[JBoss-dev] CVS update: contrib/tomcat/src/main/org/jboss/tomcat/security JBossSecurityMgrRealm.java
User: ejort Date: 02/01/04 23:53:43 Modified:tomcat/src/main/org/jboss/tomcat/security JBossSecurityMgrRealm.java Log: Guarded debug logging Revision ChangesPath 1.9 +15 -8 contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java Index: JBossSecurityMgrRealm.java === RCS file: /cvsroot/jboss/contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- JBossSecurityMgrRealm.java2001/07/28 18:28:46 1.8 +++ JBossSecurityMgrRealm.java2002/01/05 07:53:43 1.9 @@ -37,7 +37,7 @@ @see org.jboss.security.SubjectSecurityManager @author [EMAIL PROTECTED] -@version $Revision: 1.8 $ +@version $Revision: 1.9 $ */ public class JBossSecurityMgrRealm extends BaseInterceptor { @@ -80,6 +80,7 @@ public int authenticate(Request request, Response response) { +boolean debug = category.isDebugEnabled(); /* Get the username credentials from the request. We dont check that they are null as the security domain may consider this a valid indication of an unauthenticated user requesting @@ -97,7 +98,7 @@ */ ClassLoader cl = Thread.currentThread().getContextClassLoader(); ClassLoader scl = request.getContext().getServletLoader().getClassLoader(); -if( category.isDebugEnabled() ) +if (debug) { category.debug(Authenticating access, username: + username + +request); category.debug(ClassLoader: +cl.toString()+':'+cl.hashCode()); @@ -130,7 +131,8 @@ org.apache.tomcat.core.Context ctx = request.getContext(); if (ctx != null) request.setAuthType(ctx.getAuthMethod()); -category.debug(User: +username+ is authenticated); +if (debug) + category.debug(User: +username+ is authenticated); SecurityAssociation.setPrincipal(principal); SecurityAssociation.setCredential(passwordChars); if( useJAAS == true securityMgr instanceof SubjectSecurityManager ) @@ -142,7 +144,8 @@ } else { -category.debug(User: +username+ is NOT authenticated); +if (debug) + category.debug(User: +username+ is NOT authenticated); } } catch(NamingException e) @@ -165,10 +168,12 @@ return 0; } -String username = request.getRemoteUser(); +String username = request.getRemoteUser(); if( username == null ) return 401; +boolean debug = category.isDebugEnabled(); + /* Make sure the thread context class loader it set ot the servlet class loader. The Jdk12Interceptor should be handling this but it does not do it for the authenticate/authorize phases of a @@ -176,7 +181,7 @@ */ ClassLoader cl = Thread.currentThread().getContextClassLoader(); ClassLoader scl = request.getContext().getServletLoader().getClassLoader(); -if( category.isDebugEnabled() ) +if (debug) { category.debug(Authorizing access, username: + username + +request); category.debug(ClassLoader: +cl.toString()+':'+cl.hashCode()); @@ -209,11 +214,13 @@ // Need to get roles from the security mgr. Needs updated interface... String userRoles[] = {}; request.setUserRoles( userRoles ); -category.debug(User: +username+ is authorized); +if (debug) + category.debug(User: +username+ is authorized); } else { -category.debug(User: +username+ is NOT authorized, requiredRoles=+requiredRoles); +if (debug) + category.debug(User: +username+ is NOT authorized, requiredRoles=+requiredRoles); code = 401; } } ___ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
[JBoss-dev] CVS update: contrib/tomcat/src/main/org/jboss/tomcat/security JBossSecurityMgrRealm.java
User: starksm Date: 01/12/09 11:39:19 Modified:tomcat/src/main/org/jboss/tomcat/security Tag: Branch_2_4 JBossSecurityMgrRealm.java Log: Don't clear the SecurityAssociation information until the entry point request has completed or else included content will not leave the security identity in tact for subsequent operations performed in the including request. Revision ChangesPath No revision No revision 1.4.2.10 +10 -4 contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java Index: JBossSecurityMgrRealm.java === RCS file: /cvsroot/jboss/contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java,v retrieving revision 1.4.2.9 retrieving revision 1.4.2.10 diff -u -r1.4.2.9 -r1.4.2.10 --- JBossSecurityMgrRealm.java2001/11/20 09:49:01 1.4.2.9 +++ JBossSecurityMgrRealm.java2001/12/09 19:39:19 1.4.2.10 @@ -38,7 +38,7 @@ @see org.jboss.security.SubjectSecurityManager @author [EMAIL PROTECTED] - @version $Revision: 1.4.2.9 $ + @version $Revision: 1.4.2.10 $ */ public class JBossSecurityMgrRealm extends BaseInterceptor { @@ -262,7 +262,7 @@ } /** Called after service method ends. We clear any SecurityAssociation that -may have been set on this thread. +may have been set on this thread when the entry point request completes. */ public int postService(Request request, Response response) { @@ -272,13 +272,19 @@ Principal p = SecurityAssociation.getPrincipal(); log.trace(postService, auth=+info+, SA.principal=+p+, request= +request); } - SecurityAssociation.setPrincipal(null); - SecurityAssociation.setCredential(null); if( info != null ) { info.depth --; if( info.depth = 0 ) + { +/* The entry point request has completed so clear any SA to avoid +reuse of the security credentials by the next request services by +this thread. +*/ authInfo.set(null); +SecurityAssociation.setPrincipal(null); +SecurityAssociation.setCredential(null); + } } return 0; } ___ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
[JBoss-dev] CVS update: contrib/tomcat/src/main/org/jboss/tomcat/security JBossSecurityMgrRealm.java
User: starksm Date: 01/11/20 01:49:01 Modified:tomcat/src/main/org/jboss/tomcat/security Tag: Branch_2_4 JBossSecurityMgrRealm.java Log: Change to the unified log4j based org.jboss.logging.Logger class. Revision ChangesPath No revision No revision 1.4.2.9 +27 -27 contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java Index: JBossSecurityMgrRealm.java === RCS file: /cvsroot/jboss/contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java,v retrieving revision 1.4.2.8 retrieving revision 1.4.2.9 diff -u -r1.4.2.8 -r1.4.2.9 --- JBossSecurityMgrRealm.java2001/09/14 17:55:08 1.4.2.8 +++ JBossSecurityMgrRealm.java2001/11/20 09:49:01 1.4.2.9 @@ -17,8 +17,8 @@ import org.apache.tomcat.core.Response; import org.apache.tomcat.util.SecurityTools; -import org.jboss.logging.log4j.JBossCategory; -import org.jboss.security.EJBSecurityManager; +import org.jboss.logging.Logger; +import org.jboss.security.AuthenticationManager; import org.jboss.security.RealmMapping; import org.jboss.security.SimplePrincipal; import