jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sylv...@apache.org
Subject svn commit: r162072 - in /incubator/jackrabbit/trunk: ./ applications/test/ src/java/org/apache/jackrabbit/core/ src/java/org/apache/jackrabbit/core/config/ src/java/org/apache/jackrabbit/core/security/ src/test/org/apache/jackrabbit/core/config/
Date Wed, 20 Apr 2005 21:20:11 GMT
Author: sylvain
Date: Wed Apr 20 14:20:10 2005
New Revision: 162072

URL: http://svn.apache.org/viewcvs?rev=162072&view=rev
Log:
Add LoginModule configuration in repository.xml. This allows the use of Jackrabbit in environments
where JAAS is not set up.

Added:
    incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/config/LoginModuleConfig.java
  (with props)
    incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/security/AuthContext.java
  (with props)
Modified:
    incubator/jackrabbit/trunk/applications/test/repository.xml
    incubator/jackrabbit/trunk/project.properties
    incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/RepositoryImpl.java
    incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/SessionImpl.java
    incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/XASessionImpl.java
    incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/config/ConfigurationParser.java
    incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/config/RepositoryConfig.java
    incubator/jackrabbit/trunk/src/test/org/apache/jackrabbit/core/config/repository.xml

Modified: incubator/jackrabbit/trunk/applications/test/repository.xml
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/applications/test/repository.xml?rev=162072&r1=162071&r2=162072&view=diff
==============================================================================
--- incubator/jackrabbit/trunk/applications/test/repository.xml (original)
+++ incubator/jackrabbit/trunk/applications/test/repository.xml Wed Apr 20 14:20:10 2005
@@ -46,7 +46,7 @@
 
         it also specifies the access manager to be used (AccessManager element).
     -->
-    <!ELEMENT Security (AccessManager)>
+    <!ELEMENT Security (AccessManager, LoginModule?)>
     <!ATTLIST Security
       appName CDATA #REQUIRED>
 
@@ -67,7 +67,16 @@
       name CDATA #REQUIRED
       value CDATA #REQUIRED>
 
-    <!--
+     <!--
+        the LoginModule element optionally specifies a JAAS login module to
+        authenticate users. This feature allows the use of Jackrabbit in a
+        non-JAAS environment.
+    -->
+    <!ELEMENT LoginModule (param*)>
+    <!ATTLIST LoginModule
+      class CDATA #REQUIRED>
+
+   <!--
         the Workspaces element specifies the workspaces root directory
         (rootPath attribute) and the name of the default workspace
         (defaultWorkspace attribute).
@@ -137,6 +146,11 @@
         <AccessManager class="org.apache.jackrabbit.core.security.SimpleAccessManager">
             <!-- <param name="config" value="${rep.home}/access.xml"/> -->
         </AccessManager>
+
+        <LoginModule class="org.apache.jackrabbit.core.security.SimpleLoginModule">
+           <!-- anonymous user name ('anonymous' is the default value) -->
+           <param name="anonymousId" value="anonymous"/>
+        </LoginModule>
     </Security>
 
     <!--

Modified: incubator/jackrabbit/trunk/project.properties
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/project.properties?rev=162072&r1=162071&r2=162072&view=diff
==============================================================================
--- incubator/jackrabbit/trunk/project.properties (original)
+++ incubator/jackrabbit/trunk/project.properties Wed Apr 20 14:20:10 2005
@@ -26,9 +26,10 @@
 ######################################################################
 maven.test.failure = false
 maven.junit.fork=true
-maven.junit.sysproperties=org.xml.sax.driver java.security.auth.login.config
+#maven.junit.sysproperties=org.xml.sax.driver java.security.auth.login.config
+maven.junit.sysproperties=org.xml.sax.driver
 org.xml.sax.driver=org.apache.xerces.parsers.SAXParser
-java.security.auth.login.config=applications/test/jaas.config
+#java.security.auth.login.config=applications/test/jaas.config
 
