Author: markt Date: Tue Jun 23 09:26:15 2015 New Revision: 1687004 URL: http://svn.apache.org/r1687004 Log: Change JASPIC callback handler to be a singleton Implemented JAAS subject support Patch by fjodorver
Modified: tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicCallbackHandler.java tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/PrincipalGroupCallback.java tomcat/trunk/test/org/apache/catalina/authenticator/jaspic/TestJaspicCallbackHandler.java tomcat/trunk/test/org/apache/catalina/authenticator/jaspic/TestPrincipalGroupCallback.java Modified: tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java?rev=1687004&r1=1687003&r2=1687004&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java (original) +++ tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java Tue Jun 23 09:26:15 2015 @@ -17,8 +17,8 @@ package org.apache.catalina.authenticator.jaspic; import java.io.IOException; -import java.security.Principal; import java.util.Map; +import java.util.Set; import javax.security.auth.Subject; import javax.security.auth.message.AuthException; @@ -34,6 +34,7 @@ import javax.servlet.http.HttpServletRes import org.apache.catalina.LifecycleException; import org.apache.catalina.authenticator.AuthenticatorBase; import org.apache.catalina.connector.Request; +import org.apache.catalina.realm.GenericPrincipal; import org.apache.juli.logging.Log; import org.apache.juli.logging.LogFactory; @@ -52,18 +53,19 @@ public class JaspicAuthenticator extends @SuppressWarnings("rawtypes") private Map authProperties = null; + private JaspicCallbackHandler callbackHandler; @Override protected synchronized void startInternal() throws LifecycleException { super.startInternal(); serviceSubject = new Subject(); + callbackHandler = getJaspicCallbackHandler(); } @Override public boolean authenticate(Request request, HttpServletResponse response) throws IOException { MessageInfo messageInfo = new MessageInfoImpl(request, response, true); - JaspicCallbackHandler callbackHandler = getJaspicCallbackHandler(); AuthConfigFactory factory = AuthConfigFactory.getFactory(); String appContext = getAppContextId(request); @@ -76,20 +78,21 @@ public class JaspicAuthenticator extends } AuthStatus authStatus; + Subject subject = new Subject(); try { ServerAuthConfig authConfig = configProvider.getServerAuthConfig(MESSAGE_LAYER, appContext, callbackHandler); String messageAuthContextId = authConfig.getAuthContextID(messageInfo); ServerAuthContext authContext = authConfig.getAuthContext(messageAuthContextId, serviceSubject, authProperties); - authStatus = authContext.validateRequest(messageInfo, new Subject(), serviceSubject); + authStatus = authContext.validateRequest(messageInfo, subject, serviceSubject); } catch (AuthException e) { handleUnauthorizedRequest(response, e); return false; } if (authStatus == AuthStatus.SUCCESS) { - Principal principal = callbackHandler.getPrincipal(); + GenericPrincipal principal = getPrincipal(subject); if (principal != null) { register(request, response, principal, AUTH_TYPE, null, null); } @@ -99,6 +102,20 @@ public class JaspicAuthenticator extends } + private GenericPrincipal getPrincipal(Subject subject) { + if (subject == null) { + return null; + } + + Set<GenericPrincipal> principals = subject.getPrivateCredentials(GenericPrincipal.class); + if (principals.isEmpty()) { + return null; + } + + return principals.iterator().next(); + } + + @Override public void login(String userName, String password, Request request) throws ServletException { throw new IllegalStateException("not implemented yet!"); Modified: tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicCallbackHandler.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicCallbackHandler.java?rev=1687004&r1=1687003&r2=1687004&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicCallbackHandler.java (original) +++ tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicCallbackHandler.java Tue Jun 23 09:26:15 2015 @@ -28,7 +28,6 @@ import javax.security.auth.message.callb import javax.security.auth.message.callback.PasswordValidationCallback; import org.apache.catalina.Realm; -import org.apache.catalina.realm.GenericPrincipal; import org.apache.tomcat.util.res.StringManager; /** @@ -39,8 +38,6 @@ public class JaspicCallbackHandler imple private Realm realm; - private PrincipalGroupCallback principalGroupCallback = new PrincipalGroupCallback(); - public JaspicCallbackHandler(Realm realm) { this.realm = realm; @@ -52,22 +49,19 @@ public class JaspicCallbackHandler imple if (callbacks == null) { return; } + PrincipalGroupCallback principalGroupCallback = new PrincipalGroupCallback(); for (Callback callback : callbacks) { - handleCallback(callback); + handleCallback(callback, principalGroupCallback); } + principalGroupCallback.configureSubject(); } - public GenericPrincipal getPrincipal() { - return principalGroupCallback.getPrincipal(); - } - - - private void handleCallback(Callback callback) { + private void handleCallback(Callback callback, PrincipalGroupCallback principalGroupCallback) { if (callback instanceof CallerPrincipalCallback) { principalGroupCallback.setCallerPrincipalCallback((CallerPrincipalCallback) callback); } else if (callback instanceof GroupPrincipalCallback) { - principalGroupCallback.setCallerPrincipalCallback((GroupPrincipalCallback) callback); + principalGroupCallback.setGroupPrincipalCallback((GroupPrincipalCallback) callback); } else if (callback instanceof PasswordValidationCallback) { handlePasswordValidationCallback((PasswordValidationCallback) callback); } else { Modified: tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/PrincipalGroupCallback.