hello there, this patch contains an implementation of the JAAS Login Module Configuration provider.
cheers; rsn
Index: ChangeLog
===================================================================
RCS file: /cvsroot/classpath/classpath/ChangeLog,v
retrieving revision 1.6064
diff -u -r1.6064 ChangeLog
--- ChangeLog 14 Jan 2006 11:14:43 -0000 1.6064
+++ ChangeLog 14 Jan 2006 20:03:38 -0000
@@ -1,3 +1,16 @@
+2006-01-15 Raif S. Naffah <[EMAIL PROTECTED]>
+
+ * gnu/javax/security/auth/login/ConfigFileTokenizer.java: New class.
+ * gnu/javax/security/auth/login/ConfigFileParser.java: New class.
+ * gnu/javax/security/auth/login/GnuConfiguration.java: New class.
+ * javax/security/auth/login/AppConfigurationEntry.java: Updated
+ copyright year.
+ (toString): Added method implementation.
+ (LoginModuleControlFlag.toString): Removed class name from result.
+ * javax/security/auth/login/Configuration.java: Updated copyright year.
+ Added documentation.
+ (getConfig(): replaced calls to NullConfiguration with GnuConfiguration.
+
2006-01-14 Wolfgang Baer <[EMAIL PROTECTED]>
Fixes bug #25387
Index: ConfigFileParser.java
===================================================================
RCS file: ConfigFileParser.java
diff -N ConfigFileParser.java
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ ConfigFileParser.java 14 Jan 2006 20:01:19 -0000
@@ -0,0 +1,339 @@
+/* ConfigurationParser.java -- JAAS Login Configuration default syntax parser
+ Copyright (C) 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.javax.security.auth.login;
+
+import java.io.IOException;
+import java.io.Reader;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.security.auth.login.AppConfigurationEntry;
+
+/**
+ * A parser that knows how to interpret JAAS Login Module Configuration files
+ * written in the <i>default syntax</i> which is interpreted as adhering to
+ * the following grammar:
+ *
+ * <pre>
+ * CONFIG ::= APP_OR_OTHER_ENTRY+
+ * APP_OR_OTHER_ENTRY ::= APP_NAME_OR_OTHER JAAS_CONFIG_BLOCK
+ * APP_NAME_OR_OTHER ::= APP_NAME
+ * | 'other'
+ * JAAS_CONFIG_BLOCK ::= '{' (LOGIN_MODULE_ENTRY ';')+ '}' ';'
+ * LOGIN_MODULE_ENTRY ::= MODULE_CLASS FLAG MODULE_OPTION* ';'
+ * FLAG ::= 'required'
+ * | 'requisite'
+ * | 'sufficient'
+ * | 'optional'
+ * MODULE_OPTION ::= PARAM_NAME '=' PARAM_VALUE
+ *
+ * APP_NAME ::= JAVA_IDENTIFIER
+ * MODULE_CLASS ::= JAVA_IDENTIFIER ('.' JAVA_IDENTIFIER)*
+ * PARAM_NAME ::= STRING
+ * PARAM_VALUE ::= '"' STRING '"' | ''' STRING '''
+ * </pre>
+ *
+ * <p>This parser handles UTF-8 entities when used as APP_NAME and PARAM_VALUE.
+ * It also checks for the use of Java identifiers used in MODULE_CLASS, thus
+ * minimizing the risks of having [EMAIL PROTECTED] java.lang.ClassCastException}s thrown
+ * at runtime due to syntactically invalid names.</p>
+ *
+ * <p>In the above context, a JAVA_IDENTIFIER is a sequence of tokens,
+ * separated by the character '.'. Each of these tokens obeys the following:</p>
+ *
+ * <ol>
+ * <li>its first character yields <code>true</code> when used as an input to
+ * the [EMAIL PROTECTED] java.lang.Character#isJavaIdentifierStart(char)}, and</li>
+ * <li>all remaining characters, yield <code>true</code> when used as an
+ * input to [EMAIL PROTECTED] java.lang.Character#isJavaIdentifierPart(char)}.</li>
+ * </ol>
+ */
+public final class ConfigFileParser
+{
+ // Constants and fields
+ // --------------------------------------------------------------------------
+
+ private static final boolean DEBUG = false;
+ private static final void debug(String s) {if (DEBUG) System.out.println(s);};
+
+ private ConfigFileTokenizer cft;
+ private Map map = new HashMap();
+
+ // Constructor(s)
+ // --------------------------------------------------------------------------
+
+ // default 0-arguments constructor
+
+ // Class methods
+ // --------------------------------------------------------------------------
+
+ // Instance methods
+ // --------------------------------------------------------------------------
+
+ /**
+ * Returns the parser result as a [EMAIL PROTECTED] Map} where the keys are application
+ * names, and the entries are [EMAIL PROTECTED] List}s of [EMAIL PROTECTED] AppConfigurationEntry}
+ * entries, one for each login module entry, in the order they were
+ * encountered, for that application name in the just parsed configuration
+ * file.
+ */
+ public Map getLoginModulesMap()
+ {
+ return map;
+ }
+
+ /**
+ * Parses the [EMAIL PROTECTED] Reader}'s contents assuming it is in the <i>default
+ * syntax</i>.
+ * @param r the [EMAIL PROTECTED] Reader} whose contents are assumed to be a JAAS Login
+ * Configuration Module file written in the <i>default syntax</i>.
+ * @throws IOException if an exception occurs while parsing the input.