 
 #If you wish to skip tests when doing builds, uncomment

Modified: incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/RepositoryImpl.java
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/RepositoryImpl.java?rev=162072&r1=162071&r2=162072&view=diff
==============================================================================
--- incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/RepositoryImpl.java (original)
+++ incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/RepositoryImpl.java Wed
Apr 20 14:20:10 2005
@@ -16,7 +16,34 @@
  */
 package org.apache.jackrabbit.core;
 
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.OutputStream;
+import java.io.OutputStreamWriter;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Properties;
+
+import javax.jcr.AccessDeniedException;
+import javax.jcr.Credentials;
+import javax.jcr.LoginException;
+import javax.jcr.NamespaceRegistry;
+import javax.jcr.NoSuchWorkspaceException;
+import javax.jcr.Repository;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.observation.Event;
+import javax.jcr.observation.EventIterator;
+import javax.jcr.observation.EventListener;
+import javax.security.auth.Subject;
+
 import org.apache.commons.collections.ReferenceMap;
+import org.apache.jackrabbit.core.config.LoginModuleConfig;
 import org.apache.jackrabbit.core.config.PersistenceManagerConfig;
 import org.apache.jackrabbit.core.config.RepositoryConfig;
 import org.apache.jackrabbit.core.config.VersioningConfig;
@@ -32,7 +59,7 @@
 import org.apache.jackrabbit.core.nodetype.virtual.VirtualNodeTypeStateManager;
 import org.apache.jackrabbit.core.observation.DelegatingObservationDispatcher;
 import org.apache.jackrabbit.core.observation.ObservationManagerFactory;
-import org.apache.jackrabbit.core.security.CredentialsCallbackHandler;
+import org.apache.jackrabbit.core.security.AuthContext;
 import org.apache.jackrabbit.core.state.ItemStateException;
 import org.apache.jackrabbit.core.state.PMContext;
 import org.apache.jackrabbit.core.state.PersistenceManager;
@@ -44,32 +71,6 @@
 import org.apache.jackrabbit.core.version.persistence.NativePVM;
 import org.apache.log4j.Logger;
 
-import javax.jcr.AccessDeniedException;
-import javax.jcr.Credentials;
-import javax.jcr.LoginException;
-import javax.jcr.NamespaceRegistry;
-import javax.jcr.NoSuchWorkspaceException;
-import javax.jcr.Repository;
-import javax.jcr.RepositoryException;
-import javax.jcr.Session;
-import javax.jcr.observation.Event;
-import javax.jcr.observation.EventIterator;
-import javax.jcr.observation.EventListener;
-import javax.security.auth.Subject;
-import javax.security.auth.login.LoginContext;
-import java.io.File;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.io.OutputStream;
-import java.io.OutputStreamWriter;
-import java.security.AccessControlContext;
-import java.security.AccessController;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Properties;
-
 /**
  * A <code>RepositoryImpl</code> ...
  */
@@ -579,7 +580,7 @@
      *                                  workspace
      * @throws RepositoryException      if another error occurs
      */
-    SessionImpl createSession(LoginContext loginContext,
+    SessionImpl createSession(AuthContext loginContext,
                               String workspaceName)
             throws NoSuchWorkspaceException, AccessDeniedException,
             RepositoryException {
@@ -814,20 +815,23 @@
             }
         }
 
-        // login through JAAS login context
-        CredentialsCallbackHandler cbHandler =
-                new CredentialsCallbackHandler(credentials);
-        LoginContext lc;
+        // login either using JAAS or our own LoginModule
+        AuthContext authCtx;
         try {
-            lc = new LoginContext(repConfig.getAppName(), cbHandler);
-            lc.login();
+            LoginModuleConfig lmc = this.repConfig.getLoginModuleConfig();
+            if (lmc == null) {
+                authCtx = new AuthContext.JAAS(repConfig.getAppName(), credentials);
+            } else {
+                authCtx = new AuthContext.Local(lmc, credentials);
+            }
+            authCtx.login();
         } catch (javax.security.auth.login.LoginException le) {
             throw new LoginException(le.getMessage());
         }
 
