tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r892622 - in /tomcat/tc5.5.x/trunk: ./ container/catalina/src/share/org/apache/catalina/realm/ container/catalina/src/share/org/apache/catalina/session/ container/webapps/docs/
Date Sun, 20 Dec 2009 17:48:54 GMT
Author: markt
Date: Sun Dec 20 17:48:53 2009
New Revision: 892622

URL: http://svn.apache.org/viewvc?rev=892622&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=39231
Make sure LoginModule.logout() is called when using JAASRealm

Modified:
    tomcat/tc5.5.x/trunk/STATUS.txt
    tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/realm/GenericPrincipal.java
    tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/realm/JAASRealm.java
    tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/session/LocalStrings.properties
    tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/session/StandardSession.java
    tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml

Modified: tomcat/tc5.5.x/trunk/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/STATUS.txt?rev=892622&r1=892621&r2=892622&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/STATUS.txt (original)
+++ tomcat/tc5.5.x/trunk/STATUS.txt Sun Dec 20 17:48:53 2009
@@ -33,13 +33,6 @@
    0: fhanik - big step for an old branch, could be risky, I'd wait until after next release
if we consider it
   -1:
 
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=39231
-  It is updated version of Mark's patch,
-  where the new method in JAASRealm calls the old one.
-  http://people.apache.org/~kkolinko/patches/2009-11-02_bug39231.patch
-  +1: kkolinko, markt, rjung
-  -1:
-
 * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=39844
   Port r588477 (fix for #43668) by billbarker that corrected this for Tomcat 6
   http://people.apache.org/~markt/patches/2009-07-11-bug39844.patch

Modified: tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/realm/GenericPrincipal.java
URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/realm/GenericPrincipal.java?rev=892622&r1=892621&r2=892622&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/realm/GenericPrincipal.java
(original)
+++ tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/realm/GenericPrincipal.java
Sun Dec 20 17:48:53 2009
@@ -22,6 +22,9 @@
 import java.security.Principal;
 import java.util.Arrays;
 import java.util.List;
+
+import javax.security.auth.login.LoginContext;
+
 import org.apache.catalina.Realm;
 
 
@@ -84,6 +87,26 @@
     public GenericPrincipal(Realm realm, String name, String password,
                             List roles, Principal userPrincipal) {
 
+        this(realm, name, password, roles, userPrincipal, null);
+    }
+    
+    /**
+     * Construct a new Principal, associated with the specified Realm, for the
+     * specified username and password, with the specified role names
+     * (as Strings).
+     *
+     * @param realm The Realm that owns this principal
+     * @param name The username of the user represented by this Principal
+     * @param password Credentials used to authenticate this user
+     * @param roles List of roles (must be Strings) possessed by this user
+     * @param userPrincipal - the principal to be returned from the request 
+     *        getUserPrincipal call if not null; if null, this will be returned
+     * @param loginContext  - If provided, this will be used to log out the user
+     *        at the appropriate time
+     */
+    public GenericPrincipal(Realm realm, String name, String password,
+                            List roles, Principal userPrincipal,
+                            LoginContext loginContext) {
         super();
         this.realm = realm;
         this.name = name;
@@ -95,6 +118,7 @@
             if (this.roles.length > 0)
                 Arrays.sort(this.roles);
         }
+        this.loginContext = loginContext;
     }
 
 
@@ -159,6 +183,16 @@
         }
     }
 
+    
+    /**
+     * The JAAS LoginContext, if any, used to authenticate this Principal.
+     * Kept so we can call logout().
+     */
+    protected LoginContext loginContext = null;
+
+    void setLoginContext( LoginContext loginContext ) {
+        this.loginContext=loginContext;
+    }
 
     // --------------------------------------------------------- Public Methods
 
@@ -196,5 +230,22 @@
 
     }
 
+    
+    /**
+     * Calls logout, if necessary, on any associated JAASLoginContext. May in
+     * the future be extended to cover other logout requirements.
+     * 
+     * @throws Exception If something goes wrong with the logout. Uses Exception
+     *                   to allow for future expansion of this method to cover
+     *                   other logout mechanisms that might throw a different
+     *                   exception to LoginContext
+     * 
+     */
+    public void logout() throws Exception {
+        if (loginContext != null) {
+            loginContext.logout();
+        }
+    }
+
 
 }

Modified: tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/realm/JAASRealm.java
URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/realm/JAASRealm.java?rev=892622&r1=892621&r2=892622&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/realm/JAASRealm.java
(original)
+++ tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/realm/JAASRealm.java
Sun Dec 20 17:48:53 2009
@@ -429,7 +429,7 @@
             log.debug(sm.getString("jaasRealm.loginContextCreated", username));
 
         // Return the appropriate Principal for this authenticated Subject
-        Principal principal = createPrincipal(username, subject);
+        Principal principal = createPrincipal(username, subject, loginContext);
         if (principal == null) {
             log.debug(sm.getString("jaasRealm.authenticateFailure", username));
             return (null);
@@ -480,16 +480,8 @@
 
 
     /**
-     * Identify and return a <code>java.security.Principal</code> instance
-     * representing the authenticated user for the specified <code>Subject</code>.
-     * The Principal is constructed by scanning the list of Principals returned
-     * by the JAASLoginModule. The first <code>Principal</code> object that matches
-     * one of the class names supplied as a "user class" is the user Principal.
-     * This object is returned to tha caller.
-     * Any remaining principal objects returned by the LoginModules are mapped to  
-     * roles, but only if their respective classes match one of the "role class" classes.