+ */
+ public void parse(Reader r) throws IOException
+ {
+ initParser(r);
+
+ while (parseAppOrOtherEntry())
+ ; // do nothing
+ }
+
+ private void initParser(Reader r) throws IOException
+ {
+ map.clear();
+
+ cft = new ConfigFileTokenizer(r);
+ }
+
+ /**
+ * @return <code>true</code> if an APP_OR_OTHER_ENTRY was correctly parsed.
+ * Returns <code>false</code> otherwise.
+ * @throws IOException if an exception occurs while parsing the input.
+ */
+ private boolean parseAppOrOtherEntry() throws IOException
+ {
+ int c = cft.nextToken();
+ if (c == ConfigFileTokenizer.TT_EOF)
+ return false;
+
+ if (c != ConfigFileTokenizer.TT_WORD)
+ {
+ cft.pushBack();
+ return false;
+ }
+
+ String appName = cft.sval;
+ debug("DEBUG: APP_NAME_OR_OTHER: " + appName);
+ if (cft.nextToken() != '{')
+ abort("Missing '{' after APP_NAME_OR_OTHER");
+
+ List lmis = new ArrayList();
+ while (parseACE(lmis))
+ ; // do nothing
+
+ c = cft.nextToken();
+ if (c != '}')
+ abort("Was expecting '}' but found " + (char) c);
+
+ c = cft.nextToken();
+ if (c != ';')
+ abort("Was expecting ';' but found " + (char) c);
+
+ List listOfACEs = (List) map.get(appName);
+ if (listOfACEs == null)
+ {
+ listOfACEs = new ArrayList();
+ map.put(appName, listOfACEs);
+ }
+ listOfACEs.addAll(lmis);
+ return !appName.equalsIgnoreCase("other");
+ }
+
+ /**
+ * @return <code>true</code> if a LOGIN_MODULE_ENTRY was correctly parsed.
+ * Returns <code>false</code> otherwise.
+ * @throws IOException if an exception occurs while parsing the input.
+ */
+ private boolean parseACE(List listOfACEs) throws IOException
+ {
+ int c = cft.nextToken();
+ if (c != ConfigFileTokenizer.TT_WORD)
+ {
+ cft.pushBack();
+ return false;
+ }
+
+ String clazz = validateClassName(cft.sval);
+ debug("DEBUG: MODULE_CLASS: " + clazz);
+
+ if (cft.nextToken() != ConfigFileTokenizer.TT_WORD)
+ abort("Was expecting FLAG but found none");
+
+ String flag = cft.sval;
+ debug("DEBUG: FLAG: " + flag);
+ AppConfigurationEntry.LoginModuleControlFlag f = null;
+ if (flag.equalsIgnoreCase("required"))
+ f = AppConfigurationEntry.LoginModuleControlFlag.REQUIRED;
+ else if (flag.equalsIgnoreCase("requisite"))
+ f = AppConfigurationEntry.LoginModuleControlFlag.REQUISITE;
+ else if (flag.equalsIgnoreCase("sufficient"))
+ f = AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT;
+ else if (flag.equalsIgnoreCase("optional"))
+ f = AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL;
+ else
+ abort("Unknown Flag: " + flag);
+
+ Map options = new HashMap();
+ String paramName, paramValue;
+ c = cft.nextToken();
+ while (c != ';')
+ {
+ if (c != ConfigFileTokenizer.TT_WORD)
+ abort("Was expecting PARAM_NAME but got '" + ((char) c) + "'");
+
+ paramName = cft.sval;
+ debug("DEBUG: PARAM_NAME: " + paramName);
+ if (cft.nextToken() != '=')
+ abort("Missing '=' after PARAM_NAME");
+
+ c = cft.nextToken();
+ if (c != '"' && c != '\'')
+ abort("Was expecting PARAM_VALUE, as a quoted string, but got none");
+
+ paramValue = expandParamValue(cft.sval);
+ debug("DEBUG: PARAM_VALUE: " + paramValue);
+ options.put(paramName, paramValue);
+
+ c = cft.nextToken();
+ }
+
+ AppConfigurationEntry ace = new AppConfigurationEntry(clazz, f, options);
+ debug("DEBUG: LOGIN_MODULE_ENTRY: " + ace);
+ listOfACEs.add(ace);
+ return true;
+ }
+
+ private void abort(String m) throws IOException
+ {
+ debug("ERROR: " + m);
+ debug("DEBUG: Map (so far): " + String.valueOf(map));
+ throw new IOException(m);
+ }
+
+ private String validateClassName(String cn) throws IOException
+ {
+ if (cn.startsWith(".") || cn.endsWith("."))
+ abort("MODULE_CLASS MUST NOT start or end with a '.'");
+
+ String[] tokens = cn.split(".");
+ for (int i = 0; i < tokens.length; i++)
+ {
+ String t = tokens[i];
+ if (Character.isJavaIdentifierStart(cn.toCharArray()[0]))
+ abort("");
+
+ // we dont check the rest of the characters for isJavaIdentifierPart()
+ // because that's what the tokenizer does.
+ }
+
+ return cn;
+ }
+
+ /**
+ * The documentation of the [EMAIL PROTECTED] javax.security.auth.login.Configuration}
+ * states that: <i>"...If a String in the form, ${system.property}, occurs in
+ * the value, it will be expanded to the value of the system property."</i>.
+ * This method ensures this is the case. If such a string can not be expanded
+ * then it is left AS IS, assuming the LoginModule knows what to do with it.
+ *
+ * <p><b>IMPORTANT</b>: This implementation DOES NOT handle embedded ${}
+ * constructs.
+ *
+ * @param s the raw parameter value, incl. eventually strings of the form
+ * <code>${system.property}</code>.