         // create session
         try {
-            return createSession(lc, workspaceName);
+            return createSession(authCtx, workspaceName);
         } catch (AccessDeniedException ade) {
             // authenticated subject is not authorized for the specified workspace
             throw new LoginException(ade.getMessage());
@@ -933,7 +937,7 @@
      * @throws RepositoryException   If any other error occurrs creating the
      *                               session.
      */
-    protected SessionImpl createSessionInstance(LoginContext loginContext,
+    protected SessionImpl createSessionInstance(AuthContext loginContext,
                                                 WorkspaceConfig wspConfig)
             throws AccessDeniedException, RepositoryException {
 

Modified: incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/SessionImpl.java
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/SessionImpl.java?rev=162072&r1=162071&r2=162072&view=diff
==============================================================================
--- incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/SessionImpl.java (original)
+++ incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/SessionImpl.java Wed Apr
20 14:20:10 2005
@@ -16,6 +16,43 @@
  */
 package org.apache.jackrabbit.core;
 
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.io.PrintStream;
+import java.security.AccessControlException;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Set;
+
+import javax.jcr.AccessDeniedException;
+import javax.jcr.Credentials;
+import javax.jcr.InvalidItemStateException;
+import javax.jcr.InvalidSerializedDataException;
+import javax.jcr.Item;
+import javax.jcr.ItemExistsException;
+import javax.jcr.ItemNotFoundException;
+import javax.jcr.LoginException;
+import javax.jcr.NamespaceException;
+import javax.jcr.NoSuchWorkspaceException;
+import javax.jcr.Node;
+import javax.jcr.PathNotFoundException;
+import javax.jcr.Repository;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.SimpleCredentials;
+import javax.jcr.Workspace;
+import javax.jcr.lock.LockException;
+import javax.jcr.nodetype.ConstraintViolationException;
+import javax.jcr.nodetype.NoSuchNodeTypeException;
+import javax.jcr.version.VersionException;
+import javax.security.auth.Subject;
+
 import org.apache.commons.collections.ReferenceMap;
 import org.apache.jackrabbit.core.config.AccessManagerConfig;
 import org.apache.jackrabbit.core.config.WorkspaceConfig;
@@ -26,6 +63,7 @@
 import org.apache.jackrabbit.core.observation.EventStateCollection;
 import org.apache.jackrabbit.core.security.AMContext;
 import org.apache.jackrabbit.core.security.AccessManager;
+import org.apache.jackrabbit.core.security.AuthContext;
 import org.apache.jackrabbit.core.state.NodeState;
 import org.apache.jackrabbit.core.state.SessionItemStateManager;
 import org.apache.jackrabbit.core.state.UpdatableItemStateManager;
@@ -43,43 +81,6 @@
 import org.xml.sax.XMLReader;
 import org.xml.sax.helpers.XMLReaderFactory;
 
-import javax.jcr.AccessDeniedException;
-import javax.jcr.Credentials;
-import javax.jcr.InvalidItemStateException;
-import javax.jcr.InvalidSerializedDataException;
-import javax.jcr.Item;
-import javax.jcr.ItemExistsException;
-import javax.jcr.ItemNotFoundException;
-import javax.jcr.LoginException;
-import javax.jcr.NamespaceException;
-import javax.jcr.NoSuchWorkspaceException;
-import javax.jcr.Node;
-import javax.jcr.PathNotFoundException;
-import javax.jcr.Repository;
-import javax.jcr.RepositoryException;
-import javax.jcr.Session;
-import javax.jcr.SimpleCredentials;
-import javax.jcr.Workspace;
-import javax.jcr.lock.LockException;
-import javax.jcr.nodetype.ConstraintViolationException;
-import javax.jcr.nodetype.NoSuchNodeTypeException;
-import javax.jcr.version.VersionException;
-import javax.security.auth.Subject;
-import javax.security.auth.login.LoginContext;
-import java.io.File;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.io.PrintStream;
-import java.security.AccessControlException;
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Map;
-import java.util.Set;
-
 /**
  * A <code>SessionImpl</code> ...
  */
@@ -106,10 +107,10 @@
     protected final RepositoryImpl rep;
 
