jfarcand 2003/08/29 10:18:14
Modified: catalina/src/share/org/apache/catalina Globals.java
catalina/src/share/org/apache/catalina/security
SecurityUtil.java
catalina/src/share/org/apache/coyote/tomcat5
CoyoteRequest.java
Log:
Do not create a new Subject everytime a Servlet/Filter is invoked. Associate the
same Subject to the AccessControlContext.
Revision Changes Path
1.6 +11 -4
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/Globals.java
Index: Globals.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/Globals.java,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- Globals.java 3 Mar 2003 15:46:45 -0000 1.5
+++ Globals.java 29 Aug 2003 17:18:14 -0000 1.6
@@ -332,6 +332,13 @@
/**
+ * The subject under which the AccessControlContext is running.
+ */
+ public static final String SUBJECT_ATTR =
+ "javax.security.auth.subject";
+
+
+ /**
* The servlet context attribute under which we record the set of
* welcome files (as an object of type String[]) for this application.
*/
1.5 +78 -39
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityUtil.java
Index: SecurityUtil.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityUtil.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- SecurityUtil.java 4 Jun 2003 21:15:39 -0000 1.4
+++ SecurityUtil.java 29 Aug 2003 17:18:14 -0000 1.5
@@ -64,6 +64,7 @@
import java.lang.reflect.InvocationTargetException;
import java.util.HashMap;
import java.security.AccessController;
+import java.security.AccessControlContext;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
@@ -72,17 +73,17 @@
import javax.servlet.Filter;
import javax.servlet.Servlet;
import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
import javax.servlet.UnavailableException;
-import org.apache.tomcat.util.buf.MessageBytes;
-
+import org.apache.catalina.Globals;
import org.apache.catalina.util.StringManager;
-
/**
* This utility class associates a <code>Subject</code> to the current
- * <code>AccessControlContext</code>. When a <code>SecurityManager</code> is used,
- * the container will always associate the called thread with an
AccessControlContext
- * containing only the principal of the requested Servlet/Filter.
+ * <code>AccessControlContext</code>. When a <code>SecurityManager</code> is
+ * used, * the container will always associate the called thread with an
+ * AccessControlContext * containing only the principal of the requested
+ * Servlet/Filter.
*
* This class uses reflection to invoke the invoke methods.
*
@@ -123,7 +124,8 @@
* will be granted to a <code>null</code> subject.
*
* @param methodName the method to apply the security restriction
- * @param targetObject the <code>Servlet</code> on which the method will be
called.
+ * @param targetObject the <code>Servlet</code> on which the method will
+ * be called.
*/
public static void doAsPrivilege(final String methodName,
final Servlet targetObject) throws
java.lang.Exception{
@@ -136,15 +138,24 @@
* will be granted to a <code>null</code> subject.
*
* @param methodName the method to apply the security restriction
- * @param targetObject the <code>Servlet</code> on which the method will be
called.
- * @param targetType <code>Class</code> array used to instanciate a
<code>Method</code> object.
- * @param targetObject <code>Object</code> array contains the runtime
parameters instance.
+ * @param targetObject the <code>Servlet</code> on which the method will
+ * be called.
+ * @param targetType <code>Class</code> array used to instanciate a i
+ * <code>Method</code> object.
+ * @param targetObject <code>Object</code> array contains the runtime
+ * parameters instance.
*/
public static void doAsPrivilege(final String methodName,
final Servlet targetObject,
final Class[] targetType,
- final Object[] targetArguments) throws
java.lang.Exception{
- doAsPrivilege(methodName, targetObject, targetType, targetArguments,
null);
+ final Object[] targetArguments)
+ throws java.lang.Exception{
+
+ doAsPrivilege(methodName,
+ targetObject,
+ targetType,
+ targetArguments,
+ null);
}
@@ -153,16 +164,22 @@
* will be granted to a <code>null</code> subject.
*
* @param methodName the method to apply the security restriction
- * @param targetObject the <code>Servlet</code> on which the method will be
called.
- * @param targetType <code>Class</code> array used to instanciate a
<code>Method</code> object.
- * @param targetArgumentst <code>Object</code> array contains the runtime
parameters instance.
- * @param principal the <code>Principal</code> to which the security privilege
apply..
+ * @param targetObject the <code>Servlet</code> on which the method will
+ * be called.
+ * @param targetType <code>Class</code> array used to instanciate a
+ * <code>Method</code> object.
+ * @param targetArgumentst <code>Object</code> array contains the
+ * runtime parameters instance.
+ * @param principal the <code>Principal</code> to which the security
+ * privilege apply..
*/
public static void doAsPrivilege(final String methodName,
final Servlet targetObject,
final Class[] targetType,
final Object[] targetArguments,
- Principal principal) throws
java.lang.Exception{
+ Principal principal)
+ throws java.lang.Exception{
+
Method method = null;
Method[] methodsCache = null;
if(objectCache.containsKey(targetObject)){
@@ -190,10 +207,13 @@
* will be granted to a <code>null</code> subject.
*
* @param methodName the method to apply the security restriction
- * @param targetObject the <code>Filter</code> on which the method will be
called.
+ * @param targetObject the <code>Filter</code> on which the method will
+ * be called.
*/
public static void doAsPrivilege(final String methodName,
- final Filter targetObject) throws
java.lang.Exception{
+ final Filter targetObject)
+ throws java.lang.Exception{
+
doAsPrivilege(methodName, targetObject, null, null);
}
@@ -203,15 +223,20 @@
* will be granted to a <code>null</code> subject.