+ * @return the input string with every occurence of
+ * <code>${system.property}</code> replaced with the value of the
+ * corresponding System property at the time of this method invocation. If
+ * the string is not a known System property name, then the complete sequence
+ * (incl. the ${} characters are passed AS IS.
+ */
+ private String expandParamValue(String s)
+ {
+ String result = s;
+ try
+ {
+ int searchNdx = 0;
+ // FIXME: this logic barfs on the first non-expandable system property
+ // although others after it may be expanded correctly.
+ while (searchNdx < result.length())
+ {
+ int i = s.indexOf("${", searchNdx);
+ if (i == -1)
+ break;
+
+ int j = s.indexOf("}", i + 2);
+ if (j == -1)
+ {
+ debug(" WARN: Found a ${ prefix with no } suffix. Ignore");
+ break;
+ }
+
+ String sysPropName = s.substring(i + 2, j);
+ debug("DEBUG: Found a reference to System property: " + sysPropName);
+ String sysPropValue = System.getProperty(sysPropName);
+ debug("DEBUG: Resolved " + sysPropName + " to '" + sysPropValue + "'");
+
+ if (sysPropValue != null)
+ {
+ result = s.substring(0, i) + sysPropValue + s.substring(j + 1);
+ searchNdx = i + sysPropValue.length();
+ }
+ else
+ searchNdx = j + 1;
+ }
+ }
+ catch (Exception x)
+ {
+ debug("ERROR: Exception while expanding " + s + ". Ignore: " + x);
+ }
+
+ return result;
+ }
+}
Index: Configuration.java
===================================================================
RCS file: /cvsroot/classpath/classpath/javax/security/auth/login/Configuration.java,v
retrieving revision 1.4
diff -u -r1.4 Configuration.java
--- Configuration.java 9 Sep 2005 12:17:30 -0000 1.4
+++ Configuration.java 14 Jan 2006 20:03:16 -0000
@@ -1,5 +1,5 @@
/* Configuration.java
- Copyright (C) 2004 Free Software Foundation, Inc.
+ Copyright (C) 2004, 2006 Free Software Foundation, Inc.
This file is part of GNU Classpath.
@@ -38,15 +38,140 @@
package javax.security.auth.login;
+import gnu.javax.security.auth.login.GnuConfiguration;
+
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.Security;
import javax.security.auth.AuthPermission;
+/**
+ * This is an abstract class for representing the configuration of
+ * [EMAIL PROTECTED] javax.security.auth.spi.LoginModule}s under an application. The
+ * <code>Configuration</code> specifies which LoginModules should be used for a
+ * particular application, and in what order the LoginModules should be invoked.
+ * This abstract class, in GNU Classpath, is subclassed by
+ * [EMAIL PROTECTED] gnu.javax.security.auth.login.GnuConfiguration} to provide an
+ * implementation which reads and loads the actual Configuration.
+ *
+ * <p>A login configuration contains the following information. Note that this
+ * example only represents the <i>default syntax</i> for the Configuration.
+ * Subclass implementations of this class may implement alternative syntaxes and
+ * may retrieve the Configuration from any source such as files, databases, or
+ * servers.</p>
+ *
+ * <pre>
+ * Name {
+ * ModuleClass Flag ModuleOptions;
+ * ModuleClass Flag ModuleOptions;
+ * ModuleClass Flag ModuleOptions;
+ * };
+ * Name {
+ * ModuleClass Flag ModuleOptions;
+ * ModuleClass Flag ModuleOptions;
+ * };
+ * other {
+ * ModuleClass Flag ModuleOptions;
+ * ModuleClass Flag ModuleOptions;
+ * };
+ * </pre>
+ *
+ * <p>Each entry in the Configuration is indexed via an application name,
+ * <i>Name</i>, and contains a list of LoginModules configured for that
+ * application. Each LoginModule is specified via its fully qualified class
+ * name. Authentication proceeds down the module list in the exact order
+ * specified. If an application does not have specific entry, it defaults to the
+ * specific entry for <i>"other"</i>.</p>
+ *
+ * <p>The <i>Flag</i> value controls the overall behavior as authentication
+ * proceeds down the stack. The following represents a description of the valid
+ * values for <i>Flag</i> and their respective semantics:</p>
+ *
+ * <pre>
+ * 1) Required - The LoginModule is required to succeed.
+ * If it succeeds or fails, authentication still continues
+ * to proceed down the LoginModule list.
+ *
+ * 2) Requisite - The LoginModule is required to succeed.
+ * If it succeeds, authentication continues down the
+ * LoginModule list. If it fails,
+ * control immediately returns to the application
+ * (authentication does not proceed down the
+ * LoginModule list).
+ *
+ * 3) Sufficient - The LoginModule is not required to
+ * succeed. If it does succeed, control immediately
+ * returns to the application (authentication does not
+ * proceed down the LoginModule list).
+ * If it fails, authentication continues down the
+ * LoginModule list.
+ *
+ * 4) Optional - The LoginModule is not required to
+ * succeed. If it succeeds or fails,
+ * authentication still continues to proceed down the
+ * LoginModule list.
