Author: bblfish
Date: Tue May 10 21:15:30 2011
New Revision: 1101645
URL: http://svn.apache.org/viewvc?rev=1101645&view=rev
Log:
CLEREZZA-479: fixes the login problem where a user with an empty graph can log
in.
Modified:
incubator/clerezza/trunk/parent/platform.security.auth.basic/src/main/java/org/apache/clerezza/platform/security/auth/basic/BasicAuthentication.java
incubator/clerezza/trunk/parent/platform.security.auth.cookie/src/main/java/org/apache/clerezza/platform/security/auth/cookie/CookieAuthentication.java
incubator/clerezza/trunk/parent/platform.security.foafssl/core/src/main/scala/org/apache/clerezza/foafssl/auth/FoafSslAuthentication.scala
incubator/clerezza/trunk/parent/platform.security/src/main/java/org/apache/clerezza/platform/security/UserUtil.java
incubator/clerezza/trunk/parent/platform.security/src/main/java/org/apache/clerezza/platform/security/auth/AuthenticatingFilter.java
incubator/clerezza/trunk/parent/platform.security/src/main/java/org/apache/clerezza/platform/security/auth/AuthenticationMethod.java
Modified:
incubator/clerezza/trunk/parent/platform.security.auth.basic/src/main/java/org/apache/clerezza/platform/security/auth/basic/BasicAuthentication.java
URL:
http://svn.apache.org/viewvc/incubator/clerezza/trunk/parent/platform.security.auth.basic/src/main/java/org/apache/clerezza/platform/security/auth/basic/BasicAuthentication.java?rev=1101645&r1=1101644&r2=1101645&view=diff
==============================================================================
---
incubator/clerezza/trunk/parent/platform.security.auth.basic/src/main/java/org/apache/clerezza/platform/security/auth/basic/BasicAuthentication.java
(original)
+++
incubator/clerezza/trunk/parent/platform.security.auth.basic/src/main/java/org/apache/clerezza/platform/security/auth/basic/BasicAuthentication.java
Tue May 10 21:15:30 2011
@@ -65,7 +65,7 @@ public class BasicAuthentication impleme
}
@Override
- public Subject authenticate(Request request) throws LoginException,
HandlerException {
+ public boolean authenticate(Request request, Subject subject) throws
LoginException, HandlerException {
String[] authorizationValues =
request.getHeaderValues(HeaderName.AUTHORIZATION);
if (authorizationValues != null && authorizationValues.length >
0) {
String authorization = authorizationValues[0];
@@ -80,12 +80,9 @@ public class BasicAuthentication impleme
}
try {
if
(authenticationService.authenticateUser(userName, password)) {
- Subject subj =
UserUtil.getCurrentSubject(); //arguably getCurrentSubject should always
return a subject
- if (subj == null) {
- subj = new Subject();
- }
- subj.getPrincipals().add(new
PrincipalImpl(userName));
- return subj;
+
subject.getPrincipals().remove(UserUtil.ANONYMOUS);
+ subject.getPrincipals().add(new
PrincipalImpl(userName));
+ return true;
} else {
throw new
LoginException(LoginException.PASSWORD_NOT_MATCHING);
}
@@ -93,7 +90,7 @@ public class BasicAuthentication impleme
throw new
LoginException(LoginException.USER_NOT_EXISTING);
}
} else {
- return null;
+ return false;
}
}
Modified:
incubator/clerezza/trunk/parent/platform.security.auth.cookie/src/main/java/org/apache/clerezza/platform/security/auth/cookie/CookieAuthentication.java
URL:
http://svn.apache.org/viewvc/incubator/clerezza/trunk/parent/platform.security.auth.cookie/src/main/java/org/apache/clerezza/platform/security/auth/cookie/CookieAuthentication.java?rev=1101645&r1=1101644&r2=1101645&view=diff
==============================================================================
---
incubator/clerezza/trunk/parent/platform.security.auth.cookie/src/main/java/org/apache/clerezza/platform/security/auth/cookie/CookieAuthentication.java
(original)
+++
incubator/clerezza/trunk/parent/platform.security.auth.cookie/src/main/java/org/apache/clerezza/platform/security/auth/cookie/CookieAuthentication.java
Tue May 10 21:15:30 2011
@@ -70,13 +70,13 @@ public class CookieAuthentication implem
}
@Override
- public Subject authenticate(Request request) throws LoginException,
