jfarcand 2003/08/29 10:18:14 Modified: catalina/src/share/org/apache/catalina Globals.java catalina/src/share/org/apache/catalina/security SecurityUtil.java catalina/src/share/org/apache/coyote/tomcat5 CoyoteRequest.java Log: Do not create a new Subject everytime a Servlet/Filter is invoked. Associate the same Subject to the AccessControlContext. Revision Changes Path 1.6 +11 -4 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/Globals.java Index: Globals.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/Globals.java,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- Globals.java 3 Mar 2003 15:46:45 -0000 1.5 +++ Globals.java 29 Aug 2003 17:18:14 -0000 1.6 @@ -332,6 +332,13 @@ /** + * The subject under which the AccessControlContext is running. + */ + public static final String SUBJECT_ATTR = + "javax.security.auth.subject"; + + + /** * The servlet context attribute under which we record the set of * welcome files (as an object of type String[]) for this application. */ 1.5 +78 -39 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityUtil.java Index: SecurityUtil.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityUtil.java,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- SecurityUtil.java 4 Jun 2003 21:15:39 -0000 1.4 +++ SecurityUtil.java 29 Aug 2003 17:18:14 -0000 1.5 @@ -64,6 +64,7 @@ import java.lang.reflect.InvocationTargetException; import java.util.HashMap; import java.security.AccessController; +import java.security.AccessControlContext; import java.security.Principal; import java.security.PrivilegedActionException; import java.security.PrivilegedExceptionAction; @@ -72,17 +73,17 @@ import javax.servlet.Filter; import javax.servlet.Servlet; import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; import javax.servlet.UnavailableException; -import org.apache.tomcat.util.buf.MessageBytes; - +import org.apache.catalina.Globals; import org.apache.catalina.util.StringManager; - /** * This utility class associates a <code>Subject</code> to the current - * <code>AccessControlContext</code>. When a <code>SecurityManager</code> is used, - * the container will always associate the called thread with an AccessControlContext - * containing only the principal of the requested Servlet/Filter. + * <code>AccessControlContext</code>. When a <code>SecurityManager</code> is + * used, * the container will always associate the called thread with an + * AccessControlContext * containing only the principal of the requested + * Servlet/Filter. * * This class uses reflection to invoke the invoke methods. * @@ -123,7 +124,8 @@ * will be granted to a <code>null</code> subject. * * @param methodName the method to apply the security restriction - * @param targetObject the <code>Servlet</code> on which the method will be called. + * @param targetObject the <code>Servlet</code> on which the method will + * be called. */ public static void doAsPrivilege(final String methodName, final Servlet targetObject) throws java.lang.Exception{ @@ -136,15 +138,24 @@ * will be granted to a <code>null</code> subject. * * @param methodName the method to apply the security restriction - * @param targetObject the <code>Servlet</code> on which the method will be called. - * @param targetType <code>Class</code> array used to instanciate a <code>Method</code> object. - * @param targetObject <code>Object</code> array contains the runtime parameters instance. + * @param targetObject the <code>Servlet</code> on which the method will + * be called. + * @param targetType <code>Class</code> array used to instanciate a i + * <code>Method</code> object. + * @param targetObject <code>Object</code> array contains the runtime + * parameters instance. */ public static void doAsPrivilege(final String methodName, final Servlet targetObject, final Class[] targetType, - final Object[] targetArguments) throws java.lang.Exception{ - doAsPrivilege(methodName, targetObject, targetType, targetArguments, null); + final Object[] targetArguments) + throws java.lang.Exception{ + + doAsPrivilege(methodName, + targetObject, + targetType, + targetArguments, + null); } @@ -153,16 +164,22 @@ * will be granted to a <code>null</code> subject. * * @param methodName the method to apply the security restriction - * @param targetObject the <code>Servlet</code> on which the method will be called. - * @param targetType <code>Class</code> array used to instanciate a <code>Method</code> object. - * @param targetArgumentst <code>Object</code> array contains the runtime parameters instance. - * @param principal the <code>Principal</code> to which the security privilege apply.. + * @param targetObject the <code>Servlet</code> on which the method will + * be called. + * @param targetType <code>Class</code> array used to instanciate a + * <code>Method</code> object. + * @param targetArgumentst <code>Object</code> array contains the + * runtime parameters instance. + * @param principal the <code>Principal</code> to which the security + * privilege apply.. */ public static void doAsPrivilege(final String methodName, final Servlet targetObject, final Class[] targetType, final Object[] targetArguments, - Principal principal) throws java.lang.Exception{ + Principal principal) + throws java.lang.Exception{ + Method method = null; Method[] methodsCache = null; if(objectCache.containsKey(targetObject)){ @@ -190,10 +207,13 @@ * will be granted to a <code>null</code> subject. * * @param methodName the method to apply the security restriction - * @param targetObject the <code>Filter</code> on which the method will be called. + * @param targetObject the <code>Filter</code> on which the method will + * be called. */ public static void doAsPrivilege(final String methodName, - final Filter targetObject) throws java.lang.Exception{ + final Filter targetObject) + throws