User: starksm
Date: 01/09/14 10:55:08
Modified: tomcat/src/main/org/jboss/tomcat/security Tag: Branch_2_4
JBossSecurityMgrRealm.java
Log:
Need to restore setting of servlet class loader before calling
getSecurityContext because the tomcat class loader getParent does not
return the true parent class loader
Change debug level msgs to trace level msgs
Clear the AuthInfo thread local when the entering thread service
method exits
Revision Changes Path
No revision
No revision
1.4.2.8 +61 -30
contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java
Index: JBossSecurityMgrRealm.java
===================================================================
RCS file:
/cvsroot/jboss/contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java,v
retrieving revision 1.4.2.7
retrieving revision 1.4.2.8
diff -u -r1.4.2.7 -r1.4.2.8
--- JBossSecurityMgrRealm.java 2001/09/03 22:46:09 1.4.2.7
+++ JBossSecurityMgrRealm.java 2001/09/14 17:55:08 1.4.2.8
@@ -17,6 +17,7 @@
import org.apache.tomcat.core.Response;
import org.apache.tomcat.util.SecurityTools;
+import org.jboss.logging.log4j.JBossCategory;
import org.jboss.security.EJBSecurityManager;
import org.jboss.security.RealmMapping;
import org.jboss.security.SimplePrincipal;
@@ -37,11 +38,11 @@
@see org.jboss.security.SubjectSecurityManager
@author [EMAIL PROTECTED]
- @version $Revision: 1.4.2.7 $
+ @version $Revision: 1.4.2.8 $
*/
public class JBossSecurityMgrRealm extends BaseInterceptor
{
- private static Category category =
Category.getInstance(JBossSecurityMgrRealm.class);
+ private static JBossCategory category = (JBossCategory)
JBossCategory.getInstance(JBossSecurityMgrRealm.class);
private static ThreadLocal authInfo = new ThreadLocal();
private String subjectAttributeName = "j_subject";
private boolean useJAAS = false;
@@ -98,20 +99,25 @@
*/
ClassLoader cl = Thread.currentThread().getContextClassLoader();
ClassLoader scl = request.getContext().getServletLoader().getClassLoader();
- if( category.isDebugEnabled() )
+ boolean trace = category.isTraceEnabled();
+ if( trace )
{
- category.debug("Authenticating access, username: " + username + " "
+request);
- category.debug("ClassLoader: "+cl.toString()+':'+cl.hashCode());
- category.debug("Servlet ClassLoader: "+scl.toString()+':'+scl.hashCode());
+ category.trace("Authenticating access, username: " + username + " "
+request);
+ category.trace("ClassLoader: "+cl.toString()+':'+cl.hashCode());
+ category.trace("Servlet ClassLoader: "+scl.toString()+':'+scl.hashCode());
}
// If we don't have a security context security is not required
+ if( scl != cl )
+ Thread.currentThread().setContextClassLoader(scl);
Context securityCtx = getSecurityContext();
if( securityCtx == null )
{
+ if( trace )
+ category.trace("No SecurityContext, returning 0");
return 0;
}
-
+
try
{
// Get the JBoss security manager from the ENC context
@@ -127,7 +133,8 @@
org.apache.tomcat.core.Context ctx = request.getContext();
if (ctx != null)
request.setAuthType(ctx.getAuthMethod());
- category.debug("Username: "+username+" is authenticated");
+ if( trace )
+ category.trace("Username: "+username+" is authenticated");
SecurityAssociation.setPrincipal(principal);
SecurityAssociation.setCredential(passwordChars);
authInfo.set(new AuthInfo(principal, passwordChars));
@@ -140,19 +147,22 @@
}
else
{
- category.debug("User: "+username+" is NOT authenticated");
+ if( trace )
+ category.trace("User: "+username+" is NOT authenticated");
}
}
catch(NamingException e)
{
category.error("Error during authenticate", e);
}
- finally
+ finally
{
