diff --git
a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/AbstractKarafLoginModule.java
b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/AbstractKarafLoginModule.java
index 478251ce31..0a07c47018 100644
---
a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/AbstractKarafLoginModule.java
+++
b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/AbstractKarafLoginModule.java
@@ -26,6 +26,8 @@
import org.apache.karaf.jaas.boot.principal.RolePolicy;
import org.apache.karaf.jaas.modules.encryption.EncryptionSupport;
import org.osgi.framework.BundleContext;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
/**
@@ -33,6 +35,8 @@
*/
public abstract class AbstractKarafLoginModule implements LoginModule {
+ private static final transient Logger LOGGER =
LoggerFactory.getLogger(AbstractKarafLoginModule.class);
+
protected Set<Principal> principals = new HashSet<>();
protected Subject subject;
protected String user;
@@ -44,6 +48,10 @@
protected String roleDiscriminator;
protected boolean detailedLoginExcepion;
+ /** the authentication status*/
+ protected boolean succeeded = false;
+ protected boolean commitSucceeded = false;
+
/**
* the bundle context is required to use the encryption service
*/
@@ -51,8 +59,11 @@
private EncryptionSupport encryptionSupport;
+ @Override
public boolean commit() throws LoginException {
- if (principals.isEmpty()) {
+ if (!succeeded || principals.isEmpty()) {
+ clear();
+ succeeded = false;
return false;
}
RolePolicy policy = RolePolicy.getPolicy(rolePolicy);
@@ -61,11 +72,46 @@ public boolean commit() throws LoginException {
} else {
subject.getPrincipals().addAll(principals);
}
+ commitSucceeded = true;
+ return true;
+ }
+
+ @Override
+ public boolean abort() throws LoginException {
+ if (debug) {
+ LOGGER.debug("abort");
+ }
+ if (!succeeded) {
+ return false;
+ } else if (succeeded && commitSucceeded) {
+ // we succeeded, but another required module failed
+ logout();
+ } else {
+ // our commit failed
+ clear();
+ succeeded = false;
+ }
+ return true;
+ }
+
+ @Override
+ public boolean logout() throws LoginException {
+ if (debug) {
+ LOGGER.debug("logout");
+ }
+
+ subject.getPrincipals().removeAll(principals);
+ clear();
+
+ succeeded = false;
+ commitSucceeded = false;
+
return true;
}
protected void clear() {
user = null;
+ principals.clear();
}
public void initialize(Subject sub, CallbackHandler handler, Map<String,
?> options) {
diff --git
a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/jdbc/JDBCLoginModule.java
b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/jdbc/JDBCLoginModule.java
index ee7eca0175..65d0ed7fa2 100644
---
a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/jdbc/JDBCLoginModule.java
+++
b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/jdbc/JDBCLoginModule.java
@@ -129,19 +129,7 @@ public boolean login() throws LoginException {
} catch (Exception ex) {
throw new LoginException("Error has occurred while retrieving
credentials from database:" + ex.getMessage());
}
- return true;
- }
-
- public boolean abort() throws LoginException {
- return true;
- }
-
- public boolean logout() throws LoginException {
- subject.getPrincipals().removeAll(principals);
- principals.clear();
- if (debug) {
- LOGGER.debug("logout");
- }
+ succeeded = true;
return true;
}
diff --git
a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/GSSAPILdapLoginModule.java
b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/GSSAPILdapLoginModule.java
index c5fc6443fb..71e2753950 100644
---
a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/GSSAPILdapLoginModule.java
+++
b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/GSSAPILdapLoginModule.java
@@ -61,7 +61,8 @@ public boolean login() throws LoginException {
context.login();
try {
- return Subject.doAs(context.getSubject(),
(PrivilegedExceptionAction<Boolean>) this::doLogin);
+ succeeded = Subject.doAs(context.getSubject(),
(PrivilegedExceptionAction<Boolean>) this::doLogin);
+ return succeeded;
} catch (PrivilegedActionException pExcp) {
logger.error("error with delegated authentication", pExcp);
throw new LoginException(pExcp.getMessage());
@@ -130,22 +131,12 @@ protected boolean doLogin() throws LoginException {
}
}
- @Override
- public boolean abort() throws LoginException {
- return true;
- }
-
@Override
public boolean commit() throws LoginException {
boolean ret = super.commit();
- principals.addAll(subject.getPrincipals(KerberosPrincipal.class));
+ if (ret) {
+ principals.addAll(subject.getPrincipals(KerberosPrincipal.class));
+ }
return ret;
}
-
- @Override
- public boolean logout() throws LoginException {
- subject.getPrincipals().removeAll(principals);
- principals.clear();
- return true;
- }
}
diff --git
a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java
b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java
index eab81e8a44..770e15e1a5 100644
---
a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java
+++
b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java
@@ -157,16 +157,7 @@ protected boolean doLogin() throws LoginException {
} catch (Exception e) {
throw new LoginException("Can't get user " + user + " roles: " +
e.getMessage());
}
- return true;
- }
-
- public boolean abort() throws LoginException {
- return true;
- }
-
- public boolean logout() throws LoginException {
- subject.getPrincipals().removeAll(principals);
- principals.clear();
+ succeeded = true;
return true;
}
diff --git