java.lang.Exception{ + doAsPrivilege(methodName, targetObject, null, null); } @@ -203,15 +223,20 @@ * will be granted to a <code>null</code> subject. * * @param methodName the method to apply the security restriction - * @param targetObject the <code>Filter</code> on which the method will be called. - * @param targetType <code>Class</code> array used to instanciate a <code>Method</code> object. - * @param targetArgumentst <code>Object</code> array contains the runtime parameters instance. + * @param targetObject the <code>Filter</code> on which the method will + * be called. + * @param targetType <code>Class</code> array used to instanciate a + * <code>Method</code> object. + * @param targetArgumentst <code>Object</code> array contains the + * runtime parameters instance. */ public static void doAsPrivilege(final String methodName, final Filter targetObject, final Class[] targetType, - final Object[] targetArguments) throws java.lang.Exception{ + final Object[] targetArguments) + throws java.lang.Exception{ Method method = null; + Method[] methodsCache = null; if(objectCache.containsKey(targetObject)){ methodsCache = (Method[])objectCache.get(targetObject); @@ -238,16 +263,22 @@ * will be granted to a <code>null</code> subject. * * @param methodName the method to apply the security restriction - * @param targetObject the <code>Servlet</code> on which the method will be called. - * @param targetType <code>Class</code> array used to instanciate a <code>Method</code> object. - * @param targetArgumentst <code>Object</code> array contains the runtime parameters instance. - * @param principal the <code>Principal</code> to which the security privilege apply.. + * @param targetObject the <code>Servlet</code> on which the method will + * be called. + * @param targetType <code>Class</code> array used to instanciate a + * <code>Method</code> object. + * @param targetArgumentst <code>Object</code> array contains the + * runtime parameters instance. + * @param principal the <code>Principal</code> to which the security + * privilege apply.. */ private static void execute(final Method method, final Object targetObject, final Object[] targetArguments, - Principal principal) throws java.lang.Exception{ - try{ + Principal principal) + throws java.lang.Exception{ + + try{ Subject subject = null; PrivilegedExceptionAction pea = new PrivilegedExceptionAction(){ public Object run() throws Exception{ @@ -255,16 +286,20 @@ return null; } }; - - // FIX ME: should use a Subject pool instead or recycle the object - if (principal != null){ - subject = new Subject(); - subject.getPrincipals().add(principal); - } + + // The first argument is always the request object + if (targetArguments != null + && targetArguments[0] instanceof HttpServletRequest){ + HttpServletRequest request = + (HttpServletRequest)targetArguments[0]; + subject = (Subject)request.getSession() + .getAttribute(Globals.SUBJECT_ATTR); + } Subject.doAsPrivileged(subject, pea, null); } catch( PrivilegedActionException pe) { - Throwable e = ((InvocationTargetException)pe.getException()).getTargetException(); + Throwable e = ((InvocationTargetException)pe.getException()) + .getTargetException(); if (log.isDebugEnabled()){ log.debug(sm.getString("SecurityUtil.doAsPrivilege"), e); @@ -313,8 +348,10 @@ * Create the method and cache it for further re-use. * @param methodsCache the cache used to store method instance * @param methodName the method to apply the security restriction - * @param targetObject the <code>Servlet</code> on which the method will be called. - * @param targetType <code>Class</code> array used to instanciate a <code>Method</code> object. + * @param targetObject the <code>Servlet</code> on which the method will + * be called. + * @param targetType <code>Class</code> array used to instanciate a + * <code>Method</code> object. * @return the method instance. */ private static Method createMethodAndCacheIt(Method[] methodsCache, @@ -327,7 +364,9 @@ methodsCache = new Method[3]; } - Method method = targetObject.getClass().getMethod(methodName, targetType); + Method method = + targetObject.getClass().getMethod(methodName, targetType); + if (methodName.equalsIgnoreCase(INIT_METHOD)){ methodsCache[INIT] = method; } else if (methodName.equalsIgnoreCase(DESTROY_METHOD)){ 1.14 +25 -4 jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5/CoyoteRequest.java Index: CoyoteRequest.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5/CoyoteRequest.java,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- CoyoteRequest.java 16 Aug 2003 00:39:33 -0000 1.13 +++ CoyoteRequest.java 29 Aug 2003 17:18:14 -0000 1.14 @@ -85,6 +85,7 @@ import java.util.TimeZone; import java.util.TreeMap; +import javax.security.auth.Subject; import javax.servlet.FilterChain; import javax.servlet.RequestDispatcher; import javax.servlet.ServletContext; @@ -303,6 +304,12 @@ */ protected boolean secure = false; + + /** + * The Subject associated with the current AccessControllerContext + */ + protected Subject subject = null; + /** * Post data buffer. @@ -411,6 +418,7 @@ usingInputStream = false; usingReader = false; userPrincipal = null; + subject = null; sessionParsed = false; requestParametersParsed = false; locales.clear(); @@ -1754,6 +1762,19 @@ * @param principal The user Principal */ public void setUserPrincipal(Principal principal) { + + if (System.getSecurityManager() != null){ + if ( (subject != null) && + (!subject.getPrincipals().contains(principal)) ){ + subject.getPrincipals().add(principal); + } else if (getSession() + .getAttribute(Globals.SUBJECT_ATTR) == null) { + subject = new Subject(); + subject.getPrincipals().add(principal); + } + getSession().setAttribute(Globals.SUBJECT_ATTR, subject); + } + this.userPrincipal = principal; }
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]