Re: JAAS and JBoss 5.1

Mon, 10 May 2010 06:40:23 -0700 

Hi Kevin,

This sounds good.
One of the main reasons to separate the Enroler from the Verifier was to 
give the ability to have two sources of information (for example, if 
verifying the credentials is done via Kerberos and fetching the roles is 
done via LDAP). I don't see using the Enroler as a strict requirement, 
though. You could just as well put this into the TomcatVerifier to avoid 
to log on another time (you would probably have to override 
verify(Request,Response) too).

Best wishes,

Bruno.

On 10/05/10 06:09, kevinpauli wrote:
> My pleasure.  I appreciate the elegant design of Restlet that made the
> integration so straightforward.
>
> BTW, since I posted that I also wrote a TomcatEnroler.  Unfortunately, as
> far as I could tell the Tomcat security api requires us to reauthenticate to
> get a hold of the principal again to get his roles.
>
> package org.restlet.ext.tomcat;
>
> import java.util.HashSet;
> import java.util.Set;
>
> import org.apache.catalina.Context;
> import org.apache.catalina.Engine;
> import org.apache.catalina.Host;
> import org.apache.catalina.Realm;
> import org.apache.catalina.Server;
> import org.apache.catalina.ServerFactory;
> import org.apache.catalina.Service;
> import org.apache.catalina.realm.GenericPrincipal;
> import org.restlet.Application;
> import org.restlet.Request;
> import org.restlet.data.ClientInfo;
> import org.restlet.security.Enroler;
> import org.restlet.security.Role;
> import org.restlet.security.User;
>
> public class TomcatEnroler implements Enroler {
>
>    private String serviceName;
>    private String contextName;
>
>    public void setServiceName(String serviceName) {
>      this.serviceName = serviceName;
>    }
>
>    public void setContextName(String contextName) {
>      this.contextName = contextName;
>    }
>
>    @Override
>    public void enrole(ClientInfo clientInfo) {
>      final Set<Role>  userRoles = findRoles(clientInfo.getUser());
>
>      for (Role role : userRoles)
>        clientInfo.getRoles().add(role);
>    }
>
>    private Set<Role>  findRoles(User user) {
>      final String secret = new
> String(Request.getCurrent().getChallengeResponse().getSecret());
>
>      final Server server = ServerFactory.getServer();
>      final Service service = server.findService(serviceName);
>      final Engine engine = (Engine) service.getContainer();
>      final Host host = (Host) engine.findChild(engine.getDefaultHost());
>      final Context context = (Context) host.findChild(contextName);
>      final Realm realm = context.getRealm();
>      final GenericPrincipal principal = (GenericPrincipal)
> realm.authenticate(identifier, secret);
>
>      final Application application = Application.getCurrent();
>      final Set<Role>  result = new HashSet<Role>();
>      for (String roleName : principal.getRoles()) {
>        final Role role = application.getRole(roleName);
>        if (role != null)
>          result.add(role);
>      }
>
>      return result;
>    }
> }
>

------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2606836

Reply via email to