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/PrincipalGroupCallback.java?rev=1687004&r1=1687003&r2=1687004&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/PrincipalGroupCallback.java (original) +++ tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/PrincipalGroupCallback.java Tue Jun 23 09:26:15 2015 @@ -21,6 +21,7 @@ import java.util.Arrays; import java.util.Collections; import java.util.List; +import javax.security.auth.Subject; import javax.security.auth.message.callback.CallerPrincipalCallback; import javax.security.auth.message.callback.GroupPrincipalCallback; @@ -39,11 +40,30 @@ public class PrincipalGroupCallback { this.callerPrincipalCallback = callerPrincipalCallback; } - - public void setCallerPrincipalCallback(GroupPrincipalCallback groupPrincipalCallback) { + public void setGroupPrincipalCallback(GroupPrincipalCallback groupPrincipalCallback) { this.groupPrincipalCallback = groupPrincipalCallback; } + public void configureSubject() { + GenericPrincipal principal = getPrincipal(); + if (principal == null) { + return; + } + Subject subject = getSubject(); + if (subject != null) { + subject.getPrivateCredentials().add(principal); + } + } + + private Subject getSubject() { + if (callerPrincipalCallback != null) { + return callerPrincipalCallback.getSubject(); + } + if (groupPrincipalCallback != null) { + return callerPrincipalCallback.getSubject(); + } + return null; + } /** * Get tomcat's principal, which contains user principal and roles Modified: tomcat/trunk/test/org/apache/catalina/authenticator/jaspic/TestJaspicCallbackHandler.java URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/authenticator/jaspic/TestJaspicCallbackHandler.java?rev=1687004&r1=1687003&r2=1687004&view=diff ============================================================================== --- tomcat/trunk/test/org/apache/catalina/authenticator/jaspic/TestJaspicCallbackHandler.java (original) +++ tomcat/trunk/test/org/apache/catalina/authenticator/jaspic/TestJaspicCallbackHandler.java Tue Jun 23 09:26:15 2015 @@ -16,6 +16,8 @@ */ package org.apache.catalina.authenticator.jaspic; +import java.util.Set; + import javax.security.auth.Subject; import javax.security.auth.callback.Callback; import javax.security.auth.message.callback.CallerPrincipalCallback; @@ -39,17 +41,20 @@ public class TestJaspicCallbackHandler { @Test public void shouldConvertCallbackToTomcatPrincipal() throws Exception { // given - CallerPrincipalCallback callerCallback = new CallerPrincipalCallback(new Subject(), USER); + Subject subject = new Subject(); + CallerPrincipalCallback callerCallback = new CallerPrincipalCallback(subject, USER); String[] groups = new String[] { "group" }; - GroupPrincipalCallback groupCallback = new GroupPrincipalCallback(new Subject(), groups); + GroupPrincipalCallback groupCallback = new GroupPrincipalCallback(subject, groups); Callback[] callbacks = new Callback[] { callerCallback, groupCallback }; // when jaspicCallbackHandler.handle(callbacks); - GenericPrincipal principal = jaspicCallbackHandler.getPrincipal(); // then + Set<GenericPrincipal> principals = callerCallback.getSubject().getPrivateCredentials( + GenericPrincipal.class); + GenericPrincipal principal = principals.iterator().next(); assertEquals(USER, principal.getName()); assertArrayEquals(groups, principal.getRoles()); } Modified: tomcat/trunk/test/org/apache/catalina/authenticator/jaspic/TestPrincipalGroupCallback.java URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/authenticator/jaspic/TestPrincipalGroupCallback.java?rev=1687004&r1=1687003&r2=1687004&view=diff ============================================================================== --- tomcat/trunk/test/org/apache/catalina/authenticator/jaspic/TestPrincipalGroupCallback.java (original) +++ tomcat/trunk/test/org/apache/catalina/authenticator/jaspic/TestPrincipalGroupCallback.java Tue Jun 23 09:26:15 2015 @@ -78,7 +78,7 @@ public class TestPrincipalGroupCallback String[] groups = new String[] { "group1" }; GroupPrincipalCallback groupCallback = new GroupPrincipalCallback(subject, groups); - principalGroupCallback.setCallerPrincipalCallback(groupCallback); + principalGroupCallback.setGroupPrincipalCallback(groupCallback); // when GenericPrincipal principal = principalGroupCallback.getPrincipal(); --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org