tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r692717 - in /tomcat/tc6.0.x/trunk: ./ STATUS.txt java/org/apache/catalina/realm/JAASCallbackHandler.java java/org/apache/catalina/realm/JAASMemoryLoginModule.java java/org/apache/catalina/realm/JAASRealm.java webapps/docs/changelog.xml
Date Sat, 06 Sep 2008 19:52:56 GMT
Author: markt
Date: Sat Sep  6 12:52:56 2008
New Revision: 692717

URL: http://svn.apache.org/viewvc?rev=692717&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=41407
Add support for CLIENT-CERT to the JASSRealm.

Modified:
    tomcat/tc6.0.x/trunk/   (props changed)
    tomcat/tc6.0.x/trunk/STATUS.txt
    tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java
    tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java
    tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASRealm.java
    tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc6.0.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Sep  6 12:52:56 2008
@@ -1 +1 @@
-/tomcat/trunk:673796,673820,683982,684001,684081,684234
+/tomcat/trunk:673796,673820,683982,684001,684081,684234,684269-684270

Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=692717&r1=692716&r2=692717&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Sat Sep  6 12:52:56 2008
@@ -71,12 +71,6 @@
    0: remm (looks risky, very minor problem)
   -1: 
 
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=41407
-  Add support for CLIENT-CERT to the JASSRealm. Builds on DIGEST patch above.
-  http://svn.apache.org/viewvc?rev=684270&view=rev
-  +1: markt, remm, funkman
-  -1: 
-
 * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45608
   Prevent race condition for allocate/deallocate in StandardWrapper
   http://svn.apache.org/viewvc?rev=685177&view=rev

Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java?rev=692717&r1=692716&r2=692717&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java Sat Sep 
6 12:52:56 2008
@@ -80,21 +80,22 @@
     /**
      * Construct a callback handler for DIGEST authentication.
      *
-     * @param realm     Our associated JAASRealm instance
-     * @param username  Username to be authenticated with
-     * @param password  Password to be authenticated with
-     * @param nonce     Server generated nonce
-     * @param nc        Nonce count
-     * @param cnonce    Client generated nonce
-     * @param qop       Quality of protection aplied to the message
-     * @param realmName Realm name
-     * @param md5a2     Second MD5 digest used to calculate the digest
+     * @param realm         Our associated JAASRealm instance
+     * @param username      Username to be authenticated with
+     * @param password      Password to be authenticated with
+     * @param nonce         Server generated nonce
+     * @param nc            Nonce count
+     * @param cnonce        Client generated nonce
+     * @param qop           Quality of protection aplied to the message
+     * @param realmName     Realm name
+     * @param md5a2         Second MD5 digest used to calculate the digest
      *                      MD5(Method + ":" + uri)
+     * @param authMethod    The authentication method in use 
      */
     public JAASCallbackHandler(JAASRealm realm, String username,
                                String password, String nonce, String nc,
                                String cnonce, String qop, String realmName,
-                               String md5a2) {
+                               String md5a2, String authMethod) {
         this(realm, username, password);
         this.nonce = nonce;
         this.nc = nc;
@@ -102,6 +103,7 @@
         this.qop = qop;
         this.realmName = realmName;
         this.md5a2 = md5a2;
+        this.authMethod = authMethod;
     }
 
     // ----------------------------------------------------- Instance Variables
@@ -123,7 +125,6 @@
      */
     protected JAASRealm realm = null;
 
-
     /**
      * The username to be authenticated with.
      */
@@ -159,6 +160,10 @@
      */
     protected String md5a2;
 
+    /**
+     * The authentication method to be used. If null, assume BASIC/FORM.
+     */
+    protected String authMethod;
 
     // --------------------------------------------------------- Public Methods
 
@@ -208,6 +213,8 @@
                     cb.setText(realmName);
                 } else if (cb.getPrompt().equals("md5a2")) {
                     cb.setText(md5a2);
+                } else if (cb.getPrompt().equals("authMethod")) {
+                    cb.setText(authMethod);
                 } else {
                     throw new UnsupportedCallbackException(callbacks[i]);
                 }

Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java?rev=692717&r1=692716&r2=692717&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java Sat Sep
 6 12:52:56 2008
@@ -39,6 +39,7 @@
 
 import org.apache.catalina.Context;
 import org.apache.catalina.Realm;
+import org.apache.catalina.authenticator.Constants;
 import org.apache.catalina.connector.Request;
 import org.apache.catalina.deploy.SecurityConstraint;
 import org.apache.catalina.util.RequestUtil;
@@ -310,7 +311,7 @@
         // Set up our CallbackHandler requests
         if (callbackHandler == null)
             throw new LoginException("No CallbackHandler specified");
-        Callback callbacks[] = new Callback[8];
+        Callback callbacks[] = new Callback[9];
         callbacks[0] = new NameCallback("Username: ");
         callbacks[1] = new PasswordCallback("Password: ", false);
         callbacks[2] = new TextInputCallback("nonce");
@@ -319,6 +320,7 @@
         callbacks[5] = new TextInputCallback("qop");
         callbacks[6] = new TextInputCallback("realmName");
         callbacks[7] = new TextInputCallback("md5a2");
+        callbacks[8] = new TextInputCallback("authMethod");
 
         // Interact with the user to retrieve the username and password
         String username = null;
@@ -329,6 +331,7 @@
         String qop = null;
         String realmName = null;
         String md5a2 = null;
+        String authMethod = null;
 
         try {
             callbackHandler.handle(callbacks);
@@ -341,6 +344,7 @@
             qop = ((TextInputCallback) callbacks[5]).getText();
             realmName = ((TextInputCallback) callbacks[6]).getText();
             md5a2 = ((TextInputCallback) callbacks[7]).getText();
+            authMethod = ((TextInputCallback) callbacks[8]).getText();
         } catch (IOException e) {
             throw new LoginException(e.toString());
         } catch (UnsupportedCallbackException e) {
@@ -348,13 +352,16 @@
         }
 
         // Validate the username and password we have received
-        if (md5a2 == null) {
-            // Not using DIGEST
+        if (authMethod == null) {
+            // BASIC or FORM
             principal = super.authenticate(username, password);
-        } else {
-            // Must be using DIGEST
+        } else if (authMethod.equals(Constants.DIGEST_METHOD)) {
             principal = super.authenticate(username, password, nonce, nc,
                     cnonce, qop, realmName, md5a2);
+        } else if (authMethod.equals(Constants.CERT_METHOD)) {
+            principal = super.getPrincipal(username);
+        } else {
+            throw new LoginException("Unknown authentication method");
         }
 
         log.debug("login " + username + " " + principal);

Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASRealm.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASRealm.java?rev=692717&r1=692716&r2=692717&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASRealm.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASRealm.java Sat Sep  6 12:52:56
2008
@@ -34,6 +34,7 @@
 
 import org.apache.catalina.Container;
 import org.apache.catalina.LifecycleException;
+import org.apache.catalina.authenticator.Constants;
 import org.apache.catalina.util.StringManager;
 import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
@@ -337,13 +338,15 @@
      * @param realmName     Realm name
      * @param md5a2         Second MD5 digest used to calculate the digest
      *                          MD5(Method + ":" + uri)
+     * @param authMethod    The authentication scheme in use
      */
     public Principal authenticate(String username, String clientDigest,
             String nonce, String nc, String cnonce, String qop,
             String realmName, String md5a2) {
         return authenticate(username,
                 new JAASCallbackHandler(this, username, clientDigest, nonce,
-                        nc, cnonce, qop, realmName, md5a2));
+                        nc, cnonce, qop, realmName, md5a2,
+                        Constants.DIGEST_METHOD));
     }
 
 
@@ -467,7 +470,9 @@
      */
     protected Principal getPrincipal(String username) {
 
-        return (null);
+        return authenticate(username,
+                new JAASCallbackHandler(this, username, null, null, null, null,
+                        null, null, null, Constants.CERT_METHOD));
 
     }
 

Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=692717&r1=692716&r2=692717&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Sat Sep  6 12:52:56 2008
@@ -35,6 +35,9 @@
 <section name="Tomcat 6.0.19 (remm)">
   <subsection name="Catalina">
     <changelog>
+      <add>
+        <bug>41407</bug>: Add CLIENT-CERT support to the JAAS Realm. (markt)
+      </add>
       <fix>
         <bug>45453</bug>: Remove potential race condition in JDBC Realm.
         Based on a patch by Santtu Hyrkk. (markt)
@@ -134,7 +137,7 @@
   </subsection>
   <subsection name="Catalina">
     <changelog>
-      <fix><bug>45272</bug>Put in work around for Internet Explorer not
accepting a quoted Path: value using the Set-Cookie header (fhanik)</fix>
+      <fix><bug>45272</bug>: Put in work around for Internet Explorer not
accepting a quoted Path: value using the Set-Cookie header (fhanik)</fix>
       <fix>
         APR connector now adds connection to poller after using send file.
         (remm)



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message