costin 2003/03/11 22:52:14
Modified: catalina/src/share/org/apache/catalina/realm RealmBase.java
Log:
Switch to c-l.
Last bug ( for now ) that prevented jaas to work - the realm associated with
the principal.
Revision Changes Path
1.6 +56 -45
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/RealmBase.java
Index: RealmBase.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/RealmBase.java,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- RealmBase.java 8 Mar 2003 07:06:58 -0000 1.5
+++ RealmBase.java 12 Mar 2003 06:52:14 -0000 1.6
@@ -113,6 +113,7 @@
public abstract class RealmBase
implements Lifecycle, Realm, MBeanRegistration {
+
private static Log log = LogFactory.getLog(RealmBase.class);
// ----------------------------------------------------- Instance Variables
@@ -414,18 +415,18 @@
return (null);
// Check the validity of each certificate in the chain
- if (debug >= 1)
- log("Authenticating client certificate chain");
+ if (log.isDebugEnabled())
+ log.debug("Authenticating client certificate chain");
if (validate) {
for (int i = 0; i < certs.length; i++) {
- if (debug >= 2)
- log(" Checking validity for '" +
+ if (log.isDebugEnabled())
+ log.debug(" Checking validity for '" +
certs[i].getSubjectDN().getName() + "'");
try {
certs[i].checkValidity();
} catch (Exception e) {
- if (debug >= 2)
- log(" Validity exception", e);
+ if (log.isDebugEnabled())
+ log.debug(" Validity exception", e);
return (null);
}
}
@@ -448,8 +449,8 @@
// Are there any defined security constraints?
SecurityConstraint constraints[] = context.findConstraints();
if ((constraints == null) || (constraints.length == 0)) {
- if (debug >= 2)
- log(" No applicable constraints defined");
+ if (log.isDebugEnabled())
+ log.debug(" No applicable constraints defined");
return (null);
}
@@ -461,8 +462,8 @@
uri = uri.substring(contextPath.length());
String method = hreq.getMethod();
for (int i = 0; i < constraints.length; i++) {
- if (debug >= 2)
- log(" Checking constraint '" + constraints[i] +
+ if (log.isDebugEnabled())
+ log.debug(" Checking constraint '" + constraints[i] +
"' against " + method + " " + uri + " --> " +
constraints[i].included(uri, method));
if (constraints[i].included(uri, method))
@@ -470,8 +471,8 @@
}
// No applicable security constraint was found
- if (debug >= 2)
- log(" No applicable constraint located");
+ if (log.isDebugEnabled())
+ log.debug(" No applicable constraint located");
return (null);
}
@@ -506,19 +507,19 @@
String requestURI = request.getDecodedRequestURI();
String loginPage = context.getPath() + config.getLoginPage();
if (loginPage.equals(requestURI)) {
- if (debug >= 1)
- log(" Allow access to login page " + loginPage);
+ if (log.isDebugEnabled())
+ log.debug(" Allow access to login page " + loginPage);
return (true);
}
String errorPage = context.getPath() + config.getErrorPage();
if (errorPage.equals(requestURI)) {
- if (debug >= 1)
- log(" Allow access to error page " + errorPage);
+ if (log.isDebugEnabled())
+ log.debug(" Allow access to error page " + errorPage);
return (true);
}
if (requestURI.endsWith(Constants.FORM_ACTION)) {
- if (debug >= 1)
- log(" Allow access to username/password submission");
+ if (log.isDebugEnabled())
+ log.debug(" Allow access to username/password submission");
return (true);
}
}
@@ -527,8 +528,8 @@
Principal principal =
((HttpServletRequest) request.getRequest()).getUserPrincipal();
if (principal == null) {
- if (debug >= 2)
- log(" No user authenticated, cannot grant access");
+ if (log.isDebugEnabled())
+ log.debug(" No user authenticated, cannot grant access");
((HttpServletResponse) response.getResponse()).sendError
(HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
sm.getString("realmBase.notAuthenticated"));
@@ -541,17 +542,24 @@
if (constraint.getAllRoles())
