costin 00/12/27 17:15:39
Modified: src/facade22/org/apache/tomcat/facade ServletHandler.java
src/j2ee/org/apache/tomcat/j2ee J2EEInterceptor.java
TomcatJ2EEAdapter.java
src/share/org/apache/tomcat/core BaseInterceptor.java
ContextManager.java
src/share/org/apache/tomcat/request AccessInterceptor.java
Log:
Use Apache conventions for access interceptors ( need to do the same
for all hooks ). This is important because the whole 3.x design is based
on the same module structure, and it is confusing to use different return
codes. It'll also be important for module developers - and possible
use of "native" apache modules in tomcat authentication ( based on ajp13
evolution and support for more call types )
Revision Changes Path
1.11 +1 -1
jakarta-tomcat/src/facade22/org/apache/tomcat/facade/ServletHandler.java
Index: ServletHandler.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat/src/facade22/org/apache/tomcat/facade/ServletHandler.java,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- ServletHandler.java 2000/12/27 17:15:03 1.10
+++ ServletHandler.java 2000/12/28 01:15:37 1.11
@@ -85,7 +85,7 @@
* @author Harish Prabandham
* @author Costin Manolache
*/
-final class ServletHandler extends Handler {
+public final class ServletHandler extends Handler {
/**
* If init() fails or preInit() detects the handler is still
1.7 +16 -12
jakarta-tomcat/src/j2ee/org/apache/tomcat/j2ee/J2EEInterceptor.java
Index: J2EEInterceptor.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat/src/j2ee/org/apache/tomcat/j2ee/J2EEInterceptor.java,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- J2EEInterceptor.java 2000/12/27 07:21:12 1.6
+++ J2EEInterceptor.java 2000/12/28 01:15:37 1.7
@@ -50,6 +50,8 @@
private static final String HTTP_ERROR_LOG = "web.error.log";
private static final int BUFFER_SIZE = 1024;
+ int userNote;
+ int passwordNote;
// auth
private static int MAX_COUNT = 5;
private static int SLEEP_TIME = 5000; // milliseconds....
@@ -65,6 +67,11 @@
public void engineInit( ContextManager cm ) throws TomcatException {
super.engineInit(cm);
+ userNote=cm.getNoteId( ContextManager.REQUEST_NOTE,
+ "credentials.user");
+ passwordNote=cm.getNoteId( ContextManager.REQUEST_NOTE,
+ "credentials.password");
+
debug=10;
}
@@ -72,7 +79,7 @@
throws TomcatException
{
}
-
+
public int preService(Request request, Response response) {
Context ctx = request.getContext();
Handler sw=request.getHandler();
@@ -180,13 +187,9 @@
public int authenticate( Request req, Response res ) {
Context ctx=req.getContext();
- // Extract the credentials
- Hashtable cred=new Hashtable();
- SecurityTools.credentials( req, cred );
-
// This realm will use only username and password callbacks
- String user=(String)cred.get("username");
- String password=(String)cred.get("password");
+ String user=(String)req.getNote( userNote );
+ String password=(String)req.getNote( passwordNote );;
if( debug>0 ) log( "Try to auth " + user + " " + password);
if( user==null || password == null ) {
@@ -232,8 +235,8 @@
public int authorize( Request req, Response response, String roles[] )
{
- if( roles==null ) {
- return 0;
+ if( roles==null || roles.length==0 ) {
+ return OK;
}
Context ctx=req.getContext();
@@ -245,11 +248,12 @@
appName=wbd.getApplication().getName();
if( debug>0) log("appname=" + appName);
+ // call back the authenticate hooks
String user=req.getRemoteUser();
if( user==null ) {
// Need auth, but have no user/pass
if( debug>0) log("no username");
- return HttpServletResponse.SC_UNAUTHORIZED;
+ return DECLINED;
}
String userRoles[]=null;
@@ -267,7 +271,7 @@
if(isUserInRole(appName, mappedRole) ) {
if( debug>0 ) log("Role match " +
roles[i] + " " + mappedRole);
- return 0;
+ return OK;
}
if( debug>0 ) log("Role match failed " +
roles[i] + " " + mappedRole);
@@ -275,7 +279,7 @@
if( debug>0 ) log("UnAuthorized " +
role + " " + mappedRole);
- return HttpServletResponse.SC_UNAUTHORIZED;
+ return DECLINED;
// XXX check transport
}
1.3 +4 -4
jakarta-tomcat/src/j2ee/org/apache/tomcat/j2ee/TomcatJ2EEAdapter.java