org.jboss.security.SecurityAssociation; @@ -31,24 +31,24 @@ for authorization and authenticaton. @see org.jboss.web.AbstractWebContainer - @see org.jboss.security.EJBSecurityManager + @see org.jboss.security.AuthenticationManager @see org.jboss.security.RealmMapping @see org.jboss.security.SimplePrincipal @see org.jboss.security.SecurityAssociation @see org.jboss.security.SubjectSecurityManager @author [EMAIL PROTECTED] - @version $Revision: 1.4.2.8 $ + @version $Revision: 1.4.2.9 $ */ public class JBossSecurityMgrRealm extends BaseInterceptor { - private static JBossCategory category = (JBossCategory) JBossCategory.getInstance(JBossSecurityMgrRealm.class); + private static Logger log = Logger.getLogger(JBossSecurityMgrRealm.class); private static ThreadLocal authInfo = new ThreadLocal(); private String subjectAttributeName = j_subject; private boolean useJAAS = false; /** A flag to indicate if the security manager implements the SubjectSecurityManager -rather than EJBSecurityManager. When true, the authenticated Subject is obtained +rather than AuthenticationManager. When true, the authenticated Subject is obtained from the SubjectSecurityManager and placed into the request under the subjectAttributeName attribute. */ @@ -99,12 +99,12 @@ */ ClassLoader cl = Thread.currentThread().getContextClassLoader(); ClassLoader scl = request.getContext().getServletLoader().getClassLoader(); - boolean trace = category.isTraceEnabled(); + boolean trace = log.isTraceEnabled(); if( trace ) { - category.trace(Authenticating access, username: + username + +request); - category.trace(ClassLoader: +cl.toString()+':'+cl.hashCode()); - category.trace(Servlet ClassLoader: +scl.toString()+':'+scl.hashCode()); + log.trace(Authenticating access, username: + username + +request); + log.trace(ClassLoader: +cl.toString()+':'+cl.hashCode()); + log.trace(Servlet ClassLoader: +scl.toString()+':'+scl.hashCode()); } // If we don't have a security context security is not required @@ -114,14 +114,14 @@ if( securityCtx == null ) { if( trace ) -category.trace(No SecurityContext, returning 0); +log.trace(No SecurityContext, returning 0); return 0; } try { // Get the JBoss security manager from the ENC context - EJBSecurityManager securityMgr = (EJBSecurityManager) securityCtx.lookup(securityMgr); + AuthenticationManager securityMgr = (AuthenticationManager) securityCtx.lookup(securityMgr); SimplePrincipal principal = new SimplePrincipal(username); char[] passwordChars = null; if( password != null ) @@ -134,7 +134,7 @@ if (ctx != null) request.setAuthType(ctx.getAuthMethod()); if( trace ) - category.trace(Username: +username+ is authenticated); + log.trace(Username: +username+ is authenticated); SecurityAssociation.setPrincipal(principal); SecurityAssociation.setCredential(passwordChars); authInfo.set(new AuthInfo(principal, passwordChars)); @@ -148,12 +148,12 @@ else { if( trace ) - category.trace(User: +username+ is NOT authenticated); + log.trace(User: +username+ is NOT authenticated); } }
[JBoss-dev] CVS update: contrib/tomcat/src/main/org/jboss/tomcat/security JBossSecurityMgrRealm.java
User: starksm Date: 01/09/14 10:55:08 Modified:tomcat/src/main/org/jboss/tomcat/security Tag: Branch_2_4 JBossSecurityMgrRealm.java Log: Need to restore setting of servlet class loader before calling getSecurityContext because the tomcat class loader getParent does not return the true parent class loader Change debug level msgs to trace level msgs Clear the AuthInfo thread local when the entering thread service method exits Revision ChangesPath No revision No revision 1.4.2.8 +61 -30 contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java Index: JBossSecurityMgrRealm.java === RCS file: /cvsroot/jboss/contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java,v retrieving revision 1.4.2.7 retrieving revision 1.4.2.8 diff -u -r1.4.2.7 -r1.4.2.8 --- JBossSecurityMgrRealm.java2001/09/03 22:46:09 1.4.2.7 +++ JBossSecurityMgrRealm.java2001/09/14 17:55:08 1.4.2.8 @@ -17,6 +17,7 @@ import org.apache.tomcat.core.Response; import org.apache.tomcat.util.SecurityTools; +import org.jboss.logging.log4j.JBossCategory; import org.jboss.security.EJBSecurityManager; import org.jboss.security.RealmMapping; import org.jboss.security.SimplePrincipal; @@ -37,11 +38,11 @@ @see org.jboss.security.SubjectSecurityManager @author [EMAIL PROTECTED] - @version $Revision: 1.4.2.7 $ + @version $Revision: 1.4.2.8 $ */ public class JBossSecurityMgrRealm extends BaseInterceptor { - private static Category category = Category.getInstance(JBossSecurityMgrRealm.class); + private static JBossCategory category = (JBossCategory) JBossCategory.getInstance(JBossSecurityMgrRealm.class); private static ThreadLocal authInfo = new ThreadLocal(); private String subjectAttributeName = j_subject; private boolean useJAAS = false; @@ -98,20 +99,25 @@ */ ClassLoader cl = Thread.currentThread().getContextClassLoader(); ClassLoader scl = request.getContext().getServletLoader().getClassLoader(); - if( category.isDebugEnabled() ) + boolean trace = category.isTraceEnabled(); + if( trace ) { - category.debug(Authenticating access, username: + username + +request); - category.debug(ClassLoader: +cl.toString()+':'+cl.hashCode()); - category.debug(Servlet ClassLoader: +scl.toString()+':'+scl.hashCode()); + category.trace(Authenticating access, username: + username + +request); + category.trace(ClassLoader: +cl.toString()+':'+cl.hashCode()); + category.trace(Servlet ClassLoader: +scl.toString()+':'+scl.hashCode()); } // If we don't have a security context security is not required + if( scl != cl ) + Thread.currentThread().setContextClassLoader(scl); Context securityCtx = getSecurityContext(); if( securityCtx == null ) { + if( trace ) +category.trace(No SecurityContext, returning 0); return 0; } - + try { // Get the JBoss security manager from the ENC context @@ -127,7 +133,8 @@ org.apache.tomcat.core.Context ctx = request.getContext(); if (ctx != null) request.setAuthType(ctx.getAuthMethod()); -category.debug(Username: +username+ is authenticated); +if( trace ) + category.trace(Username: +username+ is authenticated); SecurityAssociation.setPrincipal(principal); SecurityAssociation.setCredential(passwordChars); authInfo.set(new AuthInfo(principal, passwordChars)); @@ -140,19 +147,22 @@ } else { -category.debug(User: +username+ is NOT authenticated); +if( trace ) + category.trace(User: +username+ is NOT authenticated); } } catch(NamingException e) { category.error(Error during authenticate, e); } - finally + finally { + if( scl != cl ) + Thread.currentThread().setContextClassLoader(cl); } return 0; } - + public int authorize(Request request, Response response, String roles[]) { if( roles==null || roles.length==0 ) @@ -172,15 +182,18 @@ */ ClassLoader cl = Thread.currentThread().getContextClassLoader(); ClassLoader scl = request.getContext().getServletLoader().getClassLoader(); - if( category.isDebugEnabled() ) + boolean trace = category.isTraceEnabled(); + if( trace ) { -