HandlerException {
+ public boolean authenticate(Request request, Subject subject) throws
LoginException, HandlerException {
String[] cookieValues =
request.getHeaderValues(HeaderName.COOKIE);
if (cookieValues != null && cookieValues.length > 0) {
Map<String, Cookie> cookies =
parseCookies(cookieValues[0]);
Cookie authCookie =
cookies.get(CookieLogin.AUTH_COOKIE_NAME);
if (authCookie == null) {
- return null;
+ return false;
}
String authBase64 = authCookie.getValue();
@@ -90,12 +90,9 @@ public class CookieAuthentication implem
}
try {
if
(authenticationService.authenticateUser(userName, password)){
- Subject subj =
UserUtil.getCurrentSubject(); //arguably getCurrentSubject should always
return a subject
- if (subj == null) {
- subj = new Subject();
- }
- subj.getPrincipals().add(new
PrincipalImpl(userName));
- return subj;
+
subject.getPrincipals().remove(UserUtil.ANONYMOUS);
+ subject.getPrincipals().add(new
PrincipalImpl(userName));
+ return true;
} else {
throw new
LoginException(LoginException.PASSWORD_NOT_MATCHING);
}
@@ -103,7 +100,7 @@ public class CookieAuthentication implem
throw new
LoginException(LoginException.USER_NOT_EXISTING);
}
} else {
- return null;
+ return false;
}
}
Modified:
incubator/clerezza/trunk/parent/platform.security.foafssl/core/src/main/scala/org/apache/clerezza/foafssl/auth/FoafSslAuthentication.scala
URL:
http://svn.apache.org/viewvc/incubator/clerezza/trunk/parent/platform.security.foafssl/core/src/main/scala/org/apache/clerezza/foafssl/auth/FoafSslAuthentication.scala?rev=1101645&r1=1101644&r2=1101645&view=diff
==============================================================================
---
incubator/clerezza/trunk/parent/platform.security.foafssl/core/src/main/scala/org/apache/clerezza/foafssl/auth/FoafSslAuthentication.scala
(original)
+++
incubator/clerezza/trunk/parent/platform.security.foafssl/core/src/main/scala/org/apache/clerezza/foafssl/auth/FoafSslAuthentication.scala
Tue May 10 21:15:30 2011
@@ -63,10 +63,10 @@ class FoafSslAuthentication extends Weig
override
- def authenticate(request: Request): Subject = {
+ def authenticate(request: Request, subject: Subject): Boolean = {
val certificates = request.getCertificates()
if ((certificates == null) || (certificates.length == 0)) {
- return null
+ return false
}
val x509c = new X509Claim(certificates(0))
x509c.verify(this)
@@ -76,17 +76,15 @@ class FoafSslAuthentication extends Weig
addAgentToSystem(claim)
claim.principal
}
- var subj = UserUtil.getCurrentSubject(); //arguably
getCurrentSubject should always return a subject
- if (subj == null) {
- subj = new Subject()
- }
-
- subj.getPrincipals().addAll(verified)
- subj.getPublicCredentials.add(x509c)
-
- return subj;
-
+ subject.getPublicCredentials.add(x509c)
+ if (verified.size > 0) {
+ subject.getPrincipals().remove(UserUtil.ANONYMOUS)
+ subject.getPrincipals().addAll(verified)
+ return true
+ } else {
+ return false
+ }
}
def addAgentToSystem(id: WebIDClaim) {
Modified:
incubator/clerezza/trunk/parent/platform.security/src/main/java/org/apache/clerezza/platform/security/UserUtil.java
URL:
http://svn.apache.org/viewvc/incubator/clerezza/trunk/parent/platform.security/src/main/java/org/apache/clerezza/platform/security/UserUtil.java?rev=1101645&r1=1101644&r2=1101645&view=diff
==============================================================================
---
incubator/clerezza/trunk/parent/platform.security/src/main/java/org/apache/clerezza/platform/security/UserUtil.java
(original)
+++
incubator/clerezza/trunk/parent/platform.security/src/main/java/org/apache/clerezza/platform/security/UserUtil.java
Tue May 10 21:15:30 2011
@@ -105,6 +105,7 @@ public class UserUtil {
return subject;
}
+ public static final Principal ANONYMOUS = new
PrincipalImpl("anonymous");
public static Subject createSubject(String userName) {
return new Subject(true,
Modified:
incubator/clerezza/trunk/parent/platform.security/src/main/java/org/apache/clerezza/platform/security/auth/AuthenticatingFilter.java
