Author: ajaquith
Date: Wed Aug 6 20:25:22 2008
New Revision: 683490
URL: http://svn.apache.org/viewvc?rev=683490&view=rev
Log:
JSPWIKI-316: fixed SecurityConfig.jsp so that it compiles, and added some
sensible checks for the new JAAS scheme.
Modified:
incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/auth/SecurityVerifier.java
Modified:
incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/auth/SecurityVerifier.java
URL:
http://svn.apache.org/viewvc/incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/auth/SecurityVerifier.java?rev=683490&r1=683489&r2=683490&view=diff
==============================================================================
--- incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/auth/SecurityVerifier.java
(original)
+++ incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/auth/SecurityVerifier.java
Wed Aug 6 20:25:22 2008
@@ -30,6 +30,7 @@
import java.util.Set;
import javax.security.auth.Subject;
+import javax.security.auth.spi.LoginModule;
import org.apache.commons.lang.ArrayUtils;
import org.apache.log4j.Logger;
@@ -583,11 +584,10 @@
}
/**
- * Verfies the JAAS configuration. The configuration is valid if value of
- * the system property <code>java.security.auth.login.config</code>
- * resolves to an existing file, and we can find the JAAS login
- * configurations for <code>JSPWiki-container</code> and
- * <code>JSPWiki-custom</code>.
+ * Verfies the JAAS configuration. The configuration is valid if value of
the
+ * <code>jspwiki.properties<code> property
+ * [EMAIL PROTECTED]
com.ecyrd.jspwiki.auth.AuthenticationManager#PROP_LOGIN_MODULE}
+ * resolves to a valid class on the classpath.
*/
protected final void verifyJaas()
{
@@ -596,13 +596,49 @@
if ( !authMgr.isJAASAuthorized() )
{
m_session.addMessage( ERROR_JAAS, "JSPWiki's JAAS-based
authentication " +
- "and authorization system is turned off (your
<code>jspwiki.properties</code> " +
+ "and authorization system is turned off (your
jspwiki.properties file " +
"contains the setting 'jspwiki.security = container'. This
" +
"setting disables authorization checks and is meant for
testing " +
"and troubleshooting only. The test results on this page
will not " +
"be reliable as a result. You should set this to 'jaas' " +
"so that security works properly." );
}
+
+ // Verify that the specified JAAS moduie corresponds to a class we can
load successfully.
+ String jaasClass = m_engine.getWikiProperties().getProperty(
AuthenticationManager.PROP_LOGIN_MODULE );
+ if ( jaasClass == null || jaasClass.length() == 0 )
+ {
+ m_session.addMessage( ERROR_JAAS, "The value of the '" +
AuthenticationManager.PROP_LOGIN_MODULE +
+ "' property was null or blank. This is a fatal error. This
value should be set to a valid LoginModule implementation " +
+ "on the classpath." );
+ return;
+ }
+
+ // See if we can find the LoginModule on the classpath
+ Class c = null;
+ try
+ {
+ m_session.addMessage( INFO_JAAS, "The property '" +
AuthenticationManager.PROP_LOGIN_MODULE +
+ "' specified the class '" + jaasClass + ".'"
);
+ c = Class.forName( jaasClass );
+ }
+ catch( ClassNotFoundException e )
+ {
+ m_session.addMessage( ERROR_JAAS, "We could not find the the class
'" + jaasClass + "' on the " +
+ "classpath. This is fatal error." );
+ }
+
+ // Is the specified class actually a LoginModule?
+ if ( LoginModule.class.isAssignableFrom( c ) )
+ {
+ m_session.addMessage( INFO_JAAS, "We found the the class '" +
jaasClass + "' on the " +
+ "classpath, and it is a LoginModule implementation. Good!"
);
+ }
+ else
+ {
+ m_session.addMessage( ERROR_JAAS, "We found the the class '" +
jaasClass + "' on the " +
+ "classpath, but it does not seem to be LoginModule implementation!
This is fatal error." );
+ }
}
/**
@@ -697,8 +733,9 @@
KeyStore ks = policy.getKeyStore();
if ( ks == null )
{
- m_session.addMessage( ERROR_POLICY,
- "Policy file does not have a keystore... at least not one
that we can locate." );
+ m_session.addMessage( WARNING_POLICY,
+ "Policy file does not have a keystore... at least not one
that we can locate. If your policy file " +
+ "does not contain any 'signedBy' blocks, this is probably
ok." );
}
else
{