+ * </pre>
+ *
+ * <p>The overall authentication succeeds only if all <i>Required</i> and
+ * <i>Requisite</i> LoginModules succeed. If a <i>Sufficient</i> LoginModule is
+ * configured and succeeds, then only the <i>Required</i> and <i>Requisite</i>
+ * LoginModules prior to that <i>Sufficient</i> LoginModule need to have
+ * succeeded for the overall authentication to succeed. If no <i>Required</i> or
+ * <i>Requisite</i> LoginModules are configured for an application, then at
+ * least one <i>Sufficient</i> or <i>Optional</i> LoginModule must succeed.</p>
+ *
+ * <p><i>ModuleOptions</i> is a space separated list of LoginModule-specific
+ * values which are passed directly to the underlying LoginModules. Options are
+ * defined by the LoginModule itself, and control the behavior within it. For
+ * example, a LoginModule may define options to support debugging/testing
+ * capabilities. The correct way to specify options in the Configuration is by
+ * using the following key-value pairing: debug="true". The key and value should
+ * be separated by an 'equals' symbol, and the value should be surrounded by
+ * double quotes. If a String in the form, ${system.property}, occurs in the
+ * value, it will be expanded to the value of the system property. Note that
+ * there is no limit to the number of options a LoginModule may define.</p>
+ *
+ * <p>The following represents an example Configuration entry based on the
+ * syntax above:</p>
+ *
+ * <pre>
+ * Login {
+ * com.sun.security.auth.module.UnixLoginModule required;
+ * com.sun.security.auth.module.Krb5LoginModule optional
+ * useTicketCache="true"
+ * ticketCache="${user.home}${/}tickets";
+ * };
+ * </pre>
+ *
+ * <p>This Configuration specifies that an application named, "Login", requires
+ * users to first authenticate to the
+ * <code>com.sun.security.auth.module.UnixLoginModule</code>, which is required
+ * to succeed. Even if the <code>UnixLoginModule</code> authentication fails,
+ * the <code>com.sun.security.auth.module.Krb5LoginModule</code> still gets
+ * invoked. This helps hide the source of failure. Since the
+ * <code>Krb5LoginModule</code> is <i>Optional</i>, the overall authentication
+ * succeeds only if the <code>UnixLoginModule</code> (<i>Required</i>) succeeds.
+ * </p>
+ *
+ * <p>Also note that the LoginModule-specific options, <i>useTicketCache="true"</i>
+ * and <i>ticketCache=${user.home}${/}tickets"</i>, are passed to the
+ * <code>Krb5LoginModule</code>. These options instruct the
+ * <code>Krb5LoginModule</code> to use the ticket cache at the specified
+ * location. The system properties, <code>user.home</code> and /
+ * (<code>file.separator</code>), are expanded to their respective values.</p>
+ *
+ * <p>The default Configuration implementation can be changed by setting the
+ * value of the "<i>login.configuration.provider</i>" security property (in the
+ * Java security properties file) to the fully qualified name of the desired
+ * Configuration implementation class. The Java security properties file is
+ * located in the file named <JAVA_HOME>/lib/security/java.security, where
+ * <JAVA_HOME> refers to the directory where the JDK was installed.</p>
+ *
+ * @see LoginContext
+ */
public abstract class Configuration
{
-
// Fields.
// -------------------------------------------------------------------------
@@ -81,8 +206,29 @@
// Abstract methods.
// -------------------------------------------------------------------------
+ /**
+ * Retrieves the [EMAIL PROTECTED] AppConfigurationEntry} instances (as an array) for
+ * the designated <i>Application</i> name.
+ *
+ * @param applicationName usually the name of an <i>Application</i> used by a
+ * <code>Configuration</code> to index the entries.
+ * @return an array of [EMAIL PROTECTED] AppConfigurationEntry} instances for the
+ * specified <i>Application</i> name. Returns <code>null</code> if there are
+ * no entries for the specified <code>applicationName</code>.
+ */
public abstract AppConfigurationEntry[] getAppConfigurationEntry (String applicationName);
+ /**
+ * Refreshes and reloads the <code>Configuration</code>.
+ *
+ * <p>This method causes this <code>Configuration</code> object to
+ * refresh/reload its contents in an implementation-dependent manner. For
+ * example, if this <code>Configuration</code> object stores its entries in a
+ * file, calling [EMAIL PROTECTED] #refresh()} may cause the file to be re-read.</p>
+ *
+ * @throws SecurityException if the caller does not have permission to refresh
+ * its <code>Configuration</code>.
+ */
public abstract void refresh();
// Package-private methods.
@@ -108,11 +254,11 @@
if (conf != null)
config = (Configuration) Class.forName (conf).newInstance();
else
- config = new NullConfiguration();
+ config = new GnuConfiguration();
}
catch (Exception x)
{
- config = new NullConfiguration();
+ config = new GnuConfiguration();
}
}
return config;
Index: AppConfigurationEntry.java
===================================================================
RCS file: /cvsroot/classpath/classpath/javax/security/auth/login/AppConfigurationEntry.java,v
retrieving revision 1.2
diff -u -r1.2 AppConfigurationEntry.java
--- AppConfigurationEntry.java 2 Jul 2005 20:32:46 -0000 1.2
+++ AppConfigurationEntry.java 14 Jan 2006 20:03:00 -0000
@@ -1,5 +1,5 @@
/* AppConfigurationEntry.java
- Copyright (C) 2004 Free Software Foundation, Inc.
+ Copyright (C) 2004, 2006 Free Software Foundation, Inc.
This file is part of GNU Classpath.
@@ -44,7 +44,6 @@
public class AppConfigurationEntry
{
-
// Fields.