[JBoss-dev] CVS update: contrib/tomcat/src/main/org/jboss/tomcat/security JBossSecurityMgrRealm.java
User: starksm Date: 01/07/29 08:26:04 Modified:tomcat/src/main/org/jboss/tomcat/security Tag: Branch_2_4 JBossSecurityMgrRealm.java Log: Update the username authentication debug statement Revision ChangesPath No revision No revision 1.4.2.6 +2 -2 contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java Index: JBossSecurityMgrRealm.java === RCS file: /cvsroot/jboss/contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java,v retrieving revision 1.4.2.5 retrieving revision 1.4.2.6 diff -u -r1.4.2.5 -r1.4.2.6 --- JBossSecurityMgrRealm.java2001/07/28 18:22:47 1.4.2.5 +++ JBossSecurityMgrRealm.java2001/07/29 15:26:04 1.4.2.6 @@ -37,7 +37,7 @@ @see org.jboss.security.SubjectSecurityManager @author [EMAIL PROTECTED] -@version $Revision: 1.4.2.5 $ +@version $Revision: 1.4.2.6 $ */ public class JBossSecurityMgrRealm extends BaseInterceptor { @@ -130,7 +130,7 @@ org.apache.tomcat.core.Context ctx = request.getContext(); if (ctx != null) request.setAuthType(ctx.getAuthMethod()); -category.debug(User: +username+ is authenticated); +category.debug(Username: +username+ is authenticated); SecurityAssociation.setPrincipal(principal); SecurityAssociation.setCredential(passwordChars); if( useJAAS == true securityMgr instanceof SubjectSecurityManager ) ___ Jboss-development mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-development
[JBoss-dev] CVS update: contrib/tomcat/src/main/org/jboss/tomcat/security JBossSecurityMgrRealm.java
User: starksm Date: 01/07/28 11:22:47 Modified:tomcat/src/main/org/jboss/tomcat/security Tag: Branch_2_4 JBossSecurityMgrRealm.java Log: The password passed to securityMgr.isValid() should be a char[] to be compatible with the cached credential. Revision ChangesPath No revision No revision 1.4.2.5 +7 -6 contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java Index: JBossSecurityMgrRealm.java === RCS file: /cvsroot/jboss/contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java,v retrieving revision 1.4.2.4 retrieving revision 1.4.2.5 diff -u -r1.4.2.4 -r1.4.2.5 --- JBossSecurityMgrRealm.java2001/07/27 03:51:33 1.4.2.4 +++ JBossSecurityMgrRealm.java2001/07/28 18:22:47 1.4.2.5 @@ -37,7 +37,7 @@ @see org.jboss.security.SubjectSecurityManager @author [EMAIL PROTECTED] -@version $Revision: 1.4.2.4 $ +@version $Revision: 1.4.2.5 $ */ public class JBossSecurityMgrRealm extends BaseInterceptor { @@ -120,7 +120,10 @@ // Get the JBoss security manager from the ENC context EJBSecurityManager securityMgr = (EJBSecurityManager) securityCtx.lookup(securityMgr); SimplePrincipal principal = new SimplePrincipal(username); -if( securityMgr.isValid(principal, password) ) +char[] passwordChars = null; +if( password != null ) + passwordChars = password.toCharArray(); +if( securityMgr.isValid(principal, passwordChars) ) { request.setRemoteUser(username); request.setUserPrincipal(principal); @@ -129,10 +132,7 @@ request.setAuthType(ctx.getAuthMethod()); category.debug(User: +username+ is authenticated); SecurityAssociation.setPrincipal(principal); -char[] pass = null; -if( password != null ) - pass = password.toCharArray(); -SecurityAssociation.setCredential(pass); +SecurityAssociation.setCredential(passwordChars); if( useJAAS == true securityMgr instanceof SubjectSecurityManager ) { SubjectSecurityManager subjectMgr = (SubjectSecurityManager) securityMgr; @@ -242,3 +242,4 @@ } } + ___ Jboss-development mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-development
[JBoss-dev] CVS update: contrib/tomcat/src/main/org/jboss/tomcat/security JBossSecurityMgrRealm.java
User: starksm Date: 01/07/28 11:28:46 Modified:tomcat/src/main/org/jboss/tomcat/security JBossSecurityMgrRealm.java Log: The password passed to securityMgr.isValid() should be a char[] to be compatible with the cached credential Revision ChangesPath 1.8 +6 -6 contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java Index: JBossSecurityMgrRealm.java === RCS file: /cvsroot/jboss/contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- JBossSecurityMgrRealm.java2001/07/27 04:16:00 1.7 +++ JBossSecurityMgrRealm.java2001/07/28 18:28:46 1.8 @@ -37,7 +37,7 @@ @see org.jboss.security.SubjectSecurityManager @author [EMAIL PROTECTED] -@version $Revision: 1.7 $ +@version $Revision: 1.8 $ */ public class JBossSecurityMgrRealm extends BaseInterceptor { @@ -120,7 +120,10 @@ // Get the JBoss security manager from the ENC context EJBSecurityManager securityMgr = (EJBSecurityManager) securityCtx.lookup(securityMgr); SimplePrincipal principal = new SimplePrincipal(username); -if( securityMgr.isValid(principal, password) ) +char[] passwordChars = null; +if( password != null ) + passwordChars = password.toCharArray(); +if( securityMgr.isValid(principal, passwordChars) ) { request.setRemoteUser(username); request.setUserPrincipal(principal); @@ -129,10 +132,7 @@ request.setAuthType(ctx.getAuthMethod()); category.debug(User: +username+ is authenticated); SecurityAssociation.setPrincipal(principal); -char[] pass = null; -if( password != null ) - pass = password.toCharArray(); -SecurityAssociation.setCredential(pass); +SecurityAssociation.setCredential(passwordChars); if( useJAAS == true securityMgr instanceof SubjectSecurityManager ) { SubjectSecurityManager subjectMgr = (SubjectSecurityManager) securityMgr; ___ Jboss-development mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-development
[JBoss-dev] CVS update: contrib/tomcat/src/main/org/jboss/tomcat/security JBossSecurityMgrRealm.java
