harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Astapchuk <alex.astapc...@gmail.com>
Subject Re: [classlib][auth]LoginContext should always invoke the LoginModules?
Date Mon, 02 Oct 2006 07:47:31 GMT
Hi Stepan, all,

 > I think the spec. statement: "A LoginContext should not be used to
 > authenticate more than one Subject." was taken too strict: reusing
 > LoginContext object to get the same set of credentials seemed odd.

The decision was mostly about resources.

Indeed, the spec does not specify behavior of LoginContext.

However, the spec is more or less clear in what should the
Login*Module*-s do in response to login/logout/etc.
It states 'login() saves result ...'. It does not warn with
anything like 'check previous state and clean up resources
from previous successful logins'.
The resource clean up is explicitly for abort() and logout().

 >> I consider RI's behavior is more reasonable.

I would say it's more dangerous.
The invocation of login() on already logged LoginModule-s
may easily produce a resource leak.
Presuming the authentication is normally not a too frequent
task, such a leak would be really hard to discover and hunt.

Just my $0.02.

-- 
Thanks,
   Alex



Stepan Mishura wrote:
> On 9/29/06, Paulex Yang wrote:
>>
>> Hi, all
>>
>> I'm not a security expert, so please correct me if I miss something. I
>> found some different behavior of Harmony and RI on
>> javax.security.auth.login.LoginContext, the testcase[1] shows the
>> difference.
>>
>> Actually I tried to create the event sequence like below:
>> 1. create LoginContext with some Subject
>> 2. LoginContext.login() and return successfully
>> 3. Modify Subject's content to make it invalid(one Principal's name
>> here, maybe passwd/username/servername in more general case)
> 
> 
> Hi, Paulex
> 
> LoginContext doesn't verify Subject's contents - all requred info is
> obtained with callback handler and passed to login modules. And login
> modules check whether password/username are valid or not.
> 
> 
> 4. LoginContext.login() again
>>
>> In RI, the second login() invocation really tried to invoke the relative
>> LoginModule.login() and then failed to login with the modified Subject,
>> but in Harmony, both invocations succeed. I consider RI's behavior is
>> more reasonable.
>>
>> After a rough look of LoginContext implementation, I found the cause may
>> be the Ln. 275
>>
>>    private void loginImpl() throws LoginException {
>>        if (loggedIn) {
>>            return;
>>        }
>>    ....
>>    }
> 
> 
> I think the spec. statement: "A LoginContext should not be used to
> authenticate more than one Subject." was taken too strict: reusing
> LoginContext object to get the same set of credentials seemed odd.
> But if RI let LoginContext object to be reusable then it makes sense doing
> the same.
> 
> Thanks,
> Stepan.
> 
> 
> Seems Harmony won't invoke the LoginModule.login() again only if the
>> login ever succeeds. If I comment out these lines, the test below passes
>> happily. Any ideas on this issue?
>>
>>
>> [1]
>> public class LoginContextTest extends TestCase {
>>    private static final String VALID_NAME = "name1";
>>    private static final String INVALID_NAME = "name2";
>>
>>    public void testLogin() throws Exception{
>>        MyPrincipal pri = new MyPrincipal();
>>        HashSet set = new HashSet();
>>        set.add(pri);
>>        Subject sub = new Subject(false, set, new HashSet(), new
>> HashSet());
>>        Configuration.setConfiguration(new MyConfig());
>>        LoginContext context = new LoginContext("moduleName", sub);
>>        context.login();
>>        pri.name = INVALID_NAME;
>>        try{
>>            context.login();
>>            fail("Should throw LoginException");
>>        }catch(LoginException e){
>>
>>        }
>>    }
>>    static class MyConfig extends Configuration{
>>        AppConfigurationEntry[] entries = new
>> AppConfigurationEntry[]{new
>> AppConfigurationEntry(MyModule.class.getName(),
>> LoginModuleControlFlag.REQUIRED, new HashMap())};
>>        public AppConfigurationEntry[] getAppConfigurationEntry(String
>> name) {
>>            return entries;
>>        }
>>        public void refresh() {
>>        }
>>    }
>>    public static class MyModule implements LoginModule{
>>        Subject sub;
>>        public void MyModule(){
>>        }
>>        public boolean abort() throws LoginException {
>>            return false;
>>        }
>>        public boolean commit() throws LoginException {
>>            return true;
>>        }
>>        public void initialize(Subject arg0, CallbackHandler arg1,
>> Map<String, ?> arg2, Map<String, ?> arg3) {
>>            sub = arg0;
>>        }
>>        public boolean login() throws LoginException {
>>            Principal[] pris = sub.getPrincipals().toArray(new
>> Principal[0]);
>>            return VALID_NAME.equals(pris[0].getName());
>>        }
>>        public boolean logout() throws LoginException {
>>            return false;
>>        }
>>    }
>>    public static class MyPrincipal implements Principal{
>>        public String name = VALID_NAME;
>>        public String getName() {
>>            return name;
>>        }
>>        public String toString(){
>>            return name;
>>        }
>>    };
>> }
>>
>>
>>
>> -- 
>> Paulex Yang
>> China Software Development Lab
>> IBM
>>
>>
>>
> ------------------------------------------------------
> Terms of use : http://incubator.apache.org/harmony/mailing.html
> To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
> For additional commands, e-mail: harmony-dev-help@incubator.apache.org
> 




---------------------------------------------------------------------
Terms of use : http://incubator.apache.org/harmony/mailing.html
To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
For additional commands, e-mail: harmony-dev-help@incubator.apache.org


Mime
View raw message