+ if( scl != cl )
+ Thread.currentThread().setContextClassLoader(cl);
}
return 0;
}
-
+
public int authorize(Request request, Response response, String roles[])
{
if( roles==null || roles.length==0 )
@@ -172,15 +182,18 @@
*/
ClassLoader cl = Thread.currentThread().getContextClassLoader();
ClassLoader scl = request.getContext().getServletLoader().getClassLoader();
- if( category.isDebugEnabled() )
+ boolean trace = category.isTraceEnabled();
+ if( trace )
{
- category.debug("Authorizing access, username: " + username + " " +request);
- category.debug("ClassLoader: "+cl.toString()+':'+cl.hashCode());
- category.debug("Servlet ClassLoader: "+scl.toString()+':'+scl.hashCode());
+ category.trace("Authenticating access, username: " + username + " "
+request);
+ category.trace("ClassLoader: "+cl.toString()+':'+cl.hashCode());
+ category.trace("Servlet ClassLoader: "+scl.toString()+':'+scl.hashCode());
}
int code = 0;
try
{
+ if( scl != cl )
+ Thread.currentThread().setContextClassLoader(scl);
boolean userHasRole = false;
Set requiredRoles = new HashSet();
for(int r = 0; r < roles.length; r ++)
@@ -201,14 +214,15 @@
if( userHasRole )
{
// Need to get roles from the security mgr. Needs updated interface...
- String userRoles[] =
- {};
+ String userRoles[] = {};
request.setUserRoles( userRoles );
- category.debug("User: "+username+" is authorized");
+ if( trace )
+ category.trace("User: "+username+" is authorized");
}
else
{
- category.debug("User: "+username+" is NOT authorized,
requiredRoles="+requiredRoles);
+ if( trace )
+ category.trace("User: "+username+" is NOT authorized,
requiredRoles="+requiredRoles);
code = 401;
}
}
@@ -219,12 +233,15 @@
}
finally
{
+ if( scl != cl )
+ Thread.currentThread().setContextClassLoader(cl);
}
-
+
return code;
}
- /**
+ /** Set any security association that has been cleared due to the inclusion of
+ nested content.
*/
public int preService(Request request, Response response)
{
@@ -233,41 +250,55 @@
{
SecurityAssociation.setPrincipal(info.principal);
SecurityAssociation.setCredential(info.passwordChars);
+ info.depth ++;
}
-
- if( category.isDebugEnabled() )
+
+ if( category.isTraceEnabled() )
{
Principal p = SecurityAssociation.getPrincipal();
- category.debug("preService, user="+request.getRemoteUser()+",
SA.principal="+p+", request=" +request);
+ category.trace("preService, auth="+info+", SA.principal="+p+", request="
+request);
}
return 0;
}
/** Called after service method ends. We clear any SecurityAssociation that
- may have been set.
+ may have been set on this thread.
*/
public int postService(Request request, Response response)
{
- if( category.isDebugEnabled() )
+ AuthInfo info = (AuthInfo) authInfo.get();
+ if( category.isTraceEnabled() )
{
Principal p = SecurityAssociation.getPrincipal();
- category.debug("postService, user="+request.getRemoteUser()+",
SA.principal="+p+", request=" +request);
+ category.trace("postService, auth="+info+", SA.principal="+p+", request="
+request);
}
SecurityAssociation.setPrincipal(null);
SecurityAssociation.setCredential(null);
+ if( info != null )
+ {
+ info.depth --;
+ if( info.depth <= 0 )
+ authInfo.set(null);
+ }
return 0;
}
-
+
private static class AuthInfo
{
Principal principal;
char[] passwordChars;
-
+ int depth;
+
AuthInfo(Principal principal, char[] passwordChars)
{
this.principal = principal;
this.passwordChars = passwordChars;
+ this.depth = 0;
+ }
+ public String toString()
+ {
+ return "{user="+principal+",depth="+depth+"}";
}
}
-
+
}
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development
