tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm JAASMemoryLoginModule.java JAASRealm.java LocalStrings.properties MemoryRealm.java
Date Thu, 07 Jul 2005 22:42:03 GMT
markt       2005/07/07 15:42:03

  Modified:    catalina/src/share/org/apache/catalina/realm
                        JAASMemoryLoginModule.java JAASRealm.java
                        LocalStrings.properties MemoryRealm.java
  Log:
  Fix bug 16274. Essentially a port from TC%, mainly of Costin's work.
  The JAAS realm is still experimental but it can now be used to authenticate against
   tomcat-users.xml.
  
  Revision  Changes    Path
  1.3       +12 -194   jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JAASMemoryLoginModule.java
  
  Index: JAASMemoryLoginModule.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JAASMemoryLoginModule.java,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- JAASMemoryLoginModule.java	26 Aug 2004 21:37:21 -0000	1.2
  +++ JAASMemoryLoginModule.java	7 Jul 2005 22:42:03 -0000	1.3
  @@ -18,14 +18,11 @@
   package org.apache.catalina.realm;
   
   
  -import java.beans.PropertyChangeListener;
   import java.io.File;
   import java.io.IOException;
  -import java.util.ArrayList;
   import java.util.HashMap;
   import java.util.Map;
   import java.security.Principal;
  -import java.security.cert.X509Certificate;
   import javax.security.auth.Subject;
   import javax.security.auth.callback.Callback;
   import javax.security.auth.callback.CallbackHandler;
  @@ -35,8 +32,6 @@
   import javax.security.auth.login.FailedLoginException;
   import javax.security.auth.login.LoginException;
   import javax.security.auth.spi.LoginModule;
  -import org.apache.catalina.Container;
  -import org.apache.catalina.Realm;
   import org.apache.commons.digester.Digester;
   
   
  @@ -69,7 +64,13 @@
    * @version $Revision$ $Date$
    */
   
  -public class JAASMemoryLoginModule implements LoginModule, Realm {
  +public class JAASMemoryLoginModule extends MemoryRealm implements LoginModule {
  +
  +    /**
  +     * Descriptive information about this Realm implementation.
  +     */
  +    protected final String info =
  +        "org.apache.catalina.realm.JAASMemoryLoginModule/1.0";
   
   
       // ----------------------------------------------------- Instance Variables
  @@ -135,35 +136,6 @@
   
   
       /**
  -     * Add a new user to the in-memory database.
  -     *
  -     * @param username User's username
  -     * @param password User's password (clear text)
  -     * @param roles Comma-delimited set of roles associated with this user
  -     */
  -    void addUser(String username, String password, String roles) {
  -
  -        // Accumulate the list of roles for this user
  -        ArrayList list = new ArrayList();
  -        roles += ",";
  -        while (true) {
  -            int comma = roles.indexOf(',');
  -            if (comma < 0)
  -                break;
  -            String role = roles.substring(0, comma).trim();
  -            list.add(role);
  -            roles = roles.substring(comma + 1);
  -        }
  -
  -        // Construct and cache the Principal for this user
  -        GenericPrincipal principal =
  -            new GenericPrincipal(this, username, password, list);
  -        principals.put(username, principal);
  -
  -    }
  -
  -
  -    /**
        * Phase 2 of authenticating a <code>Subject</code> when Phase 1
        * fails.  This method is called if the <code>LoginContext</code>
        * failed somewhere in the overall authentication chain.
  @@ -283,7 +255,7 @@
           }
   
           // Validate the username and password we have received
  -        principal = null; // FIXME - look up and check password
  +        principal = super.authenticate(username, password);
   
           // Report results based on success or failure
           if (principal != null) {
  @@ -316,29 +288,6 @@
   
       // ---------------------------------------------------------- Realm Methods
   
  -
  -    /**
  -     * Return the Container with which this Realm has been associated.
  -     */
  -    public Container getContainer() {
  -
  -        return (null);
  -
  -    }
  -
  -
  -    /**
  -     * Set the Container with which this Realm has been associated.
  -     *
  -     * @param container The associated Container
  -     */
  -    public void setContainer(Container container) {
  -
  -        ;
  -
  -    }
  -
  -
       /**
        * Return descriptive information about this Realm implementation and
        * the corresponding version number, in the format
  @@ -346,113 +295,7 @@
        */
       public String getInfo() {
   