User: starksm Date: 01/07/26 20:51:33 Modified:tomcat/src/main/org/jboss/tomcat/security Tag: Branch_2_4 JBossSecurityMgrRealm.java Log: Clear any SecurityAssociation value at the end of the service call to ensure that reuse of the thread with unsecure content does not allow access to components it should not Revision ChangesPath No revision No revision 1.4.2.4 +11 -1 contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java Index: JBossSecurityMgrRealm.java === RCS file: /cvsroot/jboss/contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java,v retrieving revision 1.4.2.3 retrieving revision 1.4.2.4 diff -u -r1.4.2.3 -r1.4.2.4 --- JBossSecurityMgrRealm.java2001/06/27 01:05:59 1.4.2.3 +++ JBossSecurityMgrRealm.java2001/07/27 03:51:33 1.4.2.4 @@ -37,7 +37,7 @@ @see org.jboss.security.SubjectSecurityManager @author [EMAIL PROTECTED] -@version $Revision: 1.4.2.3 $ +@version $Revision: 1.4.2.4 $ */ public class JBossSecurityMgrRealm extends BaseInterceptor { @@ -229,6 +229,16 @@ } return code; +} + +/** Called after service method ends. We clear any SecurityAssociation that + may have been set. + */ +public int postService(Request request, Response response) +{ + SecurityAssociation.setPrincipal(null); + SecurityAssociation.setCredential(null); + return 0; } } ___ Jboss-development mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-development
[JBoss-dev] CVS update: contrib/tomcat/src/main/org/jboss/tomcat/security JBossSecurityMgrRealm.java
User: starksm Date: 01/07/26 21:16:01 Modified:tomcat/src/main/org/jboss/tomcat/security JBossSecurityMgrRealm.java Log: Clear any SecurityAssociation value at the end of the service call to ensure that reuse of the thread with unsecure content does not allow access to components it should not Revision ChangesPath 1.7 +11 -1 contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java Index: JBossSecurityMgrRealm.java === RCS file: /cvsroot/jboss/contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- JBossSecurityMgrRealm.java2001/07/03 16:58:02 1.6 +++ JBossSecurityMgrRealm.java2001/07/27 04:16:00 1.7 @@ -37,7 +37,7 @@ @see org.jboss.security.SubjectSecurityManager @author [EMAIL PROTECTED] -@version $Revision: 1.6 $ +@version $Revision: 1.7 $ */ public class JBossSecurityMgrRealm extends BaseInterceptor { @@ -229,6 +229,16 @@ } return code; +} + +/** Called after service method ends. We clear any SecurityAssociation that + may have been set. + */ +public int postService(Request request, Response response) +{ + SecurityAssociation.setPrincipal(null); + SecurityAssociation.setCredential(null); + return 0; } } ___ Jboss-development mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-development
[JBoss-dev] CVS update: contrib/tomcat/src/main/org/jboss/tomcat/security JBossSecurityMgrRealm.java
User: starksm Date: 01/07/03 09:58:02 Modified:tomcat/src/main/org/jboss/tomcat/security JBossSecurityMgrRealm.java Log: Merge the latest 2.4 changes Revision ChangesPath 1.6 +19 -13 contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java Index: JBossSecurityMgrRealm.java === RCS file: /cvsroot/jboss/contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- JBossSecurityMgrRealm.java2001/06/27 01:13:53 1.5 +++ JBossSecurityMgrRealm.java2001/07/03 16:58:02 1.6 @@ -37,7 +37,7 @@ @see org.jboss.security.SubjectSecurityManager @author [EMAIL PROTECTED] -@version $Revision: 1.5 $ +@version $Revision: 1.6 $ */ public class JBossSecurityMgrRealm extends BaseInterceptor { @@ -90,11 +90,6 @@ String username = (String) credentialMap.get(username); String password = (String) credentialMap.get(password); -// If we don't have a security context security is not required -Context securityCtx = getSecurityContext(); -if( securityCtx == null ) -return 0; - /* Make sure the thread context class loader it set ot the servlet class loader. The Jdk12Interceptor should be handling this but it does not do it for the authenticate/authorize phases of a @@ -106,12 +101,22 @@ { category.debug(Authenticating access, username: + username + +request); category.debug(ClassLoader: +cl.toString()+':'+cl.hashCode()); -category.debug(Servlet ClassLoader: +scl.toString()+':'+cl.hashCode()); +category.debug(Servlet ClassLoader: +scl.toString()+':'+scl.hashCode()); } -try + +// If we don't have a security context security is not required +if( scl != cl ) +Thread.currentThread().setContextClassLoader(scl); +Context securityCtx = getSecurityContext(); +if( securityCtx == null ) { if( scl != cl ) -Thread.currentThread().setContextClassLoader(scl); +Thread.currentThread().setContextClassLoader(cl); +return 0; +} + +try +{ // Get the JBoss security manager from the ENC context EJBSecurityManager securityMgr = (EJBSecurityManager) securityCtx.lookup(securityMgr); SimplePrincipal principal = new SimplePrincipal(username); @@ -149,8 +154,7 @@ if( scl != cl ) Thread.currentThread().setContextClassLoader(cl); } - - return 0; +return 0; } public int authorize(Request request, Response response, String roles[]) @@ -176,7 +180,7 @@ { category.debug(Authorizing access, username: + username + +request); category.debug(ClassLoader: +cl.toString()+':'+cl.hashCode()); -category.debug(Servlet ClassLoader: +scl.toString()+':'+cl.hashCode()); +category.debug(Servlet ClassLoader: +scl.toString()+':'+scl.hashCode()); } int code = 0; try @@ -184,7 +188,9 @@ if( scl != cl ) Thread.currentThread().setContextClassLoader(scl); boolean userHasRole = false; -Set requiredRoles = new HashSet(Arrays.asList(roles)); +Set requiredRoles = new HashSet(); +for(int r = 0; r roles.length; r ++) +requiredRoles.add(new SimplePrincipal(roles[r])); // Get the JBoss security manager from the ENC context Context securityCtx = getSecurityContext(); if( securityCtx != null ) ___ Jboss-development mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-development
[JBoss-dev] CVS update: contrib/tomcat/src/main/org/jboss/tomcat/security JBossSecurityMgrRealm.java
User: starksm Date: 01/06/26 18:05:59 Modified:tomcat/src/main/org/jboss/tomcat/security Tag: Branch_2_4 JBossSecurityMgrRealm.java Log: The password String may be null so validate before invoking toCharArray() Revision ChangesPath No revision No revision 1.4.2.3 +5 -2 contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java Index: JBossSecurityMgrRealm.java === RCS file: /cvsroot/jboss/contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java,v retrieving revision 1.4.2.2 retrieving revision 1.4.2.3 diff -u -r1.4.2.2 -r1.4.2.3 --- JBossSecurityMgrRealm.java2001/06/23 01:10:58 1.4.2.2 +++ JBossSecurityMgrRealm.java2001/06/27 01:05:59 1.4.2.3 @@ -37,7 +37,7 @@ @see org.jboss.security.SubjectSecurityManager @author [EMAIL PROTECTED] -@version $Revision: 1.4.2.2 $ +@version $Revision: 1.4.2.3 $ */ public class JBossSecurityMgrRealm extends BaseInterceptor { @@ -129,7 +129,10 @@ request.setAuthType(ctx.getAuthMethod()); category.debug(User: +username+ is authenticated); SecurityAssociation.setPrincipal(principal); -SecurityAssociation.setCredential(password.toCharArray()); +char[] pass = null; +if( password != null ) + pass = password.toCharArray(); +SecurityAssociation.setCredential(pass); if( useJAAS == true securityMgr instanceof SubjectSecurityManager ) { SubjectSecurityManager subjectMgr = (SubjectSecurityManager) securityMgr; ___ Jboss-development mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-development
