[tomcat] 01/01: Frist draft
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch BZ-63681/8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 6be96ebba4e7056d5c9621bada2c496f8c0a82d0 Author: Michael Osipov AuthorDate: Wed Aug 21 23:23:19 2019 +0200 Frist draft changelog.xml pending --- java/org/apache/catalina/Realm.java | 13 + java/org/apache/catalina/realm/CombinedRealm.java | 34 java/org/apache/catalina/realm/LockOutRealm.java | 12 java/org/apache/catalina/realm/RealmBase.java | 67 +++ 4 files changed, 116 insertions(+), 10 deletions(-) diff --git a/java/org/apache/catalina/Realm.java b/java/org/apache/catalina/Realm.java index a6360cc..412e845 100644 --- a/java/org/apache/catalina/Realm.java +++ b/java/org/apache/catalina/Realm.java @@ -25,6 +25,8 @@ import org.apache.catalina.connector.Request; import org.apache.catalina.connector.Response; import org.apache.tomcat.util.descriptor.web.SecurityConstraint; import org.ietf.jgss.GSSContext; +import org.ietf.jgss.GSSCredential; +import org.ietf.jgss.GSSName; /** * A Realm is a read-only facade for an underlying security realm @@ -135,6 +137,17 @@ public interface Realm { /** + * Try to authenticate using a {@link GSSName} + * + * @param gssName The {@link GSSName} of the principal to look up + * @param gssCredential The {@link GSSCredential} of the principal, may be + * {@code null} + * @return the associated principal, or {@code null} if there is none + */ +public Principal authenticate(GSSName gssName, GSSCredential gssCredential); + + +/** * Try to authenticate using {@link X509Certificate}s * * @param certs Array of client certificates, with the first one in diff --git a/java/org/apache/catalina/realm/CombinedRealm.java b/java/org/apache/catalina/realm/CombinedRealm.java index 59511fa..5645457 100644 --- a/java/org/apache/catalina/realm/CombinedRealm.java +++ b/java/org/apache/catalina/realm/CombinedRealm.java @@ -32,6 +32,7 @@ import org.apache.catalina.Realm; import org.apache.juli.logging.Log; import org.apache.juli.logging.LogFactory; import org.ietf.jgss.GSSContext; +import org.ietf.jgss.GSSCredential; import org.ietf.jgss.GSSException; import org.ietf.jgss.GSSName; @@ -393,6 +394,39 @@ public class CombinedRealm extends RealmBase { return null; } +/** + * {@inheritDoc} + */ +@Override +public Principal authenticate(GSSName gssName, GSSCredential gssCredentail) { +Principal authenticatedUser = null; + +String username = String.valueOf(gssName); + +for (Realm realm : realms) { +if (log.isDebugEnabled()) { +log.debug(sm.getString("combinedRealm.authStart", +username, realm.getClass().getName())); +} + +authenticatedUser = realm.authenticate(gssName, gssCredentail); + +if (authenticatedUser == null) { +if (log.isDebugEnabled()) { +log.debug(sm.getString("combinedRealm.authFail", +username, realm.getClass().getName())); +} +} else { +if (log.isDebugEnabled()) { +log.debug(sm.getString("combinedRealm.authSuccess", +username, realm.getClass().getName())); +} +break; +} +} +return authenticatedUser; +} + @Override @Deprecated protected String getName() { diff --git a/java/org/apache/catalina/realm/LockOutRealm.java b/java/org/apache/catalina/realm/LockOutRealm.java index b2dc29e..46e6a97 100644 --- a/java/org/apache/catalina/realm/LockOutRealm.java +++ b/java/org/apache/catalina/realm/LockOutRealm.java @@ -27,6 +27,7 @@ import org.apache.catalina.LifecycleException; import org.apache.juli.logging.Log; import org.apache.juli.logging.LogFactory; import org.ietf.jgss.GSSContext; +import org.ietf.jgss.GSSCredential; import org.ietf.jgss.GSSException; import org.ietf.jgss.GSSName; @@ -205,6 +206,17 @@ public class LockOutRealm extends CombinedRealm { return null; } +/** + * {@inheritDoc} + */ +@Override +public Principal authenticate(GSSName gssName, GSSCredential gssCredential) { +String username = String.valueOf(gssName); + +Principal authenticatedUser = super.authenticate(gssName, gssCredential); +return filterLockedAccounts(username, authenticatedUser); +} + /* * Filters authenticated principals to ensure that null is diff --git a/java/org/apache/catalina/realm/RealmBase.java b/java/org/apache/catalina/realm/RealmBase.java index d321c56..f300810 100644 --- a/java/org/apache/catalina/realm/RealmBase.java +++ b/java/org/apache/catalina/realm/RealmBase.java @@ -499,16
