Return-Path: Delivered-To: apmail-jakarta-tomcat-dev-archive@www.apache.org Received: (qmail 92158 invoked from network); 3 Jul 2004 04:17:16 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 3 Jul 2004 04:17:16 -0000 Received: (qmail 63513 invoked by uid 500); 3 Jul 2004 04:17:16 -0000 Delivered-To: apmail-jakarta-tomcat-dev-archive@jakarta.apache.org Received: (qmail 63110 invoked by uid 500); 3 Jul 2004 04:17:06 -0000 Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Developers List" Reply-To: "Tomcat Developers List" Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 63019 invoked by uid 500); 3 Jul 2004 04:17:03 -0000 Received: (qmail 62932 invoked by uid 99); 3 Jul 2004 04:17:01 -0000 X-ASF-Spam-Status: No, hits=0.5 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [209.237.227.194] (HELO minotaur.apache.org) (209.237.227.194) by apache.org (qpsmtpd/0.27.1) with SMTP; Fri, 02 Jul 2004 21:17:00 -0700 Received: (qmail 92069 invoked by uid 1385); 3 Jul 2004 04:16:41 -0000 Date: 3 Jul 2004 04:16:41 -0000 Message-ID: <20040703041641.92068.qmail@minotaur.apache.org> From: billbarker@apache.org To: jakarta-tomcat-catalina-cvs@apache.org Subject: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm LocalStrings.properties LocalStrings_es.properties LocalStrings_fr.properties LocalStrings_ja.properties RealmBase.java UserDatabaseRealm.java X-Virus-Checked: Checked X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N billbarker 2004/07/02 21:16:41 Modified: catalina/src/share/org/apache/catalina/realm LocalStrings.properties LocalStrings_es.properties LocalStrings_fr.properties LocalStrings_ja.properties RealmBase.java UserDatabaseRealm.java Log: Fixing UDBRealm to work with Digest and Client-Cert. Also fixing authenticate(String, String) in RealmBase to handle digested passwords correctly. Revision Changes Path 1.6 +3 -3 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/LocalStrings.properties Index: LocalStrings.properties =================================================================== RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/LocalStrings.properties,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- LocalStrings.properties 12 Dec 2003 22:37:58 -0000 1.5 +++ LocalStrings.properties 3 Jul 2004 04:16:41 -0000 1.6 @@ -33,9 +33,9 @@ realmBase.hasRoleSuccess=Username {0} has role {1} realmBase.notAuthenticated=Configuration error: Cannot perform access control without an authenticated principal realmBase.notStarted=This Realm has not yet been started +realmBase.authenticateFailure=Username {0} NOT successfully authenticated +realmBase.authenticateSuccess=Username {0} successfully authenticated userDatabaseRealm.authenticateError=Login configuration error authenticating username {0} -userDatabaseRealm.authenticateFailure=Username {0} NOT successfully authenticated -userDatabaseRealm.authenticateSuccess=Username {0} successfully authenticated userDatabaseRealm.lookup=Exception looking up UserDatabase under key {0} userDatabaseRealm.noDatabase=No UserDatabase component found under key {0} userDatabaseRealm.noEngine=No Engine component found in container hierarchy 1.6 +3 -3 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/LocalStrings_es.properties Index: LocalStrings_es.properties =================================================================== RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/LocalStrings_es.properties,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- LocalStrings_es.properties 17 Jan 2004 01:43:58 -0000 1.5 +++ LocalStrings_es.properties 3 Jul 2004 04:16:41 -0000 1.6 @@ -33,9 +33,9 @@ realmBase.hasRoleSuccess=El usuario {0} desempe�a el papel de {1} realmBase.notAuthenticated=Error de Configuraci�n: No se pueden realizar funciones de control de acceso sin un principal autentificado realmBase.notStarted=Este dominio a�n no ha sido inicializado +realmBase.authenticateFailure=Nombre de usuario {0} NO autenticado con �xito +realmBase.authenticateSuccess=Nombre de usuario {0} autenticado con �xito userDatabaseRealm.authenticateError=Error de configuraci�n de Login autenticando nombre de usuario {0} -userDatabaseRealm.authenticateFailure=Nombre de usuario {0} NO autenticado con �xito -userDatabaseRealm.authenticateSuccess=Nombre de usuario {0} autenticado con �xito userDatabaseRealm.lookup=Excepci�n buscando en Base de datos de Usuario mediante la clave {0} userDatabaseRealm.noDatabase=No se ha hallado componente de Base de datos de Usuario mediante la clave {0} userDatabaseRealm.noEngine=No se ha hallado componente de Motor en jerarqu�a de contenedor 1.3 +3 -3 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/LocalStrings_fr.properties Index: LocalStrings_fr.properties =================================================================== RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/LocalStrings_fr.properties,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- LocalStrings_fr.properties 12 Dec 2003 22:37:58 -0000 1.2 +++ LocalStrings_fr.properties 3 Jul 2004 04:16:41 -0000 1.3 @@ -32,9 +32,9 @@ realmBase.hasRoleSuccess=Le nom d''utilisateur {0} a pour r�le {1} realmBase.notAuthenticated=Erreur de configuration: Impossible de conduire un contr�le d''acc�s sans un authentifi� principal (authenticated principal) realmBase.notStarted=Ce royaume (Realm) n''a pas encore �t� d�marr� +realmBase.authenticateFailure=Le nom d''utilisateur {0} N''A PAS �t� authentifi� +realmBase.authenticateSuccess=Le nom d''utilisateur {0} a �t� authentifi� avec succ�s userDatabaseRealm.authenticateError=Erreur de configuration du contr�le d''acc�s (login) lors de l''authentification du nom d''utilisateur {0} -userDatabaseRealm.authenticateFailure=Le nom d''utilisateur {0} N''A PAS �t� authentifi� -userDatabaseRealm.authenticateSuccess=Le nom d''utilisateur {0} a �t� authentifi� avec succ�s userDatabaseRealm.lookup=Exception lors de la recherche dans la base de donn�es utilisateurs avec la clef {0} userDatabaseRealm.noDatabase=Aucun composant base de donn�es utilisateurs trouv� pour la clef {0} userDatabaseRealm.noEngine=Aucun composant moteur (engine component) trouv� dans la hi�rarchie des conteneurs 1.7 +3 -3 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/LocalStrings_ja.properties Index: LocalStrings_ja.properties =================================================================== RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/LocalStrings_ja.properties,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- LocalStrings_ja.properties 12 Dec 2003 22:37:58 -0000 1.6 +++ LocalStrings_ja.properties 3 Jul 2004 04:16:41 -0000 1.7 @@ -33,9 +33,9 @@ realmBase.hasRoleSuccess=\u30e6\u30fc\u30b6\u540d {0} \u306f\u30ed\u30fc\u30eb {1} \u3092\u6301\u3063\u3066\u3044\u307e\u3059 realmBase.notAuthenticated=\u8a2d\u5b9a\u30a8\u30e9\u30fc: \u8a8d\u8a3c\u3055\u308c\u305f\u4e3b\u4f53\u306a\u3057\u3067\u306f\u30a2\u30af\u30bb\u30b9\u5236\u5fa1\u304c\u5b9f\u884c\u3067\u304d\u307e\u305b\u3093 realmBase.notStarted=\u3053\u306e\u30ec\u30eb\u30e0\u306f\u307e\u3060\u8d77\u52d5\u3055\u308c\u3066\u3044\u307e\u305b\u3093 +realmBase.authenticateFailure=\u30e6\u30fc\u30b6\u540d {0} \u306f\u8a8d\u8a3c\u306b\u5931\u6557\u3057\u307e\u3057\u305f +realmBase.authenticateSuccess=\u30e6\u30fc\u30b6\u540d {0} \u306f\u8a8d\u8a3c\u306b\u6210\u529f\u3057\u307e\u3057\u305f userDatabaseRealm.authenticateError=\u30e6\u30fc\u30b6\u540d {0} \u3092\u8a8d\u8a3c\u4e2d\u306b\u30ed\u30b0\u30a4\u30f3\u8a2d\u5b9a\u30a8\u30e9\u30fc\u304c\u767a\u751f\u3057\u307e\u3057\u305f -userDatabaseRealm.authenticateFailure=\u30e6\u30fc\u30b6\u540d {0} \u306f\u8a8d\u8a3c\u306b\u5931\u6557\u3057\u307e\u3057\u305f -userDatabaseRealm.authenticateSuccess=\u30e6\u30fc\u30b6\u540d {0} \u306f\u8a8d\u8a3c\u306b\u6210\u529f\u3057\u307e\u3057\u305f userDatabaseRealm.lookup=\u30ad\u30fc {0} \u3067\u30e6\u30fc\u30b6\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u3092\u691c\u7d22\u4e2d\u306e\u4f8b\u5916\u3067\u3059 userDatabaseRealm.noDatabase=\u30ad\u30fc {0} \u3067\u30e6\u30fc\u30b6\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8\u304c\u898b\u3064\u304b\u308a\u307e\u305b\u3093 userDatabaseRealm.noEngine=\u30b3\u30f3\u30c6\u30ca\u968e\u5c64\u4e2d\u306b\u30a8\u30f3\u30b8\u30f3\u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8\u304c\u898b\u3064\u304b\u308a\u307e\u305b\u3093 1.36 +21 -4 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/RealmBase.java Index: RealmBase.