// -------------------------------------------------------------------------
@@ -61,13 +60,16 @@
{
if (loginModuleName == null || loginModuleName.length() == 0)
throw new IllegalArgumentException ("module name cannot be null nor empty");
+
if (LoginModuleControlFlag.OPTIONAL != controlFlag &&
LoginModuleControlFlag.REQUIRED != controlFlag &&
LoginModuleControlFlag.REQUISITE != controlFlag &&
LoginModuleControlFlag.SUFFICIENT != controlFlag)
throw new IllegalArgumentException ("invalid controlFlag");
+
if (options == null)
throw new IllegalArgumentException ("options cannot be null");
+
this.loginModuleName = loginModuleName;
this.controlFlag = controlFlag;
this.options = Collections.unmodifiableMap (new HashMap (options));
@@ -91,7 +93,17 @@
return options;
}
-
// Inner class.
+ // Object methods ----------------------------------------------------------
+
+ public String toString()
+ {
+
+ return loginModuleName + "\t"
+ + String.valueOf(controlFlag) + "\t"
+ + String.valueOf(options);
+ }
+
+ // Inner class.
// -------------------------------------------------------------------------
public static class LoginModuleControlFlag
@@ -117,19 +129,15 @@
public String toString()
{
- StringBuffer buf = new StringBuffer (LoginModuleControlFlag.class.getName());
- buf.append ('.');
- if (this == OPTIONAL)
- buf.append ("OPTIONAL");
- else if (this == REQUIRED)
- buf.append ("REQUIRED");
- else if (this == REQUISITE)
- buf.append ("REQUISITE");
- else if (this == SUFFICIENT)
- buf.append ("SUFFICIENT");
- else
- buf.append ("HARVEY_THE_RABBIT");
- return buf.toString();
+ if (this == LoginModuleControlFlag.REQUIRED)
+ return "REQUIRED";
+ if (this == LoginModuleControlFlag.REQUISITE)
+ return "REQUISITE";
+ if (this == LoginModuleControlFlag.SUFFICIENT)
+ return "SUFFICIENT";
+ if (this == LoginModuleControlFlag.OPTIONAL)
+ return "OPTIONAL";
+ return "???";
}
}
}
Index: GnuConfiguration.java
===================================================================
RCS file: GnuConfiguration.java
diff -N GnuConfiguration.java
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ GnuConfiguration.java 14 Jan 2006 20:02:41 -0000
@@ -0,0 +1,452 @@
+/* GnuConfiguration.java -- GNU Classpath implementation of JAAS Configuration
+ Copyright (C) 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.javax.security.auth.login;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.security.Security;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+
+import javax.security.auth.AuthPermission;
+import javax.security.auth.login.AppConfigurationEntry;
+import javax.security.auth.login.Configuration;
+
+/**
+ * An implementation of the [EMAIL PROTECTED] Configuration} class which interprets JAAS
+ * Login Configuration files written in the <i>default</i> syntax described in
+ * the publicly available documentation of that class. A more formal definition
+ * of this syntax is as follows:
+ *
+ * <pre>
+ * CONFIG ::= APP_OR_OTHER_ENTRY+
+ * APP_OR_OTHER_ENTRY ::= APP_NAME_OR_OTHER JAAS_CONFIG_BLOCK
+ * APP_NAME_OR_OTHER ::= APP_NAME
+ * | 'other'
+ * JAAS_CONFIG_BLOCK ::= '{' (LOGIN_MODULE_ENTRY ';')+ '}' ';'
+ * LOGIN_MODULE_ENTRY ::= MODULE_CLASS FLAG MODULE_OPTION* ';'
+ * FLAG ::= 'required'
+ * | 'requisite'
+ * | 'sufficient'
+ * | 'optional'
+ * MODULE_OPTION ::= PARAM_NAME '=' PARAM_VALUE
+ *
+ * APP_NAME ::= JAVA_IDENTIFIER
+ * MODULE_CLASS ::= JAVA_IDENTIFIER ('.' JAVA_IDENTIFIER)*
+ * PARAM_NAME ::= STRING
+ * PARAM_VALUE ::= '"' STRING '"' | ''' STRING '''
+ * </pre>
+ *
+ * <p>This implementation will specifically attempt to process one or more
+ * Login Configuration files in the following locations, and when found parse
+ * them and merge their contents. The locations, and the order in which they are
+ * investigated, follows:</p>
+ *
+ * <ol>
+ * <li>If the following Security properties:
+ * <i>java.security.auth.login.config.url.<b>N</b></i>, where <i><b>N</b></i>
+ * is a digit, from <code>1</code> to an arbitrary number, are defined, then
+ * the value of each of those properties will be considered as a JAAS Login
+ * Configuration file written in the default syntax. This implementation will
+ * attempt parsing all such files.
+ *
+ * <p>It is worth noting the following:
+ * <ul>
+ * <li>The GNU Classpath security file, named <i>classpath.security</i>,
+ * where all Security properties are encoded, is usually located in
+ * <i>/usr/local/classpath/lib/security</i> folder.</li>
+ *
+ * <li>The numbers used in the properties
+ * <i>java.security.auth.login.config.url.<b>N</b></i> MUST be sequential,
+ * with no breaks in-between.</li>
+ * </ul>
+ * </p>
+ *
+ * <p>If at least one of the designated Configuration files was found, and
+ * was parsed correctly, then no other location will be inspected.</p></li>
+ *
+ * <li>If the System property named <i>java.security.auth.login.config</i>
+ * is not null or empty, its contents are then interpreted as a URL to a
+ * JAAS Login Configuration file written in the default syntax.