[JBoss-dev] CVS update: contrib/tomcat/src/main/org/jboss/tomcat/security JBossSecurityMgrRealm.java
User: starksm Date: 01/06/26 18:13:53 Modified:tomcat/src/main/org/jboss/tomcat/security JBossSecurityMgrRealm.java Log: Handle null passwords correctly Revision ChangesPath 1.5 +5 -2 contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java Index: JBossSecurityMgrRealm.java === RCS file: /cvsroot/jboss/contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- JBossSecurityMgrRealm.java2001/06/22 05:37:52 1.4 +++ JBossSecurityMgrRealm.java2001/06/27 01:13:53 1.5 @@ -37,7 +37,7 @@ @see org.jboss.security.SubjectSecurityManager @author [EMAIL PROTECTED] -@version $Revision: 1.4 $ +@version $Revision: 1.5 $ */ public class JBossSecurityMgrRealm extends BaseInterceptor { @@ -124,7 +124,10 @@ request.setAuthType(ctx.getAuthMethod()); category.debug(User: +username+ is authenticated); SecurityAssociation.setPrincipal(principal); -SecurityAssociation.setCredential(password.toCharArray()); +char[] pass = null; +if( password != null ) + pass = password.toCharArray(); +SecurityAssociation.setCredential(pass); if( useJAAS == true securityMgr instanceof SubjectSecurityManager ) { SubjectSecurityManager subjectMgr = (SubjectSecurityManager) securityMgr; ___ Jboss-development mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-development
[JBoss-dev] CVS update: contrib/tomcat/src/main/org/jboss/tomcat/security JBossSecurityMgrRealm.java
User: starksm Date: 01/06/21 23:37:45 Modified:tomcat/src/main/org/jboss/tomcat/security Tag: Branch_2_4 JBossSecurityMgrRealm.java Log: Update to work with the 2.4 version of JBoss Revision ChangesPath No revision No revision 1.4.2.1 +4 -2 contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java Index: JBossSecurityMgrRealm.java === RCS file: /cvsroot/jboss/contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java,v retrieving revision 1.4 retrieving revision 1.4.2.1 diff -u -r1.4 -r1.4.2.1 --- JBossSecurityMgrRealm.java2001/06/22 05:37:52 1.4 +++ JBossSecurityMgrRealm.java2001/06/22 06:37:45 1.4.2.1 @@ -37,7 +37,7 @@ @see org.jboss.security.SubjectSecurityManager @author [EMAIL PROTECTED] -@version $Revision: 1.4 $ +@version $Revision: 1.4.2.1 $ */ public class JBossSecurityMgrRealm extends BaseInterceptor { @@ -181,7 +181,9 @@ if( scl != cl ) Thread.currentThread().setContextClassLoader(scl); boolean userHasRole = false; -Set requiredRoles = new HashSet(Arrays.asList(roles)); +Set requiredRoles = new HashSet(); +for(int r = 0; r roles.length; r ++) +requiredRoles.add(new SimplePrincipal(roles[r])); // Get the JBoss security manager from the ENC context Context securityCtx = getSecurityContext(); if( securityCtx != null ) ___ Jboss-development mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-development
[JBoss-dev] CVS update: contrib/tomcat/src/main/org/jboss/tomcat/security JBossSecurityMgrRealm.java
User: starksm Date: 01/06/22 18:10:58 Modified:tomcat/src/main/org/jboss/tomcat/security Tag: Branch_2_4 JBossSecurityMgrRealm.java Log: Fix TCL problem Revision ChangesPath No revision No revision 1.4.2.2 +16 -12 contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java Index: JBossSecurityMgrRealm.java === RCS file: /cvsroot/jboss/contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java,v retrieving revision 1.4.2.1 retrieving revision 1.4.2.2 diff -u -r1.4.2.1 -r1.4.2.2 --- JBossSecurityMgrRealm.java2001/06/22 06:37:45 1.4.2.1 +++ JBossSecurityMgrRealm.java2001/06/23 01:10:58 1.4.2.2 @@ -37,7 +37,7 @@ @see org.jboss.security.SubjectSecurityManager @author [EMAIL PROTECTED] -@version $Revision: 1.4.2.1 $ +@version $Revision: 1.4.2.2 $ */ public class JBossSecurityMgrRealm extends BaseInterceptor { @@ -90,11 +90,6 @@ String username = (String) credentialMap.get(username); String password = (String) credentialMap.get(password); -// If we don't have a security context security is not required -Context securityCtx = getSecurityContext(); -if( securityCtx == null ) -return 0; - /* Make sure the thread context class loader it set ot the servlet class loader. The Jdk12Interceptor should be handling this but it does not do it for the authenticate/authorize phases of a @@ -106,12 +101,22 @@ { category.debug(Authenticating access, username: + username + +request); category.debug(ClassLoader: +cl.toString()+':'+cl.hashCode()); -category.debug(Servlet ClassLoader: +scl.toString()+':'+cl.hashCode()); +category.debug(Servlet ClassLoader: +scl.toString()+':'+scl.hashCode()); } -try + +// If we don't have a security context security is not required +if( scl != cl ) +Thread.currentThread().setContextClassLoader(scl); +Context securityCtx = getSecurityContext(); +if( securityCtx == null ) { if( scl != cl ) -Thread.currentThread().setContextClassLoader(scl); +Thread.currentThread().setContextClassLoader(cl); +return 0; +} + +try +{ // Get the JBoss security manager from the ENC context EJBSecurityManager securityMgr = (EJBSecurityManager) securityCtx.lookup(securityMgr); SimplePrincipal principal = new SimplePrincipal(username); @@ -146,8 +151,7 @@ if( scl != cl ) Thread.currentThread().setContextClassLoader(cl); } - - return 0; +return 0; } public int authorize(Request request, Response response, String roles[]) @@ -173,7 +177,7 @@ { category.debug(Authorizing access, username: + username + +request); category.debug(ClassLoader: +cl.toString()+':'+cl.hashCode()); -category.debug(Servlet ClassLoader: +scl.toString()+':'+cl.hashCode()); +category.debug(Servlet ClassLoader: +scl.toString()+':'+scl.hashCode()); } int code = 0; try ___ Jboss-development mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-development
[JBoss-dev] CVS update: contrib/tomcat/src/main/org/jboss/tomcat/security JBossSecurityMgrRealm.java
