billbarker 2004/07/02 21:16:41
Modified: catalina/src/share/org/apache/catalina/realm
LocalStrings.properties LocalStrings_es.properties
LocalStrings_fr.properties
LocalStrings_ja.properties RealmBase.java
UserDatabaseRealm.java
Log:
Fixing UDBRealm to work with Digest and Client-Cert.
Also fixing authenticate(String, String) in RealmBase to handle digested passwords
correctly.
Revision Changes Path
1.6 +3 -3
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/LocalStrings.properties
Index: LocalStrings.properties
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/LocalStrings.properties,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- LocalStrings.properties 12 Dec 2003 22:37:58 -0000 1.5
+++ LocalStrings.properties 3 Jul 2004 04:16:41 -0000 1.6
@@ -33,9 +33,9 @@
realmBase.hasRoleSuccess=Username {0} has role {1}
realmBase.notAuthenticated=Configuration error: Cannot perform access control
without an authenticated principal
realmBase.notStarted=This Realm has not yet been started
+realmBase.authenticateFailure=Username {0} NOT successfully authenticated
+realmBase.authenticateSuccess=Username {0} successfully authenticated
userDatabaseRealm.authenticateError=Login configuration error authenticating
username {0}
-userDatabaseRealm.authenticateFailure=Username {0} NOT successfully authenticated
-userDatabaseRealm.authenticateSuccess=Username {0} successfully authenticated
userDatabaseRealm.lookup=Exception looking up UserDatabase under key {0}
userDatabaseRealm.noDatabase=No UserDatabase component found under key {0}
userDatabaseRealm.noEngine=No Engine component found in container hierarchy
1.6 +3 -3
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/LocalStrings_es.properties
Index: LocalStrings_es.properties
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/LocalStrings_es.properties,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- LocalStrings_es.properties 17 Jan 2004 01:43:58 -0000 1.5
+++ LocalStrings_es.properties 3 Jul 2004 04:16:41 -0000 1.6
@@ -33,9 +33,9 @@
realmBase.hasRoleSuccess=El usuario {0} desempeña el papel de {1}
realmBase.notAuthenticated=Error de Configuración: No se pueden realizar funciones
de control de acceso sin un principal autentificado
realmBase.notStarted=Este dominio aún no ha sido inicializado
+realmBase.authenticateFailure=Nombre de usuario {0} NO autenticado con éxito
+realmBase.authenticateSuccess=Nombre de usuario {0} autenticado con éxito
userDatabaseRealm.authenticateError=Error de configuración de Login autenticando
nombre de usuario {0}
-userDatabaseRealm.authenticateFailure=Nombre de usuario {0} NO autenticado con éxito
-userDatabaseRealm.authenticateSuccess=Nombre de usuario {0} autenticado con éxito
userDatabaseRealm.lookup=Excepción buscando en Base de datos de Usuario mediante la
clave {0}
userDatabaseRealm.noDatabase=No se ha hallado componente de Base de datos de
Usuario mediante la clave {0}
userDatabaseRealm.noEngine=No se ha hallado componente de Motor en jerarquía de
contenedor
1.3 +3 -3
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/LocalStrings_fr.properties
Index: LocalStrings_fr.properties
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/LocalStrings_fr.properties,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- LocalStrings_fr.properties 12 Dec 2003 22:37:58 -0000 1.2
+++ LocalStrings_fr.properties 3 Jul 2004 04:16:41 -0000 1.3
@@ -32,9 +32,9 @@
realmBase.hasRoleSuccess=Le nom d''utilisateur {0} a pour rôle {1}
realmBase.notAuthenticated=Erreur de configuration: Impossible de conduire un
contrôle d''accès sans un authentifié principal (authenticated principal)
realmBase.notStarted=Ce royaume (Realm) n''a pas encore été démarré
