svn commit: r1734522 - /tomcat/trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java

Fri, 11 Mar 2016 02:15:58 -0800 

Author: markt
Date: Fri Mar 11 10:15:24 2016
New Revision: 1734522

URL: http://svn.apache.org/viewvc?rev=1734522&view=rev
Log:
Re-work r1734466
Provide full control over the CredentialHandler used

Modified:
    tomcat/trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java

Modified: tomcat/trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java?rev=1734522&r1=1734521&r2=1734522&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java 
(original)
+++ tomcat/trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java Fri 
Mar 11 10:15:24 2016
@@ -18,9 +18,9 @@ package org.apache.catalina.realm;
 
 import java.io.File;
 import java.io.IOException;
-import java.security.NoSuchAlgorithmException;
 import java.security.Principal;
 import java.util.Map;
+import java.util.Map.Entry;
 
 import javax.security.auth.Subject;
 import javax.security.auth.callback.Callback;
@@ -34,8 +34,10 @@ import javax.security.auth.login.LoginEx
 import javax.security.auth.spi.LoginModule;
 import javax.servlet.http.HttpServletRequest;
 
+import org.apache.catalina.CredentialHandler;
 import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.IntrospectionUtils;
 import org.apache.tomcat.util.digester.Digester;
 
 /**
@@ -54,14 +56,14 @@ import org.apache.tomcat.util.digester.D
  *     XML file containing our user information, in the format supported by
  *     {@link MemoryRealm}.  The default value matches the MemoryRealm
  *     default.</li>
- * <li><strong>digest</strong> - Digest used to protect credentials in the XML
- *     file. If not specified, the passwords will be assumed to be in clear
- *     text.</li>
- * <li><strong>iterations</strong> - The number of iterations of the associated
- *     algorithm that will be used when creating a new stored credential for a
- *     given input credential.</li>
- * <li><strong>saltLength</strong> - The salt length that will be used when
- *     creating a new stored credential for a given input credential.</li>
+ * <li><strong>credentialHandlerClassName</strong> - The fully qualified class
+ *     name of the CredentialHandler to use. If not specified, {@link
+ *     MessageDigestCredentialHandler} will be used.</li>
+ * <li>Any additional options will be used to identify and call setters on the
+ *     {@link CredentialHandler}. For example, <code>algorithm=SHA256</code>
+ *     would result in a call to {@link
+ *     MessageDigestCredentialHandler#setAlgorithm(String)} with a parameter of
+ *     <code>"SHA256"</code></li>
  * </ul>
  *
  * <p><strong>IMPLEMENTATION NOTE</strong> - This class implements
@@ -231,24 +233,40 @@ public class JAASMemoryLoginModule exten
         this.options = options;
 
         // Perform instance-specific initialization
-        MessageDigestCredentialHandler credentialHandler = new 
MessageDigestCredentialHandler();
-        setCredentialHandler(credentialHandler);
-        if (options.get("pathname") != null) {
-            this.pathname = (String) options.get("pathname");
+        Object option = options.get("pathname");
+        if (option instanceof String) {
+            this.pathname = (String) option;
         }
-        if (options.get("digest") != null) {
+
+        CredentialHandler credentialHandler = null;
+        option = options.get("credentialHandlerClassName");
+        if (option instanceof String) {
             try {
-                credentialHandler.setAlgorithm((String) options.get("digest"));
-            } catch (NoSuchAlgorithmException e) {
-                log.warn("Invalid digest algorithm for JAASMemoryLoginModule", 
e);
+                Class<?> clazz = Class.forName((String) option);
+                credentialHandler = (CredentialHandler) clazz.newInstance();
+            } catch (InstantiationException | IllegalAccessException | 
ClassNotFoundException e) {
+                throw new IllegalArgumentException(e);
             }
         }
-        if (options.get("iterations") != null) {
-            credentialHandler.setIterations(Integer.parseInt((String) 
options.get("iterations")));
+        if (credentialHandler == null) {
+            credentialHandler = new MessageDigestCredentialHandler();
         }
-        if (options.get("saltLength") != null) {
-            credentialHandler.setIterations(Integer.parseInt((String) 
options.get("saltLength")));
+
+        for (Entry<String,?> entry : options.entrySet()) {
+            if ("pathname".equals(entry.getKey())) {
+                continue;
+            }
+            if ("credentialHandlerClassName".equals(entry.getKey())) {
+                continue;
+            }
+            // Skip any non-String values since any value we are interested in
+            // will be a String.
+            if (entry.getValue() instanceof String) {
+                IntrospectionUtils.setProperty(credentialHandler, 
entry.getKey(),
+                        (String) entry.getValue());
+            }
         }
+        setCredentialHandler(credentialHandler);
 
         // Load our defined Principals
         load();



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to