tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r...@apache.org
Subject svn commit: r1709787 - in /tomcat/trunk: java/org/apache/catalina/authenticator/jaspic/ java/org/apache/catalina/authenticator/jaspic/provider/ java/org/apache/catalina/authenticator/jaspic/provider/modules/ java/org/apache/catalina/startup/ test/org/a...
Date Wed, 21 Oct 2015 10:16:17 GMT
Author: remm
Date: Wed Oct 21 10:16:17 2015
New Revision: 1709787

URL: http://svn.apache.org/viewvc?rev=1709787&view=rev
Log:
Add properties for the JASPIC modules, plus some cleanups (more properties will be needed).
Patch from Fjodor Vershinin with some changes.

Modified:
    tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java
    tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java
    tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfigProvider.java
    tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatServerAuthContext.java
    tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/FormAuthModule.java
    tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/TomcatAuthModule.java
    tomcat/trunk/java/org/apache/catalina/startup/ContextConfig.java
    tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicBasicAuthenticator.java
    tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicDigestAuthenticator.java
    tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicFormAuthenticator.java

Modified: tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java?rev=1709787&r1=1709786&r2=1709787&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java (original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java Wed
Oct 21 10:16:17 2015
@@ -17,6 +17,8 @@
 package org.apache.catalina.authenticator.jaspic;
 
 import java.io.IOException;
+import java.util.Collections;
+import java.util.HashMap;
 import java.util.Map;
 import java.util.Set;
 
@@ -49,8 +51,7 @@ public class JaspicAuthenticator extends
 
     private Subject serviceSubject;
 
-    @SuppressWarnings("rawtypes")
-    private Map authProperties = null;
+    private Map<String, String> authProperties = new HashMap<>();
 
     private JaspicCallbackHandler callbackHandler;
 
@@ -157,4 +158,15 @@ public class JaspicAuthenticator extends
     protected String getAuthMethod() {
         return context.getLoginConfig().getAuthMethod();
     }
+
+
+    public void setProperty(String key, String value) {
+        this.authProperties.put(key, value);
+    }
+
+
+    public Map<String, String> getAuthProperties() {
+        return Collections.unmodifiableMap(authProperties);
+    }
+
 }

Modified: tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java?rev=1709787&r1=1709786&r2=1709787&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java
Wed Oct 21 10:16:17 2015
@@ -46,16 +46,18 @@ public class TomcatAuthConfig implements
     private Context context;
     private LoginConfig loginConfig;
     private Realm realm;
-
+    private Map<String, String> properties;
 
     public TomcatAuthConfig(String layer, String appContext, CallbackHandler callbackHandler,
-            Context context) {
+            Context context, Map<String, String> properties) throws AuthException {
         this.messageLayer = layer;
         this.appContext = appContext;
         this.handler = callbackHandler;
         this.context = context;
+        this.properties = properties;
         this.realm = context.getRealm();
         this.loginConfig = context.getLoginConfig();
+        initializeAuthContext(properties);
     }
 
 
@@ -90,21 +92,31 @@ public class TomcatAuthConfig implements
 
 
     @Override
-    @SuppressWarnings("rawtypes")
+    @SuppressWarnings({ "rawtypes", "unchecked" })
     public synchronized ServerAuthContext getAuthContext(String authContextID,
             Subject serviceSubject, Map properties) throws AuthException {
         if (this.tomcatServerAuthContext == null) {
-            this.tomcatServerAuthContext = new TomcatServerAuthContext(handler, getModule(),
-                    getOptions());
+            initializeAuthContext(properties);
         }
         return tomcatServerAuthContext;
     }
 