+ *
+ * <p>If this System property is defined, and the file it refers to was
+ * parsed correctly, then no other location will be inspected.</p></li>
+ *
+ * <li>If a file named <i>.java.login.config</i> or <i>java.login.config</i>
+ * (in that order) is found in the location referenced by the value of the
+ * System property <i>user.home</i>, then that file is parsed as a JAAS Login
+ * Configuration written in the default syntax.</li>
+ *
+ * <li>If none of the above resulted in a correctly parsed JAAS Login
+ * Configuration file, then this implementation will install a <i>Null
+ * Configuration</i> which basically does not recognize any Application.</li>
+ * </ol>
+ */
+public final class GnuConfiguration extends Configuration
+{
+ // Constants and fields
+ // --------------------------------------------------------------------------
+
+ private static final boolean DEBUG = true;
+ private static final void debug(String s) {if (DEBUG) System.out.println(s);};
+
+ /**
+ * The internal map of login modules keyed by application name. Each entry in
+ * this map is a [EMAIL PROTECTED] List} of [EMAIL PROTECTED] AppConfigurationEntry}s for that
+ * application name.
+ */
+ private Map loginModulesMap;
+ /** Our reference to our default syntax parser. */
+ private ConfigFileParser cp;
+
+ // Constructor(s)
+ // --------------------------------------------------------------------------
+
+ /** Trivial 0-arguments Constructor. */
+ public GnuConfiguration()
+ {
+ super();
+
+ loginModulesMap = new HashMap();
+ cp = new ConfigFileParser();
+ init();
+ }
+
+ // Class methods
+ // --------------------------------------------------------------------------
+
+ // Instance methods
+ // --------------------------------------------------------------------------
+
+ // Configuration abstract methods implementation ----------------------------
+
+ /* (non-Javadoc)
+ * @see javax.security.auth.login.Configuration#getAppConfigurationEntry(java.lang.String)
+ */
+ public AppConfigurationEntry[] getAppConfigurationEntry(String appName)
+ {
+ if (appName == null)
+ return null;
+
+ appName = appName.trim();
+ if (appName.length() == 0)
+ return null;
+
+ List loginModules = (List) loginModulesMap.get(appName);
+ if (loginModules == null || loginModules.size() == 0)
+ return null;
+
+ debug("DEBUG: " + appName + " -> " + loginModules.size() + " entry(ies)");
+ return (AppConfigurationEntry[]) loginModules.toArray(new AppConfigurationEntry[0]);
+ }
+
+ /**
+ * Refreshes and reloads this <code>Configuration</code>.
+ *
+ * <p>This method causes this <code>Configuration</code> object to refresh /
+ * reload its contents following the locations and logic described above in
+ * the class documentation section.</p>
+ *
+ * @throws SecurityException if the caller does not have an
+ * [EMAIL PROTECTED] AuthPermission} for the action named
+ * <code>refreshLoginConfiguration</code>.
+ * @see [EMAIL PROTECTED] AuthPermission}
+ */
+ public void refresh()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(new AuthPermission("refreshLoginConfiguration"));
+
+ loginModulesMap.clear();
+ init();
+ }
+
+ // helper methods -----------------------------------------------------------
+
+ /**
+ * Attempts to find and parse JAAS Login Configuration file(s) written in
+ * the default syntax. The locations searched are as descibed in the class
+ * documentation.
+ */
+ private void init()
+ {
+ if (processSecurityProperties())
+ debug(" INFO: Using login configuration defined by Security property(ies)");
+ else if (processSystemProperty())
+ debug(" INFO: Using login configuration defined by System property");
+ else if (processUserHome())
+ debug(" INFO: Using login configuration defined in ${user.home}");
+ else
+ debug(" WARN: No login configuration file found");
+ }
+
+ /**
+ * Attempts to locate and parse one or more JAAS Login Configuration files
+ * defined as the values of the Security properties
+ * <i>java.security.auth.login.config.url.N</i>.
+ *
+ * @return <code>true</code> if it succeeds, and <code>false</code>
+ * otherwsie.
+ */
+ private boolean processSecurityProperties()
+ {
+ boolean result = false;
+ int counter = 0;
+ String s;
+ while (true)
+ {
+ counter++;
+ s = Security.getProperty("java.security.auth.login.config.url."
+ + counter);
+ if (s == null)
+ break;
+
+ s = s.trim();
+ if (s.length() != 0)
+ {
+ debug(" INFO: java.security.auth.login.config.url." + counter
+ + " = " + s);
+ try
+ {
+ parseConfig(getInputStreamFromURL(s));
+ result = true;
+ }
+ catch (Throwable t)
+ {
+ debug(" WARN: Exception while handling Security property at #"
+ + counter + ". Continue: " + t);
+ }
+ }
+ }
+ return result;
+ }
+
+ /**
+ * Attempts to open a designated string as a well-formed [EMAIL PROTECTED] URL}. If a
+ * [EMAIL PROTECTED] MalformedURLException} occurs, this method then tries to open that
+ * string as a [EMAIL PROTECTED] File} (with the same name). If it succeeds, an
+ * [EMAIL PROTECTED] InputStream} is constructed and returned.
+ *
+ * @param s
+ * the designated name of either a [EMAIL PROTECTED] URL} or a [EMAIL PROTECTED] File}
+ * assumed to contain a JAAS Login Configuration in the default
+ * syntax.
+ * @return an [EMAIL PROTECTED] InputStream} around the data source.
+ * @throws IOException
+ * if an exception occurs during the operation.
+ */
+ private InputStream getInputStreamFromURL(String s) throws IOException
+ {
+ InputStream result = null;
+ try
+ {
+ URL url = new URL(s);
+ result = url.openStream();
+ }
+ catch (MalformedURLException x)
+ {
+ debug(" WARN: Failed opening as URL: " + s + ". Will try as File");
+ result = new FileInputStream(s);
+ }
+ return result;
+ }
+
+ /**
+ * Attempts to locate and parse a JAAS Login Configuration file defined as the
+ * value of the System property <i>java.security.auth.login.config</i>.
