tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From na...@locus.apache.org
Subject cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/request JDBCRealm.java SimpleRealm.java StaticInterceptor.java
Date Fri, 01 Sep 2000 00:48:16 GMT
nacho       00/08/31 17:48:15

  Modified:    src/etc  server.xml
               src/share/org/apache/tomcat/request JDBCRealm.java
                        SimpleRealm.java StaticInterceptor.java
  Added:       src/etc  admin-users.xml example-users.xml global-users.xml
  Log:
  Make use of perCtx/ReqInt, to provide 3 different users files:
  
  * admin-users.xml for the access to the admin context
  * example-users.xml for access to examples context
  * global-users.xml for access to the entire tomcat
  
  Changed Realms to support this type of config,
  do not delete the original tomcat-users to not be agressive for
  pre 3.3 config and shell scripts, this file can be deprecated on
  a later version.
  
  Revision  Changes    Path
  1.40      +10 -0     jakarta-tomcat/src/etc/server.xml
  
  Index: server.xml
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/etc/server.xml,v
  retrieving revision 1.39
  retrieving revision 1.40
  diff -u -r1.39 -r1.40
  --- server.xml	2000/08/27 20:46:56	1.39
  +++ server.xml	2000/09/01 00:48:08	1.40
  @@ -180,9 +180,11 @@
   
           <!-- Check permissions using the simple xml file. You can 
                plug more advanced authentication modules.
  +             uncomment below to have a global tomcat Realm.
             -->
           <RequestInterceptor 
               className="org.apache.tomcat.request.SimpleRealm" 
  +            filename="conf/global-users.xml"
               debug="0" />
   
          <!-- UnComment the following and comment out the
  @@ -275,6 +277,10 @@
                    docBase="webapps/examples" 
                    debug="0" 
                    reloadable="true" > 
  +        <RequestInterceptor 
  +            className="org.apache.tomcat.request.SimpleRealm" 
  +            filename="conf/example-users.xml"
  +            debug="0" />
           </Context>
   
           <!-- Admin context will use tomcat.core to add/remove/get info about
  @@ -290,6 +296,10 @@
                    debug="0" 
                    reloadable="true" 
                    trusted="false" > 
  +        <RequestInterceptor 
  +            className="org.apache.tomcat.request.SimpleRealm" 
  +            filename="conf/admin-users.xml"
  +            debug="0" />
           </Context>
   
           <!-- Virtual host example - 
  
  
  
  1.1                  jakarta-tomcat/src/etc/admin-users.xml
  
  Index: admin-users.xml
  ===================================================================
  <tomcat-users>
    <user name="admin" password="changethis" roles="tomcat_admin,tomcat,role1" />
  </tomcat-users>
  
  
  
  1.1                  jakarta-tomcat/src/etc/example-users.xml
  
  Index: example-users.xml
  ===================================================================
  <tomcat-users>
    <user name="tomcat" password="tomcat" roles="tomcat" />
    <user name="role1"  password="tomcat" roles="role1"  />
    <user name="both"   password="tomcat" roles="tomcat,role1" />
  </tomcat-users>
  
  
  
  1.1                  jakarta-tomcat/src/etc/global-users.xml
  
  Index: global-users.xml
  ===================================================================
  <tomcat-users>
    <user name="root" password="changethis" roles="tomcat,role1,tomcat_admin,tomcat_root"
/>
  </tomcat-users>
  
  
  
  1.18      +12 -3     jakarta-tomcat/src/share/org/apache/tomcat/request/JDBCRealm.java
  
  Index: JDBCRealm.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/request/JDBCRealm.java,v
  retrieving revision 1.17
  retrieving revision 1.18
  diff -u -r1.17 -r1.18
  --- JDBCRealm.java	2000/08/22 06:56:51	1.17
  +++ JDBCRealm.java	2000/09/01 00:48:11	1.18
  @@ -1,4 +1,5 @@
   /*
  + *
    * The Apache Software License, Version 1.1
    *
    * Copyright (c) 1999 The Apache Software Foundation.  All rights 
  @@ -25,7 +26,7 @@
    *
    * 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
    *    Foundation" must not be used to endorse or promote products derived
  - *    from this software without prior written permission. For written 
  + *    from this software without prior written permission. For written
    *    permission, please contact apache@apache.org.
    *
    * 5. Products derived from this software may not be called "Apache"
  @@ -98,7 +99,7 @@
   
