Author: markt
Date: Fri Jul 3 19:00:51 2015
New Revision: 1689061
URL: http://svn.apache.org/r1689061
Log:
Validation extracted to separate method, in order to make exception handling
easier
Patch by fjodorver
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/FormAuthModule.java
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/FormAuthModule.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/FormAuthModule.java?rev=1689061&r1=1689060&r2=1689061&view=diff
==============================================================================
---
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/FormAuthModule.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/FormAuthModule.java
Fri Jul 3 19:00:51 2015
@@ -27,6 +27,7 @@ import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.MessageInfo;
@@ -89,213 +90,217 @@ public class FormAuthModule extends Tomc
return AuthStatus.SUCCESS;
}
try {
+ return validate(messageInfo, clientSubject);
+ } catch (Exception e) {
+ throw new AuthException(e.getMessage());
+ }
+ }
- Request request = (Request) messageInfo.getRequestMessage();
- HttpServletResponse response = (HttpServletResponse)
messageInfo.getResponseMessage();
- // References to objects we will need later
- Session session = null;
- Principal principal = null;
-
- // Have we authenticated this user before but have caching
disabled?
- if (!isCache()) {
- session = request.getSessionInternal(true);
- if (log.isDebugEnabled()) {
- log.debug("Checking for reauthenticate in session " +
session);
- }
- String username = (String)
session.getNote(Constants.SESS_USERNAME_NOTE);
- String password = (String)
session.getNote(Constants.SESS_PASSWORD_NOTE);
- if ((username != null) && (password != null)) {
- if (log.isDebugEnabled()) {
- log.debug("Reauthenticating username '" + username +
"'");
- }
- PasswordValidationCallback passwordCallback = new
PasswordValidationCallback(
- clientSubject, username, password.toCharArray());
- handler.handle(new Callback[] { passwordCallback });
- if (!passwordCallback.getResult()) {
- forwardToErrorPage(request, response,
context.getLoginConfig());
- }
- principal = getPrincipal(passwordCallback);
- if (principal != null) {
- session.setNote(Constants.FORM_PRINCIPAL_NOTE,
principal);
- if (!matchRequest(request)) {
- CallerPrincipalCallback principalCallback = new
CallerPrincipalCallback(
- clientSubject, principal);
- GroupPrincipalCallback groupCallback = new
GroupPrincipalCallback(
- clientSubject,
context.getRealm().getRoles(principal));
- handler.handle(new Callback[] { principalCallback,
groupCallback });
- return AuthStatus.SUCCESS;
- }
- }
- if (log.isDebugEnabled()) {
- log.debug("Reauthentication failed, proceed normally");
- }
- }
+ private AuthStatus validate(MessageInfo messageInfo, Subject
clientSubject) throws IOException,
+ UnsupportedCallbackException {
+ Request request = (Request) messageInfo.getRequestMessage();
+ HttpServletResponse response = (HttpServletResponse)
messageInfo.getResponseMessage();
+ // References to objects we will need later
+ Session session = null;
+ Principal principal = null;
+
+ // Have we authenticated this user before but have caching disabled?
+ if (!isCache()) {
+ session = request.getSessionInternal(true);
+ if (log.isDebugEnabled()) {
+ log.debug("Checking for reauthenticate in session " + session);
}
-
- // Is this the re-submit of the original request URI after
- // successful
- // authentication? If so, forward the *original* request instead.
