Author: markt Date: Wed Jun 17 09:01:11 2015 New Revision: 1685954 URL: http://svn.apache.org/r1685954 Log: Fix issues with previous patch to remove use of ThreadLocal
Modified: tomcat/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicCallbackHandler.java tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/LocalStrings.properties tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/PrincipalGroupCallback.java Modified: tomcat/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties?rev=1685954&r1=1685953&r2=1685954&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties (original) +++ tomcat/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties Wed Jun 17 09:01:11 2015 @@ -26,7 +26,6 @@ authenticator.noAuthHeader=No authorizat authenticator.notContext=Configuration error: Must be attached to a Context authenticator.requestBodyTooBig=The request body was too large to be cached during the authentication process authenticator.sessionExpired=The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser -authenticator.unauthorized=Cannot authenticate with the provided credentials digestAuthenticator.cacheRemove=A valid entry has been removed from client nonce cache to make room for new entries. A replay attack is now possible. To prevent the possibility of replay attacks, reduce nonceValidity or increase cnonceCacheSize. Further warnings of this type will be suppressed for 5 minutes. Modified: tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java?rev=1685954&r1=1685953&r2=1685954&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java (original) +++ tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java Wed Jun 17 09:01:11 2015 @@ -38,9 +38,7 @@ import org.apache.juli.logging.Log; import org.apache.juli.logging.LogFactory; /** - * Security valve which implements JASPIC authentication - * @author Fjodor Vershinin - * + * Security valve which implements JASPIC authentication. */ public class JaspicAuthenticator extends AuthenticatorBase { @@ -54,12 +52,14 @@ public class JaspicAuthenticator extends @SuppressWarnings("rawtypes") private Map authProperties = null; + @Override protected synchronized void startInternal() throws LifecycleException { super.startInternal(); serviceSubject = new Subject(); } + @Override public boolean authenticate(Request request, HttpServletResponse response) throws IOException { MessageInfo messageInfo = new MessageInfoImpl(request, response, true); @@ -98,31 +98,38 @@ public class JaspicAuthenticator extends return false; } + @Override public void login(String userName, String password, Request request) throws ServletException { throw new IllegalStateException("not implemented yet!"); } + @Override public void logout(Request request) { throw new IllegalStateException("not implemented yet!"); } + private void handleUnauthorizedRequest(HttpServletResponse response, AuthException e) throws IOException { - log.error(sm.getString("authenticator.unauthorized"), e); - response.sendError(HttpServletResponse.SC_UNAUTHORIZED, - sm.getString("authenticator.unauthorized")); + response.sendError(HttpServletResponse.SC_UNAUTHORIZED); + if (log.isDebugEnabled()) { + log.debug(sm.getString("authenticator.jaspic.unauthorized"), e); + } } + private String getAppContextId(Request request) { return request.getServletContext().getVirtualServerName() + " " + request.getContextPath(); } + private JaspicCallbackHandler getJaspicCallbackHandler() { return new JaspicCallbackHandler(container.getRealm()); } + @Override protected String getAuthMethod() { return AUTH_TYPE; Modified: tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicCallbackHandler.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicCallbackHandler.java?rev=1685954&r1=1685953&r2=1685954&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicCallbackHandler.java (original) +++ tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicCallbackHandler.java Wed Jun 17 09:01:11 2015 @@ -32,9 +32,7 @@ import org.apache.catalina.realm.Generic import org.apache.tomcat.util.res.StringManager; /** - * Callback handler which converts callbacks to realm - * @author Fjodor Vershinin - * + * Callback handler which converts callbacks to realm. */ public class JaspicCallbackHandler implements CallbackHandler { protected static final StringManager sm = StringManager.getManager(JaspicCallbackHandler.class); @@ -43,10 +41,12 @@ public class JaspicCallbackHandler imple private PrincipalGroupCallback principalGroupCallback = new PrincipalGroupCallback(); + public JaspicCallbackHandler(Realm realm) { this.realm = realm; } + @Override public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { if (callbacks == null) { @@ -57,12 +57,13 @@ public class JaspicCallbackHandler imple } } + public GenericPrincipal getPrincipal() { return principalGroupCallback.getPrincipal(); } - private void handleCallback(Callback callback) { + private void handleCallback(Callback callback) { if (callback instanceof CallerPrincipalCallback) { principalGroupCallback.setCallerPrincipalCallback((CallerPrincipalCallback) callback); } else if (callback instanceof GroupPrincipalCallback) { @@ -75,6 +76,7 @@ public class JaspicCallbackHandler imple } } + private void handlePasswordValidationCallback( PasswordValidationCallback passwordValidationCallback) { Subject subject = passwordValidationCallback.getSubject(); Modified: tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/LocalStrings.properties URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/LocalStrings.properties?rev=1685954&r1=1685953&r2=1685954&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/LocalStrings.properties (original) +++ tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/LocalStrings.properties Wed Jun 17 09:01:11 2015 @@ -13,4 +13,5 @@ # See the License for the specific language governing permissions and # limitations under the License. +authenticator.jaspic.unauthorized=Cannot authenticate with the provided credentials authenticator.jaspic.unknownCallback=Unknown JASPIC callback: [{0}] Modified: tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/PrincipalGroupCallback.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/PrincipalGroupCallback.java?rev=1685954&r1=1685953&r2=1685954&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/PrincipalGroupCallback.java (original) +++ tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/PrincipalGroupCallback.java Wed Jun 17 09:01:11 2015 @@ -28,22 +28,23 @@ import org.apache.catalina.realm.Generic /** * This class merges two principal callbacks into one tomcat's - * {@link GenericPrincipal} - * @author Fjodor Vershinin - * + * {@link GenericPrincipal}. */ public class PrincipalGroupCallback { private CallerPrincipalCallback callerPrincipalCallback; private GroupPrincipalCallback groupPrincipalCallback; + public void setCallerPrincipalCallback(CallerPrincipalCallback callerPrincipalCallback) { this.callerPrincipalCallback = callerPrincipalCallback; } + public void setCallerPrincipalCallback(GroupPrincipalCallback groupPrincipalCallback) { this.groupPrincipalCallback = groupPrincipalCallback; } + /** * Get tomcat's principal, which contains user principal and roles * @return {@link GenericPrincipal} @@ -56,6 +57,7 @@ public class PrincipalGroupCallback { return new GenericPrincipal(getUserName(), null, getRoles(), userPrincipal); } + private Principal getUserPrincipal() { if (callerPrincipalCallback == null) { return null; @@ -63,6 +65,7 @@ public class PrincipalGroupCallback { return callerPrincipalCallback.getPrincipal(); } + private List<String> getRoles() { if (groupPrincipalCallback == null) { return Collections.emptyList(); @@ -70,6 +73,7 @@ public class PrincipalGroupCallback { return Arrays.asList(groupPrincipalCallback.getGroups()); } + private String getUserName() { String name = null; if (callerPrincipalCallback != null) { @@ -81,6 +85,7 @@ public class PrincipalGroupCallback { return getUserPrincipalName(); } + private String getUserPrincipalName() { Principal principal = getUserPrincipal(); if (principal == null) { --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org