       ContextManager cm;
       int reqRolesNote;
  -
  +    int reqRealmSignNote;
       // ----------------------------------------------------- Instance Variables
   
       /**
  @@ -509,6 +510,8 @@
             // XXX make the name a "global" static - after everything is stable!
             reqRolesNote = cm.getNoteId( ContextManager.REQUEST_NOTE
                   , "required.roles");
  +          reqRealmSignNote = cm.getNoteId( ContextManager.REQUEST_NOTE
  +                , "realm.sign");
         } catch( TomcatException ex ) {
             log("setting up note for " + cm, ex);
             throw new RuntimeException( "Invalid state ");
  @@ -522,10 +525,11 @@
           // This realm will use only username and password callbacks
           String user=(String)cred.get("username");
           String password=(String)cred.get("password");
  -	
  +
   	if( checkPassword( user, password ) ) {
        	    if( debug > 0 ) log( "Auth ok, user=" + user );
   	    req.setRemoteUser( user );
  +            req.setNote(reqRealmSignNote,this);
   	}
   	return 0;
       }
  @@ -542,8 +546,13 @@
           String userRoles[]=null;
   
   	String user=req.getRemoteUser();
  +
   	if( user==null )
               return 401; //HttpServletResponse.SC_UNAUTHORIZED
  +
  +        if( this.equals(req.getNote(reqRealmSignNote)) ){
  +                return 0;
  +        }
   
   	if( debug > 0 )
               log( "Controled access for " + user + " " + req + " "
  
  
  
  1.9       +42 -17    jakarta-tomcat/src/share/org/apache/tomcat/request/SimpleRealm.java
  
  Index: SimpleRealm.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/request/SimpleRealm.java,v
  retrieving revision 1.8
  retrieving revision 1.9
  diff -u -r1.8 -r1.9
  --- SimpleRealm.java	2000/08/22 06:56:52	1.8
  +++ SimpleRealm.java	2000/09/01 00:48:12	1.9
  @@ -1,4 +1,5 @@
   /*
  + *
    * ====================================================================
    *
    * The Apache Software License, Version 1.1
  @@ -84,12 +85,13 @@
       MemoryRealm memoryRealm;
       ContextManager cm;
       int reqRolesNote;
  -    
  +    int reqRealmSignNote;
  +    String filename;
       public SimpleRealm() {
       }
   
       /** Set the context manager. To keep it simple we don't support
  -     *  dynamic add/remove for this interceptor. 
  +     *  dynamic add/remove for this interceptor.
        */
       public void setContextManager( ContextManager cm ) {
   	super.setContextManager( cm );
  @@ -97,9 +99,11 @@
   	this.cm=cm;
   	// set-up a per/container note for maps
   	try {
  -	    // XXX make the name a "global" static - 
  +	    // XXX make the name a "global" static -
   	    reqRolesNote = cm.getNoteId( ContextManager.REQUEST_NOTE,
   					 "required.roles");
  +            reqRealmSignNote = cm.getNoteId( ContextManager.REQUEST_NOTE
  +                                   , "realm.sign");
   	} catch( TomcatException ex ) {
   	    log("getting note for " + cm, ex);
   	    throw new RuntimeException( "Invalid state ");
  @@ -110,7 +114,7 @@
   	throws TomcatException
       {
   	if( memoryRealm==null) {
  -	    memoryRealm = new MemoryRealm(ctx);
  +	    memoryRealm = new MemoryRealm(ctx,filename);
   	    try {
   		memoryRealm.readMemoryRealm(ctx);
   	    } catch(Exception ex ) {
  @@ -119,7 +123,7 @@
   	    }
   	}
       }
  -	    
  +
       public int authenticate( Request req, Response response )
       {
   	// Extract the credentials
  @@ -133,25 +137,32 @@
   	if( debug > 0 ) log( "Verify user=" + user + " pass=" + password );
   	if( memoryRealm.checkPassword( user, password ) ) {
   	    req.setRemoteUser( user );
  +            req.setNote(reqRealmSignNote,this);
   	    if( debug > 0 ) log( "Auth ok, user=" + user );
   	}
   	return 0;
       }
  -    
  +
       public int authorize( Request req, Response response, String roles[] )
       {
   	if( roles==null || roles.length==0 ) {
   	    // request doesn't need authentication
   	    return 0;
   	}
  -	
  +
   	Context ctx=req.getContext();
   