     /**
-     * the LoginContext of this session (can be null if this
+     * the AuthContext of this session (can be null if this
      * session was not instantiated through a login process)
      */
-    protected LoginContext loginContext;
+    protected AuthContext loginContext;
 
     /**
      * the Subject of this session
@@ -187,7 +188,7 @@
      *                               workspace
      * @throws RepositoryException   if another error occurs
      */
-    protected SessionImpl(RepositoryImpl rep, LoginContext loginContext,
+    protected SessionImpl(RepositoryImpl rep, AuthContext loginContext,
                           WorkspaceConfig wspConfig)
             throws AccessDeniedException, RepositoryException {
         this(rep, loginContext.getSubject(), wspConfig);

Modified: incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/XASessionImpl.java
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/XASessionImpl.java?rev=162072&r1=162071&r2=162072&view=diff
==============================================================================
--- incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/XASessionImpl.java (original)
+++ incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/XASessionImpl.java Wed
Apr 20 14:20:10 2005
@@ -16,22 +16,23 @@
  */
 package org.apache.jackrabbit.core;
 
-import org.apache.jackrabbit.core.config.WorkspaceConfig;
-import org.apache.jackrabbit.core.observation.EventStateCollection;
-import org.apache.jackrabbit.core.state.TransactionContext;
-import org.apache.jackrabbit.core.state.TransactionException;
-import org.apache.jackrabbit.core.state.TransactionListener;
-import org.apache.log4j.Logger;
+import java.util.HashMap;
+import java.util.Map;
 
 import javax.jcr.AccessDeniedException;
 import javax.jcr.RepositoryException;
 import javax.security.auth.Subject;
-import javax.security.auth.login.LoginContext;
 import javax.transaction.xa.XAException;
 import javax.transaction.xa.XAResource;
 import javax.transaction.xa.Xid;
-import java.util.HashMap;
-import java.util.Map;
+
+import org.apache.jackrabbit.core.config.WorkspaceConfig;
+import org.apache.jackrabbit.core.observation.EventStateCollection;
+import org.apache.jackrabbit.core.security.AuthContext;
+import org.apache.jackrabbit.core.state.TransactionContext;
+import org.apache.jackrabbit.core.state.TransactionException;
+import org.apache.jackrabbit.core.state.TransactionListener;
+import org.apache.log4j.Logger;
 
 /**
  * Session extension that provides XA support.
@@ -70,7 +71,7 @@
      *                               workspace
      * @throws RepositoryException   if another error occurs
      */
-    protected XASessionImpl(RepositoryImpl rep, LoginContext loginContext,
+    protected XASessionImpl(RepositoryImpl rep, AuthContext loginContext,
                             WorkspaceConfig wspConfig)
             throws AccessDeniedException, RepositoryException {
 

Modified: incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/config/ConfigurationParser.java
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/config/ConfigurationParser.java?rev=162072&r1=162071&r2=162072&view=diff
==============================================================================
--- incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/config/ConfigurationParser.java
(original)
+++ incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/config/ConfigurationParser.java
Wed Apr 20 14:20:10 2005
@@ -67,6 +67,9 @@
     /** Name of the access manager configuration element. */
     private static final String ACCESS_MANAGER_ELEMENT = "AccessManager";
 
+    /** Name of the login module configuration element. */
+    private static final String LOGIN_MODULE_ELEMENT = "LoginModule";
+
     /** Name of the general workspace configuration element. */
     private static final String WORKSPACES_ELEMENT = "Workspaces";
 
@@ -138,6 +141,7 @@
      *     &lt;FileSystem ...&gt;
      *     &lt;Security appName="..."&gt;
      *       &lt;AccessManager ...&gt;
+     *       &lt;LoginModule ... (optional)&gt;
      *     &lt;/Security&gt;
      *     &lt;Workspaces rootPath="..." defaultWorkspace="..."/&gt;
      *     &lt;Workspace ...&gt;
@@ -195,6 +199,14 @@
         AccessManagerConfig amc = new AccessManagerConfig(
                 parseBeanConfig(security, ACCESS_MANAGER_ELEMENT));
 