URL:
http://svn.apache.org/viewvc/incubator/clerezza/trunk/parent/platform.security/src/main/java/org/apache/clerezza/platform/security/auth/AuthenticatingFilter.java?rev=1101645&r1=1101644&r2=1101645&view=diff
==============================================================================
---
incubator/clerezza/trunk/parent/platform.security/src/main/java/org/apache/clerezza/platform/security/auth/AuthenticatingFilter.java
(original)
+++
incubator/clerezza/trunk/parent/platform.security/src/main/java/org/apache/clerezza/platform/security/auth/AuthenticatingFilter.java
Tue May 10 21:15:30 2011
@@ -18,13 +18,11 @@
*/
package org.apache.clerezza.platform.security.auth;
+import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
-import java.util.Comparator;
-import java.util.Iterator;
-import java.util.SortedSet;
-import java.util.TreeSet;
+import java.util.*;
import javax.security.auth.Subject;
import org.apache.clerezza.platform.security.UserUtil;
import org.apache.felix.scr.annotations.Component;
@@ -57,19 +55,17 @@ public class AuthenticatingFilter implem
private final Logger logger =
LoggerFactory.getLogger(AuthenticatingFilter.class);
private SortedSet<WeightedAuthenticationMethod> methodList =
new TreeSet<WeightedAuthenticationMethod>(new
WeightedAuthMethodComparator());
- public static final Subject ANONYMOUS_SUBJECT =
UserUtil.createSubject("anonymous");
@Override
public void handle(final Request request, final Response response,
final Handler wrapped) throws HandlerException {
- Subject subject = null;
+ final Subject subject = getSubject();
AuthenticationMethod authenticationMethod = null;
try {
for (Iterator<WeightedAuthenticationMethod> it =
methodList.iterator(); it.hasNext();) {
authenticationMethod = it.next();
- subject =
authenticationMethod.authenticate(request);
- if (subject != null) {
+ if
(authenticationMethod.authenticate(request,subject)) {
break;
}
}
@@ -80,8 +76,9 @@ public class AuthenticatingFilter implem
return;
}
- if (subject == null) {
- subject = ANONYMOUS_SUBJECT;
+ Set<Principal> principals = subject.getPrincipals();
+ if (principals.size() == 0) {
+ principals.add(UserUtil.ANONYMOUS);
}
try {
Subject.doAsPrivileged(subject, new
PrivilegedExceptionAction() {
@@ -108,6 +105,14 @@ public class AuthenticatingFilter implem
}
}
+ private Subject getSubject() {
+ Subject subject = UserUtil.getCurrentSubject();
+ if (subject== null) {
+ subject = new Subject();
+ }
+ return subject;
+ }
+
/**
* Registers a <code>WeightedAuthenticationMethod</code>
*
Modified:
incubator/clerezza/trunk/parent/platform.security/src/main/java/org/apache/clerezza/platform/security/auth/AuthenticationMethod.java
URL:
http://svn.apache.org/viewvc/incubator/clerezza/trunk/parent/platform.security/src/main/java/org/apache/clerezza/platform/security/auth/AuthenticationMethod.java?rev=1101645&r1=1101644&r2=1101645&view=diff
==============================================================================
---
incubator/clerezza/trunk/parent/platform.security/src/main/java/org/apache/clerezza/platform/security/auth/AuthenticationMethod.java
(original)
+++
incubator/clerezza/trunk/parent/platform.security/src/main/java/org/apache/clerezza/platform/security/auth/AuthenticationMethod.java
Tue May 10 21:15:30 2011
@@ -38,12 +38,13 @@ public interface AuthenticationMethod {
* <code>LoginException</code> will be thrown. If no authentication
* information are available null is returned.
* @param request containing the information to authenticate a subject
- * @return Subject if this method authenticated, or null if not
+ * @param subject to add authentication information to
+ * @return true if this method did authenticate, false otherwise
* @throws LoginException This exception is thrown in case
* the login procedure failed.
* @throws HandlerException
*/
- public Subject authenticate(Request request)
+ public boolean authenticate(Request request, Subject subject)
throws LoginException, HandlerException;
/**