 
-    private Map<String, String> getOptions() {
-        Map<String, String> options = new HashMap<>();
-        options.put(TomcatAuthModule.REALM_NAME, getRealmName());
-        return options;
+    private void initializeAuthContext(Map<String, String> properties) throws AuthException
{
+        TomcatAuthModule module = getModule();
+        module.initialize(null, null, handler, getMergedProperties(properties));
+        this.tomcatServerAuthContext = new TomcatServerAuthContext(module);
+    }
+
+
+    @SuppressWarnings({ "rawtypes", "unchecked" })
+    private Map<String, String> getMergedProperties(Map properties) {
+        Map<String, String> mergedProperties = new HashMap<>(this.properties);
+        mergedProperties.put(TomcatAuthModule.REALM_NAME, getRealmName());
+        if (properties != null) {
+            mergedProperties.putAll(properties);
+        }
+        return mergedProperties;
     }
 
 

Modified: tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfigProvider.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfigProvider.java?rev=1709787&r1=1709786&r2=1709787&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfigProvider.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfigProvider.java
Wed Oct 21 10:16:17 2015
@@ -38,8 +38,9 @@ public class TomcatAuthConfigProvider im
     private Context context;
 
 
-    public TomcatAuthConfigProvider(Context context) {
+    public TomcatAuthConfigProvider(Context context, Map<String, String> properties)
{
         this.context = context;
+        this.providerProperties = properties;
     }
 
 
@@ -62,7 +63,7 @@ public class TomcatAuthConfigProvider im
     public synchronized ServerAuthConfig getServerAuthConfig(String layer, String appContext,
             CallbackHandler handler) throws AuthException {
         if (this.serverAuthConfig == null) {
-            this.serverAuthConfig = new TomcatAuthConfig(layer, appContext, handler, context);
+            this.serverAuthConfig = new TomcatAuthConfig(layer, appContext, handler, context,
providerProperties);
         }
         return this.serverAuthConfig;
     }

Modified: tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatServerAuthContext.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatServerAuthContext.java?rev=1709787&r1=1709786&r2=1709787&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatServerAuthContext.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatServerAuthContext.java
Wed Oct 21 10:16:17 2015
@@ -16,10 +16,7 @@
  */
 package org.apache.catalina.authenticator.jaspic.provider;
 
-import java.util.Map;
-
 import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.message.AuthException;
 import javax.security.auth.message.AuthStatus;
 import javax.security.auth.message.MessageInfo;
@@ -39,10 +36,8 @@ public class TomcatServerAuthContext imp
     private ServerAuthModule module;
 
 
-    public TomcatServerAuthContext(CallbackHandler handler, ServerAuthModule module,
-            Map<String, String> options) throws AuthException {
+    public TomcatServerAuthContext(ServerAuthModule module) {
         this.module = module;
-        this.module.initialize(null, null, handler, options);
     }
 
 

Modified: tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/FormAuthModule.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/FormAuthModule.java?rev=1709787&r1=1709786&r2=1709787&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/FormAuthModule.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/FormAuthModule.java
Wed Oct 21 10:16:17 2015
@@ -70,8 +70,6 @@ public class FormAuthModule extends Tomc
     private Realm realm;
     private LoginConfig loginConfig;
 
-    private boolean changeSessionIdOnAuthenication = true;
-
 
     public FormAuthModule(Context context) {
         super(context);
@@ -80,10 +78,11 @@ public class FormAuthModule extends Tomc
     }
 
 
-    @SuppressWarnings("rawtypes")
     @Override
     public void initializeModule(MessagePolicy requestPolicy, MessagePolicy responsePolicy,
-            CallbackHandler handler, Map options) throws AuthException {
+                        CallbackHandler handler, Map<String, String> options) throws
AuthException {
+        this.characterEncoding = options.get("characterEncoding");
+        this.landingPage = options.get("landingPage");
     }
 
 
@@ -106,7 +105,7 @@ public class FormAuthModule extends Tomc
         Request request = (Request) messageInfo.getRequestMessage();
         HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
 
-        if (!cachePrincipalsInSession && isUserAuthenicatedBefore(request)) {
+        if (!cache && isUserAuthenticatedBefore(request)) {
             return handleSavedCredentials(clientSubject, request, response);
         }
 
