Author: markt Date: Wed Nov 22 20:48:39 2017 New Revision: 1816078 URL: http://svn.apache.org/viewvc?rev=1816078&view=rev Log: Add a property to the Authenticator implementations to enable a custom JASPIC CallbackHandler to be specified. Patch provided by Lazar. This closes #93
Added: tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicCallbackHandlerInAuthenticator.java (with props) Modified: tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java tomcat/trunk/webapps/docs/changelog.xml tomcat/trunk/webapps/docs/config/valve.xml Modified: tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java?rev=1816078&r1=1816077&r2=1816078&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java (original) +++ tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java Wed Nov 22 20:48:39 2017 @@ -27,6 +27,7 @@ import java.util.Optional; import java.util.Set; import javax.security.auth.Subject; +import javax.security.auth.callback.CallbackHandler; import javax.security.auth.message.AuthException; import javax.security.auth.message.AuthStatus; import javax.security.auth.message.MessageInfo; @@ -211,6 +212,13 @@ public abstract class AuthenticatorBase */ protected String secureRandomProvider = null; + /** + * The name of the JASPIC callback handler class. If none is specified the + * default {@link org.apache.catalina.authenticator.jaspic.CallbackHandlerImpl} + * will be used. + */ + protected String jaspicCallbackHandlerClass = null; + protected SessionIdGeneratorBase sessionIdGenerator = null; /** @@ -407,6 +415,25 @@ public abstract class AuthenticatorBase this.secureRandomProvider = secureRandomProvider; } + /** + * Return the JASPIC callback handler class name + * + * @return The name of the JASPIC callback handler + */ + public String getJaspicCallbackHandlerClass() { + return jaspicCallbackHandlerClass; + } + + /** + * Set the JASPIC callback handler class name + * + * @param jaspicCallbackHandlerClass + * The new JASPIC callback handler class name + */ + public void setJaspicCallbackHandlerClass(String jaspicCallbackHandlerClass) { + this.jaspicCallbackHandlerClass = jaspicCallbackHandlerClass; + } + // --------------------------------------------------------- Public Methods /** @@ -640,8 +667,9 @@ public abstract class AuthenticatorBase new MessageInfoImpl(request.getRequest(), response.getResponse(), authMandatory); try { + CallbackHandler callbackHandler = createCallbackHandler(); ServerAuthConfig serverAuthConfig = jaspicProvider.getServerAuthConfig( - "HttpServlet", jaspicAppContextID, CallbackHandlerImpl.getInstance()); + "HttpServlet", jaspicAppContextID, callbackHandler); String authContextID = serverAuthConfig.getAuthContextID(jaspicState.messageInfo); jaspicState.serverAuthContext = serverAuthConfig.getAuthContext(authContextID, null, null); } catch (AuthException e) { @@ -653,6 +681,32 @@ public abstract class AuthenticatorBase return jaspicState; } + private CallbackHandler createCallbackHandler() { + CallbackHandler callbackHandler = null; + if (jaspicCallbackHandlerClass == null) { + callbackHandler = CallbackHandlerImpl.getInstance(); + } else { + Class<?> clazz = null; + try { + clazz = Class.forName(jaspicCallbackHandlerClass, true, + Thread.currentThread().getContextClassLoader()); + } catch (ClassNotFoundException e) { + // Proceed with the retry below + } + + try { + if (clazz == null) { + clazz = Class.forName(jaspicCallbackHandlerClass); + } + callbackHandler = (CallbackHandler)clazz.getConstructor().newInstance(); + } catch (ReflectiveOperationException e) { + throw new SecurityException(e); + } + } + + return callbackHandler; + } + // ------------------------------------------------------ Protected Methods Added: tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicCallbackHandlerInAuthenticator.java URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicCallbackHandlerInAuthenticator.java?rev=1816078&view=auto ============================================================================== --- tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicCallbackHandlerInAuthenticator.java (added) +++ tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicCallbackHandlerInAuthenticator.java Wed Nov 22 20:48:39 2017 @@ -0,0 +1,84 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.catalina.authenticator; + +import java.io.IOException; +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Method; + +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.UnsupportedCallbackException; +import javax.servlet.http.HttpServletResponse; + +import org.junit.Assert; +import org.junit.Test; + +import org.apache.catalina.authenticator.jaspic.CallbackHandlerImpl; +import org.apache.catalina.connector.Request; + +public class TestJaspicCallbackHandlerInAuthenticator { + + @Test + public void testCustomCallbackHandlerCreation() throws Exception { + testCallbackHandlerCreation("org.apache.catalina.authenticator.TestCallbackHandlerImpl", + TestCallbackHandlerImpl.class); + } + + @Test + public void testDefaultCallbackHandlerCreation() throws Exception { + testCallbackHandlerCreation(null, CallbackHandlerImpl.class); + } + + + private void testCallbackHandlerCreation(String callbackHandlerImplClassName, + Class<?