+        // Optional login module
+        Element loginModule = getElement(security, LOGIN_MODULE_ELEMENT, false);
+        
+        LoginModuleConfig lmc = null;
+        if (loginModule != null) {
+            lmc = new LoginModuleConfig(parseBeanConfig(security, LOGIN_MODULE_ELEMENT));
+        }
+        
         // General workspace configuration
         Element workspaces = getElement(root, WORKSPACES_ELEMENT);
         String workspaceDirectory = replaceVariables(
@@ -208,7 +220,7 @@
         // Versioning configuration
         VersioningConfig vc = parseVersioningConfig(root);
 
-        return new RepositoryConfig(home, appName, amc, fsc,
+        return new RepositoryConfig(home, appName, amc, lmc, fsc,
                 workspaceDirectory, defaultWorkspace, template, vc);
     }
 
@@ -526,9 +538,25 @@
      * @param parent parent element
      * @param name name of the child element
      * @return named child element
+     * @throws ConfigurationException 
      * @throws ConfigurationException if the child element is not found
      */
-    private Element getElement(Element parent, String name)
+    private Element getElement(Element parent, String name) throws ConfigurationException
{
+        return getElement(parent, name, true);
+    }
+
+    /**
+     * Returns the named child of the given parent element.
+     *
+     * @param parent parent element
+     * @param name name of the child element
+     * @param required indicates if the child element is required
+     * @return named child element, or <code>null</code> if not found and
+     *         <code>required</code> is <code>false</code>.
+     * @throws ConfigurationException if the child element is not found and
+     *         <code>required</code> is <code>true</code>.
+     */
+    private Element getElement(Element parent, String name, boolean required)
             throws ConfigurationException {
         NodeList children = parent.getChildNodes();
         for (int i = 0; i < children.getLength(); i++) {
@@ -538,9 +566,13 @@
                 return (Element) child;
             }
         }
-        throw new ConfigurationException(
-                "Configuration element " + name + " not found in "
-                + parent.getNodeName() + ".");
+        if (required) {
+            throw new ConfigurationException(
+                    "Configuration element " + name + " not found in "
+                    + parent.getNodeName() + ".");
+        } else {
+            return null;
+        }
     }
 
     /**

Added: incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/config/LoginModuleConfig.java
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/config/LoginModuleConfig.java?rev=162072&view=auto
==============================================================================
--- incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/config/LoginModuleConfig.java
(added)
+++ incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/config/LoginModuleConfig.java
Wed Apr 20 14:20:10 2005
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2004-2005 The Apache Software Foundation or its licensors,
+ *                     as applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.config;
+
+import javax.security.auth.spi.LoginModule;
+
+/**
+ * LoginModule configuration. This bean configuration class is used to
+ * create login module objects.
+ * <p>
+ * Login module is an optional configuration that allows to use JackRabbit
+ * in a non-JAAS environment.
+ * 
+ * @see RepositoryConfig#getLoginModuleConfig()
+ * @version $Id$
+ */
+public class LoginModuleConfig extends BeanConfig {
+
+    /**
+     * Creates an access manager configuration object from the
+     * given bean configuration.
+     *
+     * @param config bean configuration
+     */
+    LoginModuleConfig(BeanConfig config) {
+        super(config);
+    }
+    
+    public LoginModule getLoginModule() throws ConfigurationException {
+        Object result = newInstance();
+        if (result instanceof LoginModule) {
+            return (LoginModule)result;
+        } else {
+            throw new ConfigurationException("Invalid login module implementation class "
+                    + getClassName() + ".");
+        }
+    }
+}

Propchange: incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/config/LoginModuleConfig.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/config/LoginModuleConfig.java
------------------------------------------------------------------------------
    svn:keywords = Id

Modified: incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/config/RepositoryConfig.java
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/config/RepositoryConfig.java?rev=162072&r1=162071&r2=162072&view=diff
==============================================================================
--- incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/config/RepositoryConfig.java
(original)
+++ incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/config/RepositoryConfig.java
Wed Apr 20 14:20:10 2005
@@ -121,6 +121,11 @@
     private final AccessManagerConfig amc;
 
