jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ju...@apache.org
Subject svn commit: r386415 - in /incubator/jackrabbit/trunk/jackrabbit: applications/test/ src/main/java/org/apache/jackrabbit/core/ src/main/java/org/apache/jackrabbit/core/security/
Date Thu, 16 Mar 2006 18:54:32 GMT
Author: jukka
Date: Thu Mar 16 10:54:29 2006
New Revision: 386415

URL: http://svn.apache.org/viewcvs?rev=386415&view=rev
Log:
JCR-351: Better handling of null Credentials when JAAS is not configured.

Modified:
    incubator/jackrabbit/trunk/jackrabbit/applications/test/repository.xml
    incubator/jackrabbit/trunk/jackrabbit/src/main/java/org/apache/jackrabbit/core/RepositoryImpl.java
    incubator/jackrabbit/trunk/jackrabbit/src/main/java/org/apache/jackrabbit/core/repository.xml
    incubator/jackrabbit/trunk/jackrabbit/src/main/java/org/apache/jackrabbit/core/security/SimpleLoginModule.java

Modified: incubator/jackrabbit/trunk/jackrabbit/applications/test/repository.xml
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/jackrabbit/applications/test/repository.xml?rev=386415&r1=386414&r2=386415&view=diff
==============================================================================
--- incubator/jackrabbit/trunk/jackrabbit/applications/test/repository.xml (original)
+++ incubator/jackrabbit/trunk/jackrabbit/applications/test/repository.xml Thu Mar 16 10:54:29
2006
@@ -149,6 +149,11 @@
         <LoginModule class="org.apache.jackrabbit.core.security.SimpleLoginModule">
            <!-- anonymous user name ('anonymous' is the default value) -->
            <param name="anonymousId" value="anonymous"/>
+           <!--
+              default user name to be used instead of the anonymous user
+              when no login credentials are provided (unset by default)
+           -->
+           <!-- <param name="defaultUserId" value="superuser"/> -->
         </LoginModule>
     </Security>
 

Modified: incubator/jackrabbit/trunk/jackrabbit/src/main/java/org/apache/jackrabbit/core/RepositoryImpl.java
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/jackrabbit/src/main/java/org/apache/jackrabbit/core/RepositoryImpl.java?rev=386415&r1=386414&r2=386415&view=diff
==============================================================================
--- incubator/jackrabbit/trunk/jackrabbit/src/main/java/org/apache/jackrabbit/core/RepositoryImpl.java
(original)
+++ incubator/jackrabbit/trunk/jackrabbit/src/main/java/org/apache/jackrabbit/core/RepositoryImpl.java
Thu Mar 16 10:54:29 2006
@@ -1052,22 +1052,17 @@
         getWorkspaceInfo(workspaceName);
 
         if (credentials == null) {
-            // null credentials, obtain the identity of the already-authenticated
-            // subject from access control context
-            AccessControlContext acc = AccessController.getContext();
-            Subject subject;
             try {
-                subject = Subject.getSubject(acc);
+                // null credentials, obtain the identity of the already-authenticated
+                // subject from access control context
+                AccessControlContext acc = AccessController.getContext();
+                Subject subject = Subject.getSubject(acc);
+                if (subject != null) {
+                    return createSession(subject, workspaceName);
+                }
             } catch (SecurityException se) {
                 throw new LoginException(
                         "Unable to access authentication information", se);
-            }
-            if (subject == null) {
-                throw new LoginException("No Subject associated with AccessControlContext");
-            }
-            // create session
-            try {
-                return createSession(subject, workspaceName);
             } catch (AccessDeniedException ade) {
                 // authenticated subject is not authorized for the specified workspace
                 throw new LoginException("Workspace access denied", ade);
@@ -1086,7 +1081,7 @@
             }
             authCtx.login();
         } catch (javax.security.auth.login.LoginException le) {
-            throw new LoginException(le.getMessage());
+            throw new LoginException(le.getMessage(), le);
         }
 