   	String userRoles[]=null;
  -	String user=req.getRemoteUser(); 
  +	String user=req.getRemoteUser();
   	if( user==null )
   	    return 401;
   
  +        if( ! this.equals(req.getNote(reqRealmSignNote)) ){
  +                return 0;
  +        }
  +
  +
  +
   	if( debug > 0 ) log( "Controled access for " + user + " " +
   			     req + " " + req.getContainer() );
   
  @@ -162,10 +173,18 @@
   
   	if( SecurityTools.haveRole( userRoles, roles ))
   	    return 0;
  -	
  +
   	if( debug > 0 ) log( "UnAuthorized " + roles[0] );
    	return 401;
       }
  +
  +    public String getFilename() {
  +        return filename;
  +    }
  +
  +    public void setFilename(String newFilename) {
  +        filename = newFilename;
  +    }
   }
   
   class MemoryRealm {
  @@ -175,17 +194,19 @@
       Hashtable roles=new Hashtable();
       // user -> roles
       Hashtable userRoles= new Hashtable();
  +    String filename;
       Context ctx;
       int debug=0;
  -    
  -    MemoryRealm(Context ctx) {
  +
  +    MemoryRealm(Context ctx,String fn) {
   	this.ctx=ctx;
  +        filename=fn;
       }
   
       public Hashtable getRoles() {
       	return roles;
       }
  -    
  +
       public void addUser(String name, String pass, String groups ) {
   	if( ctx.getDebug() > 0 )  ctx.log( "Add user " + name + " " + pass + " " + groups );
   	passwords.put( name, pass );
  @@ -214,7 +235,7 @@
   	}
   	thisUserRoles.addElement( role );
       }
  -    
  +
       public boolean checkPassword( String user, String pass ) {
   	if( user==null ) return false;
   	if( debug > 0 ) ctx.log( "check " + user+ " " + pass + " " + passwords.get( user ));
  @@ -230,18 +251,22 @@
   	}
   	return roles;
       }
  -    
  +
       public boolean userInRole( String user, String role ) {
   	Vector users=(Vector)roles.get(role);
   	if( debug > 0 ) ctx.log( "check role " + user+ " " + role + " "  );
   	if(users==null) return false;
   	return users.indexOf( user ) >=0 ;
       }
  -
       void readMemoryRealm(Context ctx) throws Exception {
   	ContextManager cm=ctx.getContextManager();
   	String home=cm.getHome();
  -	File f=new File( home + "/conf/tomcat-users.xml");
  +        File f;
  +        if (filename != null)
  +            f=new File( home + File.separator + filename );
  +        else
  +            f=new File( home + "/conf/tomcat-users.xml");
  +            
   	if( ! f.exists() ) {
   	    ctx.log( "File not found  " + f );
   	    return;
  @@ -249,7 +274,7 @@
   	XmlMapper xh=new XmlMapper();
   	if( ctx.getDebug() > 5 ) xh.setDebug( 2 );
   
  -	// call addUser using attributes as parameters 
  +	// call addUser using attributes as parameters
   	xh.addRule("tomcat-users/user",
   		   new XmlAction() {
   			   public void start(SaxContext sctx) throws Exception {
  
  
  
  1.17      +1 -1      jakarta-tomcat/src/share/org/apache/tomcat/request/StaticInterceptor.java
  
  Index: StaticInterceptor.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/request/StaticInterceptor.java,v
  retrieving revision 1.16
  retrieving revision 1.17
  diff -u -r1.16 -r1.17
  --- StaticInterceptor.java	2000/08/29 03:44:28	1.16
  +++ StaticInterceptor.java	2000/09/01 00:48:13	1.17
  @@ -355,7 +355,7 @@
   	Request subReq=req;
   	if( inInclude ) subReq = req.getChild();
   	Context ctx=req.getContext();
  -	String pathInfo=subReq.getPathInfo();
  +	String pathInfo=subReq.getServletPath();
   	if( pathInfo == null ) pathInfo="";
   	String absPath=ctx.getRealPath( pathInfo );
   	File file = new File( absPath );
  
  
  

Mime
View raw message