> callbackHandlerImplClass) + throws NoSuchMethodException, SecurityException, IllegalAccessException, + IllegalArgumentException, InvocationTargetException { + TestAuthenticator authenticator = new TestAuthenticator(); + authenticator.setJaspicCallbackHandlerClass(callbackHandlerImplClassName); + Method createCallbackHandlerMethod = + AuthenticatorBase.class.getDeclaredMethod("createCallbackHandler"); + createCallbackHandlerMethod.setAccessible(true); + CallbackHandler callbackHandler = + (CallbackHandler) createCallbackHandlerMethod.invoke(authenticator); + Assert.assertTrue(callbackHandlerImplClass.isInstance(callbackHandler)); + } + + private static class TestAuthenticator extends AuthenticatorBase { + + @Override + protected boolean doAuthenticate(Request request, HttpServletResponse response) + throws IOException { + return false; + } + + @Override + protected String getAuthMethod() { + return null; + } + + } +} + +class TestCallbackHandlerImpl implements CallbackHandler { + + @Override + public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { + // don't have to do anything; needed only for instantiation + } +} \ No newline at end of file Propchange: tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicCallbackHandlerInAuthenticator.java ------------------------------------------------------------------------------ svn:eol-style = native Modified: tomcat/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1816078&r1=1816077&r2=1816078&view=diff ============================================================================== --- tomcat/trunk/webapps/docs/changelog.xml (original) +++ tomcat/trunk/webapps/docs/changelog.xml Wed Nov 22 20:48:39 2017 @@ -128,6 +128,11 @@ with a provider name of <code>null</code>. Patch provided by Lazar. (markt) </fix> + <add> + <bug>61795</bug>: Add a property to the <code>Authenticator</code> + implementations to enable a custom JASPIC <code>CallbackHandler</code> + to be specified. Patch provided by Lazar. (markt) + </add> </changelog> </subsection> <subsection name="Coyote"> Modified: tomcat/trunk/webapps/docs/config/valve.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/valve.xml?rev=1816078&r1=1816077&r2=1816078&view=diff ============================================================================== --- tomcat/trunk/webapps/docs/config/valve.xml (original) +++ tomcat/trunk/webapps/docs/config/valve.xml Wed Nov 22 20:48:39 2017 @@ -1162,6 +1162,14 @@ specified, the platform default provider will be used.</p> </attribute> + <attribute name="jaspicCallbackHandlerClass" required="false"> + <p>Name of the Java class of the + <code>javax.security.auth.callback.CallbackHandler</code> implementation + which should be used by JASPIC. If none is specified the default + <code>org.apache.catalina.authenticator.jaspic.CallbackHandlerImpl</code> + will be used.</p> + </attribute> + </attributes> </subsection> @@ -1308,6 +1316,14 @@ authentication always fails.</p> </attribute> + <attribute name="jaspicCallbackHandlerClass" required="false"> + <p>Name of the Java class of the + <code>javax.security.auth.callback.CallbackHandler</code> implementation + which should be used by JASPIC. If none is specified the default + <code>org.apache.catalina.authenticator.jaspic.CallbackHandlerImpl</code> + will be used.</p> + </attribute> + </attributes> </subsection> @@ -1413,6 +1429,14 @@ specified, the platform default provider will be used.</p> </attribute> + <attribute name="jaspicCallbackHandlerClass" required="false"> + <p>Name of the Java class of the + <code>javax.security.auth.callback.CallbackHandler</code> implementation + which should be used by JASPIC. If none is specified the default + <code>org.apache.catalina.authenticator.jaspic.CallbackHandlerImpl</code> + will be used.</p> + </attribute> + </attributes> </subsection> @@ -1505,6 +1529,14 @@ specified, the platform default provider will be used.</p> </attribute> + <attribute name="jaspicCallbackHandlerClass" required="false"> + <p>Name of the Java class of the + <code>javax.security.auth.callback.CallbackHandler</code> implementation + which should be used by JASPIC. If none is specified the default + <code>org.apache.catalina.authenticator.jaspic.CallbackHandlerImpl</code> + will be used.</p> + </attribute> + </attributes> </subsection> @@ -1655,6 +1687,14 @@ will be used.</p> </attribute> + <attribute name="jaspicCallbackHandlerClass" required="false"> + <p>Name of the Java class of the + <code>javax.security.auth.callback.CallbackHandler</code> implementation + which should be used by JASPIC. If none is specified the default + <code>org.apache.catalina.authenticator.jaspic.CallbackHandlerImpl</code> + will be used.</p> + </attribute> + </attributes> </subsection> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org