[JBoss-dev] CVS update: contrib/tomcat/src/main/org/jboss/tomcat/security JBossSecurityMgrRealm.java

[starksm]

  User: starksm 
  Date: 01/06/21 22:37:52

  Modified:    tomcat/src/main/org/jboss/tomcat/security
                        JBossSecurityMgrRealm.java
  Log:
  Merged changes from the 2.2 branch
  
  Revision  Changes    Path
  1.4       +28 -29    
contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java
  
  Index: JBossSecurityMgrRealm.java
  ===================================================================
  RCS file: 
/cvsroot/jboss/contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- JBossSecurityMgrRealm.java        2001/06/12 20:02:31     1.3
  +++ JBossSecurityMgrRealm.java        2001/06/22 05:37:52     1.4
  @@ -9,10 +9,10 @@
   import javax.naming.InitialContext;
   import javax.naming.NamingException;
   import javax.security.auth.Subject;
  -import javax.servlet.http.HttpServletResponse;
   
   import org.apache.log4j.Category;
   import org.apache.tomcat.core.BaseInterceptor;
  +import org.apache.tomcat.core.TomcatException;
   import org.apache.tomcat.core.Request;
   import org.apache.tomcat.core.Response;
   import org.apache.tomcat.util.SecurityTools;
  @@ -37,13 +37,13 @@
   @see org.jboss.security.SubjectSecurityManager
   
   @author [EMAIL PROTECTED]
  -@version $Revision: 1.3 $
  +@version $Revision: 1.4 $
   */
   public class JBossSecurityMgrRealm extends BaseInterceptor
   {
       static Category category = 
Category.getInstance(JBossSecurityMgrRealm.class.getName());
  -    public String subjectAttributeName = "j_subject";
  -    public boolean useJAAS = false;
  +    private String subjectAttributeName = "j_subject";
  +    private boolean useJAAS = false;
   
       /** A flag to indicate if the security manager implements the 
SubjectSecurityManager
        rather than EJBSecurityManager. When true, the authenticated Subject is 
obtained
  @@ -62,16 +62,32 @@
           this.subjectAttributeName = subjectAttributeName;
       }
   
  -     public int authenticate(Request request, Response response)
  +    private Context getSecurityContext()
       {
  +        Context securityCtx = null;
  +        // Get the JBoss security manager from the ENC context
  +        try
  +        {
  +            InitialContext iniCtx = new InitialContext();
  +            securityCtx = (Context) iniCtx.lookup("java:comp/env/security");
  +        }
  +        catch(NamingException e)
  +        {
  +            // Apparently there is no security context?
  +        }
  +        return securityCtx;
  +    }
  +
  +    public int authenticate(Request request, Response response)
  +    {
           /* Get the username credentials from the request. We dont check
               that they are null as the security domain may consider this
               a valid indication of an unauthenticated user requesting
               anonymous access.
           */
  -             Hashtable credentialMap = new Hashtable();
  -             SecurityTools.credentials(request, credentialMap);
  -             String username = (String) credentialMap.get("username");
  +        Hashtable credentialMap = new Hashtable();
  +        SecurityTools.credentials(request, credentialMap);
  +        String username = (String) credentialMap.get("username");
           String password = (String) credentialMap.get("password");
   
           // If we don't have a security context security is not required
  @@ -144,7 +160,7 @@
   
           String username = request.getRemoteUser(); 
           if( username == null )
  -            return HttpServletResponse.SC_UNAUTHORIZED;
  +            return 401;
   
           /* Make sure the thread context class loader it set ot the servlet
               class loader. The Jdk12Interceptor should be handling this but
  @@ -164,7 +180,6 @@
           {
               if( scl != cl )
                   Thread.currentThread().setContextClassLoader(scl);
  -
               boolean userHasRole = false;
               Set requiredRoles = new HashSet(Arrays.asList(roles));
               // Get the JBoss security manager from the ENC context
  @@ -177,7 +192,7 @@
               }
               else
               {
  -                category.warn("no security context available");
  +                category.warn("Warning: no security context available");
               }
   
               if( userHasRole )
  @@ -190,13 +205,13 @@
               else
               {
                   category.debug("User: "+username+" is NOT authorized, 
requiredRoles="+requiredRoles);
  -                code = HttpServletResponse.SC_FORBIDDEN;
  +                code = 401;
               }
           }
           catch(NamingException e)
           {
               category.error("Error during authorize", e);
  -            code = HttpServletResponse.SC_UNAUTHORIZED;
  +            code = 401;
           }
           finally
           {
  @@ -205,22 +220,6 @@
           }
        
           return code;
  -    }
  -
  -    private Context getSecurityContext()
  -    {
  -        Context securityCtx = null;
  -        // Get the JBoss security manager from the ENC context
  -        try
  -        {
  -            InitialContext iniCtx = new InitialContext();
  -            securityCtx = (Context) iniCtx.lookup("java:comp/env/security");
  -        }
  -        catch(NamingException e)
  -        {
  -            // Apparently there is no security context?
  -        }
  -        return securityCtx;
       }
   
   }
  
  
  

_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-development