jackrabbi...

tripod Mon, 10 Feb 2014 21:44:34 -0800

Author: tripod
Date: Tue Feb 11 05:43:23 2014
New Revision: 1566986

URL: http://svn.apache.org/r1566986
Log:
OAK-1412 Make Whiteboard available to LoginModules via Callback


Added:
    
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/WhiteboardCallback.java
Modified:
    
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/ExternalLoginModule.java
    
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java
    
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationConfigurationImpl.java
    
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/CallbackHandlerImpl.java
    
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java
    
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java

Modified: 
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/ExternalLoginModule.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/ExternalLoginModule.java?rev=1566986&r1=1566985&r2=1566986&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/ExternalLoginModule.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/ExternalLoginModule.java
 Tue Feb 11 05:43:23 2014
@@ -111,7 +111,11 @@ public class ExternalLoginModule extends
             options = ConfigurationParameters.of(osgiConfig, options);
         }
 
-        Whiteboard whiteboard = 
getSecurityProvider().getConfiguration(Whiteboard.class);
+        Whiteboard whiteboard = getWhiteboard();
+        if (whiteboard == null) {
+            log.error("External login module needs whiteboard. Will not be 
used for login.");
+            return;
+        }
 
         String idpName = options.getConfigValue(PARAM_IDP_NAME, "");
         if (idpName.length() == 0) {

Modified: 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java?rev=1566986&r1=1566985&r2=1566986&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java
 Tue Feb 11 05:43:23 2014
@@ -192,8 +192,6 @@ public class SecurityProviderImpl implem
             return (T) privilegeConfiguration;
         } else if (TokenConfiguration.class == configClass) {
             return (T) tokenConfiguration;
-        } else if (Whiteboard.class == configClass) {
-            return (T) whiteboard;
         } else {
             throw new IllegalArgumentException("Unsupported security 
configuration class " + configClass);
         }

Modified: 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationConfigurationImpl.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationConfigurationImpl.java?rev=1566986&r1=1566985&r2=1566986&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationConfigurationImpl.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationConfigurationImpl.java
 Tue Feb 11 05:43:23 2014
@@ -28,6 +28,8 @@ import org.apache.jackrabbit.oak.spi.sec
 import 
org.apache.jackrabbit.oak.spi.security.authentication.AuthenticationConfiguration;
 import org.apache.jackrabbit.oak.spi.security.authentication.ConfigurationUtil;
 import 
org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider;
+import org.apache.jackrabbit.oak.spi.whiteboard.Whiteboard;
+import org.apache.jackrabbit.oak.spi.whiteboard.WhiteboardAware;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -43,16 +45,23 @@ import org.slf4j.LoggerFactory;
  * </ul>
  *
  */
-@Component()
+@Component
 @Service({AuthenticationConfiguration.class, SecurityConfiguration.class})
 public class AuthenticationConfigurationImpl extends ConfigurationBase 
implements AuthenticationConfiguration {
 
     private static final Logger log = 
LoggerFactory.getLogger(AuthenticationConfigurationImpl.class);
 
+    /**
+     * Constructor for OSGi
+     */
     public AuthenticationConfigurationImpl() {
         super();
     }
 
+    /**
+     * Constructor for non-OSGi
+     * @param securityProvider
+     */
     public AuthenticationConfigurationImpl(SecurityProvider securityProvider) {
         super(securityProvider);
     }
@@ -107,6 +116,14 @@ public class AuthenticationConfiguration
             log.debug("No login configuration available for {}; using 
default", appName);
             loginConfig = 
ConfigurationUtil.getDefaultConfiguration(getParameters());
         }
-        return new LoginContextProviderImpl(appName, loginConfig, 
contentRepository, getSecurityProvider());
+        // todo: temporary workaround
+        SecurityProvider provider = getSecurityProvider();
+        Whiteboard whiteboard = null;
+        if (provider instanceof WhiteboardAware) {
+            whiteboard = ((WhiteboardAware) provider).getWhiteboard();
+        } else {
+            log.warn("Unable to obtain whiteboard from SecurityProvider");
+        }
+        return new LoginContextProviderImpl(appName, loginConfig, 
contentRepository, getSecurityProvider(), whiteboard);
     }
 }
\ No newline at end of file

