karaf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gno...@apache.org
Subject [karaf] 05/05: [KARAF-5476] Reduce number of logins when using the webconsole
Date Sat, 11 Nov 2017 19:25:24 GMT
This is an automated email from the ASF dual-hosted git repository.

gnodet pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/karaf.git

commit e21ba2b0a5a48b94d16aa15f7aabbafc12829a72
Author: Guillaume Nodet <gnodet@gmail.com>
AuthorDate: Thu Nov 9 18:19:59 2017 +0100

    [KARAF-5476] Reduce number of logins when using the webconsole
---
 .../internal/servlet/JaasSecurityProvider.java     | 36 +++++++++++++++++++++-
 1 file changed, 35 insertions(+), 1 deletion(-)

diff --git a/webconsole/console/src/main/java/org/apache/felix/webconsole/internal/servlet/JaasSecurityProvider.java
b/webconsole/console/src/main/java/org/apache/felix/webconsole/internal/servlet/JaasSecurityProvider.java
index e7ea339..fd2cc9d 100644
--- a/webconsole/console/src/main/java/org/apache/felix/webconsole/internal/servlet/JaasSecurityProvider.java
+++ b/webconsole/console/src/main/java/org/apache/felix/webconsole/internal/servlet/JaasSecurityProvider.java
@@ -33,6 +33,7 @@ import javax.security.auth.login.FailedLoginException;
 import javax.security.auth.login.LoginContext;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 
 import org.apache.felix.webconsole.WebConsoleSecurityProvider2;
 import org.osgi.service.cm.ManagedService;
@@ -52,6 +53,7 @@ public class JaasSecurityProvider implements WebConsoleSecurityProvider2,
Manage
 
     private String realm;
     private String role;
+    private int sessionTimeout;
 
     public JaasSecurityProvider() {
         updated(null);
@@ -85,6 +87,7 @@ public class JaasSecurityProvider implements WebConsoleSecurityProvider2,
Manage
         }
         realm = getString(properties, "realm", "karaf");
         role = getString(properties, "role", System.getProperty("karaf.admin.role", "admin"));
+        sessionTimeout = Integer.parseInt(getString(properties, "sessionTimeout", "0"));
     }
 
     private String getString(Dictionary<String, ?> properties, String key, String def)
{
@@ -177,7 +180,23 @@ public class JaasSecurityProvider implements WebConsoleSecurityProvider2,
Manage
                         String password = srcString.substring( i + 1 );
 
                         // authenticate
-                        Subject subject = doAuthenticate( username, password );
+                        Subject subject = null;
+                        try
+                        {
+                            HttpSession session = request.getSession(false);
+                            if ( session != null )
+                            {
+                                subject = (Subject) session.getAttribute( KarafOsgiManager.SUBJECT_RUN_AS
);
+                            }
+                        }
+                        catch ( Throwable t )
+                        {
+                            // ignore
+                        }
+                        if ( subject == null )
+                        {
+                            subject = doAuthenticate(username, password);
+                        }
                         if ( subject != null )
                         {
                             // as per the spec, set attributes
@@ -190,6 +209,21 @@ public class JaasSecurityProvider implements WebConsoleSecurityProvider2,
Manage
                             // set the JAAS subject
                             request.setAttribute( KarafOsgiManager.SUBJECT_RUN_AS, subject
);
 
+                            // create a session and store the information
+                            try
+                            {
+                                HttpSession session = request.getSession(true);
+                                if (sessionTimeout != 0)
+                                {
+                                    session.setMaxInactiveInterval(sessionTimeout);
+                                }
+                                session.setAttribute( KarafOsgiManager.SUBJECT_RUN_AS, subject
);
+                            }
+                            catch ( Throwable t )
+                            {
+                                // ignore
+                            }
+
                             // succeed
                             return true;
                         }

-- 
To stop receiving notification emails like this one, please contact
"commits@karaf.apache.org" <commits@karaf.apache.org>.

Mime
View raw message