jetspeed-common...

ate Tue, 16 Sep 2008 14:07:12 -0700

Author: ate
Date: Tue Sep 16 14:06:19 2008
New Revision: 696058

URL: http://svn.apache.org/viewvc?rev=696058&view=rev
Log:
Fixing age old JS2-238: Subject object is abandoned after the JAAS 
authentication, *on Tomcat* at least.
I discovered that Tomcat JAASRealm implementation actually will take use the 
Jetspeed provided user principal for request.getUserPrincipal().
As we already provide the UserSubjectPrincipal wrapper, getting hold of the 
Jetspeed provided subject is easy and so doesn't need to be loaded/created 
twice (on Tomcat).


Added:
    
portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-commons/src/main/java/org/apache/jetspeed/security/UserSubjectPrincipalImpl.java
   (with props)
Modified:
    
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-portal/src/main/java/org/apache/jetspeed/security/impl/SecurityValveImpl.java
    
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/DefaultLoginModule.java
    
portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-commons/src/main/java/org/apache/jetspeed/security/JetspeedSubjectFactory.java
    
portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-portal-resources/src/main/resources/conf/tomcat/context.xml

Modified: 
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-portal/src/main/java/org/apache/jetspeed/security/impl/SecurityValveImpl.java
URL: 
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-portal/src/main/java/org/apache/jetspeed/security/impl/SecurityValveImpl.java?rev=696058&r1=696057&r2=696058&view=diff
==============================================================================
--- 
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-portal/src/main/java/org/apache/jetspeed/security/impl/SecurityValveImpl.java
 (original)
+++ 
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-portal/src/main/java/org/apache/jetspeed/security/impl/SecurityValveImpl.java
 Tue Sep 16 14:06:19 2008
@@ -16,10 +16,7 @@
  */
 package org.apache.jetspeed.security.impl;
 
-import java.lang.reflect.Method;
 import java.security.Principal;
-import java.util.HashSet;
-import java.util.Set;
 
 import javax.security.auth.Subject;
 
@@ -51,7 +48,6 @@
     
     private UserManager userMgr;
     private PortalStatistics statistics;
-    private boolean resolveTomcatPrincipalFailed;
 
     public SecurityValveImpl(Profiler profiler, UserManager userMgr, 
PortalStatistics statistics, 
                             PortalAuthenticationConfiguration 
authenticationConfiguration)
@@ -181,25 +177,6 @@
     
     protected Subject resolveSubjectFromContainerPrincipal(RequestContext 
request, Principal userPrincipal)
     {
-        // default handling for Tomcat Realm 
-        if (!resolveTomcatPrincipalFailed && 
userPrincipal.getClass().getName().equals("org.apache.catalina.realm.GenericPrincipal"))
-        {
-            try
-            {
-                Method m = 
userPrincipal.getClass().getMethod("getUserPrincipal", (Class[])null);
-                Principal p = (Principal)m.invoke(userPrincipal, 
(Object[])null);
-                if (p != null && p instanceof UserSubjectPrincipal)
-                {
-                    return ((UserSubjectPrincipal)p).getSubject();
-                }
-            }
-            catch (Exception e)
-            {                
-                // ignore 
-            }
-            // don't try again
-            resolveTomcatPrincipalFailed = true;
-        }
         return null;
     }
 }

Modified: 
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/DefaultLoginModule.java
URL: 
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/DefaultLoginModule.java?rev=696058&r1=696057&r2=696058&view=diff
==============================================================================
--- 
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/DefaultLoginModule.java
 (original)
+++ 
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/DefaultLoginModule.java
 Tue Sep 16 14:06:19 2008
@@ -38,6 +38,7 @@
 import org.apache.jetspeed.security.User;
 import org.apache.jetspeed.security.UserManager;
 import org.apache.jetspeed.security.AuthenticationProvider;
+import org.apache.jetspeed.security.UserSubjectPrincipal;
 
 /**
  * <p>LoginModule implementation that authenticates a user
@@ -178,7 +179,7 @@
                 // TODO We should get the user profile here and had it in 
cache so that we do not have to retrieve it again.
                 // TODO Ideally the User should be available from the session. 
 Need discussion around this.
                 refreshProxy();
-                commitSubject(subject, user.getUser(), 
SecurityHelper.getPrincipals(ums.getSubject(user), Role.class));
+                commitSubject(subject, ums.getSubject(user), user);
 
                 username = null;
                 user = null;
@@ -297,12 +298,13 @@
      * @param subject
      * @param user
      */
-    protected void commitSubject(Subject containerSubject, User user, 
List<Principal> rolePrincipals)
+    protected void commitSubject(Subject containerSubject, Subject 
jetspeedSubject, AuthenticatedUser user)
     {
         // add user specific portal user name and roles
-        subject.getPrincipals().add(user);
+        Principal userSubjectPrincipal = 
SecurityHelper.getPrincipal(jetspeedSubject, UserSubjectPrincipal.class);
+        subject.getPrincipals().add(userSubjectPrincipal);
         boolean hasPortalUserRole = false;
-        for (Principal role : rolePrincipals)
+        for (Principal role : SecurityHelper.getPrincipals(jetspeedSubject, 
Role.class))
         {
             subject.getPrincipals().add(role);
             if (role.getName().equals(portalUserRole))

