
                 return null;
             }
-        }        
+        }
         return null;
     }
 
@@ -144,7 +147,8 @@
             return null;
         }
         Subject subject = loginContext.getSubject();
-        return getTicketFromSubject(subject, clientPrincipal, getTGTServerPrincipal(clientPrincipal));
      
+        return getTicketFromSubject(subject, clientPrincipal,
+                getTGTServerPrincipal(clientPrincipal));
     }
 
     private static KerberosPrincipal getTGTServerPrincipal(
@@ -159,10 +163,25 @@
             tgt = getKerberosTicketFromContext(clientPrincipal,
                     getTGTServerPrincipal(clientPrincipal));
         }
-        if (null != tgt) {
-            return tgt;
+        if (null == tgt) {
+            tgt = getTGTFromLoginModule(clientPrincipal);
         }
-        return getTGTFromLoginModule(clientPrincipal);
-        //TODO CACHE : Whether should attach this tgt to the subject for current AccessControlContext?
+        if (null != tgt) {
+            checkServicePermission(tgt.getServer(), "initiate");
+            // TODO CACHE : Whether should attach this tgt to the subject for
+            // current AccessControlContext?
+        }
+        return tgt;
+    }
+
+    public static void checkServicePermission(KerberosPrincipal principal,
+            String action) {
+        SecurityManager sm = System.getSecurityManager();
+        if (sm == null) {
+            return;
+        }
+        ServicePermission servicePermission = new ServicePermission(principal
+                .getName(), action);
+        sm.checkPermission(servicePermission);
     }
 }

Modified: harmony/enhanced/classlib/trunk/modules/auth/src/test/java/common/org/apache/harmony/auth/tests/jgss/kerberos/KerberosUtilsTest.java
URL: http://svn.apache.org/viewvc/harmony/enhanced/classlib/trunk/modules/auth/src/test/java/common/org/apache/harmony/auth/tests/jgss/kerberos/KerberosUtilsTest.java?rev=588155&r1=588154&r2=588155&view=diff
==============================================================================
--- harmony/enhanced/classlib/trunk/modules/auth/src/test/java/common/org/apache/harmony/auth/tests/jgss/kerberos/KerberosUtilsTest.java
(original)
+++ harmony/enhanced/classlib/trunk/modules/auth/src/test/java/common/org/apache/harmony/auth/tests/jgss/kerberos/KerberosUtilsTest.java
Thu Oct 25 00:15:49 2007
@@ -18,8 +18,6 @@
 package org.apache.harmony.auth.tests.jgss.kerberos;
 
 import java.util.Date;
-import java.security.AccessControlContext;
-import java.security.AccessController;
 import java.security.PrivilegedAction;
 
 import javax.security.auth.Subject;
@@ -57,5 +55,12 @@
         });
         assertNotNull(tgtFromContext);
         assertEquals(tgt, tgtFromContext);
+    }
+    
+    public void testGetTGT_fromLoginContext() throws Exception {
+        final KerberosPrincipal clientPrincipal = new KerberosPrincipal(
+                "leo@EXAMPLE.COM");
+        KerberosTicket tgt = KerberosUtils.getTGT(clientPrincipal);
+        assertNull(tgt);
     }
 }



Mime
View raw message