     /**
+     * Repository login module configuration. Optional, can be null
+     */
+    private final LoginModuleConfig lmc;
+
+    /**
      * Repository file system configuration.
      */
     private final FileSystemConfig fsc;
@@ -155,19 +160,21 @@
      * @param home repository home directory
      * @param name repository name for a JAAS app-entry configuration
      * @param amc access manager configuration
+     * @param lmc login module configuration (can be <code>null</code>)
      * @param fsc file system configuration
      * @param workspaceDirectory workspace root directory
      * @param defaultWorkspace name of the default workspace
      * @param vc versioning configuration
      */
     RepositoryConfig(String home, String name,
-            AccessManagerConfig amc, FileSystemConfig fsc,
+            AccessManagerConfig amc, LoginModuleConfig lmc, FileSystemConfig fsc,
             String workspaceDirectory, String defaultWorkspace,
             Element template, VersioningConfig vc) {
         this.workspaces = new HashMap();
         this.home = home;
         this.name = name;
         this.amc = amc;
+        this.lmc = lmc;
         this.fsc = fsc;
         this.workspaceDirectory = workspaceDirectory;
         this.defaultWorkspace = defaultWorkspace;
@@ -361,6 +368,16 @@
      */
     public AccessManagerConfig getAccessManagerConfig() {
         return amc;
+    }
+
+    /**
+     * Returns the repository login module configuration.
+     * 
+     * @return login module configuration, or <code>null</code> if standard
+     *         JAAS mechanism should be used.
+     */
+    public LoginModuleConfig getLoginModuleConfig() {
+        return lmc;
     }
 
     /**

Added: incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/security/AuthContext.java
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/security/AuthContext.java?rev=162072&view=auto
==============================================================================
--- incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/security/AuthContext.java
(added)
+++ incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/security/AuthContext.java
Wed Apr 20 14:20:10 2005
@@ -0,0 +1,177 @@
+/*
+ * Copyright 2004-2005 The Apache Software Foundation or its licensors,
+ *                     as applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security;
+
+import java.util.Collections;
+import java.util.Map;
+
+import javax.jcr.Credentials;
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
+
+import org.apache.jackrabbit.core.config.ConfigurationException;
+import org.apache.jackrabbit.core.config.LoginModuleConfig;
+
+/**
+ * An authentication context used to authenticate users. It is similar to JAAS' <code>LoginContext</code>
+ * but can work in a non-JAAS environment.
+ * <p>
+ * This class is abstract and has two implementations:
+ * <ul>
+ *   <li>{@link AuthContext.JAAS} which delegates to a regular JAAS <code>LoginContext</code></li>
+ *   <li>{@link AuthCotnext.Local} which implements authentication using a locally-defined
+ *       JAAS <code>LoginModule</code></li>
+ * </ul>
+ *
+ * @version $Id$
+ */
+public abstract class AuthContext {
+    
+    /**
+     * Perform the authentication and, if successful, associate Principals and Credentials
+     * with the authenticated<code>Subject</code>.
+     * 
+     * @see LoginContext#login()
+     * @throws LoginException if the authentication fails.
+     */
+    public abstract void login() throws LoginException;
+    
+    /**
+     * Return the authenticated Subject.
+     *
+     * @see LoginContext#getSubject()
+     * @return the authenticated Subject or <code>null</code> if authentication
failed.
+     */
+    public abstract Subject getSubject();
+
+    /**
+     * Logout the <code>Subject</code>.
+     *
+     * @see LoginContext#logout()
+     * @exception LoginException if the logout fails.
+     */
+    public abstract void logout() throws LoginException;
+    
+    /**
+     * An {@link AuthContext} implemented using a regular JAAS <code>LoginContext</code>.
+     */
+    public static class JAAS extends AuthContext {
+        
+        private final LoginContext ctx;
+        
+        /**
+         * Creates an authentication context given a JAAS configuration name and some credentials.
+         * 
+         * @param name the JAAS configuration index
+         * @param creds the credentials
+         * @throws LoginException if the JAAS context couldn't be created
+         */
+        public JAAS(String name, Credentials creds) throws LoginException {
+            this.ctx = new LoginContext(name, new CredentialsCallbackHandler(creds));
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public void login() throws LoginException {
+            ctx.login();
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public Subject getSubject() {
+            return ctx.getSubject();
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public void logout() throws LoginException {
+            ctx.logout();
+        }
+        
+    }
+    
+    /**
+     * An {@link AuthContext} implemented using a particular <code>LoginModule</code>.
+     */
+    public static class Local extends AuthContext {
+        private final LoginModule module;
+        private final Map options;
+        private Subject subject;
+        private Credentials creds;
+        
+        /**
+         * Creates an authentication context given a login module configuration and some
credentials.
+         * 
+         * @param config the login module configuration
+         * @param creds the credentials
+         * @throws ConfigurationException if the login module couldn't be created
+         */
+        public Local(LoginModuleConfig config, Credentials creds) throws ConfigurationException
{
+            this.module = config.getLoginModule();
+            this.options = config.getParameters();
+            this.creds = creds;
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public void login() throws LoginException {
+            this.subject = new Subject();
+            this.module.initialize(
+                    this.subject,
+                    new CredentialsCallbackHandler(this.creds),
+                    Collections.EMPTY_MAP,
+                    this.options);
+            
+            try {
+                if (this.module.login()) {
+                    this.module.commit();
+                }
+            }
+            catch(LoginException le) {
+                try {
+                    this.module.abort();
+                } catch(Exception e) {
+                    // Ignore
+                }
+                throw le;
+            }
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public Subject getSubject() {
+            return this.subject;
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public void logout() throws LoginException {
+            if (this.subject == null) {
+                throw new LoginException("Logout called before login");
+            }
+            this.module.logout();
+        }
+    }
+}

