tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r757202 - in /tomcat: container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/ container/tc5.5.x/webapps/docs/ current/tc5.5.x/
Date Sun, 22 Mar 2009 15:35:57 GMT
Author: markt
Date: Sun Mar 22 15:35:56 2009
New Revision: 757202

URL: http://svn.apache.org/viewvc?rev=757202&view=rev
Log:
Fix bug https://issues.apache.org/bugzilla/show_bug.cgi?id=45576
Get the JAASRealm working with DIGEST authentication.

Modified:
    tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JAASCallbackHandler.java
    tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JAASMemoryLoginModule.java
    tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JAASRealm.java
    tomcat/container/tc5.5.x/webapps/docs/changelog.xml
    tomcat/current/tc5.5.x/STATUS.txt

Modified: tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JAASCallbackHandler.java
URL: http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JAASCallbackHandler.java?rev=757202&r1=757201&r2=757202&view=diff
==============================================================================
--- tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JAASCallbackHandler.java
(original)
+++ tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JAASCallbackHandler.java
Sun Mar 22 15:35:56 2009
@@ -24,6 +24,7 @@
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.callback.NameCallback;
 import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.TextInputCallback;
 import javax.security.auth.callback.UnsupportedCallbackException;
 
 import org.apache.catalina.util.StringManager;
@@ -78,6 +79,33 @@
         }
     }
 
+    
+    /**
+     * Construct a callback handler for DIGEST authentication.
+     *
+     * @param realm     Our associated JAASRealm instance
+     * @param username  Username to be authenticated with
+     * @param password  Password to be authenticated with
+     * @param nonce     Server generated nonce
+     * @param nc        Nonce count
+     * @param cnonce    Client generated nonce
+     * @param qop       Quality of protection aplied to the message
+     * @param realmName Realm name
+     * @param md5a2     Second MD5 digest used to calculate the digest
+     *                      MD5(Method + ":" + uri)
+     */
+    public JAASCallbackHandler(JAASRealm realm, String username,
+                               String password, String nonce, String nc,
+                               String cnonce, String qop, String realmName,
+                               String md5a2) {
+        this(realm, username, password);
+        this.nonce = nonce;
+        this.nc = nc;
+        this.cnonce = cnonce;
+        this.qop = qop;
+        this.realmName = realmName;
+        this.md5a2 = md5a2;
+    }
 
     // ----------------------------------------------------- Instance Variables
 
@@ -104,14 +132,46 @@
      */
     protected String username = null;
 
+    /**
+     * Server generated nonce.
+     */
+    protected String nonce = null;
+    
+    /**
+     * Nonce count.
+     */
+    protected String nc = null;
+    
+    /**
+     * Client generated nonce.
+     */
+    protected String cnonce = null;
+
+    /**
+     * Quality of protection aplied to the message.
+     */
+    protected String qop;
+
+    /**
+     * Realm name.
+     */
+    protected String realmName;
+
+    /**
+     * Second MD5 digest.
+     */
+    protected String md5a2;
+
 
     // --------------------------------------------------------- Public Methods
 
 
     /**
      * Retrieve the information requested in the provided <code>Callbacks</code>.
-     * This implementation only recognizes <code>NameCallback</code> and
-     * <code>PasswordCallback</code> instances.
+     * This implementation only recognizes {@link NameCallback},
+     * {@link PasswordCallback} and {@link TextInputCallback}.
+     * {@link TextInputCallback} is ued to pass the various additional
+     * parameters required for DIGEST authentication. 
      *
      * @param callbacks The set of <code>Callback</code>s to be processed
      *
@@ -137,6 +197,23 @@
                 }
                 ((PasswordCallback) callbacks[i]).setPassword
                     (passwordcontents);
+            } else if (callbacks[i] instanceof TextInputCallback) {
+                TextInputCallback cb = ((TextInputCallback) callbacks[i]);
+                if (cb.getPrompt().equals("nonce")) {
+                    cb.setText(nonce);
+                } else if (cb.getPrompt().equals("nc")) {
+                    cb.setText(nc);
+                } else if (cb.getPrompt().equals("cnonce")) {
+                    cb.setText(cnonce);
+                } else if (cb.getPrompt().equals("qop")) {
+                    cb.setText(qop);
+                } else if (cb.getPrompt().equals("realmName")) {
+                    cb.setText(realmName);
+                } else if (cb.getPrompt().equals("md5a2")) {
+                    cb.setText(md5a2);
+                } else {
+                    throw new UnsupportedCallbackException(callbacks[i]);
+                }
             } else {
                 throw new UnsupportedCallbackException(callbacks[i]);
             }