  -        return (null);
  -
  -    }
  -
  -
  -    /**
  -     * Add a property change listener to this component.
  -     *
  -     * @param listener The listener to add
  -     */
  -    public void addPropertyChangeListener(PropertyChangeListener listener) {
  -
  -        ;
  -
  -    }
  -
  -
  -    /**
  -     * Return the Principal associated with the specified username and
  -     * credentials, if there is one; otherwise return <code>null</code>.
  -     *
  -     * @param username Username of the Principal to look up
  -     * @param credentials Password or other credentials to use in
  -     *  authenticating this username
  -     */
  -    public Principal authenticate(String username, String credentials) {
  -
  -        return (null);
  -
  -    }
  -
  -
  -    /**
  -     * Return the Principal associated with the specified username and
  -     * credentials, if there is one; otherwise return <code>null</code>.
  -     *
  -     * @param username Username of the Principal to look up
  -     * @param credentials Password or other credentials to use in
  -     *  authenticating this username
  -     */
  -    public Principal authenticate(String username, byte[] credentials) {
  -
  -        return (null);
  -
  -    }
  -
  -
  -    /**
  -     * Return the Principal associated with the specified username, which
  -     * matches the digest calculated using the given parameters using the
  -     * method described in RFC 2069; otherwise return <code>null</code>.
  -     *
  -     * @param username Username of the Principal to look up
  -     * @param digest Digest which has been submitted by the client
  -     * @param nonce Unique (or supposedly unique) token which has been used
  -     * for this request
  -     * @param realm Realm name
  -     * @param md5a2 Second MD5 digest used to calculate the digest :
  -     * MD5(Method + ":" + uri)
  -     */
  -    public Principal authenticate(String username, String digest,
  -                                  String nonce, String nc, String cnonce,
  -                                  String qop, String realm,
  -                                  String md5a2) {
  -
  -        return (null);
  -
  -    }
  -
  -
  -    /**
  -     * Return the Principal associated with the specified chain of X509
  -     * client certificates.  If there is none, return <code>null</code>.
  -     *
  -     * @param certs Array of client certificates, with the first one in
  -     *  the array being the certificate of the client itself.
  -     */
  -    public Principal authenticate(X509Certificate certs[]) {
  -
  -        return (null);
  -
  -    }
  -
  -
  -    /**
  -     * Return <code>true</code> if the specified Principal has the specified
  -     * security role, within the context of this Realm; otherwise return
  -     * <code>false</code>.
  -     *
  -     * @param principal Principal for whom the role is to be checked
  -     * @param role Security role to be checked
  -     */
  -    public boolean hasRole(Principal principal, String role) {
  -
  -        return (false);
  -
  -    }
  -
  -
  -    /**
  -     * Remove a property change listener from this component.
  -     *
  -     * @param listener The listener to remove
  -     */
  -    public void removePropertyChangeListener(PropertyChangeListener listener) {
  -
  -        ;
  +        return info;
   
       }
   
  @@ -485,36 +328,11 @@
               log("Error processing configuration file " +
                   file.getAbsolutePath(), e);
               return;
  +        } finally {
  +            digester.push(null);
           }
   
       }
   
   
  -    /**
  -     * Log a message.
  -     *
  -     * @param message The message to be logged
  -     */
  -    protected void log(String message) {
  -
  -        System.out.print("JAASMemoryLoginModule: ");
  -        System.out.println(message);
  -
  -    }
  -
  -
  -    /**
  -     * Log a message and associated exception.
  -     *
  -     * @param message The message to be logged
  -     * @param exception The associated exception
  -     */
  -    protected void log(String message, Throwable exception) {
  -
  -        log(message);
  -        exception.printStackTrace(System.out);
  -
  -    }
  -
  -
   }
  