a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPPubkeyLoginModule.java
b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPPubkeyLoginModule.java
index 50e87291d1..b66f78a623 100644
---
a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPPubkeyLoginModule.java
+++
b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPPubkeyLoginModule.java
@@ -127,6 +127,7 @@ protected boolean doLogin() throws LoginException {
throw new LoginException("Can't get user " + user + " roles: " +
e.getMessage());
}
+ succeeded = true;
return true;
}
@@ -145,14 +146,4 @@ private void authenticatePubkey(String userDn, PublicKey
key, LDAPCache cache) t
throw new FailedLoginException("no matching public key found");
}
- public boolean abort() throws LoginException {
- return true;
- }
-
- public boolean logout() throws LoginException {
- subject.getPrincipals().removeAll(principals);
- principals.clear();
- return true;
- }
-
}
diff --git
a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/osgi/OsgiConfigLoginModule.java
b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/osgi/OsgiConfigLoginModule.java
index dd4aa4d638..579ae92a66 100644
---
a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/osgi/OsgiConfigLoginModule.java
+++
b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/osgi/OsgiConfigLoginModule.java
@@ -91,6 +91,7 @@ public boolean login() throws LoginException {
principals.add(new RolePrincipal(infos[i]));
}
+ succeeded = true;
return true;
} catch (LoginException e) {
throw e;
@@ -102,22 +103,4 @@ public boolean login() throws LoginException {
}
}
-
- public boolean abort() throws LoginException {
- subject = null;
- principals = null;
- return true;
- }
-
- public boolean logout() throws LoginException {
- try {
- subject.getPrincipals().removeAll(principals);
- principals.clear();
- return true;
- } finally {
- subject = null;
- principals = null;
- }
- }
-
}
diff --git
a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/DigestPasswordLoginModule.java
b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/DigestPasswordLoginModule.java
index e79dc37e9e..0d5c4f02c0 100644
---
a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/DigestPasswordLoginModule.java
+++
b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/DigestPasswordLoginModule.java
@@ -227,23 +227,7 @@ public boolean login() throws LoginException {
if (debug) {
LOGGER.debug("Successfully logged in {}", user);
}
- return true;
- }
-
- public boolean abort() throws LoginException {
- clear();
- if (debug) {
- LOGGER.debug("abort");
- }
- return true;
- }
-
- public boolean logout() throws LoginException {
- subject.getPrincipals().removeAll(principals);
- principals.clear();
- if (debug) {
- LOGGER.debug("logout");
- }
+ succeeded = true;
return true;
}
diff --git
a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesLoginModule.java
b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesLoginModule.java
index fd3f5b62a7..a248f5549e 100644
---
a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesLoginModule.java
+++
b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesLoginModule.java
@@ -155,23 +155,7 @@ public boolean login() throws LoginException {
if (debug) {
LOGGER.debug("Successfully logged in {}", user);
}
- return true;
- }
-
- public boolean abort() throws LoginException {
- clear();
- if (debug) {
- LOGGER.debug("abort");
- }
- return true;
- }
-
- public boolean logout() throws LoginException {
- subject.getPrincipals().removeAll(principals);
- principals.clear();
- if (debug) {
- LOGGER.debug("logout");
- }
+ succeeded = true;
return true;
}
diff --git
a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/publickey/PublickeyLoginModule.java
b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/publickey/PublickeyLoginModule.java
index 6b56037fbe..4c45861204 100644
---
a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/publickey/PublickeyLoginModule.java
+++
b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/publickey/PublickeyLoginModule.java
@@ -142,6 +142,7 @@ public boolean login() throws LoginException {
if (debug) {
LOG.debug("Successfully logged in " + user);
}
+ succeeded = true;
return true;
}
@@ -187,21 +188,4 @@ private static void write(DataOutputStream dos, String
str) throws IOException {
dos.write(data);
}
- public boolean abort() throws LoginException {
- clear();
- if (debug) {
- LOG.debug("abort");
- }
- return true;
- }
-
- public boolean logout() throws LoginException {
- subject.getPrincipals().removeAll(principals);
- principals.clear();
- if (debug) {
- LOG.debug("logout");
- }
- return true;
- }
-
}
diff --git
a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/syncope/SyncopeLoginModule.java
b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/syncope/SyncopeLoginModule.java
index 5278087bdb..dd96ecda37 100644
---
a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/syncope/SyncopeLoginModule.java
+++
b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/syncope/SyncopeLoginModule.java
@@ -124,6 +124,7 @@ public boolean login() throws LoginException {
principals.add(new RolePrincipal(role));
}
+ succeeded = true;
return true;
}
@@ -193,14 +194,4 @@ public boolean login() throws LoginException {
return roles;
}
- public boolean abort() {
- return true;
- }
-
- public boolean logout() throws LoginException {
- subject.getPrincipals().removeAll(principals);
- principals.clear();
- return true;
- }
-
}
With regards,
Apache Git Services