+realmBase.authenticateFailure=Le nom d''utilisateur {0} N''A PAS été authentifié
+realmBase.authenticateSuccess=Le nom d''utilisateur {0} a été authentifié avec
succès
userDatabaseRealm.authenticateError=Erreur de configuration du contrôle d''accès
(login) lors de l''authentification du nom d''utilisateur {0}
-userDatabaseRealm.authenticateFailure=Le nom d''utilisateur {0} N''A PAS été
authentifié
-userDatabaseRealm.authenticateSuccess=Le nom d''utilisateur {0} a été authentifié
avec succès
userDatabaseRealm.lookup=Exception lors de la recherche dans la base de données
utilisateurs avec la clef {0}
userDatabaseRealm.noDatabase=Aucun composant base de données utilisateurs trouvé
pour la clef {0}
userDatabaseRealm.noEngine=Aucun composant moteur (engine component) trouvé dans la
hiérarchie des conteneurs
1.7 +3 -3
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/LocalStrings_ja.properties
Index: LocalStrings_ja.properties
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/LocalStrings_ja.properties,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- LocalStrings_ja.properties 12 Dec 2003 22:37:58 -0000 1.6
+++ LocalStrings_ja.properties 3 Jul 2004 04:16:41 -0000 1.7
@@ -33,9 +33,9 @@
realmBase.hasRoleSuccess=\u30e6\u30fc\u30b6\u540d {0} \u306f\u30ed\u30fc\u30eb {1}
\u3092\u6301\u3063\u3066\u3044\u307e\u3059
realmBase.notAuthenticated=\u8a2d\u5b9a\u30a8\u30e9\u30fc:
\u8a8d\u8a3c\u3055\u308c\u305f\u4e3b\u4f53\u306a\u3057\u3067\u306f\u30a2\u30af\u30bb\u30b9\u5236\u5fa1\u304c\u5b9f\u884c\u3067\u304d\u307e\u305b\u3093
realmBase.notStarted=\u3053\u306e\u30ec\u30eb\u30e0\u306f\u307e\u3060\u8d77\u52d5\u3055\u308c\u3066\u3044\u307e\u305b\u3093
+realmBase.authenticateFailure=\u30e6\u30fc\u30b6\u540d {0}
\u306f\u8a8d\u8a3c\u306b\u5931\u6557\u3057\u307e\u3057\u305f
+realmBase.authenticateSuccess=\u30e6\u30fc\u30b6\u540d {0}
\u306f\u8a8d\u8a3c\u306b\u6210\u529f\u3057\u307e\u3057\u305f
userDatabaseRealm.authenticateError=\u30e6\u30fc\u30b6\u540d {0}
\u3092\u8a8d\u8a3c\u4e2d\u306b\u30ed\u30b0\u30a4\u30f3\u8a2d\u5b9a\u30a8\u30e9\u30fc\u304c\u767a\u751f\u3057\u307e\u3057\u305f
-userDatabaseRealm.authenticateFailure=\u30e6\u30fc\u30b6\u540d {0}
\u306f\u8a8d\u8a3c\u306b\u5931\u6557\u3057\u307e\u3057\u305f
-userDatabaseRealm.authenticateSuccess=\u30e6\u30fc\u30b6\u540d {0}
\u306f\u8a8d\u8a3c\u306b\u6210\u529f\u3057\u307e\u3057\u305f
userDatabaseRealm.lookup=\u30ad\u30fc {0}
\u3067\u30e6\u30fc\u30b6\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u3092\u691c\u7d22\u4e2d\u306e\u4f8b\u5916\u3067\u3059
userDatabaseRealm.noDatabase=\u30ad\u30fc {0}
\u3067\u30e6\u30fc\u30b6\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8\u304c\u898b\u3064\u304b\u308a\u307e\u305b\u3093
userDatabaseRealm.noEngine=\u30b3\u30f3\u30c6\u30ca\u968e\u5c64\u4e2d\u306b\u30a8\u30f3\u30b8\u30f3\u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8\u304c\u898b\u3064\u304b\u308a\u307e\u305b\u3093
1.36 +21 -4
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/RealmBase.java
Index: RealmBase.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/RealmBase.java,v
retrieving revision 1.35
retrieving revision 1.36
diff -u -r1.35 -r1.36
--- RealmBase.java 23 Jun 2004 13:51:37 -0000 1.35
+++ RealmBase.java 3 Jul 2004 04:16:41 -0000 1.36
@@ -250,12 +250,29 @@
String serverCredentials = getPassword(username);
- if ( (serverCredentials == null)
- || (!serverCredentials.equals(credentials)) )
+ boolean validated ;
+ if ( serverCredentials == null ) {
+ validated = false;
+ } else if(hasMessageDigest()) {
+ validated = serverCredentials.equalsIgnoreCase(digest(credentials));
+ } else {
+ validated = serverCredentials.equals(credentials);
+ }
+ if(! validated ) {
+ if (container.getLogger().isTraceEnabled()) {
+ container.getLogger().
