Return-Path: Delivered-To: apmail-tomcat-dev-archive@www.apache.org Received: (qmail 91160 invoked from network); 6 Sep 2008 19:53:50 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 6 Sep 2008 19:53:50 -0000 Received: (qmail 80637 invoked by uid 500); 6 Sep 2008 19:53:46 -0000 Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org Received: (qmail 80566 invoked by uid 500); 6 Sep 2008 19:53:46 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 80555 invoked by uid 99); 6 Sep 2008 19:53:46 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 06 Sep 2008 12:53:46 -0700 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 06 Sep 2008 19:52:56 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 2FF6823889C0; Sat, 6 Sep 2008 12:52:57 -0700 (PDT) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r692717 - in /tomcat/tc6.0.x/trunk: ./ STATUS.txt java/org/apache/catalina/realm/JAASCallbackHandler.java java/org/apache/catalina/realm/JAASMemoryLoginModule.java java/org/apache/catalina/realm/JAASRealm.java webapps/docs/changelog.xml Date: Sat, 06 Sep 2008 19:52:56 -0000 To: dev@tomcat.apache.org From: markt@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20080906195257.2FF6823889C0@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: markt Date: Sat Sep 6 12:52:56 2008 New Revision: 692717 URL: http://svn.apache.org/viewvc?rev=692717&view=rev Log: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=41407 Add support for CLIENT-CERT to the JASSRealm. Modified: tomcat/tc6.0.x/trunk/ (props changed) tomcat/tc6.0.x/trunk/STATUS.txt tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASRealm.java tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc6.0.x/trunk/ ------------------------------------------------------------------------------ --- svn:mergeinfo (original) +++ svn:mergeinfo Sat Sep 6 12:52:56 2008 @@ -1 +1 @@ -/tomcat/trunk:673796,673820,683982,684001,684081,684234 +/tomcat/trunk:673796,673820,683982,684001,684081,684234,684269-684270 Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=692717&r1=692716&r2=692717&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Sat Sep 6 12:52:56 2008 @@ -71,12 +71,6 @@ 0: remm (looks risky, very minor problem) -1: -* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=41407 - Add support for CLIENT-CERT to the JASSRealm. Builds on DIGEST patch above. - http://svn.apache.org/viewvc?rev=684270&view=rev - +1: markt, remm, funkman - -1: - * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45608 Prevent race condition for allocate/deallocate in StandardWrapper http://svn.apache.org/viewvc?rev=685177&view=rev Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java?rev=692717&r1=692716&r2=692717&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java (original) +++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java Sat Sep 6 12:52:56 2008 @@ -80,21 +80,22 @@ /** * Construct a callback handler for DIGEST authentication. * - * @param realm Our associated JAASRealm instance - * @param username Username to be authenticated with - * @param password Password to be authenticated with - * @param nonce Server generated nonce - * @param nc Nonce count - * @param cnonce Client generated nonce - * @param qop Quality of protection aplied to the message - * @param realmName Realm name - * @param md5a2 Second MD5 digest used to calculate the digest + * @param realm Our associated JAASRealm instance + * @param username Username to be authenticated with + * @param password Password to be authenticated with + * @param nonce Server generated nonce + * @param nc Nonce count + * @param cnonce Client generated nonce + * @param qop Quality of protection aplied to the message + * @param realmName Realm name + * @param md5a2 Second MD5 digest used to calculate the digest * MD5(Method + ":" + uri) + * @param authMethod The authentication method in use */ public JAASCallbackHandler(JAASRealm realm, String username, String password, String nonce, String nc, String cnonce, String qop, String realmName, - String md5a2) { + String md5a2, String authMethod) { this(realm, username, password); this.nonce = nonce; this.nc = nc; @@ -102,6 +103,7 @@ this.qop = qop; this.realmName = realmName; this.md5a2 = md5a2; + this.authMethod = authMethod; } // ----------------------------------------------------- Instance Variables @@ -123,7 +125,6 @@ */ protected JAASRealm realm = null; - /** * The username to be authenticated with. */ @@ -159,6 +160,10 @@ */ protected String md5a2; + /** + * The authentication method to be used. If null, assume BASIC/FORM. + */ + protected String authMethod; // --------------------------------------------------------- Public Methods @@ -208,6 +213,8 @@ cb.setText(realmName); } else if (cb.getPrompt().equals("md5a2")) { cb.setText(md5a2); + } else if (cb.getPrompt().equals("authMethod")) { + cb.setText(authMethod); } else { throw new UnsupportedCallbackException(callbacks[i]); } Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java?rev=692717&r1=692716&r2=692717&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java (original) +++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java Sat Sep 6 12:52:56 2008 @@ -39,6 +39,7 @@ import org.apache.catalina.Context; import org.apache.catalina.Realm; +import org.apache.catalina.authenticator.Constants; import org.apache.catalina.connector.Request; import org.apache.catalina.deploy.SecurityConstraint; import org.apache.catalina.util.RequestUtil; @@ -310,7 +311,7 @@ // Set up our CallbackHandler requests if (callbackHandler == null) throw new LoginException("No CallbackHandler specified"); - Callback callbacks[] = new Callback[8]; + Callback callbacks[] = new Callback[9]; callbacks[0] = new NameCallback("Username: "); callbacks[1] = new PasswordCallback("Password: ", false); callbacks[2] = new TextInputCallback("nonce"); @@ -319,6 +320,7 @@ callbacks[5] = new TextInputCallback("qop"); callbacks[6] = new TextInputCallback("realmName"); callbacks[7] = new TextInputCallback("md5a2"); + callbacks[8] = new TextInputCallback("authMethod"); // Interact with the user to retrieve the username and password String username = null; @@ -329,6 +331,7 @@ String qop = null; String realmName = null; String md5a2 = null; + String authMethod = null; try { callbackHandler.handle(callbacks); @@ -341,6 +344,7 @@ qop = ((TextInputCallback) callbacks[5]).getText(); realmName = ((TextInputCallback) callbacks[6]).getText(); md5a2 = ((TextInputCallback) callbacks[7]).getText(); + authMethod = ((TextInputCallback) callbacks[8]).getText(); } catch (IOException e) { throw new LoginException(e.toString()); } catch (UnsupportedCallbackException e) { @@ -348,13 +352,16 @@ } // Validate the username and password we have received - if (md5a2 == null) { - // Not using DIGEST + if (authMethod == null) { + // BASIC or FORM principal = super.authenticate(username, password); - } else { - // Must be using DIGEST + } else if (authMethod.equals(Constants.DIGEST_METHOD)) { principal = super.authenticate(username, password, nonce, nc, cnonce, qop, realmName, md5a2); + } else if (authMethod.equals(Constants.CERT_METHOD)) { + principal = super.getPrincipal(username); + } else { + throw new LoginException("Unknown authentication method"); } log.debug("login " + username + " " + principal); Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASRealm.java URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASRealm.java?rev=692717&r1=692716&r2=692717&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASRealm.java (original) +++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASRealm.java Sat Sep 6 12:52:56 2008 @@ -34,6 +34,7 @@ import org.apache.catalina.Container; import org.apache.catalina.LifecycleException; +import org.apache.catalina.authenticator.Constants; import org.apache.catalina.util.StringManager; import org.apache.juli.logging.Log; import org.apache.juli.logging.LogFactory; @@ -337,13 +338,15 @@ * @param realmName Realm name * @param md5a2 Second MD5 digest used to calculate the digest * MD5(Method + ":" + uri) + * @param authMethod The authentication scheme in use */ public Principal authenticate(String username, String clientDigest, String nonce, String nc, String cnonce, String qop, String realmName, String md5a2) { return authenticate(username, new JAASCallbackHandler(this, username, clientDigest, nonce, - nc, cnonce, qop, realmName, md5a2)); + nc, cnonce, qop, realmName, md5a2, + Constants.DIGEST_METHOD)); } @@ -467,7 +470,9 @@ */ protected Principal getPrincipal(String username) { - return (null); + return authenticate(username, + new JAASCallbackHandler(this, username, null, null, null, null, + null, null, null, Constants.CERT_METHOD)); } Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=692717&r1=692716&r2=692717&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Sat Sep 6 12:52:56 2008 @@ -35,6 +35,9 @@
+ + 41407: Add CLIENT-CERT support to the JAAS Realm. (markt) + 45453: Remove potential race condition in JDBC Realm. Based on a patch by Santtu Hyrkk. (markt) @@ -134,7 +137,7 @@ - 45272Put in work around for Internet Explorer not accepting a quoted Path: value using the Set-Cookie header (fhanik) + 45272: Put in work around for Internet Explorer not accepting a quoted Path: value using the Set-Cookie header (fhanik) APR connector now adds connection to poller after using send file. (remm) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org