  
  
  1.7       +21 -5     jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JAASRealm.java
  
  Index: JAASRealm.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JAASRealm.java,v
  retrieving revision 1.6
  retrieving revision 1.7
  diff -u -r1.6 -r1.7
  --- JAASRealm.java	27 Nov 2004 18:29:44 -0000	1.6
  +++ JAASRealm.java	7 Jul 2005 22:42:03 -0000	1.7
  @@ -19,7 +19,9 @@
   
   
   import java.security.Principal;
  +import java.security.acl.Group;
   import java.util.ArrayList;
  +import java.util.Enumeration;
   import java.util.Iterator;
   import javax.security.auth.Subject;
   import javax.security.auth.login.AccountExpiredException;
  @@ -270,7 +272,7 @@
           }
   
           // Return the appropriate Principal for this authenticated Subject
  -        Principal principal = createPrincipal(subject);
  +        Principal principal = createPrincipal(username, subject);
           if (principal == null) {
               log(sm.getString("jaasRealm.authenticateError", username));
               return (null);
  @@ -326,9 +328,8 @@
        *
        * @param subject The Subject representing the logged in user
        */
  -    protected Principal createPrincipal(Subject subject) {
  +    protected Principal createPrincipal(String username, Subject subject) {
           // Prepare to scan the Principals for this Subject
  -        String username = null;
           String password = null; // Will not be carried forward
           ArrayList roles = new ArrayList();
   
  @@ -336,13 +337,28 @@
           Iterator principals = subject.getPrincipals().iterator();
           while (principals.hasNext()) {
               Principal principal = (Principal) principals.next();
  +            if (principal instanceof GenericPrincipal) {
  +                // No need to look any further
  +                return principal;
  +            }
               String principalClass = principal.getClass().getName();
  -            if ((username == null) && userClasses.contains(principalClass)) {
  +            if (userClasses.contains(principalClass)) {
  +                // Override the default which is the original user, accepted by
  +                // the LoginManager
                   username = principal.getName();
               }
               if (roleClasses.contains(principalClass)) {
                   roles.add(principal.getName());
               }
  +            if ((principal instanceof Group) &&
  +                    "Roles".equals(principal.getName())) {
  +                Group grp = (Group) principal;
  +                Enumeration en = grp.members();
  +                while (en.hasMoreElements()) {
  +                    Principal roleP = (Principal) en.nextElement();
  +                    roles.add(roleP.getName());
  +                }
  +            }
           }
   
           // Create the resulting Principal for our authenticated user
  
  
  
  1.12      +2 -1      jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/LocalStrings.properties
  
  Index: LocalStrings.properties
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/LocalStrings.properties,v
  retrieving revision 1.11
  retrieving revision 1.12
  diff -u -r1.11 -r1.12
  --- LocalStrings.properties	3 Feb 2005 22:47:07 -0000	1.11
  +++ LocalStrings.properties	7 Jul 2005 22:42:03 -0000	1.12
  @@ -5,6 +5,7 @@
   # package org.apache.catalina.realm
   
   jaasRealm.accountExpired=Username {0} NOT authenticated due to expired account
  +jaasRealm.authenticateError=Failed to create principal for username {0}
   jaasRealm.authenticateSuccess=Username {0} successfully authenticated
   jaasRealm.credentialExpired=Username {0} NOT authenticated due to expired credential
   jaasRealm.failedLogin=Username {0} NOT authenticated due to failed login
  
  
  
  1.16      +2 -2      jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/MemoryRealm.java
  
  Index: MemoryRealm.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/MemoryRealm.java,v
  retrieving revision 1.15
  retrieving revision 1.16
  diff -u -r1.15 -r1.16
  --- MemoryRealm.java	27 Nov 2004 18:29:44 -0000	1.15
  +++ MemoryRealm.java	7 Jul 2005 22:42:03 -0000	1.16
  @@ -42,7 +42,7 @@
    * @version $Revision$ $Date$
    */
   
  -public final class MemoryRealm
  +public class MemoryRealm
       extends RealmBase {
   
   
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message