Author: markt
Date: Tue Jun 23 09:41:20 2015
New Revision: 1687009
URL: http://svn.apache.org/r1687009
Log:
Implemented framework for default JASPIC modules registration
Patch by fjodorver
Added:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java
(with props)
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfigProvider.java
(with props)
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatServerAuthContext.java
(with props)
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/TomcatAuthModule.java
(with props)
Modified:
tomcat/trunk/java/org/apache/catalina/startup/ContextConfig.java
Added:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java?rev=1687009&view=auto
==============================================================================
---
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java
(added)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java
Tue Jun 23 09:41:20 2015
@@ -0,0 +1,93 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.authenticator.jaspic.provider;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.config.ServerAuthConfig;
+import javax.security.auth.message.config.ServerAuthContext;
+
+import
org.apache.catalina.authenticator.jaspic.provider.modules.TomcatAuthModule;
+
+public class TomcatAuthConfig implements ServerAuthConfig {
+
+ private String messageLayer;
+ private String appContext;
+ private CallbackHandler handler;
+ private TomcatServerAuthContext tomcatServerAuthContext;
+
+
+ public TomcatAuthConfig(String layer, String appContext, CallbackHandler
callbackHandler) {
+ this.messageLayer = layer;
+ this.appContext = appContext;
+ this.handler = callbackHandler;
+ }
+
+
+ @Override
+ public String getMessageLayer() {
+ return messageLayer;
+ }
+
+
+ @Override
+ public String getAppContext() {
+ return appContext;
+ }
+
+
+ @Override
+ public String getAuthContextID(MessageInfo messageInfo) {
+ return messageInfo.toString();
+ }
+
+
+ @Override
+ public void refresh() {
+
+ }
+
+
+ @Override
+ public boolean isProtected() {
+ return false;
+ }
+
+
+ @Override
+ @SuppressWarnings("rawtypes")
+ public synchronized ServerAuthContext getAuthContext(String authContextID,
+ Subject serviceSubject, Map properties) throws AuthException {
+ if (this.tomcatServerAuthContext == null) {
+ this.tomcatServerAuthContext = new
TomcatServerAuthContext(handler, getModules());
+ }
+ return tomcatServerAuthContext;
+ }
+
+
+ private Collection<TomcatAuthModule> getModules() {
+ List<TomcatAuthModule> modules = new ArrayList<>();
+ return modules;
+ }
+}
Propchange:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java
------------------------------------------------------------------------------
svn:eol-style = native
Added:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfigProvider.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfigProvider.java?rev=1687009&view=auto
==============================================================================
---
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfigProvider.java
(added)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfigProvider.java
Tue Jun 23 09:41:20 2015
@@ -0,0 +1,67 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.authenticator.jaspic.provider;
+
+import java.util.Map;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.config.AuthConfigFactory;
+import javax.security.auth.message.config.AuthConfigProvider;
+import javax.security.auth.message.config.ClientAuthConfig;
+import javax.security.auth.message.config.ServerAuthConfig;
+
+public class TomcatAuthConfigProvider implements AuthConfigProvider {
+
+ private Map<String, String> providerProperties;
+ private ServerAuthConfig serverAuthConfig;
+
+
+ public TomcatAuthConfigProvider() {
+ }
+
+
+ public TomcatAuthConfigProvider(Map<String, String> properties,
AuthConfigFactory factory) {
+ this.providerProperties = properties;
+ if (factory != null) {
+ factory.registerConfigProvider(this, null, null, "Auto
registration");
+ }
+ }
+
+
+ @Override
+ public ClientAuthConfig getClientAuthConfig(String layer, String
appContext,
+ CallbackHandler handler) throws AuthException {
+ return null;
+ }
+
+
+ @Override
+ public synchronized ServerAuthConfig getServerAuthConfig(String layer,
String appContext,
+ CallbackHandler handler) throws AuthException {
+ if (this.serverAuthConfig == null) {
+ this.serverAuthConfig = new TomcatAuthConfig(layer, appContext,
handler);
+ }
+ return this.serverAuthConfig;
+ }
+
+
+ @Override
+ public void refresh() {
+ serverAuthConfig.refresh();
+ }
+}
Propchange:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfigProvider.java
------------------------------------------------------------------------------
svn:eol-style = native
Added:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatServerAuthContext.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatServerAuthContext.java?rev=1687009&view=auto
==============================================================================
---
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatServerAuthContext.java
(added)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatServerAuthContext.java
Tue Jun 23 09:41:20 2015
@@ -0,0 +1,92 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.authenticator.jaspic.provider;
+
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.config.ServerAuthContext;
+import javax.security.auth.message.module.ServerAuthModule;
+
+import org.apache.catalina.authenticator.jaspic.MessageInfoImpl;
+import
org.apache.catalina.authenticator.jaspic.provider.modules.TomcatAuthModule;
+
+/**
+ * This class contains references to different JASPIC modules.
