jford 2004/08/11 19:56:35
Modified: src/java/org/apache/jetspeed/modules/actions
JAASSessionValidator.java
Log:
JAAS implementation. Tested against Tomcat Memory Realm using Basic authentication
Revision Changes Path
1.2 +158 -11
jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/JAASSessionValidator.java
Index: JAASSessionValidator.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/JAASSessionValidator.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- JAASSessionValidator.java 12 Aug 2004 00:33:01 -0000 1.1
+++ JAASSessionValidator.java 12 Aug 2004 02:56:35 -0000 1.2
@@ -15,11 +15,20 @@
*/
package org.apache.jetspeed.modules.actions;
-import java.security.Principal;
+import java.util.Locale;
import org.apache.jetspeed.om.security.JetspeedUser;
+import org.apache.jetspeed.services.JetspeedSecurity;
+import org.apache.jetspeed.services.customlocalization.CustomLocalizationService;
import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
import org.apache.jetspeed.services.logging.JetspeedLogger;
+import org.apache.jetspeed.services.rundata.JetspeedRunData;
+import org.apache.jetspeed.services.security.JetspeedSecurityCache;
+import org.apache.jetspeed.services.security.LoginException;
+import org.apache.jetspeed.services.security.UnknownUserException;
+import org.apache.jetspeed.util.ServiceUtil;
+import org.apache.turbine.services.localization.LocalizationService;
+import org.apache.turbine.services.resources.TurbineResources;
import org.apache.turbine.util.RunData;
@@ -27,34 +36,172 @@
* JAAS Session validator populates the Jetspeed User via the
servlet.getUserPrincipal() call
* When using this session validator, Authentication is delegated to the
Application Server.
* Recommend disabling all user login functionality via Jetspeed, and using your
web.xml
- * to protect access to all Jetspeed resources:
+ * to protect access to all Jetspeed resources (place after resource-ref or
welcome-file-list:
*
- * <security-constraints>
- * <resources>
- * <url>/*</url>
- * </resources>
+ * <security-constraint>
+ * <display-name>Jetspeed Security</display-name>
+ * <web-resource-collection>
+ * <web-resource-name>Protected Area</web-resource-name>
+ * <!-- Define the context-relative URL(s) to be protected -->
+ * <url-pattern>/*</url-pattern>
+ *
+ * <!-- If you list http methods, only those methods are protected -->
+ * <http-method>DELETE</http-method>
+ * <http-method>GET</http-method>
+ * <http-method>POST</http-method>
+ * <http-method>PUT</http-method>
+ * </web-resource-collection>
+ * <auth-constraint>
+ * <!-- Anyone with one of the listed roles may access this area -->
+ * <role-name>user</role-name>
+ * <role-name>admin</role-name>
+ * </auth-constraint>
+ *
+ * <!--
+ * <user-data-constraint>
+ * <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+ * </user-data-constraint>
+ * -->
* </security-constraint>
*
+ * <login-config>
+ * <auth-method>BASIC</auth-method>
+ * <realm-name>Jetspeed BASIC Authentication</realm-name>
+ * </login-config>
+ *
+ * <!-- Default login configuration uses form-based authentication -->
+ * <!--
+ * <login-config>
+ * <auth-method>FORM</auth-method>
+ * <realm-name>Example Form-Based Authentication Area</realm-name>
+ * <form-login-config>
+ * <form-login-page>/jsp/security/protected/login.jsp</form-login-page>
+ * <form-error-page>/jsp/security/protected/error.jsp</form-error-page>
+ * </form-login-config>
+ * </login-config>
+ * -->
+ *
+ * <!-- Security roles referenced by this web application -->
+ * <security-role>
+ * <role-name>admin</role-name>
+ * </security-role>
+ * <security-role>