@@ -118,13 +117,14 @@ public class FormAuthModule extends Tomc
         }
 
         if (!isLoginActionRequest(request)) {
-            return handleNoLoginAction(request, response);
+            return handleRedirectToLoginPage(request, response);
         }
 
-        return handleLoginAction(request, response);
+        return handleLoginFormAction(request, response);
     }
 
 
+ // TODO Extract common patterns in processing cached principal and cached credentials
     private AuthStatus handleSavedCredentials(Subject clientSubject, Request request,
             HttpServletResponse response) throws IOException, UnsupportedCallbackException
{
         Session session = request.getSessionInternal(true);
@@ -154,7 +154,7 @@ public class FormAuthModule extends Tomc
     }
 
 
-    private boolean isUserAuthenicatedBefore(Request request) {
+    private boolean isUserAuthenticatedBefore(Request request) {
         Session session = request.getSessionInternal(true);
         String username = (String) session.getNote(Constants.SESS_USERNAME_NOTE);
         String password = (String) session.getNote(Constants.SESS_PASSWORD_NOTE);
@@ -174,7 +174,7 @@ public class FormAuthModule extends Tomc
         // If we're caching principals we no longer need getPrincipal the
         // username
         // and password in the session, so remove them
-        if (cachePrincipalsInSession) {
+        if (cache) {
             session.removeNote(Constants.SESS_USERNAME_NOTE);
             session.removeNote(Constants.SESS_PASSWORD_NOTE);
         }
@@ -201,7 +201,7 @@ public class FormAuthModule extends Tomc
      * @return
      * @throws IOException
      */
-    private AuthStatus handleNoLoginAction(Request request, HttpServletResponse response)
+    private AuthStatus handleRedirectToLoginPage(Request request, HttpServletResponse response)
             throws IOException {
         Session session = request.getSessionInternal(true);
         if (log.isDebugEnabled()) {
@@ -230,7 +230,7 @@ public class FormAuthModule extends Tomc
      * @return
      * @throws IOException
      */
-    private AuthStatus handleLoginAction(Request request, HttpServletResponse response)
+    private AuthStatus handleLoginFormAction(Request request, HttpServletResponse response)
             throws IOException {
 
         request.getResponse().sendAcknowledgement();
@@ -374,7 +374,7 @@ public class FormAuthModule extends Tomc
             return;
         }
 
-        if (getChangeSessionIdOnAuthentication()) {
+        if (changeSessionIdOnAuthentication) {
             Session session = request.getSessionInternal(false);
             if (session != null) {
                 Manager manager = request.getContext().getManager();
@@ -406,11 +406,6 @@ public class FormAuthModule extends Tomc
     }
 
 
-    private boolean getChangeSessionIdOnAuthentication() {
-        return changeSessionIdOnAuthenication ;
-    }
-
-
     /**
      * Called to forward to the error page
      *

Modified: tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/TomcatAuthModule.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/TomcatAuthModule.java?rev=1709787&r1=1709786&r2=1709787&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/TomcatAuthModule.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/TomcatAuthModule.java
Wed Oct 21 10:16:17 2015
@@ -57,7 +57,8 @@ public abstract class TomcatAuthModule i
 
     protected Context context;
 
-    protected boolean cachePrincipalsInSession = true;
+    protected boolean cache = true;
+    protected boolean changeSessionIdOnAuthentication = true;
 
 
     public TomcatAuthModule(Context context) {
@@ -71,11 +72,13 @@ public abstract class TomcatAuthModule i
     }
 