+ *
+ * @return <code>true</code> if it succeeds, and <code>false</code>
+ * otherwsie.
+ */
+ private boolean processSystemProperty()
+ {
+ boolean result = false;
+ try
+ {
+ String s = System.getProperty("java.security.auth.login.config");
+ if (s != null)
+ {
+ s = s.trim();
+ if (s.length() != 0)
+ {
+ debug(" INFO: java.security.auth.login.config = " + s);
+ parseConfig(getInputStreamFromURL(s));
+ result = true;
+ }
+ }
+ }
+ catch (Throwable t)
+ {
+ debug(" WARN: Exception while handling System property. Continue: " + t);
+ }
+ return result;
+ }
+
+ /**
+ * Attempts to locate and parse a JAAS Login Configuration file named either
+ * as <i>.java.login.config</i> or <i>java.login.config</i> (without the
+ * leading dot) in the folder referenced by the System property
+ * <code>user.home</code>.
+ *
+ * @return <code>true</code> if it succeeds, and <code>false</code>
+ * otherwsie.
+ */
+ private boolean processUserHome()
+ {
+ boolean result = false;
+ try
+ {
+ File userHome = getUserHome();
+ if (userHome == null)
+ return result;
+
+ File jaasFile;
+ jaasFile = getConfigFromUserHome(userHome, ".java.login.config");
+ if (jaasFile == null)
+ jaasFile = getConfigFromUserHome(userHome, "java.login.config");
+
+ if (jaasFile == null)
+ {
+ debug(" INFO: Login Configuration file, in " + userHome
+ + ", does not exist or is inaccessible");
+ return result;
+ }
+
+ FileInputStream fis = new FileInputStream(jaasFile);
+ parseConfig(fis);
+ result = true;
+ }
+ catch (Throwable t)
+ {
+ debug(" WARN: Exception while handling ${user.home}: " + t);
+ }
+ return result;
+ }
+
+ private void parseConfig(InputStream configStream) throws IOException
+ {
+ cp.parse(new InputStreamReader(configStream, "UTF-8"));
+ Map loginModulesMap = cp.getLoginModulesMap();
+ mergeLoginModules(loginModulesMap);
+ }
+
+ private void mergeLoginModules(Map otherLoginModules)
+ {
+ if (otherLoginModules == null || otherLoginModules.size() < 1)
+ return;
+
+ for (Iterator it = otherLoginModules.keySet().iterator(); it.hasNext();)
+ {
+ String appName = (String) it.next();
+ List thatListOfACEs = (List) otherLoginModules.get(appName);
+ if (thatListOfACEs == null || thatListOfACEs.size() < 1)
+ continue;
+
+ List thisListsOfACEs = (List) loginModulesMap.get(appName);
+ if (thisListsOfACEs == null)
+ loginModulesMap.put(appName, thatListOfACEs);
+ else
+ thisListsOfACEs.addAll(thatListOfACEs);
+ }
+ }
+
+ private File getUserHome()
+ {
+ String uh = System.getProperty("user.home");
+ if (uh == null || uh.trim().length() == 0)
+ {
+ debug(" INFO: User home path is not set or is empty");
+ return null;
+ }
+
+ uh = uh.trim();
+ File result = new File(uh);
+ if (!result.exists())
+ {
+ debug("ERROR: User home '" + uh + "' does not exist");
+ return null;
+ }
+
+ if (!result.isDirectory())
+ {
+ debug("ERROR: User home '" + uh + "' is not a directory");
+ return null;
+ }
+
+ if (!result.canRead())
+ {
+ debug("ERROR: User home '" + uh + "' is not readable");
+ return null;
+ }
+
+ return result;
+ }
+
+ private File getConfigFromUserHome(File userHome, String fileName)
+ {
+ File result = new File(userHome, fileName);
+ if (!result.exists())
+ {
+ debug(" WARN: File '" + fileName + "' does not exist in user's home");
+ return null;
+ }
+
+ if (!result.isFile())
+ {
+ debug("ERROR: File '" + fileName + "' in user's home is not a file");
+ return null;
+ }
+
+ if (!result.canRead())
+ {
+ debug("ERROR: File '" + fileName + "' in user's home is not readable");
+ return null;
+ }
+
+ return result;
+ }
+}
Index: ConfigFileTokenizer.java
===================================================================
RCS file: ConfigFileTokenizer.java
diff -N ConfigFileTokenizer.java
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ ConfigFileTokenizer.java 14 Jan 2006 20:02:25 -0000
@@ -0,0 +1,243 @@
+/* ConfigFileTokenizer.java -- JAAS Login Configuration default syntax tokenizer
+ Copyright (C) 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.javax.security.auth.login;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.Reader;
+
+/**
+ * A UTF-8 friendly, JAAS Login Module Configuration file tokenizer written in
+ * the deault syntax. This class emulates, to a certain extent, the behavior of
+ * a [EMAIL PROTECTED] java.io.SrteamTokenizer} instance <code>st</code>, when set as
+ * follows:
+ *
+ * <pre>
+ * st.resetSyntax();
+ * st.lowerCaseMode(false);
+ * st.slashSlashComments(true);
+ * st.slashStarComments(true);