Modified: 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/CallbackHandlerImpl.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/CallbackHandlerImpl.java?rev=1566986&r1=1566985&r2=1566986&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/CallbackHandlerImpl.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/CallbackHandlerImpl.java
 Tue Feb 11 05:43:23 2014
@@ -29,6 +29,8 @@ import org.apache.jackrabbit.oak.api.Con
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import 
org.apache.jackrabbit.oak.spi.security.authentication.callback.CredentialsCallback;
 import 
org.apache.jackrabbit.oak.spi.security.authentication.callback.RepositoryCallback;
+import 
org.apache.jackrabbit.oak.spi.security.authentication.callback.WhiteboardCallback;
+import org.apache.jackrabbit.oak.spi.whiteboard.Whiteboard;
 
 /**
  * Default implementation of the {@link CallbackHandler} interface. It 
currently
@@ -47,14 +49,17 @@ class CallbackHandlerImpl implements Cal
     private final String workspaceName;
     private final ContentRepository contentRepository;
     private final SecurityProvider securityProvider;
+    private final Whiteboard whiteboard;
 
     CallbackHandlerImpl(Credentials credentials, String workspaceName,
                         ContentRepository contentRepository,
-                        SecurityProvider securityProvider) {
+                        SecurityProvider securityProvider,
+                        Whiteboard whiteboard) {
         this.credentials = credentials;
         this.workspaceName = workspaceName;
         this.contentRepository = contentRepository;
         this.securityProvider = securityProvider;
+        this.whiteboard = whiteboard;
     }
 
     //----------------------------------------------------< CallbackHandler 
>---
@@ -72,6 +77,8 @@ class CallbackHandlerImpl implements Cal
                 repositoryCallback.setContentRepository(contentRepository);
                 repositoryCallback.setSecurityProvider(securityProvider);
                 repositoryCallback.setWorkspaceName(workspaceName);
+            } else if (callback instanceof WhiteboardCallback) {
+                ((WhiteboardCallback) callback).setWhiteboard(whiteboard);
             } else {
                 throw new UnsupportedCallbackException(callback);
             }

Modified: 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java?rev=1566986&r1=1566985&r2=1566986&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java
 Tue Feb 11 05:43:23 2014
@@ -31,6 +31,7 @@ import org.apache.jackrabbit.oak.spi.sec
 import org.apache.jackrabbit.oak.spi.security.authentication.LoginContext;
 import 
org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider;
 import org.apache.jackrabbit.oak.spi.security.authentication.PreAuthContext;
+import org.apache.jackrabbit.oak.spi.whiteboard.Whiteboard;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -45,14 +46,17 @@ class LoginContextProviderImpl implement
     private final Configuration configuration;
     private final ContentRepository contentRepository;
     private final SecurityProvider securityProvider;
+    private final Whiteboard whiteboard;
 
     LoginContextProviderImpl(String appName, Configuration configuration,
                              ContentRepository contentRepository,
-                             SecurityProvider securityProvider) {
+                             SecurityProvider securityProvider,
+                             Whiteboard whiteboard) {
         this.appName = appName;
         this.configuration = configuration;
         this.contentRepository = contentRepository;
         this.securityProvider = securityProvider;
+        this.whiteboard = whiteboard;
     }
 
     @Override
@@ -86,6 +90,6 @@ class LoginContextProviderImpl implement
 
     @Nonnull
     private CallbackHandler getCallbackHandler(Credentials credentials, String 
workspaceName) {
-        return new CallbackHandlerImpl(credentials, workspaceName, 
contentRepository, securityProvider);
+        return new CallbackHandlerImpl(credentials, workspaceName, 
contentRepository, securityProvider, whiteboard);
     }
 }
\ No newline at end of file