- if (matchRequest(request)) {
- session = request.getSessionInternal(true);
+ String username = (String)
session.getNote(Constants.SESS_USERNAME_NOTE);
+ String password = (String)
session.getNote(Constants.SESS_PASSWORD_NOTE);
+ if ((username != null) && (password != null)) {
if (log.isDebugEnabled()) {
- log.debug("Restore request from session '" +
session.getIdInternal() + "'");
+ log.debug("Reauthenticating username '" + username + "'");
}
- principal = (Principal)
session.getNote(Constants.FORM_PRINCIPAL_NOTE);
- CallerPrincipalCallback principalCallback = new
CallerPrincipalCallback(
- clientSubject, principal);
- GroupPrincipalCallback groupCallback = new
GroupPrincipalCallback(clientSubject,
- context.getRealm().getRoles(principal));
- handler.handle(new Callback[] { principalCallback,
groupCallback });
-
- // If we're caching principals we no longer needgetPrincipal
the
- // username
- // and password in the session, so remove them
- if (isCache()) {
- session.removeNote(Constants.SESS_USERNAME_NOTE);
- session.removeNote(Constants.SESS_PASSWORD_NOTE);
+ PasswordValidationCallback passwordCallback = new
PasswordValidationCallback(
+ clientSubject, username, password.toCharArray());
+ handler.handle(new Callback[] { passwordCallback });
+
+ if (!passwordCallback.getResult()) {
+ forwardToErrorPage(request, response,
context.getLoginConfig());
}
- if (restoreRequest(request, session)) {
- if (log.isDebugEnabled()) {
- log.debug("Proceed to restored request");
- }
- return AuthStatus.SUCCESS;
- } else {
- if (log.isDebugEnabled()) {
- log.debug("Restore of original request failed");
+ principal = getPrincipal(passwordCallback);
+ if (principal != null) {
+ session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal);
+ if (!matchRequest(request)) {
+ CallerPrincipalCallback principalCallback = new
CallerPrincipalCallback(
+ clientSubject, principal);
+ GroupPrincipalCallback groupCallback = new
GroupPrincipalCallback(
+ clientSubject,
context.getRealm().getRoles(principal));
+ handler.handle(new Callback[] { principalCallback,
groupCallback });
+ return AuthStatus.SUCCESS;
}
- response.sendError(HttpServletResponse.SC_BAD_REQUEST);
- return AuthStatus.FAILURE;
}
- }
-
- // Acquire references to objects we will need to evaluate
- MessageBytes uriMB = MessageBytes.newInstance();
- CharChunk uriCC = uriMB.getCharChunk();
- uriCC.setLimit(-1);
- String contextPath = request.getContextPath();
- String requestURI = request.getDecodedRequestURI();
-
- // Is this the action request from the login page?
- boolean loginAction = requestURI.startsWith(contextPath)
- && requestURI.endsWith(Constants.FORM_ACTION);
-
- LoginConfig config = context.getLoginConfig();
-
- // No -- Save this request and redirect to the form login page
- if (!loginAction) {
- session = request.getSessionInternal(true);
if (log.isDebugEnabled()) {
- log.debug("Save request in session '" +
session.getIdInternal() + "'");
+ log.debug("Reauthentication failed, proceed normally");
}
- try {
- saveRequest(request, session);
- } catch (IOException ioe) {
- log.debug("Request body too big to save during
authentication");
- response.sendError(HttpServletResponse.SC_FORBIDDEN,
- sm.getString("authenticator.requestBodyTooBig"));
- return AuthStatus.FAILURE;
- }
- forwardToLoginPage(request, response, config);
- return AuthStatus.SEND_CONTINUE;
}
+ }
- // Yes -- Acknowledge the request, validate the specified
- // credentials
- // and redirect to the error page if they are not correct
- request.getResponse().sendAcknowledgement();
- Realm realm = context.getRealm();
- // TODO fix character encoding
- // if (characterEncoding != null) {
- // request.setCharacterEncoding(characterEncoding);
- // }
- String username = request.getParameter(Constants.FORM_USERNAME);
- String password = request.getParameter(Constants.FORM_PASSWORD);
+ // Is this the re-submit of the original request URI after
+ // successful
+ // authentication? If so, forward the *original* request instead.