User: starksm Date: 01/06/21 22:37:52 Modified:tomcat/src/main/org/jboss/tomcat/security JBossSecurityMgrRealm.java Log: Merged changes from the 2.2 branch Revision ChangesPath 1.4 +28 -29 contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java Index: JBossSecurityMgrRealm.java === RCS file: /cvsroot/jboss/contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- JBossSecurityMgrRealm.java2001/06/12 20:02:31 1.3 +++ JBossSecurityMgrRealm.java2001/06/22 05:37:52 1.4 @@ -9,10 +9,10 @@ import javax.naming.InitialContext; import javax.naming.NamingException; import javax.security.auth.Subject; -import javax.servlet.http.HttpServletResponse; import org.apache.log4j.Category; import org.apache.tomcat.core.BaseInterceptor; +import org.apache.tomcat.core.TomcatException; import org.apache.tomcat.core.Request; import org.apache.tomcat.core.Response; import org.apache.tomcat.util.SecurityTools; @@ -37,13 +37,13 @@ @see org.jboss.security.SubjectSecurityManager @author [EMAIL PROTECTED] -@version $Revision: 1.3 $ +@version $Revision: 1.4 $ */ public class JBossSecurityMgrRealm extends BaseInterceptor { static Category category = Category.getInstance(JBossSecurityMgrRealm.class.getName()); -public String subjectAttributeName = j_subject; -public boolean useJAAS = false; +private String subjectAttributeName = j_subject; +private boolean useJAAS = false; /** A flag to indicate if the security manager implements the SubjectSecurityManager rather than EJBSecurityManager. When true, the authenticated Subject is obtained @@ -62,16 +62,32 @@ this.subjectAttributeName = subjectAttributeName; } - public int authenticate(Request request, Response response) +private Context getSecurityContext() { +Context securityCtx = null; +// Get the JBoss security manager from the ENC context +try +{ +InitialContext iniCtx = new InitialContext(); +securityCtx = (Context) iniCtx.lookup(java:comp/env/security); +} +catch(NamingException e) +{ +// Apparently there is no security context? +} +return securityCtx; +} + +public int authenticate(Request request, Response response) +{ /* Get the username credentials from the request. We dont check that they are null as the security domain may consider this a valid indication of an unauthenticated user requesting anonymous access. */ - Hashtable credentialMap = new Hashtable(); - SecurityTools.credentials(request, credentialMap); - String username = (String) credentialMap.get(username); +Hashtable credentialMap = new Hashtable(); +SecurityTools.credentials(request, credentialMap); +String username = (String) credentialMap.get(username); String password = (String) credentialMap.get(password); // If we don't have a security context security is not required @@ -144,7 +160,7 @@ String username = request.getRemoteUser(); if( username == null ) -return HttpServletResponse.SC_UNAUTHORIZED; +return 401; /* Make sure the thread context class loader it set ot the servlet class loader. The Jdk12Interceptor should be handling this but @@ -164,7 +180,6 @@ { if( scl != cl ) Thread.currentThread().setContextClassLoader(scl); - boolean userHasRole = false; Set requiredRoles = new HashSet(Arrays.asList(roles)); // Get the JBoss security manager from the ENC context @@ -177,7 +192,7 @@ } else { -category.warn(no security context available); +category.warn(Warning: no security context available); } if( userHasRole ) @@ -190,13 +205,13 @@ else { category.debug(User: +username+ is NOT authorized, requiredRoles=+requiredRoles); -code = HttpServletResponse.SC_FORBIDDEN; +code = 401; } } catch(NamingException e) { category.error(Error during authorize, e); -code = HttpServletResponse.SC_UNAUTHORIZED; +code = 401; } finally { @@ -205,22 +220,6 @@ }
[JBoss-dev] CVS update: contrib/tomcat/src/main/org/jboss/tomcat/security JBossSecurityMgrRealm.java
User: starksm Date: 01/06/12 12:50:16 Modified:tomcat/src/main/org/jboss/tomcat/security Tag: Branch_2_2 JBossSecurityMgrRealm.java Log: Handle getting called to authenticate a user when there is no JBoss security context Revision ChangesPath No revision No revision 1.1.2.4 +41 -10 contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java Index: JBossSecurityMgrRealm.java === RCS file: /cvsroot/jboss/contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java,v retrieving revision 1.1.2.3 retrieving revision 1.1.2.4 diff -u -r1.1.2.3 -r1.1.2.4 --- JBossSecurityMgrRealm.java2001/05/31 01:45:31 1.1.2.3 +++ JBossSecurityMgrRealm.java2001/06/12 19:50:16 1.1.2.4 @@ -5,12 +5,13 @@ import java.util.Hashtable; import java.util.HashSet; import java.util.Set; +import javax.naming.Context; import javax.naming.InitialContext; import javax.naming.NamingException; import javax.security.auth.Subject; import org.apache.tomcat.core.BaseInterceptor; -import org.apache.tomcat.core.Context; +import org.apache.tomcat.core.TomcatException; import org.apache.tomcat.core.Request; import org.apache.tomcat.core.Response; import org.apache.tomcat.util.SecurityTools; @@ -35,7 +36,7 @@ @see org.jboss.security.SubjectSecurityManager @author [EMAIL PROTECTED] -@version $Revision: 1.1.2.3 $ +@version $Revision: 1.1.2.4 $ */ public class JBossSecurityMgrRealm extends BaseInterceptor { @@ -68,6 +69,22 @@ this.debug = debug; } +private Context getSecurityContext() +{ +Context securityCtx = null; +// Get the JBoss security manager from the ENC context +try +{ +InitialContext iniCtx = new InitialContext(); +securityCtx = (Context) iniCtx.lookup(java:comp/env/security); +} +catch(NamingException e) +{ +// Apparently there is no security context? +} +return securityCtx; +} + public int authenticate(Request request, Response response) { /* Get the username credentials from the request. We dont check @@ -80,6 +97,11 @@ String username = (String) credentialMap.get(username); String password = (String) credentialMap.get(password); +// If we don't have a security context security is not required +Context securityCtx = getSecurityContext(); +if( securityCtx == null ) +return 0; + /* Make sure the thread context class loader it set ot the servlet class loader. The Jdk12Interceptor should be handling this but it does not do it for the authenticate/authorize phases of a @@ -98,14 +120,13 @@ if( scl != cl ) Thread.currentThread().setContextClassLoader(scl); // Get the JBoss security manager from the ENC context -InitialContext iniCtx = new InitialContext(); -EJBSecurityManager securityMgr = (EJBSecurityManager) iniCtx.lookup(java:comp/env/security/securityMgr); +EJBSecurityManager