Modified: 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java?rev=1566986&r1=1566985&r2=1566986&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java
 Tue Feb 11 05:43:23 2014
@@ -46,9 +46,11 @@ import org.apache.jackrabbit.oak.spi.sec
 import 
org.apache.jackrabbit.oak.spi.security.authentication.callback.PrincipalProviderCallback;
 import 
org.apache.jackrabbit.oak.spi.security.authentication.callback.RepositoryCallback;
 import 
org.apache.jackrabbit.oak.spi.security.authentication.callback.UserManagerCallback;
+import 
org.apache.jackrabbit.oak.spi.security.authentication.callback.WhiteboardCallback;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
 import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
+import org.apache.jackrabbit.oak.spi.whiteboard.Whiteboard;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -168,6 +170,8 @@ public abstract class AbstractLoginModul
 
     private SecurityProvider securityProvider;
 
+    private Whiteboard whiteboard;
+
     private ContentSession systemSession;
     private Root root;
 
@@ -323,16 +327,37 @@ public abstract class AbstractLoginModul
             try {
                 callbackHandler.handle(new Callback[]{rcb});
                 securityProvider = rcb.getSecurityProvider();
-            } catch (UnsupportedCallbackException e) {
-                log.debug(e.getMessage());
-            } catch (IOException e) {
-                log.debug(e.getMessage());
+            } catch (Exception e) {
+                log.debug("Unable to retrieve the SecurityProvider via 
callback", e);
             }
         }
         return securityProvider;
     }
 
     /**
+     * Tries to obtain the {@code Whiteboard} object from the callback
+     * handler using a new WhiteboardCallback and keeps the value as
+     * private field. If the callback handler isn't able to handle the
+     * WhiteboardCallback this method returns {@code null}.
+     *
+     * @return The {@code Whiteboard} associated with this
+     *         {@code LoginModule} or {@code null}.
+     */
+    @CheckForNull
+    protected Whiteboard getWhiteboard() {
+        if (whiteboard == null && callbackHandler != null) {
+            WhiteboardCallback cb = new WhiteboardCallback();
+            try {
+                callbackHandler.handle(new Callback[]{cb});
+                whiteboard = cb.getWhiteboard();
+            } catch (Exception e) {
+                log.debug("Unable to retrieve the Whiteboard via callback", e);
+            }
+        }
+        return whiteboard;
+    }
+
+    /**
      * Tries to obtain a {@code Root} object from the callback handler using
      * a new RepositoryCallback and keeps the value as private field.
      * If the callback handler isn't able to handle the RepositoryCallback

Added: 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/WhiteboardCallback.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/WhiteboardCallback.java?rev=1566986&view=auto
==============================================================================
--- 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/WhiteboardCallback.java
 (added)
+++ 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/WhiteboardCallback.java
 Tue Feb 11 05:43:23 2014
@@ -0,0 +1,52 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.authentication.callback;
+
+import javax.security.auth.callback.Callback;
+
+import org.apache.jackrabbit.oak.spi.whiteboard.Whiteboard;
+
+/**
+ * Callback implementation to set and retrieve the {@link 
org.apache.jackrabbit.oak.spi.whiteboard.Whiteboard}.
+ */
+public class WhiteboardCallback implements Callback {
+
+    private Whiteboard whiteboard;
+
+    /**
+     * Returns the whiteboard as set using
+     * {@link #setWhiteboard(Whiteboard)}
+     * or {@code null}.
+     *
+     * @return an instance of {@code Whiteboard} or {@code null} if no
+     * provider has been set before.
+     */
+    public Whiteboard getWhiteboard() {
+        return whiteboard;
+    }
+
+    /**
+     * Sets the {@code Whiteboard} that is being used during the
+     * authentication process.
+     *
+     * @param whiteboard The {@code Whiteboard} to use during the
+     * authentication process.
+     */
+    public void setWhiteboard(Whiteboard whiteboard) {
+        this.whiteboard = whiteboard;
+    }
+}
\ No newline at end of file

svn commit: r1566986 - in /jackrabbit/oak/trunk: oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/ oak-core/src/main/java/org/apache/jackrabbit/oak/security/ oak-core/src/main/java/org/apache/jackrabbi...

Reply via email to