+ trace(sm.getString("realmBase.authenticateFailure",
+ username));
+ }
return null;
+ }
+ if (container.getLogger().isTraceEnabled()) {
+ container.getLogger().
+ trace(sm.getString("realmBase.authenticateSuccess",
+ username));
+ }
return getPrincipal(username);
-
}
1.7 +31 -60
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/UserDatabaseRealm.java
Index: UserDatabaseRealm.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/UserDatabaseRealm.java,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- UserDatabaseRealm.java 23 Jun 2004 13:51:37 -0000 1.6
+++ UserDatabaseRealm.java 3 Jul 2004 04:16:41 -0000 1.7
@@ -130,72 +130,43 @@
/**
- * Return the Principal associated with the specified username and
- * credentials, if there is one; otherwise return <code>null</code>.
+ * Return <code>true</code> if the specified Principal has the specified
+ * security role, within the context of this Realm; otherwise return
+ * <code>false</code>. This implementation returns <code>true</code>
+ * if the <code>User</code> has the role, or if any <code>Group</code>
+ * that the <code>User</code> is a member of has the role.
*
- * @param username Username of the Principal to look up
- * @param credentials Password or other credentials to use in
- * authenticating this username
+ * @param principal Principal for whom the role is to be checked
+ * @param role Security role to be checked
*/
- public Principal authenticate(String username, String credentials) {
-
- // Does a user with this username exist?
- User user = database.findUser(username);
- if (user == null) {
- return (null);
+ public boolean hasRole(Principal principal, String role) {
+ if(! (principal instanceof User) ) {
+ //Play nice with SSO and mixed Realms
+ return super.hasRole(principal, role);
+ }
+ if("*".equals(role)) {
+ return true;
+ } else if(role == null) {
+ return false;
+ }
+ User user = (User)principal;
+ Role dbrole = database.findRole(role);
+ if(dbrole == null) {
+ return false;
}
-
- // Do the credentials specified by the user match?
- // FIXME - Update all realms to support encoded passwords
- boolean validated = false;
- if (hasMessageDigest()) {
- // Hex hashes should be compared case-insensitive
- validated = (digest(credentials)
- .equalsIgnoreCase(user.getPassword()));
- } else {
- validated =
- (digest(credentials).equals(user.getPassword()));
- }
- if (!validated) {
- if (container.getLogger().isTraceEnabled()) {
-
container.getLogger().trace(sm.getString("userDatabaseRealm.authenticateFailure",
- username));
- }
- return (null);
- }
-
- // Construct a GenericPrincipal that represents this user
- if (container.getLogger().isTraceEnabled()) {
-
container.getLogger().trace(sm.getString("userDatabaseRealm.authenticateSuccess",
- username));
- }
- ArrayList combined = new ArrayList();
- Iterator roles = user.getRoles();
- while (roles.hasNext()) {
- Role role = (Role) roles.next();
- String rolename = role.getRolename();
- if (!combined.contains(rolename)) {
- combined.add(rolename);
- }
+ if(user.isInRole(dbrole)) {
+ return true;
}
Iterator groups = user.getGroups();
- while (groups.hasNext()) {
- Group group = (Group) groups.next();
- roles = group.getRoles();
- while (roles.hasNext()) {
- Role role = (Role) roles.next();
- String rolename = role.getRolename();
- if (!combined.contains(rolename)) {
- combined.add(rolename);
- }
+ while(groups.hasNext()) {
+ Group group = (Group)groups.next();
+ if(group.isInRole(dbrole)) {
+ return true;
}
}
- return (new GenericPrincipal(this, user.getUsername(),
- user.getPassword(), combined));
-
+ return false;
}
-
-
+
// ------------------------------------------------------ Protected Methods
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