-     * If a user Principal cannot be constructed, return <code>null</code>.
-     * @param subject The <code>Subject</code> representing the logged-in user
+     * @deprecated
+     * Use {@link JAASRealm#createPrincipal(String, Subject, LoginContext)}
      */
     protected Principal createPrincipal(String username, Subject subject) {
         // Prepare to scan the Principals for this Subject
@@ -541,6 +533,29 @@
         return new GenericPrincipal(this, username, null, roles, userPrincipal);
     }
 
+    /**
+     * Identify and return a <code>java.security.Principal</code> instance
+     * representing the authenticated user for the specified <code>Subject</code>.
+     * The Principal is constructed by scanning the list of Principals returned
+     * by the JAASLoginModule. The first <code>Principal</code> object that matches
+     * one of the class names supplied as a "user class" is the user Principal.
+     * This object is returned to the caller.
+     * Any remaining principal objects returned by the LoginModules are mapped to  
+     * roles, but only if their respective classes match one of the "role class" classes.

+     * If a user Principal cannot be constructed, return <code>null</code>.
+     * @param subject The <code>Subject</code> representing the logged-in user
+     * @param loginContext Associated with the Principal so
+     *                     {@link LoginContext#logout()} can be called later
+     */
+    protected Principal createPrincipal(String username, Subject subject,
+            LoginContext loginContext) {
+        Principal principal = createPrincipal(username, subject);
+        if (principal instanceof GenericPrincipal) {
+            ((GenericPrincipal) principal).setLoginContext(loginContext);
+        }
+        return principal;
+    }
+
      /**
       * Ensure the given name is legal for JAAS configuration.
       * Added for Bugzilla 30869, made protected for easy customization

Modified: tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/session/LocalStrings.properties
URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/session/LocalStrings.properties?rev=892622&r1=892621&r2=892622&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/session/LocalStrings.properties
(original)
+++ tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/session/LocalStrings.properties
Sun Dec 20 17:48:53 2009
@@ -60,6 +60,7 @@
 standardSession.getId.ise=getId: Session already invalidated
 standardSession.getMaxInactiveInterval.ise=getMaxInactiveInterval: Session already invalidated
 standardSession.getValueNames.ise=getValueNames: Session already invalidated
+standardSession.logoutfail=Exception logging out user when expiring session 
 standardSession.notSerializable=Cannot serialize session attribute {0} for session {1}
 standardSession.removeAttribute.ise=removeAttribute: Session already invalidated
 standardSession.sessionEvent=Session event listener threw exception

Modified: tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/session/StandardSession.java
URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/session/StandardSession.java?rev=892622&r1=892621&r2=892622&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/session/StandardSession.java
(original)
+++ tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/session/StandardSession.java
Sun Dec 20 17:48:53 2009
@@ -55,6 +55,7 @@
 import org.apache.catalina.util.Enumerator;
 import org.apache.catalina.util.StringManager;
 
+import org.apache.catalina.realm.GenericPrincipal;
 import org.apache.catalina.security.SecurityUtil;
 
 /**
@@ -747,6 +748,18 @@
                 fireSessionEvent(Session.SESSION_DESTROYED_EVENT, null);
             }
 
+            // Call the logout method
+            if (principal instanceof GenericPrincipal) {
+                GenericPrincipal gp = (GenericPrincipal) principal;
+                try {
+                    gp.logout();
+                } catch (Exception e) {
+                    manager.getContainer().getLogger().error(
+                            sm.getString("standardSession.logoutfail"),
+                            e);
+                }
+            }
+
             // We have completed expire of this session
             expiring = false;
 

Modified: tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml?rev=892622&r1=892621&r2=892622&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml (original)
+++ tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml Sun Dec 20 17:48:53 2009
@@ -67,6 +67,10 @@
         terminal. (markt)
       </fix>
       <fix>
+        <bug>39231</bug>: Call LoginModule.logout() when using JAASRealm.
+        (markt/kkolinko)
+      </fix>
+      <fix>
         <bug>41059</bug>: Reduce the chances of errors when using
         ENABLE_CLEAR_REFERENCES. Patch by Curt Arnold. (markt) 
       </fix>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message