Index: TomcatJ2EEAdapter.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat/src/j2ee/org/apache/tomcat/j2ee/TomcatJ2EEAdapter.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- TomcatJ2EEAdapter.java 2000/12/27 07:21:12 1.2
+++ TomcatJ2EEAdapter.java 2000/12/28 01:15:37 1.3
@@ -40,14 +40,14 @@
public void addApplicationAdapter( Object adapter ) {
try {
- server.addApplicationAdapter( adapter );
+ server.addApplicationAdapter( (BaseInterceptor)adapter );
} catch(TomcatException ex ) {
ex.printStackTrace();
}
}
public void setWorkDir( String dir ) {
- server.setWorkDir( dir );
+ cm.setWorkDir( dir );
}
public void addEndpoint( int port, InetAddress addr ,
@@ -75,7 +75,7 @@
public ServletContext addContext( String ctxPath, URL docRoot ) {
try {
- Context ctx=(Context)server.addContext( ctxPath, docRoot);
+ Context ctx=(Context)server.addContext( ctxPath, docRoot, null);
contexts.put( ctx.getFacade(), ctx );
return (ServletContext)ctx.getFacade();
} catch(TomcatException ex ) {
@@ -121,7 +121,7 @@
public ServletContext getServletContext( String host,
String cpath ) {
- Context ctx=(Context)server.getServletContext(host, cpath);
+ Context ctx=server.getContext(host, cpath);
return (ServletContext)ctx.getFacade();
}
1.32 +3 -0
jakarta-tomcat/src/share/org/apache/tomcat/core/BaseInterceptor.java
Index: BaseInterceptor.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/BaseInterceptor.java,v
retrieving revision 1.31
retrieving revision 1.32
diff -u -r1.31 -r1.32
--- BaseInterceptor.java 2000/12/26 23:07:57 1.31
+++ BaseInterceptor.java 2000/12/28 01:15:38 1.32
@@ -87,6 +87,9 @@
*/
public class BaseInterceptor
{
+ public static final int DECLINED=-1;
+ public static final int OK=0;
+
protected ContextManager cm;
protected Container ct;
// null for "global" interceptors
1.160 +5 -3
jakarta-tomcat/src/share/org/apache/tomcat/core/ContextManager.java
Index: ContextManager.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/ContextManager.java,v
retrieving revision 1.159
retrieving revision 1.160
diff -u -r1.159 -r1.160
--- ContextManager.java 2000/12/27 07:20:21 1.159
+++ ContextManager.java 2000/12/28 01:15:38 1.160
@@ -678,14 +678,16 @@
// Call all authorization callbacks.
for( int i=0; i< reqI.length; i++ ) {
status = reqI[i].authorize( req, res, roles );
- if ( status != 0 ) {
+ if ( status != BaseInterceptor.DECLINED ) {
break;
}
}
}
- if( status > 200 ) {
+ if( status != BaseInterceptor.OK ) {
if( debug > 0)
- log("Authorize error " + req + " " + status);
+ log("Unauthorized " + req + " " + status);
+ if( status==BaseInterceptor.DECLINED )
+ status=401; // unauthorized
handleStatus( req, res, status );
return;
}
1.30 +9 -5
jakarta-tomcat/src/share/org/apache/tomcat/request/AccessInterceptor.java
Index: AccessInterceptor.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/request/AccessInterceptor.java,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -r1.29 -r1.30
--- AccessInterceptor.java 2000/12/27 19:52:52 1.29
+++ AccessInterceptor.java 2000/12/28 01:15:38 1.30
@@ -281,33 +281,37 @@
return 0;
}
+ /** Handle authorization for requests where certain roles are
+ * requires, and a user/password scheme is used to authenticate
+ * the user ( BASIC, FORM ) and find the user roles.
+ */
public int authorize( Request req, Response response, String roles[] )
{
if( roles==null || roles.length==0 ) {
// request doesn't need authentication
- return 0;
+ return OK;
}
// will call authenticate() hooks to get the user
String user=req.getRemoteUser();
if( user==null )
- return 401;
+ return DECLINED; // we know only about user/password auth
if( debug > 0 ) log( "Controled access for " + user + " " +
req + " " + req.getContainer() );
String userRoles[]= req.getUserRoles();
if ( userRoles == null )
- return 401;
+ return DECLINED; // no user roles - can't handle
for( int i=0; i< userRoles.length; i ++ ) {
for( int j=0; j< roles.length; i ++ )
if( userRoles[i]!=null && userRoles[i].equals( roles[j] ))
- return 0;
+ return OK; // found the right role
}
if( debug > 0 ) log( "UnAuthorized " + roles[0] );
- return 401;
+ return DECLINED; // couldn't find the role - maybe someone else can
}
/** Find if a pattern is matched by a container