securityMgr = (EJBSecurityManager) securityCtx.lookup(securityMgr); SimplePrincipal principal = new SimplePrincipal(username); if( securityMgr.isValid(principal, password) ) { request.setRemoteUser(username); request.setUserPrincipal(principal); -Context ctx = request.getContext(); +org.apache.tomcat.core.Context ctx = request.getContext(); if (ctx != null) request.setAuthType(ctx.getAuthMethod()); System.out.println(User: +username+ is authenticated); @@ -167,12 +188,22 @@ { if( scl != cl ) Thread.currentThread().setContextClassLoader(scl); -// Get the JBoss security manager from the ENC context -InitialContext iniCtx = new InitialContext(); -RealmMapping securityMgr = (RealmMapping) iniCtx.lookup(java:comp/env/security/realmMapping); -SimplePrincipal principal = new SimplePrincipal(username); +boolean userHasRole = false; Set requiredRoles = new HashSet(Arrays.asList(roles)); -if( securityMgr.doesUserHaveRole(principal, requiredRoles) ) +// Get the JBoss security manager from the ENC context +Context securityCtx = getSecurityContext(); +if( securityCtx != null ) +{ +RealmMapping securityMgr = (RealmMapping) securityCtx.lookup(realmMapping); +
[JBoss-dev] CVS update: contrib/tomcat/src/main/org/jboss/tomcat/security JBossSecurityMgrRealm.java
User: starksm Date: 01/06/12 13:02:31 Modified:tomcat/src/main/org/jboss/tomcat/security JBossSecurityMgrRealm.java Log: Handle authentication callback when there is no JBoss security context Revision ChangesPath 1.3 +41 -10 contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java Index: JBossSecurityMgrRealm.java === RCS file: /cvsroot/jboss/contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- JBossSecurityMgrRealm.java2001/05/31 01:43:23 1.2 +++ JBossSecurityMgrRealm.java2001/06/12 20:02:31 1.3 @@ -5,6 +5,7 @@ import java.util.Hashtable; import java.util.HashSet; import java.util.Set; +import javax.naming.Context; import javax.naming.InitialContext; import javax.naming.NamingException; import javax.security.auth.Subject; @@ -12,7 +13,6 @@ import org.apache.log4j.Category; import org.apache.tomcat.core.BaseInterceptor; -import org.apache.tomcat.core.Context; import org.apache.tomcat.core.Request; import org.apache.tomcat.core.Response; import org.apache.tomcat.util.SecurityTools; @@ -37,7 +37,7 @@ @see org.jboss.security.SubjectSecurityManager @author [EMAIL PROTECTED] -@version $Revision: 1.2 $ +@version $Revision: 1.3 $ */ public class JBossSecurityMgrRealm extends BaseInterceptor { @@ -74,6 +74,11 @@ String username = (String) credentialMap.get(username); String password = (String) credentialMap.get(password); +// If we don't have a security context security is not required +Context securityCtx = getSecurityContext(); +if( securityCtx == null ) +return 0; + /* Make sure the thread context class loader it set ot the servlet class loader. The Jdk12Interceptor should be handling this but it does not do it for the authenticate/authorize phases of a @@ -92,14 +97,13 @@ if( scl != cl ) Thread.currentThread().setContextClassLoader(scl); // Get the JBoss security manager from the ENC context -InitialContext iniCtx = new InitialContext(); -EJBSecurityManager securityMgr = (EJBSecurityManager) iniCtx.lookup(java:comp/env/security/securityMgr); +EJBSecurityManager securityMgr = (EJBSecurityManager) securityCtx.lookup(securityMgr); SimplePrincipal principal = new SimplePrincipal(username); if( securityMgr.isValid(principal, password) ) { request.setRemoteUser(username); request.setUserPrincipal(principal); -Context ctx = request.getContext(); +org.apache.tomcat.core.Context ctx = request.getContext(); if (ctx != null) request.setAuthType(ctx.getAuthMethod()); category.debug(User: +username+ is authenticated); @@ -160,12 +164,23 @@ { if( scl != cl ) Thread.currentThread().setContextClassLoader(scl); -// Get the JBoss security manager from the ENC context -InitialContext iniCtx = new InitialContext(); -RealmMapping securityMgr = (RealmMapping) iniCtx.lookup(java:comp/env/security/realmMapping); -SimplePrincipal principal = new SimplePrincipal(username); + +boolean userHasRole = false; Set requiredRoles = new HashSet(Arrays.asList(roles)); -if( securityMgr.doesUserHaveRole(principal, requiredRoles) ) +// Get the JBoss security manager from the ENC context +Context securityCtx = getSecurityContext(); +if( securityCtx != null ) +{ +RealmMapping securityMgr = (RealmMapping) securityCtx.lookup(realmMapping); +SimplePrincipal principal = new SimplePrincipal(username); +userHasRole = securityMgr.doesUserHaveRole(principal, requiredRoles); +} +else +{ +category.warn(no security context available); +} + +if( userHasRole ) { // Need to get roles from the security mgr. Needs updated interface... String userRoles[] = {}; @@ -190,6 +205,22 @@ } return code; +} + +private Context getSecurityContext() +{ +Context securityCtx = null; +// Get the JBoss security manager from the ENC context +try +{ +InitialContext iniCtx = new InitialContext(); +securityCtx = (Context)
[JBoss-dev] CVS update: contrib/tomcat/src/main/org/jboss/tomcat/security JBossSecurityMgrRealm.java
User: starksm Date: 01/05/30 09:29:23 Modified:tomcat/src/main/org/jboss/tomcat/security Tag: Branch_2_2 JBossSecurityMgrRealm.java Log: Update the not authorized msg Revision ChangesPath No revision No revision 1.1.2.2 +6 -6 contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java Index: JBossSecurityMgrRealm.java === RCS file: /cvsroot/jboss/contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- JBossSecurityMgrRealm.java2001/05/24 15:36:40 1.1.2.1 +++ JBossSecurityMgrRealm.java2001/05/30 16:29:23 1.1.2.2 @@ -35,7 +35,7 @@ @see org.jboss.security.SubjectSecurityManager @author [EMAIL PROTECTED] -@version $Revision: 1.1.2.1 $ +@version $Revision: 1.1.2.2 $ */ public class JBossSecurityMgrRealm extends BaseInterceptor { @@ -68,16 +68,16 @@ this.debug = debug; } - public int authenticate(Request request, Response response) +public int authenticate(Request request, Response response) { /* Get the username credentials from the request. We dont check that they are null as the security domain may consider this a valid indication of an unauthenticated user requesting anonymous access. */ - Hashtable credentialMap = new Hashtable(); - SecurityTools.credentials(request, credentialMap); - String username = (String) credentialMap.get(username); +Hashtable credentialMap = new Hashtable(); +SecurityTools.credentials(request, credentialMap); +String username = (String) credentialMap.get(username); String password = (String) credentialMap.get(password); /* Make sure the thread context class loader it set ot the servlet @@ -180,7 +180,7 @@ } else { -System.out.println(User: +username+ is not authorized); +System.out.println(User: +username+ is NOT authorized, requiredRoles=+requiredRoles); code = 401; } } ___ Jboss-development mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-development