         // create session

Modified: incubator/jackrabbit/trunk/jackrabbit/src/main/java/org/apache/jackrabbit/core/repository.xml
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/jackrabbit/src/main/java/org/apache/jackrabbit/core/repository.xml?rev=386415&r1=386414&r2=386415&view=diff
==============================================================================
--- incubator/jackrabbit/trunk/jackrabbit/src/main/java/org/apache/jackrabbit/core/repository.xml
(original)
+++ incubator/jackrabbit/trunk/jackrabbit/src/main/java/org/apache/jackrabbit/core/repository.xml
Thu Mar 16 10:54:29 2006
@@ -149,6 +149,11 @@
         <LoginModule class="org.apache.jackrabbit.core.security.SimpleLoginModule">
            <!-- anonymous user name ('anonymous' is the default value) -->
            <param name="anonymousId" value="anonymous"/>
+           <!--
+              default user name to be used instead of the anonymous user
+              when no login credentials are provided (unset by default)
+           -->
+           <!-- <param name="defaultUserId" value="superuser"/> -->
         </LoginModule>
     </Security>
 

Modified: incubator/jackrabbit/trunk/jackrabbit/src/main/java/org/apache/jackrabbit/core/security/SimpleLoginModule.java
URL: http://svn.apache.org/viewcvs/incubator/jackrabbit/trunk/jackrabbit/src/main/java/org/apache/jackrabbit/core/security/SimpleLoginModule.java?rev=386415&r1=386414&r2=386415&view=diff
==============================================================================
--- incubator/jackrabbit/trunk/jackrabbit/src/main/java/org/apache/jackrabbit/core/security/SimpleLoginModule.java
(original)
+++ incubator/jackrabbit/trunk/jackrabbit/src/main/java/org/apache/jackrabbit/core/security/SimpleLoginModule.java
Thu Mar 16 10:54:29 2006
@@ -45,6 +45,11 @@
     private static final String OPT_ANONYMOUS = "anonymousId";
 
     /**
+     * Name of the default user id option in the LoginModule configuration
+     */
+    private static final String OPT_DEFAULT = "defaultUserId";
+
+    /**
      * The default user id for anonymous login
      */
     private static final String DEFAULT_ANONYMOUS_ID = "anonymous";
@@ -68,11 +73,54 @@
     private String anonymousUserId = DEFAULT_ANONYMOUS_ID;
 
     /**
+     * The default user id. Only used when not <code>null</code>.
+     */
+    private String defaultUserId = null;
+
+    /**
      * Constructor
      */
     public SimpleLoginModule() {
     }
 
+    /**
+     * Returns the anonymous user id.
+     *
+     * @return anonymous user id
+     */
+    public String getAnonymousId() {
+        return anonymousUserId;
+    }
+
+    /**
+     * Sets the default user id to be used when no login credentials
+     * are presented.
+     * 
+     * @param defaultUserId default user id
+     */
+    public void setAnonymousId(String anonymousId) {
+        this.anonymousUserId = anonymousId;
+    }
+
+    /**
+     * Returns the default user id.
+     *
+     * @return default user id
+     */
+    public String getDefaultUserId() {
+        return defaultUserId;
+    }
+
+    /**
+     * Sets the default user id to be used when no login credentials
+     * are presented.
+     * 
+     * @param defaultUserId default user id
+     */
+    public void setDefaultUserId(String defaultUserId) {
+        this.defaultUserId = defaultUserId;
+    }
+
     //----------------------------------------------------------< LoginModule >
     /**
      * {@inheritDoc}
@@ -90,6 +138,9 @@
         if (userId != null) {
             anonymousUserId = userId;
         }
+        if (options.containsKey(OPT_DEFAULT)) {
+            defaultUserId = (String) options.get(OPT_DEFAULT);
+        }
     }
 
     /**
@@ -101,17 +152,14 @@
             throw new LoginException("no CallbackHandler available");
         }
 
-        Callback[] callbacks = new Callback[]{
-            new CredentialsCallback()
-        };
-
         boolean authenticated = false;
         principals.clear();
         try {
-            callbackHandler.handle(callbacks);
-            // credentials
-            CredentialsCallback ccb = (CredentialsCallback) callbacks[0];
+            // Get credentials using a JAAS callback
+            CredentialsCallback ccb = new CredentialsCallback();
+            callbackHandler.handle(new Callback[] { ccb });
             Credentials creds = ccb.getCredentials();
+            // Use the credentials to set up principals
             if (creds != null) {
                 if (creds instanceof SimpleCredentials) {
                     SimpleCredentials sc = (SimpleCredentials) creds;
@@ -133,6 +181,12 @@
                     }
                     authenticated = true;
                 }
+            } else if (defaultUserId != null) {
+                principals.add(new UserPrincipal(defaultUserId));
+                authenticated = true;
+            } else {
+                principals.add(new AnonymousPrincipal());
+                authenticated = true;
             }
         } catch (java.io.IOException ioe) {
             throw new LoginException(ioe.toString());



Mime
View raw message