Modified: tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JAASMemoryLoginModule.java
URL: http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JAASMemoryLoginModule.java?rev=757202&r1=757201&r2=757202&view=diff
==============================================================================
--- tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JAASMemoryLoginModule.java
(original)
+++ tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JAASMemoryLoginModule.java
Sun Mar 22 15:35:56 2009
@@ -31,6 +31,7 @@
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.callback.NameCallback;
 import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.TextInputCallback;
 import javax.security.auth.callback.UnsupportedCallbackException;
 import javax.security.auth.login.FailedLoginException;
 import javax.security.auth.login.LoginException;
@@ -308,18 +309,37 @@
         // Set up our CallbackHandler requests
         if (callbackHandler == null)
             throw new LoginException("No CallbackHandler specified");
-        Callback callbacks[] = new Callback[2];
+        Callback callbacks[] = new Callback[8];
         callbacks[0] = new NameCallback("Username: ");
         callbacks[1] = new PasswordCallback("Password: ", false);
+        callbacks[2] = new TextInputCallback("nonce");
+        callbacks[3] = new TextInputCallback("nc");
+        callbacks[4] = new TextInputCallback("cnonce");
+        callbacks[5] = new TextInputCallback("qop");
+        callbacks[6] = new TextInputCallback("realmName");
+        callbacks[7] = new TextInputCallback("md5a2");
 
         // Interact with the user to retrieve the username and password
         String username = null;
         String password = null;
+        String nonce = null;
+        String nc = null;
+        String cnonce = null;
+        String qop = null;
+        String realmName = null;
+        String md5a2 = null;
+
         try {
             callbackHandler.handle(callbacks);
             username = ((NameCallback) callbacks[0]).getName();
             password =
                 new String(((PasswordCallback) callbacks[1]).getPassword());
+            nonce = ((TextInputCallback) callbacks[2]).getText();
+            nc = ((TextInputCallback) callbacks[3]).getText();
+            cnonce = ((TextInputCallback) callbacks[4]).getText();
+            qop = ((TextInputCallback) callbacks[5]).getText();
+            realmName = ((TextInputCallback) callbacks[6]).getText();
+            md5a2 = ((TextInputCallback) callbacks[7]).getText();
         } catch (IOException e) {
             throw new LoginException(e.toString());
         } catch (UnsupportedCallbackException e) {
@@ -327,7 +347,14 @@
         }
 
         // Validate the username and password we have received
-        principal = super.authenticate(username, password);
+        if (md5a2 == null) {
+            // Not using DIGEST
+            principal = super.authenticate(username, password);
+        } else {
+            // Must be using DIGEST
+            principal = super.authenticate(username, password, nonce, nc,
+                    cnonce, qop, realmName, md5a2);
+        }
 
         log.debug("login " + username + " " + principal);
 

Modified: tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JAASRealm.java
URL: http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JAASRealm.java?rev=757202&r1=757201&r2=757202&view=diff
==============================================================================
--- tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JAASRealm.java (original)
+++ tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JAASRealm.java Sun
Mar 22 15:35:56 2009
@@ -25,6 +25,7 @@
 import java.util.List;
 
 import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.login.AccountExpiredException;
 import javax.security.auth.login.CredentialExpiredException;
 import javax.security.auth.login.FailedLoginException;
@@ -313,19 +314,53 @@
 
