Repository: karaf Updated Branches: refs/heads/master b8493ae83 -> 43a945aab
[KARAF-2978]RBAC-- recognize group configuration when use Publickey to Login (cherry picked from commit 7e1aa7ae4adab02b975ef2bc172be5ceaca42af7) Project: http://git-wip-us.apache.org/repos/asf/karaf/repo Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/43a945aa Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/43a945aa Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/43a945aa Branch: refs/heads/master Commit: 43a945aab0b4dae011c9dd3e8f1f338397b69b5a Parents: b8493ae Author: Freeman Fang <[email protected]> Authored: Mon May 12 14:45:23 2014 +0800 Committer: Freeman Fang <[email protected]> Committed: Mon May 12 14:50:25 2014 +0800 ---------------------------------------------------------------------- .../main/resources/resources/etc/keys.properties | 3 ++- .../apache/karaf/jaas/modules/BackingEngine.java | 2 ++ .../properties/PropertiesBackingEngine.java | 1 - .../modules/publickey/PublickeyLoginModule.java | 17 ++++++++++++++++- 4 files changed, 20 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/karaf/blob/43a945aa/assemblies/features/framework/src/main/resources/resources/etc/keys.properties ---------------------------------------------------------------------- diff --git a/assemblies/features/framework/src/main/resources/resources/etc/keys.properties b/assemblies/features/framework/src/main/resources/resources/etc/keys.properties index 2eb3b01..36d3c0d 100644 --- a/assemblies/features/framework/src/main/resources/resources/etc/keys.properties +++ b/assemblies/features/framework/src/main/resources/resources/etc/keys.properties @@ -27,4 +27,5 @@ # and modifiable via the JAAS command group. These users reside in a JAAS domain # with the name "karaf".. # -karaf=AAAAB3NzaC1kc3MAAACBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAAAAFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QAAAIEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoAAACBAKKSU2PFl/qOLxIwmBZPPIcJshVe7bVUpFvyl3BbJDow8rXfskl8wO63OzP/qLmcJM0+JbcRU/53JjTuyk31drV2qxhIOsLDC9dGCWj47Y7TyhPdXh/0dthTRBy6bqGtRPxGa7gJov1xm/UuYYXPIUR/3x9MAZvZ5xvE0kYXO+rx,admin +karaf=AAAAB3NzaC1kc3MAAACBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAAAAFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QAAAIEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoAAACBAKKSU2PFl/qOLxIwmBZPPIcJshVe7bVUpFvyl3BbJDow8rXfskl8wO63OzP/qLmcJM0+JbcRU/53JjTuyk31drV2qxhIOsLDC9dGCWj47Y7TyhPdXh/0dthTRBy6bqGtRPxGa7gJov1xm/UuYYXPIUR/3x9MAZvZ5xvE0kYXO+rx,_g_:admingroup +_g_\:admingroup = group,admin,manager,viewer http://git-wip-us.apache.org/repos/asf/karaf/blob/43a945aa/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/BackingEngine.java ---------------------------------------------------------------------- diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/BackingEngine.java b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/BackingEngine.java index a4b1a30..6f39801 100644 --- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/BackingEngine.java +++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/BackingEngine.java @@ -23,6 +23,8 @@ import org.apache.karaf.jaas.boot.principal.UserPrincipal; public interface BackingEngine { + static final String GROUP_PREFIX = "_g_:"; + /** * Create a new User. * http://git-wip-us.apache.org/repos/asf/karaf/blob/43a945aa/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesBackingEngine.java ---------------------------------------------------------------------- diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesBackingEngine.java b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesBackingEngine.java index 18a4edd..bc568c1 100644 --- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesBackingEngine.java +++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesBackingEngine.java @@ -32,7 +32,6 @@ public class PropertiesBackingEngine implements BackingEngine { private static final transient Logger LOGGER = LoggerFactory.getLogger(PropertiesBackingEngine.class); - static final String GROUP_PREFIX = "_g_:"; private Properties users; private EncryptionSupport encryptionSupport; http://git-wip-us.apache.org/repos/asf/karaf/blob/43a945aa/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/publickey/PublickeyLoginModule.java ---------------------------------------------------------------------- diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/publickey/PublickeyLoginModule.java b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/publickey/PublickeyLoginModule.java index dea6081..54ff0a5 100644 --- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/publickey/PublickeyLoginModule.java +++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/publickey/PublickeyLoginModule.java @@ -36,6 +36,8 @@ import javax.security.auth.login.FailedLoginException; import javax.security.auth.login.LoginException; import org.apache.felix.utils.properties.Properties; +import org.apache.karaf.jaas.modules.properties.PropertiesBackingEngine; +import org.apache.karaf.jaas.boot.principal.GroupPrincipal; import org.apache.karaf.jaas.boot.principal.RolePrincipal; import org.apache.karaf.jaas.boot.principal.UserPrincipal; import org.apache.karaf.jaas.modules.AbstractKarafLoginModule; @@ -120,7 +122,20 @@ public class PublickeyLoginModule extends AbstractKarafLoginModule { principals = new HashSet<Principal>(); principals.add(new UserPrincipal(user)); for (int i = 1; i < infos.length; i++) { - principals.add(new RolePrincipal(infos[i])); + if (infos[i].startsWith(PropertiesBackingEngine.GROUP_PREFIX)) { + // it's a group reference + principals.add(new GroupPrincipal(infos[i].substring(PropertiesBackingEngine.GROUP_PREFIX.length()))); + String groupInfo = (String) users.get(infos[i]); + if (groupInfo != null) { + String[] roles = groupInfo.split(","); + for (int j = 1; j < roles.length; j++) { + principals.add(new RolePrincipal(roles[j])); + } + } + } else { + // it's an user reference + principals.add(new RolePrincipal(infos[i])); + } } users.clear();