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/RealmBase.java,v retrieving revision 1.35 retrieving revision 1.36 diff -u -r1.35 -r1.36 --- RealmBase.java 23 Jun 2004 13:51:37 -0000 1.35 +++ RealmBase.java 3 Jul 2004 04:16:41 -0000 1.36 @@ -250,12 +250,29 @@ String serverCredentials = getPassword(username); - if ( (serverCredentials == null) - || (!serverCredentials.equals(credentials)) ) + boolean validated ; + if ( serverCredentials == null ) { + validated = false; + } else if(hasMessageDigest()) { + validated = serverCredentials.equalsIgnoreCase(digest(credentials)); + } else { + validated = serverCredentials.equals(credentials); + } + if(! validated ) { + if (container.getLogger().isTraceEnabled()) { + container.getLogger(). + trace(sm.getString("realmBase.authenticateFailure", + username)); + } return null; + } + if (container.getLogger().isTraceEnabled()) { + container.getLogger(). + trace(sm.getString("realmBase.authenticateSuccess", + username)); + } return getPrincipal(username); - } 1.7 +31 -60 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/UserDatabaseRealm.java Index: UserDatabaseRealm.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/UserDatabaseRealm.java,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- UserDatabaseRealm.java 23 Jun 2004 13:51:37 -0000 1.6 +++ UserDatabaseRealm.java 3 Jul 2004 04:16:41 -0000 1.7 @@ -130,72 +130,43 @@ /** - * Return the Principal associated with the specified username and - * credentials, if there is one; otherwise return null. + * Return true if the specified Principal has the specified + * security role, within the context of this Realm; otherwise return + * false. This implementation returns true + * if the User has the role, or if any Group + * that the User is a member of has the role. * - * @param username Username of the Principal to look up - * @param credentials Password or other credentials to use in - * authenticating this username + * @param principal Principal for whom the role is to be checked + * @param role Security role to be checked */ - public Principal authenticate(String username, String credentials) { - - // Does a user with this username exist? - User user = database.findUser(username); - if (user == null) { - return (null); + public boolean hasRole(Principal principal, String role) { + if(! (principal instanceof User) ) { + //Play nice with SSO and mixed Realms + return super.hasRole(principal, role); + } + if("*".equals(role)) { + return true; + } else if(role == null) { + return false; + } + User user = (User)principal; + Role dbrole = database.findRole(role); + if(dbrole == null) { + return false; } - - // Do the credentials specified by the user match? - // FIXME - Update all realms to support encoded passwords - boolean validated = false; - if (hasMessageDigest()) { - // Hex hashes should be compared case-insensitive - validated = (digest(credentials) - .equalsIgnoreCase(user.getPassword())); - } else { - validated = - (digest(credentials).equals(user.getPassword())); - } - if (!validated) { - if (container.getLogger().isTraceEnabled()) { - container.getLogger().trace(sm.getString("userDatabaseRealm.authenticateFailure", - username)); - } - return (null); - } - - // Construct a GenericPrincipal that represents this user - if (container.getLogger().isTraceEnabled()) { - container.getLogger().trace(sm.getString("userDatabaseRealm.authenticateSuccess", - username)); - } - ArrayList combined = new ArrayList(); - Iterator roles = user.getRoles(); - while (roles.hasNext()) { - Role role = (Role) roles.next(); - String rolename = role.getRolename(); - if (!combined.contains(rolename)) { - combined.add(rolename); - } + if(user.isInRole(dbrole)) { + return true; } Iterator groups = user.getGroups(); - while (groups.hasNext()) { - Group group = (Group) groups.next(); - roles = group.getRoles(); - while (roles.hasNext()) { - Role role = (Role) roles.next(); - String rolename = role.getRolename(); - if (!combined.contains(rolename)) { - combined.add(rolename); - } + while(groups.hasNext()) { + Group group = (Group)groups.next(); + if(group.isInRole(dbrole)) { + return true; } } - return (new GenericPrincipal(this, user.getUsername(), - user.getPassword(), combined)); - + return false; } - - + // ------------------------------------------------------ Protected Methods --------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org