+ * <role-name>user</role-name>
+ * </security-role>
+ * <security-role>
+ * <role-name>guest</role-name>
+ * </security-role>
+ *
+ * Place the following the the servlet element where the Turbine servlet is defined:
+ *
+ * <security-role-ref>
+ * <role-name>user</role-name> <!--passed to isUserInRole()-->
+ * <role-link>user</role-link> <!--Jetspeed role name-->
+ * </security-role-ref>
+ *
+ * <security-role-ref>
+ * <role-name>admin</role-name>
+ * <role-link>admin</role-link>
+ * </security-role-ref>
+ *
+ * <security-role-ref>
+ * <role-name>guest</role-name>
+ * <role-link>guest</role-link>
+ * </security-role-ref>
+ *
+ *
* @author <a href="mailto:[EMAIL PROTECTED]">David Sean Taylor </a>
* @version $Id$
*/
public class JAASSessionValidator extends TemplateSessionValidator
{
- private static final JetspeedLogger log =
JetspeedLogFactoryService.getLogger(JAASSessionValidator.class.getName());
+ private static final JetspeedLogger logger =
JetspeedLogFactoryService.getLogger(JAASSessionValidator.class.getName());
public void doPerform(RunData data) throws Exception
{
super.doPerform(data);
- Principal principal = data.getRequest().getUserPrincipal();
- // TODO: make sure logged user is same as principal
JetspeedUser user = (JetspeedUser) data.getUser();
if (!user.hasLoggedIn())
{
+ String userName = data.getRequest().getRemoteUser();
+ //Principal principal = data.getRequest().getUserPrincipal();
+
+ if(userName != null && userName.length() > 0)
+ {
+ try
+ {
+ user = JetspeedSecurity.getUser(userName);
+ data.setUser(user);
+ user.setHasLoggedIn(Boolean.TRUE);
+ user.updateLastLogin();
+ data.save();
+ if (JetspeedSecurityCache.getAcl(userName) == null)
+ {
+ JetspeedSecurityCache.load(userName);
+ }
+ logger.info("JAASSessionValidator: automatic login using [" +
userName + "]");
+ }
+ catch (LoginException noSuchUser)
+ {
+ //user not found - ignore it - they will not be logged in
automatically
+ }
+ catch (UnknownUserException unknownUser)
+ {
+ //user not found - ignore it - they will not be logged in
automatically
+ if (logger.isWarnEnabled())
+ {
+ logger.warn("JAASSessionValidator: username [" + userName +
"] does not exist or authentication failed, "
+ + "redirecting to anon profile");
+ }
+ }
+ }
}
- }
+ /*
+ * This was copied straight from NTLM. Could refactor this...
+ */
+ // now, define Jetspeed specific properties, using the customized
+ // RunData properties
+ JetspeedRunData jdata = null;
+ try
+ {
+ jdata = (JetspeedRunData) data;
+ }
+ catch (ClassCastException e)
+ {
+ logger.error("The RunData object does not implement the expected
interface, "
+ + "please verify the RunData factory settings");
+ return;
+ }
+ String language = (String) data.getRequest().getParameter("js_language");
+
+ if (null != language)
+ {
+ user.setPerm("language", language);
+ }
+
+ // Get the locale store it in the user object
+ CustomLocalizationService locService =
+ (CustomLocalizationService)
ServiceUtil.getServiceByName(LocalizationService.SERVICE_NAME);
+ Locale locale = locService.getLocale(data);
+ if (locale == null)
+ {
+ locale = new
Locale(TurbineResources.getString("locale.default.language", "en"),
+
TurbineResources.getString("locale.default.country", "US"));
+ }
+
+ data.getUser().setTemp("locale", locale);
+
+ // if a portlet is referenced in the parameters request, store it
+ // in the RunData object
+ String paramPortlet = jdata.getParameters().getString("js_peid");
+ if (paramPortlet != null && paramPortlet.length() > 0)
+ {
+ jdata.setJs_peid(paramPortlet);
+ }
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