+ */
+public class TomcatServerAuthContext implements ServerAuthContext {
+
+ private Map<String, ServerAuthModule> serverAuthModules = new HashMap<>();
+
+
+ public TomcatServerAuthContext(CallbackHandler handler,
Collection<TomcatAuthModule> modules)
+ throws AuthException {
+ for (TomcatAuthModule module : modules) {
+ // TODO discuss message policies
+ module.initialize(null, null, handler, Collections.emptyMap());
+ serverAuthModules.put(getAuthType(module), module);
+ }
+ }
+
+
+ private String getAuthType(TomcatAuthModule module) {
+ // TODO temporary workaround. In future JASPIC prefix will be removed
+ return "JASPIC-" + module.getAuthenticationType();
+ }
+
+
+ @Override
+ public AuthStatus validateRequest(MessageInfo messageInfo, Subject
clientSubject,
+ Subject serviceSubject) throws AuthException {
+ ServerAuthModule module = getAuthModule(messageInfo);
+ return module.validateRequest(messageInfo, clientSubject,
serviceSubject);
+ }
+
+
+ @Override
+ public AuthStatus secureResponse(MessageInfo messageInfo, Subject
serviceSubject)
+ throws AuthException {
+ ServerAuthModule module = getAuthModule(messageInfo);
+ return module.secureResponse(messageInfo, serviceSubject);
+ }
+
+
+ @Override
+ public void cleanSubject(MessageInfo messageInfo, Subject subject) throws
AuthException {
+ ServerAuthModule module = getAuthModule(messageInfo);
+ module.cleanSubject(messageInfo, subject);
+ }
+
+
+ @SuppressWarnings("rawtypes")
+ private ServerAuthModule getAuthModule(MessageInfo messageInfo) throws
AuthException {
+ Map properties = messageInfo.getMap();
+ String authenticationType = (String)
properties.get(MessageInfoImpl.AUTH_METHOD);
+ ServerAuthModule module = serverAuthModules.get(authenticationType);
+ if (module == null) {
+ throw new AuthException("Unknown auth module");// TODO message i18n
+ }
+ return module;
+ }
+}
Propchange:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatServerAuthContext.java
------------------------------------------------------------------------------
svn:eol-style = native
Added:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/TomcatAuthModule.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/TomcatAuthModule.java?rev=1687009&view=auto
==============================================================================
---
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/TomcatAuthModule.java
(added)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/TomcatAuthModule.java
Tue Jun 23 09:41:20 2015
@@ -0,0 +1,55 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.authenticator.jaspic.provider.modules;
+
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.module.ServerAuthModule;
+
+import org.apache.catalina.authenticator.jaspic.MessageInfoImpl;
+import org.apache.tomcat.util.res.StringManager;
+
+public abstract class TomcatAuthModule implements ServerAuthModule {
+
+ protected static final String AUTH_HEADER_NAME = "WWW-Authenticate";
+ protected static final String AUTHORIZATION_HEADER = "authorization";
+ /**
+ * Default authentication realm name.
+ */
+ protected static final String REALM_NAME = "Authentication required";
+ /**
+ * The string manager for this package.
+ */
+ protected static final StringManager sm =
StringManager.getManager(TomcatAuthModule.class);
+
+
+ public abstract String getAuthenticationType();
+
+
+ protected boolean isMandatory(MessageInfo messageInfo) {
+ String mandatory = (String)
messageInfo.getMap().get(MessageInfoImpl.IS_MANDATORY);
+ return Boolean.valueOf(mandatory).booleanValue();
+ }
+
+
+ protected static String getRealmName(MessageInfo messageInfo) {
+ if (messageInfo == null) {
+ return REALM_NAME;
+ }
+ // TODO get realm name from message
+ return REALM_NAME;
+ }
+}
Propchange:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/TomcatAuthModule.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: tomcat/trunk/java/org/apache/catalina/startup/ContextConfig.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/startup/ContextConfig.java?rev=1687009&r1=1687008&r2=1687009&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/startup/ContextConfig.java (original)
+++ tomcat/trunk/java/org/apache/catalina/startup/ContextConfig.java Tue Jun 23
09:41:20 2015
@@ -39,6 +39,7 @@ import java.util.Properties;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
+import javax.security.auth.message.config.AuthConfigFactory;
import javax.servlet.MultipartConfigElement;
import javax.servlet.ServletContainerInitializer;
import javax.servlet.ServletContext;
@@ -61,6 +62,8 @@ import org.apache.catalina.Valve;
import org.apache.catalina.WebResource;
import org.apache.catalina.WebResourceRoot;
import org.apache.catalina.Wrapper;
+import org.apache.catalina.authenticator.jaspic.JaspicAuthenticator;
+import
org.apache.catalina.authenticator.jaspic.provider.TomcatAuthConfigProvider;
import org.apache.catalina.core.StandardContext;
import org.apache.catalina.core.StandardHost;
import org.apache.catalina.util.ContextName;
@@ -388,6 +391,15 @@ public class ContextConfig implements Li
authenticator = (Valve)
customAuthenticators.get(loginConfig.getAuthMethod());
}
+
+ if (authenticator == null) {
+ String authMethod = loginConfig.getAuthMethod();
+ if (authMethod != null && authMethod.contains("JASPIC")) {
+ //TODO temporary workaround, Jaspic should be enabled by
default
+ authenticator = configureDefaultJaspicAuthModules();
+ }
+ }
+
if (authenticator == null) {
if (authenticators == null) {
log.error(sm.getString("contextConfig.authenticatorResources"));
@@ -434,6 +446,18 @@ public class ContextConfig implements Li
}
+ /**
+ * Configure and register default JASPIC modules
+ * @return
+ */
+ private JaspicAuthenticator configureDefaultJaspicAuthModules() {
+ AuthConfigFactory authConfigFactory = AuthConfigFactory.getFactory();
+ authConfigFactory.registerConfigProvider(new
TomcatAuthConfigProvider(),
+ JaspicAuthenticator.MESSAGE_LAYER, null, "Tomcat Jaspic");
+ return new JaspicAuthenticator();
+ }
+
+
/**
* Create (if necessary) and return a Digester configured to process the
* context configuration descriptor for an application.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