[JBoss-dev] CVS update: contrib/tomcat/src/main/org/jboss/tomcat/security JBossSecurityMgrRealm.java
User: starksm Date: 01/05/30 18:43:23 Modified:tomcat/src/main/org/jboss/tomcat/security JBossSecurityMgrRealm.java Log: Add request.setUserPrincipal(principal) call as tomcat 3.2.2 no longer generates the user principal from the remote user Revision ChangesPath 1.2 +7 -5 contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java Index: JBossSecurityMgrRealm.java === RCS file: /cvsroot/jboss/contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- JBossSecurityMgrRealm.java2001/05/11 19:06:26 1.1 +++ JBossSecurityMgrRealm.java2001/05/31 01:43:23 1.2 @@ -8,6 +8,7 @@ import javax.naming.InitialContext; import javax.naming.NamingException; import javax.security.auth.Subject; +import javax.servlet.http.HttpServletResponse; import org.apache.log4j.Category; import org.apache.tomcat.core.BaseInterceptor; @@ -36,7 +37,7 @@ @see org.jboss.security.SubjectSecurityManager @author [EMAIL PROTECTED] -@version $Revision: 1.1 $ +@version $Revision: 1.2 $ */ public class JBossSecurityMgrRealm extends BaseInterceptor { @@ -97,6 +98,7 @@ if( securityMgr.isValid(principal, password) ) { request.setRemoteUser(username); +request.setUserPrincipal(principal); Context ctx = request.getContext(); if (ctx != null) request.setAuthType(ctx.getAuthMethod()); @@ -138,7 +140,7 @@ String username = request.getRemoteUser(); if( username == null ) -return 401; +return HttpServletResponse.SC_UNAUTHORIZED; /* Make sure the thread context class loader it set ot the servlet class loader. The Jdk12Interceptor should be handling this but @@ -172,14 +174,14 @@ } else { -category.debug(User: +username+ is not authorized); -code = 401; +category.debug(User: +username+ is NOT authorized, requiredRoles=+requiredRoles); +code = HttpServletResponse.SC_FORBIDDEN; } } catch(NamingException e) { category.error(Error during authorize, e); -code = 401; +code = HttpServletResponse.SC_UNAUTHORIZED; } finally { ___ Jboss-development mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-development
[JBoss-dev] CVS update: contrib/tomcat/src/main/org/jboss/tomcat/security JBossSecurityMgrRealm.java
User: starksm Date: 01/05/24 08:36:40 Added: tomcat/src/main/org/jboss/tomcat/security Tag: Branch_2_2 JBossSecurityMgrRealm.java Log: Merge 2.3 changes into 2.2 branch Revision ChangesPath No revision No revision 1.1.2.1 +28 -19 contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java Index: JBossSecurityMgrRealm.java === RCS file: /cvsroot/jboss/contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java,v retrieving revision 1.1 retrieving revision 1.1.2.1 diff -u -r1.1 -r1.1.2.1 --- JBossSecurityMgrRealm.java2001/05/11 19:06:26 1.1 +++ JBossSecurityMgrRealm.java2001/05/24 15:36:40 1.1.2.1 @@ -9,7 +9,6 @@ import javax.naming.NamingException; import javax.security.auth.Subject; -import org.apache.log4j.Category; import org.apache.tomcat.core.BaseInterceptor; import org.apache.tomcat.core.Context; import org.apache.tomcat.core.Request; @@ -36,13 +35,13 @@ @see org.jboss.security.SubjectSecurityManager @author [EMAIL PROTECTED] -@version $Revision: 1.1 $ +@version $Revision: 1.1.2.1 $ */ public class JBossSecurityMgrRealm extends BaseInterceptor { -static Category category = Category.getInstance(JBossSecurityMgrRealm.class.getName()); -public String subjectAttributeName = j_subject; -public boolean useJAAS = false; +private String subjectAttributeName = j_subject; +private boolean useJAAS = false; +private boolean debug = false; /** A flag to indicate if the security manager implements the SubjectSecurityManager rather than EJBSecurityManager. When true, the authenticated Subject is obtained @@ -60,6 +59,14 @@ { this.subjectAttributeName = subjectAttributeName; } +public boolean getDebug() +{ +return debug; +} +public void setDebug(boolean debug) +{ +this.debug = debug; +} public int authenticate(Request request, Response response) { @@ -80,11 +87,11 @@ */ ClassLoader cl = Thread.currentThread().getContextClassLoader(); ClassLoader scl = request.getContext().getServletLoader().getClassLoader(); -if( category.isDebugEnabled() ) +if( debug ) { -category.debug(Authenticating access, username: + username + +request); -category.debug(ClassLoader: +cl.toString()+':'+cl.hashCode()); -category.debug(Servlet ClassLoader: +scl.toString()+':'+cl.hashCode()); +System.out.println(Authenticating access, username: + username + +request); +System.out.println(ClassLoader: +cl.toString()+':'+cl.hashCode()); +System.out.println(Servlet ClassLoader: +scl.toString()+':'+cl.hashCode()); } try { @@ -100,7 +107,7 @@ Context ctx = request.getContext(); if (ctx != null) request.setAuthType(ctx.getAuthMethod()); -category.debug(User: +username+ is authenticated); +System.out.println(User: +username+ is authenticated); SecurityAssociation.setPrincipal(principal); SecurityAssociation.setCredential(password.toCharArray()); if( useJAAS == true securityMgr instanceof SubjectSecurityManager ) @@ -112,12 +119,13 @@ } else { -category.debug(User: +username+ is NOT authenticated); +System.out.println(User: +username+ is NOT authenticated); } } catch(NamingException e) { -category.error(Error during authenticate, e); +System.out.println(Error during authenticate); +e.printStackTrace(); } finally { @@ -147,11 +155,11 @@ */ ClassLoader cl = Thread.currentThread().getContextClassLoader(); ClassLoader scl = request.getContext().getServletLoader().getClassLoader(); -if( category.isDebugEnabled() ) +if( debug ) { -category.debug(Authorizing access, username: + username + +request); -category.debug(ClassLoader: +cl.toString()+':'+cl.hashCode()); -category.debug(Servlet ClassLoader: +scl.toString()+':'+cl.hashCode()); +System.out.println(Authorizing access, username: + username + +request); +System.out.println(ClassLoader: +cl.toString()+':'+cl.hashCode()); +System.out.println(Servlet ClassLoader: +scl.toString()+':'+cl.hashCode()); } int code = 0; try