 
-    @SuppressWarnings("rawtypes")
+    @SuppressWarnings({ "rawtypes", "unchecked" })
     @Override
     public final void initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy,
             CallbackHandler handler, Map options) throws AuthException {
         this.handler = handler;
+        this.cache = (Boolean.parseBoolean((String) options.get("cache")));
+        this.changeSessionIdOnAuthentication = Boolean.parseBoolean((String) options.get("changeSessionIdOnAuthentication"));
         String name = (String) options.get(REALM_NAME);
         if (name != null) {
             this.realmName = name;
@@ -99,9 +102,8 @@ public abstract class TomcatAuthModule i
      * @param options
      * @throws AuthException
      */
-    @SuppressWarnings("rawtypes")
     public abstract void initializeModule(MessagePolicy requestPolicy,
-            MessagePolicy responsePolicy, CallbackHandler handler, Map options)
+            MessagePolicy responsePolicy, CallbackHandler handler, Map<String, String>
options)
             throws AuthException;
 
 

Modified: tomcat/trunk/java/org/apache/catalina/startup/ContextConfig.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/startup/ContextConfig.java?rev=1709787&r1=1709786&r2=1709787&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/startup/ContextConfig.java (original)
+++ tomcat/trunk/java/org/apache/catalina/startup/ContextConfig.java Wed Oct 21 10:16:17 2015
@@ -395,8 +395,7 @@ public class ContextConfig implements Li
         if (authenticator == null) {
             String authMethod = loginConfig.getAuthMethod();
             if (authMethod != null && authMethod.contains("JASPIC")) {
-                //TODO temporary workaround, Jaspic should be enabled by default
-                authenticator = configureDefaultJaspicAuthModules();
+                authenticator = new JaspicAuthenticator();
             }
         }
 
@@ -408,9 +407,7 @@ public class ContextConfig implements Li
             }
 
             // Identify the class name of the Valve we should configure
-            String authenticatorName = null;
-            authenticatorName =
-                    authenticators.getProperty(loginConfig.getAuthMethod());
+            String authenticatorName = authenticators.getProperty(loginConfig.getAuthMethod());
             if (authenticatorName == null) {
                 log.error(sm.getString("contextConfig.authenticatorMissing",
                                  loginConfig.getAuthMethod()));
@@ -448,14 +445,20 @@ public class ContextConfig implements Li
 
     /**
      * Configure and register default JASPIC modules
-     * @return
      */
-    private JaspicAuthenticator configureDefaultJaspicAuthModules() {
+    private void configureDefaultJaspicAuthModules() {
+        if (!(context.getAuthenticator() instanceof JaspicAuthenticator)) {
+            return;
+        }
+        // TODO currently we setup default provider if we have
+        // JaspicAuthenicator registred.
+        // we need to find a better way to decide, if we want embedded provider
+        // or not
+        JaspicAuthenticator authenticator = (JaspicAuthenticator) context.getAuthenticator();
         AuthConfigFactory authConfigFactory = AuthConfigFactory.getFactory();
-        TomcatAuthConfigProvider provider = new TomcatAuthConfigProvider(context);
+        TomcatAuthConfigProvider provider = new TomcatAuthConfigProvider(context, authenticator.getAuthProperties());
         authConfigFactory.registerConfigProvider(provider, JaspicAuthenticator.MESSAGE_LAYER,
                 getJaspicAppContext(), "Tomcat Jaspic");
-        return new JaspicAuthenticator();
     }
 
     private String getJaspicAppContext() {
@@ -807,6 +810,7 @@ public class ContextConfig implements Li
         // Configure an authenticator if we need one
         if (ok) {
             authenticatorConfig();
+            configureDefaultJaspicAuthModules();
         }
 
         // Dump the contents of this pipeline if requested

Modified: tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicBasicAuthenticator.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicBasicAuthenticator.java?rev=1709787&r1=1709786&r2=1709787&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicBasicAuthenticator.java
(original)
+++ tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicBasicAuthenticator.java
Wed Oct 21 10:16:17 2015
@@ -87,11 +87,12 @@ public class TestJaspicBasicAuthenticato
         lc.setRealmName(REALM);
         ctxt.setLoginConfig(lc);
 