[tomcat] 01/01: Frist draft
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch BZ-63681/8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 6be96ebba4e7056d5c9621bada2c496f8c0a82d0 Author: Michael Osipov AuthorDate: Wed Aug 21 23:23:19 2019 +0200 Frist draft changelog.xml pending --- java/org/apache/catalina/Realm.java | 13 + java/org/apache/catalina/realm/CombinedRealm.java | 34 java/org/apache/catalina/realm/LockOutRealm.java | 12 java/org/apache/catalina/realm/RealmBase.java | 67 +++ 4 files changed, 116 insertions(+), 10 deletions(-) diff --git a/java/org/apache/catalina/Realm.java b/java/org/apache/catalina/Realm.java index a6360cc..412e845 100644 --- a/java/org/apache/catalina/Realm.java +++ b/java/org/apache/catalina/Realm.java @@ -25,6 +25,8 @@ import org.apache.catalina.connector.Request; import org.apache.catalina.connector.Response; import org.apache.tomcat.util.descriptor.web.SecurityConstraint; import org.ietf.jgss.GSSContext; +import org.ietf.jgss.GSSCredential; +import org.ietf.jgss.GSSName; /** * A Realm is a read-only facade for an underlying security realm @@ -135,6 +137,17 @@ public interface Realm { /** + * Try to authenticate using a {@link GSSName} + * + * @param gssName The {@link GSSName} of the principal to look up + * @param gssCredential The {@link GSSCredential} of the principal, may be + * {@code null} + * @return the associated principal, or {@code null} if there is none + */ +public Principal authenticate(GSSName gssName, GSSCredential gssCredential); + + +/** * Try to authenticate using {@link X509Certificate}s * * @param certs Array of client certificates, with the first one in diff --git a/java/org/apache/catalina/realm/CombinedRealm.java b/java/org/apache/catalina/realm/CombinedRealm.java index 59511fa..5645457 100644 --- a/java/org/apache/catalina/realm/CombinedRealm.java +++ b/java/org/apache/catalina/realm/CombinedRealm.java @@ -32,6 +32,7 @@ import org.apache.catalina.Realm; import org.apache.juli.logging.Log; import org.apache.juli.logging.LogFactory; import org.ietf.jgss.GSSContext; +import org.ietf.jgss.GSSCredential; import org.ietf.jgss.GSSException; import org.ietf.jgss.GSSName; @@ -393,6 +394,39 @@ public class CombinedRealm extends RealmBase { return null; } +/** + * {@inheritDoc} + */ +@Override +public Principal authenticate(GSSName gssName, GSSCredential gssCredentail) { +Principal authenticatedUser = null; + +String username = String.valueOf(gssName); + +for (Realm realm : realms) { +if (log.isDebugEnabled()) { +log.debug(sm.getString("combinedRealm.authStart", +username, realm.getClass().getName())); +} + +authenticatedUser = realm.authenticate(gssName, gssCredentail); + +if (authenticatedUser == null) { +if (log.isDebugEnabled()) { +log.debug(sm.getString("combinedRealm.authFail", +username, realm.getClass().getName())); +} +} else { +if (log.isDebugEnabled()) { +log.debug(sm.getString("combinedRealm.authSuccess", +username, realm.getClass().getName())); +} +break; +} +} +return authenticatedUser; +} + @Override @Deprecated protected String getName() { diff --git a/java/org/apache/catalina/realm/LockOutRealm.java b/java/org/apache/catalina/realm/LockOutRealm.java index b2dc29e..46e6a97 100644 --- a/java/org/apache/catalina/realm/LockOutRealm.java +++ b/java/org/apache/catalina/realm/LockOutRealm.java @@ -27,6 +27,7 @@ import org.apache.catalina.LifecycleException; import org.apache.juli.logging.Log; import org.apache.juli.logging.LogFactory; import org.ietf.jgss.GSSContext; +import org.ietf.jgss.GSSCredential; import org.ietf.jgss.GSSException; import org.ietf.jgss.GSSName; @@ -205,6 +206,17 @@ public class LockOutRealm extends CombinedRealm { return null; } +/** + * {@inheritDoc} + */ +@Override +public Principal authenticate(GSSName gssName, GSSCredential gssCredential) { +String username = String.valueOf(gssName); + +Principal authenticatedUser = super.authenticate(gssName, gssCredential); +return filterLockedAccounts(username, authenticatedUser); +} + /* * Filters authenticated principals to ensure that null is diff --git a/java/org/apache/catalina/realm/RealmBase.java b/java/org/apache/catalina/realm/RealmBase.java index d321c56..f300810 100644 --- a/java/org/apache/catalina/realm/RealmBase.java +++ b/java/org/apache/catalina/realm/RealmBase.java @@ -499,16