return (true);
+
+ if (log.isDebugEnabled())
+ log.debug(" Checking roles " + principal);
+
if ((roles.length == 0) && (constraint.getAuthConstraint())) {
((HttpServletResponse) response.getResponse()).sendError
(HttpServletResponse.SC_FORBIDDEN,
sm.getString("realmBase.forbidden"));
+ if( log.isDebugEnabled() ) log.debug("No roles ");
return (false); // No listed roles means no access at all
}
+
for (int i = 0; i < roles.length; i++) {
if (hasRole(principal, roles[i]))
return (true);
+ if( log.isDebugEnabled() )
+ log.debug( "No role found: " + roles[i]);
}
-
// Return a "Forbidden" message denying access to this resource
((HttpServletResponse) response.getResponse()).sendError
(HttpServletResponse.SC_FORBIDDEN,
@@ -574,19 +582,22 @@
*/
public boolean hasRole(Principal principal, String role) {
+ // Should be overriten in JAASRealm - to avoid pretty inefficient
conversions
if ((principal == null) || (role == null) ||
!(principal instanceof GenericPrincipal))
return (false);
+
GenericPrincipal gp = (GenericPrincipal) principal;
- if (!(gp.getRealm() == this))
- return (false);
+ if (!(gp.getRealm() == this)) {
+ log.debug("Different realm " + this + " " + gp.getRealm());// return
(false);
+ }
boolean result = gp.hasRole(role);
- if (debug >= 2) {
+ if (log.isDebugEnabled()) {
String name = principal.getName();
if (result)
- log(sm.getString("realmBase.hasRoleSuccess", name, role));
+ log.debug(sm.getString("realmBase.hasRoleSuccess", name, role));
else
- log(sm.getString("realmBase.hasRoleFailure", name, role));
+ log.debug(sm.getString("realmBase.hasRoleFailure", name, role));
}
return (result);
@@ -612,26 +623,26 @@
// Is there a relevant user data constraint?
if (constraint == null) {
- if (debug >= 2)
- log(" No applicable security constraint defined");
+ if (log.isDebugEnabled())
+ log.debug(" No applicable security constraint defined");
return (true);
}
String userConstraint = constraint.getUserConstraint();
if (userConstraint == null) {
- if (debug >= 2)
- log(" No applicable user data constraint defined");
+ if (log.isDebugEnabled())
+ log.debug(" No applicable user data constraint defined");
return (true);
}
if (userConstraint.equals(Constants.NONE_TRANSPORT)) {
- if (debug >= 2)
- log(" User data constraint has no restrictions");
+ if (log.isDebugEnabled())
+ log.debug(" User data constraint has no restrictions");
return (true);
}
// Validate the request against the user data constraint
if (request.getRequest().isSecure()) {
- if (debug >= 2)
- log(" User data constraint already satisfied");
+ if (log.isDebugEnabled())
+ log.debug(" User data constraint already satisfied");
return (true);
}
@@ -644,8 +655,8 @@
// Is redirecting disabled?
if (redirectPort <= 0) {
- if (debug >= 2)
- log(" SSL redirect is disabled");
+ if (log.isDebugEnabled())
+ log.debug(" SSL redirect is disabled");
hresponse.sendError
(HttpServletResponse.SC_FORBIDDEN,
hrequest.getRequestURI());
@@ -670,13 +681,13 @@
URL url = null;
try {
url = new URL(protocol, host, redirectPort, file.toString());
- if (debug >= 2)
- log(" Redirecting to " + url.toString());
+ if (log.isDebugEnabled())
+ log.debug(" Redirecting to " + url.toString());
hresponse.sendRedirect(url.toString());
return (false);
} catch (MalformedURLException e) {
- if (debug >= 2)
- log(" Cannot create new URL", e);
+ if (log.isDebugEnabled())
+ log.debug(" Cannot create new URL", e);
hresponse.sendError
(HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
hrequest.getRequestURI());
@@ -821,7 +832,7 @@
md.update(credentials.getBytes());
return (HexUtils.convert(md.digest()));
} catch (Exception e) {
- log(sm.getString("realmBase.digest"), e);
+ log.error(sm.getString("realmBase.digest"), e);
return (credentials);
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