+ * st.eolIsSignificant(false);
+ * st.wordChars('_', '_');
+ * st.wordChars('$', '$');
+ * st.wordChars('A', 'Z');
+ * st.wordChars('a', 'z');
+ * st.wordChars('0', '9');
+ * st.wordChars('.', '.');
+ * st.whitespaceChars(' ', ' ');
+ * st.whitespaceChars('\t', '\t');
+ * st.whitespaceChars('\f', '\f');
+ * st.whitespaceChars('\r', '\r');
+ * st.whitespaceChars('\n', '\n');
+ * st.quoteChar('"');
+ * st.quoteChar('\'');
+ * </pre>
+ *
+ * <p>The most important (negative) difference with a
+ * [EMAIL PROTECTED] java.io.StreamTokenizer} is that this tokenizer does not properly
+ * handle C++ and Java // style comments in the middle of the line. It only
+ * ignores them if/when found at the start of the line.</p>
+ */
+public class ConfigFileTokenizer
+{
+ // Constants and fields
+ // --------------------------------------------------------------------------
+
+ private static final boolean DEBUG = false;
+ private static final void debug(String s) {if (DEBUG) System.out.println(s);};
+
+ /** A constant indicating that the end of the stream has been read. */
+ public static final int TT_EOF = -1;
+ /** A constant indicating that a word token has been read. */
+ public static final int TT_WORD = -3;
+ /** A constant indicating that no tokens have been read yet. */
+ private static final int TT_NONE = -4;
+
+ public String sval;
+ public int ttype;
+
+ private BufferedReader br;
+ boolean initialised;
+ private StringBuffer sb;
+ private int sbNdx;
+
+ // Constructor(s)
+ // --------------------------------------------------------------------------
+
+ /** Trivial constructor. */
+ ConfigFileTokenizer(Reader r)
+ {
+ super();
+
+ br = r instanceof BufferedReader ? (BufferedReader) r : new BufferedReader(r);
+ initialised = false;
+ }
+
+ // Class methods
+ // --------------------------------------------------------------------------
+
+ // Instance methods
+ // --------------------------------------------------------------------------
+
+ public int nextToken() throws IOException
+ {
+ if (!initialised)
+ init();
+
+ if (sbNdx >= sb.length())
+ return TT_EOF;
+
+ skipWhitespace();
+
+ if (sbNdx >= sb.length())
+ return TT_EOF;
+
+ int endNdx;
+ if (Character.isJavaIdentifierPart(sb.charAt(sbNdx)))
+ {
+ endNdx = sbNdx + 1;
+ while (Character.isJavaIdentifierPart(sb.charAt(endNdx))
+ || sb.charAt(endNdx) == '.')
+ endNdx++;
+
+ ttype = TT_WORD;
+ sval = sb.substring(sbNdx, endNdx);
+ sbNdx = endNdx;
+ return ttype;
+ }
+
+ int c = sb.charAt(sbNdx);
+ if (c == '{' || c == '}' || c == ';' || c == '=')
+ {
+ ttype = c;
+ sbNdx++;
+ return ttype;
+ }
+
+ if (c == '"' || c == '\'')
+ {
+ ttype = c;
+ String quote = sb.substring(sbNdx, sbNdx + 1);
+ int i = sbNdx + 1;
+ while (true)
+ {
+ // find a candidate
+ endNdx = sb.indexOf(quote, i);
+ if (endNdx == -1)
+ abort("Missing closing quote: " + quote);
+
+ // found one; is it escaped?
+ if (sb.charAt(endNdx - 1) != '\\')
+ break;
+
+ i++;
+ continue;
+ }
+
+ endNdx++;
+ sval = sb.substring(sbNdx, endNdx);
+ sbNdx = endNdx;
+ return ttype;
+ }
+
+ abort("Unknown character: " + sb.charAt(sbNdx));
+ return Integer.MIN_VALUE;
+ }
+
+ public void pushBack()
+ {
+ sbNdx -= ttype != TT_WORD ? 1 : sval.length();
+ }
+
+ private void init() throws IOException
+ {
+ sb = new StringBuffer();
+ String line;
+ while ((line = br.readLine()) != null)
+ {
+ line = line.trim();
+ if (line.length() == 0)
+ continue;
+
+ if (line.startsWith("#") || line.startsWith("//"))
+ continue;
+
+ sb.append(line).append(" ");
+ }
+
+ sbNdx = 0;
+ sval = null;
+ ttype = TT_NONE;
+
+ initialised = true;
+ }
+
+ private void skipWhitespace() throws IOException
+ {
+ int endNdx;
+ while (sbNdx < sb.length())
+ if (Character.isWhitespace(sb.charAt(sbNdx)))
+ {
+ sbNdx++;
+ while (sbNdx < sb.length() && Character.isWhitespace(sb.charAt(sbNdx)))
+ sbNdx++;
+
+ continue;
+ }
+ else if (sb.charAt(sbNdx) == '/' && sb.charAt(sbNdx + 1) == '*')
+ {
+ endNdx = sb.indexOf("*/", sbNdx + 2);
+ if (endNdx == -1)
+ abort("Missing closing */ sequence");
+
+ sbNdx = endNdx + 2;
+ continue;
+ }
+ else
+ break;
+ }
+
+ private void abort(String m) throws IOException
+ {
+ debug("ERROR: " + m);
+ debug("DEBUG: sb: " + sb);
+ debug("DEBUG: sbNdx: " + sbNdx);
+ throw new IOException(m);
+ }
+}
pgpPVYlSklIiv.pgp
Description: PGP signature
_______________________________________________ Classpath-patches mailing list Classpath-patches@gnu.org http://lists.gnu.org/mailman/listinfo/classpath-patches