+ if (matchRequest(request)) {
+ session = request.getSessionInternal(true);
if (log.isDebugEnabled()) {
- log.debug("Authenticating username '" + username + "'");
+ log.debug("Restore request from session '" +
session.getIdInternal() + "'");
}
- principal = realm.authenticate(username, password);
- if (principal == null) {
- forwardToErrorPage(request, response, config);
+ principal = (Principal)
session.getNote(Constants.FORM_PRINCIPAL_NOTE);
+ CallerPrincipalCallback principalCallback = new
CallerPrincipalCallback(clientSubject,
+ principal);
+ GroupPrincipalCallback groupCallback = new
GroupPrincipalCallback(clientSubject,
+ context.getRealm().getRoles(principal));
+ handler.handle(new Callback[] { principalCallback, groupCallback
});
+
+ // If we're caching principals we no longer needgetPrincipal the
+ // username
+ // and password in the session, so remove them
+ if (isCache()) {
+ session.removeNote(Constants.SESS_USERNAME_NOTE);
+ session.removeNote(Constants.SESS_PASSWORD_NOTE);
+ }
+ if (restoreRequest(request, session)) {
+ if (log.isDebugEnabled()) {
+ log.debug("Proceed to restored request");
+ }
+ return AuthStatus.SUCCESS;
+ } else {
+ if (log.isDebugEnabled()) {
+ log.debug("Restore of original request failed");
+ }
+ response.sendError(HttpServletResponse.SC_BAD_REQUEST);
return AuthStatus.FAILURE;
}
+ }
+ // Acquire references to objects we will need to evaluate
+ MessageBytes uriMB = MessageBytes.newInstance();
+ CharChunk uriCC = uriMB.getCharChunk();
+ uriCC.setLimit(-1);
+ String contextPath = request.getContextPath();
+ String requestURI = request.getDecodedRequestURI();
+
+ // Is this the action request from the login page?
+ boolean loginAction = requestURI.startsWith(contextPath)
+ && requestURI.endsWith(Constants.FORM_ACTION);
+
+ LoginConfig config = context.getLoginConfig();
+
+ // No -- Save this request and redirect to the form login page
+ if (!loginAction) {
+ session = request.getSessionInternal(true);
if (log.isDebugEnabled()) {
- log.debug("Authentication of '" + username + "' was
successful");
- }
-
- if (session == null) {
- session = request.getSessionInternal(false);
+ log.debug("Save request in session '" +
session.getIdInternal() + "'");
}
- if (session == null) {
- // if (containerLog.isDebugEnabled()) {
- // containerLog.debug
- // ("User took so long to log on the session expired");
- // }
- if (landingPage == null) {
- response.sendError(HttpServletResponse.SC_REQUEST_TIMEOUT,
- sm.getString("authenticator.sessionExpired"));
- } else {
- // Make the authenticator think the user originally
- // requested
- // the landing page
- String uri = request.getContextPath() + landingPage;
- SavedRequest saved = new SavedRequest();
- saved.setMethod("GET");
- saved.setRequestURI(uri);
- saved.setDecodedRequestURI(uri);
-
request.getSessionInternal(true).setNote(Constants.FORM_REQUEST_NOTE, saved);
- response.sendRedirect(response.encodeRedirectURL(uri));
- }
+ try {
+ saveRequest(request, session);
+ } catch (IOException ioe) {
+ log.debug("Request body too big to save during
authentication");
+ response.sendError(HttpServletResponse.SC_FORBIDDEN,
+ sm.getString("authenticator.requestBodyTooBig"));
return AuthStatus.FAILURE;
}
+ forwardToLoginPage(request, response, config);
+ return AuthStatus.SEND_CONTINUE;
+ }
- // Save the authenticated Principal in our session
- session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal);
+ // Yes -- Acknowledge the request, validate the specified
+ // credentials
+ // and redirect to the error page if they are not correct
+ request.getResponse().sendAcknowledgement();
+ Realm realm = context.getRealm();
+ // TODO fix character encoding
+ // if (characterEncoding != null) {
+ // request.setCharacterEncoding(characterEncoding);
+ // }
+ String username = request.getParameter(Constants.FORM_USERNAME);
+ String password = request.getParameter(Constants.FORM_PASSWORD);
+ if (log.isDebugEnabled()) {
+ log.debug("Authenticating username '" + username + "'");
+ }
+ principal = realm.authenticate(username, password);
+ if (principal == null) {