[tomcat] 01/01: Frist draft
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch BZ-63681/8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 8a2343878a7f9eaca5c795ead752bd213edc4de1 Author: Michael Osipov AuthorDate: Wed Aug 21 23:23:19 2019 +0200 Frist draft changelog.xml pending --- java/org/apache/catalina/Realm.java | 13 + java/org/apache/catalina/realm/CombinedRealm.java | 34 java/org/apache/catalina/realm/LockOutRealm.java | 12 java/org/apache/catalina/realm/RealmBase.java | 67 +++ 4 files changed, 116 insertions(+), 10 deletions(-) diff --git a/java/org/apache/catalina/Realm.java b/java/org/apache/catalina/Realm.java index a6360cc..412e845 100644 --- a/java/org/apache/catalina/Realm.java +++ b/java/org/apache/catalina/Realm.java @@ -25,6 +25,8 @@ import org.apache.catalina.connector.Request; import org.apache.catalina.connector.Response; import org.apache.tomcat.util.descriptor.web.SecurityConstraint; import org.ietf.jgss.GSSContext; +import org.ietf.jgss.GSSCredential; +import org.ietf.jgss.GSSName; /** * A Realm is a read-only facade for an underlying security realm @@ -135,6 +137,17 @@ public interface Realm { /** + * Try to authenticate using a {@link GSSName} + * + * @param gssName The {@link GSSName} of the principal to look up + * @param gssCredential The {@link GSSCredential} of the principal, may be + * {@code null} + * @return the associated principal, or {@code null} if there is none + */ +public Principal authenticate(GSSName gssName, GSSCredential gssCredential); + + +/** * Try to authenticate using {@link X509Certificate}s * * @param certs Array of client certificates, with the first one in diff --git a/java/org/apache/catalina/realm/CombinedRealm.java b/java/org/apache/catalina/realm/CombinedRealm.java index 59511fa..5645457 100644 --- a/java/org/apache/catalina/realm/CombinedRealm.java +++ b/java/org/apache/catalina/realm/CombinedRealm.java @@ -32,6 +32,7 @@ import org.apache.catalina.Realm; import org.apache.juli.logging.Log; import org.apache.juli.logging.LogFactory; import org.ietf.jgss.GSSContext; +import org.ietf.jgss.GSSCredential; import org.ietf.jgss.GSSException; import org.ietf.jgss.GSSName; @@ -393,6 +394,39 @@ public class CombinedRealm extends RealmBase { return null; } +/** + * {@inheritDoc} + */ +@Override +public Principal authenticate(GSSName gssName, GSSCredential gssCredentail) { +Principal authenticatedUser = null; + +String username = String.valueOf(gssName); + +for (Realm realm : realms) { +if (log.isDebugEnabled()) { +log.debug(sm.getString("combinedRealm.authStart", +username, realm.getClass().getName())); +} + +authenticatedUser = realm.authenticate(gssName, gssCredentail); + +if (authenticatedUser == null) { +if (log.isDebugEnabled()) { +log.debug(sm.getString("combinedRealm.authFail", +username, realm.getClass().getName())); +} +} else { +if (log.isDebugEnabled()) { +log.debug(sm.getString("combinedRealm.authSuccess", +username, realm.getClass().getName())); +} +break; +} +} +return authenticatedUser; +} + @Override @Deprecated protected String getName() { diff --git a/java/org/apache/catalina/realm/LockOutRealm.java b/java/org/apache/catalina/realm/LockOutRealm.java index b2dc29e..46e6a97 100644 --- a/java/org/apache/catalina/realm/LockOutRealm.java +++ b/java/org/apache/catalina/realm/LockOutRealm.java @@ -27,6 +27,7 @@ import org.apache.catalina.LifecycleException; import org.apache.juli.logging.Log; import org.apache.juli.logging.LogFactory; import org.ietf.jgss.GSSContext; +import org.ietf.jgss.GSSCredential; import org.ietf.jgss.GSSException; import org.ietf.jgss.GSSName; @@ -205,6 +206,17 @@ public class LockOutRealm extends CombinedRealm { return null; } +/** + * {@inheritDoc} + */ +@Override +public Principal authenticate(GSSName gssName, GSSCredential gssCredential) { +String username = String.valueOf(gssName); + +Principal authenticatedUser = super.authenticate(gssName, gssCredential); +return filterLockedAccounts(username, authenticatedUser); +} + /* * Filters authenticated principals to ensure that null is diff --git a/java/org/apache/catalina/realm/RealmBase.java b/java/org/apache/catalina/realm/RealmBase.java index dd1761c..26f94d2 100644 --- a/java/org/apache/catalina/realm/RealmBase.java +++ b/java/org/apache/catalina/realm/RealmBase.java @@ -499,16