Modified: 
portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-commons/src/main/java/org/apache/jetspeed/security/JetspeedSubjectFactory.java
URL: 
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-commons/src/main/java/org/apache/jetspeed/security/JetspeedSubjectFactory.java?rev=696058&r1=696057&r2=696058&view=diff
==============================================================================
--- 
portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-commons/src/main/java/org/apache/jetspeed/security/JetspeedSubjectFactory.java
 (original)
+++ 
portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-commons/src/main/java/org/apache/jetspeed/security/JetspeedSubjectFactory.java
 Tue Sep 16 14:06:19 2008
@@ -24,53 +24,23 @@
 
 import javax.security.auth.Subject;
 
-
 /**
  * @version $Id$
  *
  */
 public class JetspeedSubjectFactory
 {
-    private static class JetspeedUserSubjectPrincipal implements 
UserSubjectPrincipal
-    {
-        private static final long serialVersionUID = -2269455453318109892L;
-        private final User user;
-        private Subject subject;
-        
-        public JetspeedUserSubjectPrincipal(User user)
-        {
-            this.user = user;
-        }
-        public String getName()
-        {
-            return user.getName();
-        }
-        public User getUser()
-        {
-            return user;
-        }
-        public Subject getSubject()
-        {
-            return subject;
-        }
-        
-        public void setSubject(Subject subject)
-        {
-            this.subject = subject;
-        }
-    }
-    
     public static Subject createSubject(AuthenticatedUser user, Set<Principal> 
principals)
     {
         return createSubject(user.getUser(), user.getPublicCredentials(), 
user.getPrivateCredentials(), principals);
     }
     
-    public static Subject createSubject(User user, Set<Object> 
privateCredentials, Set<Object> publicCredentials, Set<Principal> principals)
+    public static Subject createSubject(User user, Set<Object> 
publicCredentials, Set<Object> privateCredentials, Set<Principal> principals)
     {
-        JetspeedUserSubjectPrincipal userPrincipal = new 
JetspeedUserSubjectPrincipal(user);
+        UserSubjectPrincipalImpl userPrincipal = new 
UserSubjectPrincipalImpl(user);
         Set<Principal> subjectPrincipals = principals == null || 
principals.isEmpty() ? new HashSet<Principal>() : new PrincipalsSet();
-        subjectPrincipals.add(user);
         subjectPrincipals.add(userPrincipal);
+        subjectPrincipals.add(user);
         if (principals != null)
         {
             subjectPrincipals.addAll(principals);

Added: 
portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-commons/src/main/java/org/apache/jetspeed/security/UserSubjectPrincipalImpl.java
URL: 
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-commons/src/main/java/org/apache/jetspeed/security/UserSubjectPrincipalImpl.java?rev=696058&view=auto
==============================================================================
--- 
portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-commons/src/main/java/org/apache/jetspeed/security/UserSubjectPrincipalImpl.java
 (added)
+++ 
portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-commons/src/main/java/org/apache/jetspeed/security/UserSubjectPrincipalImpl.java
 Tue Sep 16 14:06:19 2008
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.jetspeed.security;
+
+import javax.security.auth.Subject;
+
+/**
+ * @version $Id$
+ *
+ */
+public class UserSubjectPrincipalImpl implements UserSubjectPrincipal
+{
+    private static final long serialVersionUID = -2269455453318109892L;
+    private final User user;
+    private Subject subject;
+    
+    public UserSubjectPrincipalImpl(User user)
+    {
+        this.user = user;
+    }
+    public String getName()
+    {
+        return user.getName();
+    }
+    public User getUser()
+    {
+        return user;
+    }
+    public Subject getSubject()
+    {
+        return subject;
+    }
+    
+    public void setSubject(Subject subject)
+    {
+        this.subject = subject;
+    }
+}
\ No newline at end of file

Propchange: 
portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-commons/src/main/java/org/apache/jetspeed/security/UserSubjectPrincipalImpl.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: 
portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-commons/src/main/java/org/apache/jetspeed/security/UserSubjectPrincipalImpl.java
------------------------------------------------------------------------------
    svn:keywords = Id

Propchange: 
portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-commons/src/main/java/org/apache/jetspeed/security/UserSubjectPrincipalImpl.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: 
portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-portal-resources/src/main/resources/conf/tomcat/context.xml
URL: 
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-portal-resources/src/main/resources/conf/tomcat/context.xml?rev=696058&r1=696057&r2=696058&view=diff
==============================================================================
--- 
portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-portal-resources/src/main/resources/conf/tomcat/context.xml
 (original)
+++ 
portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-portal-resources/src/main/resources/conf/tomcat/context.xml
 Tue Sep 16 14:06:19 2008
@@ -19,7 +19,7 @@
 
   <Realm className="org.apache.catalina.realm.JAASRealm"
          appName="Jetspeed"
-         
userClassNames="org.apache.jetspeed.security.impl.UserImpl,org.apache.jetspeed.security.impl.TransientUser,org.apache.jetspeed.security.impl.UserSubjectPrincipalImpl"
+         
userClassNames="org.apache.jetspeed.security.impl.UserImpl,org.apache.jetspeed.security.impl.TransientUser,org.apache.jetspeed.security.UserSubjectPrincipalImpl"
          
roleClassNames="org.apache.jetspeed.security.impl.RoleImpl,org.apache.jetspeed.security.impl.TransientRole"
          useContextClassLoader="true"
          debug="0"/>



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r696058 - in /portals/jetspeed-2/portal/branches/security-refactoring: components/jetspeed-portal/src/main/java/org/apache/jetspeed/security/impl/ components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/ jetspeed-common...

Reply via email to