tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r1498501 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/catalina/realm/JAASRealm.java webapps/docs/changelog.xml webapps/docs/config/realm.xml
Date Mon, 01 Jul 2013 15:00:35 GMT
Author: markt
Date: Mon Jul  1 15:00:34 2013
New Revision: 1498501

URL: http://svn.apache.org/r1498501
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=53777
Enable instances of the JAAS Realm to specify a dedicated configuration file. This is likely
to be of particular use when the realm is specified at the Context level.
Based on a patch by eolivelli.

Modified:
    tomcat/tc7.0.x/trunk/   (props changed)
    tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/JAASRealm.java
    tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
    tomcat/tc7.0.x/trunk/webapps/docs/config/realm.xml

Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
  Merged /tomcat/trunk:r1498498

Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/JAASRealm.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/JAASRealm.java?rev=1498501&r1=1498500&r2=1498501&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/JAASRealm.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/JAASRealm.java Mon Jul  1 15:00:34
2013
@@ -14,11 +14,13 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
-
 package org.apache.catalina.realm;
 
-
+import java.lang.reflect.Constructor;
+import java.lang.reflect.InvocationTargetException;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.net.URL;
 import java.security.Principal;
 import java.util.ArrayList;
 import java.util.Iterator;
@@ -27,6 +29,7 @@ import java.util.List;
 import javax.security.auth.Subject;
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.login.AccountExpiredException;
+import javax.security.auth.login.Configuration;
 import javax.security.auth.login.CredentialExpiredException;
 import javax.security.auth.login.FailedLoginException;
 import javax.security.auth.login.LoginContext;
@@ -39,7 +42,6 @@ import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
 import org.apache.tomcat.util.ExceptionUtils;
 
-
 /**
  * <p>Implementation of <b>Realm</b> that authenticates users via the <em>Java
  * Authentication and Authorization Service</em> (JAAS).  JAAS support requires
@@ -125,9 +127,8 @@ org.foobar.auth.DatabaseLoginModule REQU
  * @version $Id$
  */
 
-public class JAASRealm
-    extends RealmBase
- {
+public class JAASRealm extends RealmBase {
+
     private static final Log log = LogFactory.getLog(JAASRealm.class);
 
     // ----------------------------------------------------- Instance Variables
@@ -170,12 +171,35 @@ public class JAASRealm
      * True means use context ClassLoader, and True is the default
      * value.
      */
-     protected boolean useContextClassLoader = true;
+    protected boolean useContextClassLoader = true;
+
+
+    /**
+     * Path to find a JAAS configuration file, if not set global JVM JAAS
+     * configuration will be used.
+     */
+    protected String configFile;
+
+    protected Configuration jaasConfiguration;
+    protected volatile boolean jaasConfigurationLoaded = false;
 
 
     // ------------------------------------------------------------- Properties
 
-    
+    /**
+     * Getter for the <code>configfile</code> member variable.
+     */
+    public String getConfigFile() {
+        return configFile;
+    }
+
+    /**
+     * Setter for the <code>configfile</code> member variable.
+     */
+    public void setConfigFile(String configFile) {
+        this.configFile = configFile;
+    }
+
     /**
      * setter for the <code>appName</code> member variable
      */
@@ -389,7 +413,9 @@ public class JAASRealm
         }
 
         try {
-            loginContext = new LoginContext(appName, callbackHandler);
+            Configuration config = getConfig();
+            loginContext = new LoginContext(
+                    appName, null, callbackHandler, config);
         } catch (Throwable e) {
             ExceptionUtils.handleThrowable(e);
             log.error(sm.getString("jaasRealm.unexpectedError"), e);
@@ -605,4 +631,50 @@ public class JAASRealm
 
         super.startInternal();
      }
+
+
+    /**
+     * Load custom JAAS Configuration
+     */
+    protected Configuration getConfig() {
+        try {
+            if (jaasConfigurationLoaded) {
+                return jaasConfiguration;
+            }
+            synchronized (this) {
+                if (configFile == null) {
+                    jaasConfigurationLoaded = true;
+                    return null;
+                }
+                URL resource = Thread.currentThread().getContextClassLoader().
+                        getResource(configFile);
+                URI uri = resource.toURI();
+                Class<Configuration> sunConfigFile = (Class<Configuration>)
+                        Class.forName("com.sun.security.auth.login.ConfigFile");
+                Constructor<Configuration> constructor =
+                        sunConfigFile.getConstructor(URI.class);
+                Configuration config = constructor.newInstance(uri);
+                this.jaasConfiguration = config;
+                this.jaasConfigurationLoaded = true;
+                return this.jaasConfiguration;
+            }
+        } catch (URISyntaxException ex) {
+            throw new RuntimeException(ex);
+        } catch (NoSuchMethodException ex) {
+            throw new RuntimeException(ex);
+        } catch (SecurityException ex) {
+            throw new RuntimeException(ex);
+        } catch (InstantiationException ex) {
+            throw new RuntimeException(ex);
+        } catch (IllegalAccessException ex) {
+            throw new RuntimeException(ex);
+        } catch (IllegalArgumentException ex) {
+            throw new RuntimeException(ex);
+        } catch (InvocationTargetException ex) {
+            throw new RuntimeException(ex.getCause());
+        } catch (ClassNotFoundException ex) {
+            throw new RuntimeException(ex);
+        }
+
+    }
 }

Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1498501&r1=1498500&r2=1498501&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Mon Jul  1 15:00:34 2013
@@ -70,6 +70,12 @@
         methods that does not include GET. (markt)
       </fix>
       <fix>
+        <bug>53777</bug>: Add support for a JAAS Realm instance to use a
+        dedicated configuration rather than the JVM global JAAS configuration.
+        This is most likely to be useful for per web application JAAS Realms.
+        Based on a patch by eolivelli. (markt)
+      </fix>
+      <fix>
         <bug>54745</bug>: Fix JAR file scanning when Tomcat is deployed via Java
         Web Start. Patch provided by Nick Williams. (markt)
       </fix>

Modified: tomcat/tc7.0.x/trunk/webapps/docs/config/realm.xml
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/config/realm.xml?rev=1498501&r1=1498500&r2=1498501&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/config/realm.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/config/realm.xml Mon Jul  1 15:00:34 2013
@@ -850,6 +850,14 @@
         for your user <code>Principals</code>.</p>
       </attribute>
 
+      <attribute name="configFile" required="false">
+        <p>The name of a JAAS configuration file to use with this Realm. It will
+        be searched for using <code>ClassLoader#getResource(String)</code> so
it
+        is possible for the configuration to be bundled within a web
+        application. If not specified, the default JVM global JAAS configuration
+        willbe used.</p>
+      </attribute>
+
       <attribute name="roleClassNames" required="false">
         <p>A comma-separated list of the names of the classes that you have made
         for your role <code>Principals</code>.</p>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message