*
* @param methodName the method to apply the security restriction
- * @param targetObject the <code>Filter</code> on which the method will be
called.
- * @param targetType <code>Class</code> array used to instanciate a
<code>Method</code> object.
- * @param targetArgumentst <code>Object</code> array contains the runtime
parameters instance.
+ * @param targetObject the <code>Filter</code> on which the method will
+ * be called.
+ * @param targetType <code>Class</code> array used to instanciate a
+ * <code>Method</code> object.
+ * @param targetArgumentst <code>Object</code> array contains the
+ * runtime parameters instance.
*/
public static void doAsPrivilege(final String methodName,
final Filter targetObject,
final Class[] targetType,
- final Object[] targetArguments) throws
java.lang.Exception{
+ final Object[] targetArguments)
+ throws java.lang.Exception{
Method method = null;
+
Method[] methodsCache = null;
if(objectCache.containsKey(targetObject)){
methodsCache = (Method[])objectCache.get(targetObject);
@@ -238,16 +263,22 @@
* will be granted to a <code>null</code> subject.
*
* @param methodName the method to apply the security restriction
- * @param targetObject the <code>Servlet</code> on which the method will be
called.
- * @param targetType <code>Class</code> array used to instanciate a
<code>Method</code> object.
- * @param targetArgumentst <code>Object</code> array contains the runtime
parameters instance.
- * @param principal the <code>Principal</code> to which the security privilege
apply..
+ * @param targetObject the <code>Servlet</code> on which the method will
+ * be called.
+ * @param targetType <code>Class</code> array used to instanciate a
+ * <code>Method</code> object.
+ * @param targetArgumentst <code>Object</code> array contains the
+ * runtime parameters instance.
+ * @param principal the <code>Principal</code> to which the security
+ * privilege apply..
*/
private static void execute(final Method method,
final Object targetObject,
final Object[] targetArguments,
- Principal principal) throws java.lang.Exception{
- try{
+ Principal principal)
+ throws java.lang.Exception{
+
+ try{
Subject subject = null;
PrivilegedExceptionAction pea = new PrivilegedExceptionAction(){
public Object run() throws Exception{
@@ -255,16 +286,20 @@
return null;
}
};
-
- // FIX ME: should use a Subject pool instead or recycle the object
- if (principal != null){
- subject = new Subject();
- subject.getPrincipals().add(principal);
- }
+
+ // The first argument is always the request object
+ if (targetArguments != null
+ && targetArguments[0] instanceof HttpServletRequest){
+ HttpServletRequest request =
+ (HttpServletRequest)targetArguments[0];
+ subject = (Subject)request.getSession()
+ .getAttribute(Globals.SUBJECT_ATTR);
+ }
Subject.doAsPrivileged(subject, pea, null);
} catch( PrivilegedActionException pe) {
- Throwable e =
((InvocationTargetException)pe.getException()).getTargetException();
+ Throwable e = ((InvocationTargetException)pe.getException())
+ .getTargetException();
if (log.isDebugEnabled()){
log.debug(sm.getString("SecurityUtil.doAsPrivilege"), e);
@@ -313,8 +348,10 @@
* Create the method and cache it for further re-use.
* @param methodsCache the cache used to store method instance
* @param methodName the method to apply the security restriction
- * @param targetObject the <code>Servlet</code> on which the method will be
called.
- * @param targetType <code>Class</code> array used to instanciate a
<code>Method</code> object.
+ * @param targetObject the <code>Servlet</code> on which the method will
+ * be called.
+ * @param targetType <code>Class</code> array used to instanciate a
+ * <code>Method</code> object.
* @return the method instance.
*/
private static Method createMethodAndCacheIt(Method[] methodsCache,
@@ -327,7 +364,9 @@
methodsCache = new Method[3];
}
- Method method = targetObject.getClass().getMethod(methodName, targetType);
+ Method method =
+ targetObject.getClass().getMethod(methodName, targetType);
+
if (methodName.equalsIgnoreCase(INIT_METHOD)){
methodsCache[INIT] = method;
} else if (methodName.equalsIgnoreCase(DESTROY_METHOD)){
1.14 +25 -4
jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5/CoyoteRequest.java
Index: CoyoteRequest.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5/CoyoteRequest.java,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- CoyoteRequest.java 16 Aug 2003 00:39:33 -0000 1.13
+++ CoyoteRequest.java 29 Aug 2003 17:18:14 -0000 1.14
@@ -85,6 +85,7 @@
import java.util.TimeZone;
import java.util.TreeMap;
+import javax.security.auth.Subject;
import javax.servlet.FilterChain;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletContext;
@@ -303,6 +304,12 @@
*/
protected boolean secure = false;
+
+ /**
+ * The Subject associated with the current AccessControllerContext
+ */
+ protected Subject subject = null;
+
/**
* Post data buffer.
@@ -411,6 +418,7 @@
usingInputStream = false;
usingReader = false;
userPrincipal = null;
+ subject = null;
sessionParsed = false;
requestParametersParsed = false;
locales.clear();
@@ -1754,6 +1762,19 @@
* @param principal The user Principal
*/
public void setUserPrincipal(Principal principal) {
+
+ if (System.getSecurityManager() != null){
+ if ( (subject != null) &&
+ (!subject.getPrincipals().contains(principal)) ){
+ subject.getPrincipals().add(principal);
+ } else if (getSession()
+ .getAttribute(Globals.SUBJECT_ATTR) == null) {
+ subject = new Subject();
+ subject.getPrincipals().add(principal);
+ }
+ getSession().setAttribute(Globals.SUBJECT_ATTR, subject);
+ }
+
this.userPrincipal = principal;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