+        JaspicAuthenticator authenticator = new JaspicAuthenticator();
+        ctxt.getPipeline().addValve(authenticator);
         AuthConfigFactory authConfigFactory = AuthConfigFactory.getFactory();
-        TomcatAuthConfigProvider provider = new TomcatAuthConfigProvider(ctxt);
+        TomcatAuthConfigProvider provider = new TomcatAuthConfigProvider(ctxt, authenticator.getAuthProperties());
         authConfigFactory.registerConfigProvider(provider, JaspicAuthenticator.MESSAGE_LAYER,
null,
                 "Tomcat Jaspic");
-        ctxt.getPipeline().addValve(new JaspicAuthenticator());
 
         tomcat.start();
     }

Modified: tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicDigestAuthenticator.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicDigestAuthenticator.java?rev=1709787&r1=1709786&r2=1709787&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicDigestAuthenticator.java
(original)
+++ tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicDigestAuthenticator.java
Wed Oct 21 10:16:17 2015
@@ -299,11 +299,12 @@ public class TestJaspicDigestAuthenticat
         lc.setRealmName(REALM);
         ctxt.setLoginConfig(lc);
 
+        JaspicAuthenticator authenticator = new JaspicAuthenticator();
+        ctxt.getPipeline().addValve(authenticator);
         AuthConfigFactory authConfigFactory = AuthConfigFactory.getFactory();
-        TomcatAuthConfigProvider provider = new TomcatAuthConfigProvider(ctxt);
+        TomcatAuthConfigProvider provider = new TomcatAuthConfigProvider(ctxt, authenticator.getAuthProperties());
         authConfigFactory.registerConfigProvider(provider, JaspicAuthenticator.MESSAGE_LAYER,
                 null, "Tomcat Jaspic");
-        ctxt.getPipeline().addValve(new JaspicAuthenticator());
     }
 
 

Modified: tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicFormAuthenticator.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicFormAuthenticator.java?rev=1709787&r1=1709786&r2=1709787&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicFormAuthenticator.java (original)
+++ tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicFormAuthenticator.java Wed
Oct 21 10:16:17 2015
@@ -636,11 +636,12 @@ public class TestJaspicFormAuthenticator
             realm.addUserRole("tomcat", "tomcat");
             ctx.setRealm(realm);
 
+            JaspicAuthenticator jaspicAuthenticator = new JaspicAuthenticator();
+            ctx.getPipeline().addValve(jaspicAuthenticator);
             AuthConfigFactory authConfigFactory = AuthConfigFactory.getFactory();
-            TomcatAuthConfigProvider provider = new TomcatAuthConfigProvider(ctx);
+            TomcatAuthConfigProvider provider = new TomcatAuthConfigProvider(ctx, jaspicAuthenticator.getAuthProperties());
             authConfigFactory.registerConfigProvider(provider, JaspicAuthenticator.MESSAGE_LAYER,
                     null, "Tomcat Jaspic");
-            ctx.getPipeline().addValve(new JaspicAuthenticator());
 
             tomcat.start();
 
@@ -704,11 +705,12 @@ public class TestJaspicFormAuthenticator
             realm.addUserRole("tomcat", "tomcat");
             ctx.setRealm(realm);
 
+            JaspicAuthenticator authenticator = new JaspicAuthenticator();
+            ctx.getPipeline().addValve(authenticator);
             AuthConfigFactory authConfigFactory = AuthConfigFactory.getFactory();
-            TomcatAuthConfigProvider provider = new TomcatAuthConfigProvider(ctx);
+            TomcatAuthConfigProvider provider = new TomcatAuthConfigProvider(ctx, authenticator.getAuthProperties());
             authConfigFactory.registerConfigProvider(provider, JaspicAuthenticator.MESSAGE_LAYER,
                     null, "Tomcat Jaspic");
-            ctx.getPipeline().addValve(new JaspicAuthenticator());
 
             tomcat.start();
 



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message