Propchange: incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/security/AuthContext.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: incubator/jackrabbit/trunk/src/java/org/apache/jackrabbit/core/security/AuthContext.java
------------------------------------------------------------------------------
    svn:keywords = Id

Modified: incubator/jackrabbit/trunk/src/test/org/apache/jackrabbit/core/config/repository.xml
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/src/test/org/apache/jackrabbit/core/config/repository.xml?rev=162072&r1=162071&r2=162072&view=diff
==============================================================================
--- incubator/jackrabbit/trunk/src/test/org/apache/jackrabbit/core/config/repository.xml (original)
+++ incubator/jackrabbit/trunk/src/test/org/apache/jackrabbit/core/config/repository.xml Wed
Apr 20 14:20:10 2005
@@ -46,7 +46,7 @@
 
         it also specifies the access manager to be used (AccessManager element).
     -->
-    <!ELEMENT Security (AccessManager)>
+    <!ELEMENT Security (AccessManager, LoginModule?)>
     <!ATTLIST Security
       appName CDATA #REQUIRED>
 
@@ -68,6 +68,15 @@
       value CDATA #REQUIRED>
 
     <!--
+        the LoginModule element optionally specifies a JAAS login module to
+        authenticate users. This feature allows the use of Jackrabbit in a
+        non-JAAS environment.
+    -->
+    <!ELEMENT LoginModule (param*)>
+    <!ATTLIST LoginModule
+      class CDATA #REQUIRED>
+
+    <!--
         the Workspaces element specifies the workspaces root directory
         (rootPath attribute) and the name of the default workspace
         (defaultWorkspace attribute).
@@ -137,6 +146,11 @@
         <AccessManager class="org.apache.jackrabbit.core.security.SimpleAccessManager">
             <!-- <param name="config" value="${rep.home}/access.xml"/> -->
         </AccessManager>
+        
+        <LoginModule class="org.apache.jackrabbit.core.security.SimpleLoginModule">
+           <!-- anonymous user name ('anonymous' is the default value) -->
+           <param name="anonymousId" value="anonymous"/>
+        </LoginModule>
     </Security>
 
     <!--



Mime
View raw message