 
     /**
-     * Return the <code>Principal</code> associated with the specified username
and
-     * credentials, if there is one; otherwise return <code>null</code>.
-     *
-     * If there are any errors with the JDBC connection, executing
-     * the query or anything we return null (don't authenticate). This
-     * event is also logged, and the connection will be closed so that
-     * a subsequent request will automatically re-open it.
+     * Return the <code>Principal</code> associated with the specified username
+     * and credentials, if there is one; otherwise return <code>null</code>.
      *
      * @param username Username of the <code>Principal</code> to look up
      * @param credentials Password or other credentials to use in
      *  authenticating this username
      */
     public Principal authenticate(String username, String credentials) {
+        return authenticate(username,
+                new JAASCallbackHandler(this, username, credentials));
+    }
+     
+
+    /**
+     * Return the <code>Principal</code> associated with the specified username
+     * and digest, if there is one; otherwise return <code>null</code>.
+     *
+     * @param username      Username of the <code>Principal</code> to look up
+     * @param clientDigest  Digest to use in authenticating this username
+     * @param nonce         Server generated nonce
+     * @param nc            Nonce count
+     * @param cnonce        Client generated nonce
+     * @param qop           Quality of protection aplied to the message
+     * @param realmName     Realm name
+     * @param md5a2         Second MD5 digest used to calculate the digest
+     *                          MD5(Method + ":" + uri)
+     */
+    public Principal authenticate(String username, String clientDigest,
+            String nonce, String nc, String cnonce, String qop,
+            String realmName, String md5a2) {
+        return authenticate(username,
+                new JAASCallbackHandler(this, username, clientDigest, nonce,
+                        nc, cnonce, qop, realmName, md5a2));
+    }
+
+
+    // -------------------------------------------------------- Package Methods
+
+
+    // ------------------------------------------------------ Protected Methods
+
+
+    /**
+     * Perform the actual JAAS authentication
+     */
+    protected Principal authenticate(String username,
+            CallbackHandler callbackHandler) {
 
         // Establish a LoginContext to use for authentication
         try {
@@ -345,9 +380,7 @@
         }
 
         try {
-            loginContext = new LoginContext
-                (appName, new JAASCallbackHandler(this, username,
-                                                  credentials));
+            loginContext = new LoginContext(appName, callbackHandler);
         } catch (Throwable e) {
             log.error(sm.getString("jaasRealm.unexpectedError"), e);
             return (null);
@@ -409,13 +442,6 @@
             return null;
         }
     }
-     
-
-    // -------------------------------------------------------- Package Methods
-
-
-    // ------------------------------------------------------ Protected Methods
-
 
     /**
      * Return a short name for this <code>Realm</code> implementation.
@@ -428,7 +454,9 @@
 
 
     /**
-     * Return the password associated with the given principal's user name.
+     * Return the password associated with the given principal's user name. This
+     * always returns null as the JAASRealm has no way of obtaining this
+     * information.
      */
     protected String getPassword(String username) {
 

Modified: tomcat/container/tc5.5.x/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/webapps/docs/changelog.xml?rev=757202&r1=757201&r2=757202&view=diff
==============================================================================
--- tomcat/container/tc5.5.x/webapps/docs/changelog.xml (original)
+++ tomcat/container/tc5.5.x/webapps/docs/changelog.xml Sun Mar 22 15:35:56 2009
@@ -32,6 +32,14 @@
 
 <body>
 <section name="Tomcat 5.5.28 (fhanik)">
+  <subsection name="Catalina">
+    <changelog>
+      <fix>
+        <bug>45576</bug>: JAAS Realm now works with DIGEST authentication.
+        (markt)
+      </fix>
+    </changelog>
+  </subsection>
   <subsection name="webapps">
     <changelog>
       <fix>

Modified: tomcat/current/tc5.5.x/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/current/tc5.5.x/STATUS.txt?rev=757202&r1=757201&r2=757202&view=diff
==============================================================================
--- tomcat/current/tc5.5.x/STATUS.txt (original)
+++ tomcat/current/tc5.5.x/STATUS.txt Sun Mar 22 15:35:56 2009
@@ -31,12 +31,6 @@
    0: fhanik - silently swallow an error, and default to the default config file, yoavs:
don't like silent swallowing
   -1:
 
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45576
-  Add support for DIGEST to the JAASRealm
-  http://svn.apache.org/viewvc?rev=684234&view=rev
-  +1: markt, fhanik, mturk
-  -1: 
-
 * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=41407
   Add support for CLIENT-CERT to the JASSRealm. Builds on DIGEST patch above.
   http://svn.apache.org/viewvc?rev=684270&view=rev



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message