Hi Bruno and Kevin,
Another idea would be to store the list of roles in the user principal (a
TomcatUser class extending org.restlet.security.User for example), so that
the Enroler can just pick-up this information and add the Role instances
without a second authentication.
Kevin, I think this could make a nice "org.restlet.ext.tomcat" module in the
JEE edition of the framework. Would you be interested in contributing your
work for Restlet 2.1?
Best regards,
Jerome Louvel
--
Restlet ~ Founder and Technical Lead ~ http://www.restlet.org
Noelios Technologies ~ http://www.noelios.com
-----Message d'origine-----
De : Bruno Harbulot [mailto:[email protected]]
Envoyé : lundi 10 mai 2010 15:40
À : [email protected]
Objet : Re: JAAS and JBoss 5.1
Hi Kevin,
This sounds good.
One of the main reasons to separate the Enroler from the Verifier was to
give the ability to have two sources of information (for example, if
verifying the credentials is done via Kerberos and fetching the roles is
done via LDAP). I don't see using the Enroler as a strict requirement,
though. You could just as well put this into the TomcatVerifier to avoid
to log on another time (you would probably have to override
verify(Request,Response) too).
Best wishes,
Bruno.
On 10/05/10 06:09, kevinpauli wrote:
> My pleasure. I appreciate the elegant design of Restlet that made the
> integration so straightforward.
>
> BTW, since I posted that I also wrote a TomcatEnroler. Unfortunately, as
> far as I could tell the Tomcat security api requires us to reauthenticate
to
> get a hold of the principal again to get his roles.
>
> package org.restlet.ext.tomcat;
>
> import java.util.HashSet;
> import java.util.Set;
>
> import org.apache.catalina.Context;
> import org.apache.catalina.Engine;
> import org.apache.catalina.Host;
> import org.apache.catalina.Realm;
> import org.apache.catalina.Server;
> import org.apache.catalina.ServerFactory;
> import org.apache.catalina.Service;
> import org.apache.catalina.realm.GenericPrincipal;
> import org.restlet.Application;
> import org.restlet.Request;
> import org.restlet.data.ClientInfo;
> import org.restlet.security.Enroler;
> import org.restlet.security.Role;
> import org.restlet.security.User;
>
> public class TomcatEnroler implements Enroler {
>
> private String serviceName;
> private String contextName;
>
> public void setServiceName(String serviceName) {
> this.serviceName = serviceName;
> }
>
> public void setContextName(String contextName) {
> this.contextName = contextName;
> }
>
> @Override
> public void enrole(ClientInfo clientInfo) {
> final Set<Role> userRoles = findRoles(clientInfo.getUser());
>
> for (Role role : userRoles)
> clientInfo.getRoles().add(role);
> }
>
> private Set<Role> findRoles(User user) {
> final String secret = new
> String(Request.getCurrent().getChallengeResponse().getSecret());
>
> final Server server = ServerFactory.getServer();
> final Service service = server.findService(serviceName);
> final Engine engine = (Engine) service.getContainer();
> final Host host = (Host) engine.findChild(engine.getDefaultHost());
> final Context context = (Context) host.findChild(contextName);
> final Realm realm = context.getRealm();
> final GenericPrincipal principal = (GenericPrincipal)
> realm.authenticate(identifier, secret);
>
> final Application application = Application.getCurrent();
> final Set<Role> result = new HashSet<Role>();
> for (String roleName : principal.getRoles()) {
> final Role role = application.getRole(roleName);
> if (role != null)
> result.add(role);
> }
>
> return result;
> }
> }
>
------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=26068
36
------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2617243