+ forwardToErrorPage(request, response, config);
+ return AuthStatus.FAILURE;
+ }
- // Save the username and password as well
- session.setNote(Constants.SESS_USERNAME_NOTE, username);
- session.setNote(Constants.SESS_PASSWORD_NOTE, password);
-
- // Redirect the user to the original request URI (which will cause
- // the original request to be restored)
- requestURI = savedRequestURL(session);
- if (log.isDebugEnabled()) {
- log.debug("Redirecting to original '" + requestURI + "'");
- }
- if (requestURI == null) {
- if (landingPage == null) {
- response.sendError(HttpServletResponse.SC_BAD_REQUEST,
- sm.getString("authenticator.formlogin"));
- } else {
- // Make the authenticator think the user originally
- // requested
- // the landing page
- String uri = request.getContextPath() + landingPage;
- SavedRequest saved = new SavedRequest();
- saved.setMethod("GET");
- saved.setRequestURI(uri);
- saved.setDecodedRequestURI(uri);
- session.setNote(Constants.FORM_REQUEST_NOTE, saved);
- response.sendRedirect(response.encodeRedirectURL(uri));
- }
+ if (log.isDebugEnabled()) {
+ log.debug("Authentication of '" + username + "' was successful");
+ }
+
+ if (session == null) {
+ session = request.getSessionInternal(false);
+ }
+ if (session == null) {
+ // if (containerLog.isDebugEnabled()) {
+ // containerLog.debug
+ // ("User took so long to log on the session expired");
+ // }
+ if (landingPage == null) {
+ response.sendError(HttpServletResponse.SC_REQUEST_TIMEOUT,
+ sm.getString("authenticator.sessionExpired"));
} else {
- // Until the Servlet API allows specifying the type of redirect
- // to
- // use.
- Response internalResponse = request.getResponse();
- String location = response.encodeRedirectURL(requestURI);
- if ("HTTP/1.1".equals(request.getProtocol())) {
- internalResponse.sendRedirect(location,
HttpServletResponse.SC_SEE_OTHER);
- } else {
- internalResponse.sendRedirect(location,
HttpServletResponse.SC_FOUND);
- }
+ // Make the authenticator think the user originally
+ // requested
+ // the landing page
+ String uri = request.getContextPath() + landingPage;
+ SavedRequest saved = new SavedRequest();
+ saved.setMethod("GET");
+ saved.setRequestURI(uri);
+ saved.setDecodedRequestURI(uri);
+
request.getSessionInternal(true).setNote(Constants.FORM_REQUEST_NOTE, saved);
+ response.sendRedirect(response.encodeRedirectURL(uri));
}
return AuthStatus.FAILURE;
- } catch (Exception e) {
- throw new AuthException(e.getMessage());
}
+ // Save the authenticated Principal in our session
+ session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal);
+
+ // Save the username and password as well
+ session.setNote(Constants.SESS_USERNAME_NOTE, username);
+ session.setNote(Constants.SESS_PASSWORD_NOTE, password);
+
+ // Redirect the user to the original request URI (which will cause
+ // the original request to be restored)
+ requestURI = savedRequestURL(session);
+ if (log.isDebugEnabled()) {
+ log.debug("Redirecting to original '" + requestURI + "'");
+ }
+ if (requestURI == null) {
+ if (landingPage == null) {
+ response.sendError(HttpServletResponse.SC_BAD_REQUEST,
+ sm.getString("authenticator.formlogin"));
+ } else {
+ // Make the authenticator think the user originally
+ // requested
+ // the landing page
+ String uri = request.getContextPath() + landingPage;
+ SavedRequest saved = new SavedRequest();
+ saved.setMethod("GET");
+ saved.setRequestURI(uri);
+ saved.setDecodedRequestURI(uri);
+ session.setNote(Constants.FORM_REQUEST_NOTE, saved);
+ response.sendRedirect(response.encodeRedirectURL(uri));
+ }
+ } else {
+ // Until the Servlet API allows specifying the type of redirect
+ // to
+ // use.
+ Response internalResponse = request.getResponse();
+ String location = response.encodeRedirectURL(requestURI);
+ if ("HTTP/1.1".equals(request.getProtocol())) {
+ internalResponse.sendRedirect(location,
HttpServletResponse.SC_SEE_OTHER);
+ } else {
+ internalResponse.sendRedirect(location,
HttpServletResponse.SC_FOUND);
+ }
+ }
+ return AuthStatus.FAILURE;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
