Author: markt Date: Fri Jul 3 19:00:51 2015 New Revision: 1689061 URL: http://svn.apache.org/r1689061 Log: Validation extracted to separate method, in order to make exception handling easier Patch by fjodorver
Modified: tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/FormAuthModule.java Modified: tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/FormAuthModule.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/FormAuthModule.java?rev=1689061&r1=1689060&r2=1689061&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/FormAuthModule.java (original) +++ tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/FormAuthModule.java Fri Jul 3 19:00:51 2015 @@ -27,6 +27,7 @@ import java.util.Map; import javax.security.auth.Subject; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.UnsupportedCallbackException; import javax.security.auth.message.AuthException; import javax.security.auth.message.AuthStatus; import javax.security.auth.message.MessageInfo; @@ -89,213 +90,217 @@ public class FormAuthModule extends Tomc return AuthStatus.SUCCESS; } try { + return validate(messageInfo, clientSubject); + } catch (Exception e) { + throw new AuthException(e.getMessage()); + } + } - Request request = (Request) messageInfo.getRequestMessage(); - HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage(); - // References to objects we will need later - Session session = null; - Principal principal = null; - - // Have we authenticated this user before but have caching disabled? - if (!isCache()) { - session = request.getSessionInternal(true); - if (log.isDebugEnabled()) { - log.debug("Checking for reauthenticate in session " + session); - } - String username = (String) session.getNote(Constants.SESS_USERNAME_NOTE); - String password = (String) session.getNote(Constants.SESS_PASSWORD_NOTE); - if ((username != null) && (password != null)) { - if (log.isDebugEnabled()) { - log.debug("Reauthenticating username '" + username + "'"); - } - PasswordValidationCallback passwordCallback = new PasswordValidationCallback( - clientSubject, username, password.toCharArray()); - handler.handle(new Callback[] { passwordCallback }); - if (!passwordCallback.getResult()) { - forwardToErrorPage(request, response, context.getLoginConfig()); - } - principal = getPrincipal(passwordCallback); - if (principal != null) { - session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal); - if (!matchRequest(request)) { - CallerPrincipalCallback principalCallback = new CallerPrincipalCallback( - clientSubject, principal); - GroupPrincipalCallback groupCallback = new GroupPrincipalCallback( - clientSubject, context.getRealm().getRoles(principal)); - handler.handle(new Callback[] { principalCallback, groupCallback }); - return AuthStatus.SUCCESS; - } - } - if (log.isDebugEnabled()) { - log.debug("Reauthentication failed, proceed normally"); - } - } + private AuthStatus validate(MessageInfo messageInfo, Subject clientSubject) throws IOException, + UnsupportedCallbackException { + Request request = (Request) messageInfo.getRequestMessage(); + HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage(); + // References to objects we will need later + Session session = null; + Principal principal = null; + + // Have we authenticated this user before but have caching disabled? + if (!isCache()) { + session = request.getSessionInternal(true); + if (log.isDebugEnabled()) { + log.debug("Checking for reauthenticate in session " + session); } - - // Is this the re-submit of the original request URI after - // successful - // authentication? If so, forward the *original* request instead. - if (matchRequest(request)) { - session = request.getSessionInternal(true); + String username = (String) session.getNote(Constants.SESS_USERNAME_NOTE); + String password = (String) session.getNote(Constants.SESS_PASSWORD_NOTE); + if ((username != null) && (password != null)) { if (log.isDebugEnabled()) { - log.debug("Restore request from session '" + session.getIdInternal() + "'"); + log.debug("Reauthenticating username '" + username + "'"); } - principal = (Principal) session.getNote(Constants.FORM_PRINCIPAL_NOTE); - CallerPrincipalCallback principalCallback = new CallerPrincipalCallback( - clientSubject, principal); - GroupPrincipalCallback groupCallback = new GroupPrincipalCallback(clientSubject, - context.getRealm().getRoles(principal)); - handler.handle(new Callback[] { principalCallback, groupCallback }); - - // If we're caching principals we no longer needgetPrincipal the - // username - // and password in the session, so remove them - if (isCache()) { - session.removeNote(Constants.SESS_USERNAME_NOTE); - session.removeNote(Constants.SESS_PASSWORD_NOTE); + PasswordValidationCallback passwordCallback = new PasswordValidationCallback( + clientSubject, username, password.toCharArray()); + handler.handle(new Callback[] { passwordCallback }); + + if (!passwordCallback.getResult()) { + forwardToErrorPage(request, response, context.getLoginConfig()); } - if (restoreRequest(request, session)) { - if (log.isDebugEnabled()) { - log.debug("Proceed to restored request"); - } - return AuthStatus.SUCCESS; - } else { - if (log.isDebugEnabled()) { - log.debug("Restore of original request failed"); + principal = getPrincipal(passwordCallback); + if (principal != null) { + session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal); + if (!matchRequest(request)) { + CallerPrincipalCallback principalCallback = new CallerPrincipalCallback( + clientSubject, principal); + GroupPrincipalCallback groupCallback = new GroupPrincipalCallback( + clientSubject, context.getRealm().getRoles(principal)); + handler.handle(new Callback[] { principalCallback, groupCallback }); + return AuthStatus.SUCCESS; } - response.sendError(HttpServletResponse.SC_BAD_REQUEST); - return AuthStatus.FAILURE; } - } - - // Acquire references to objects we will need to evaluate - MessageBytes uriMB = MessageBytes.newInstance(); - CharChunk uriCC = uriMB.getCharChunk(); - uriCC.setLimit(-1); - String contextPath = request.getContextPath(); - String requestURI = request.getDecodedRequestURI(); - - // Is this the action request from the login page? - boolean loginAction = requestURI.startsWith(contextPath) - && requestURI.endsWith(Constants.FORM_ACTION); - - LoginConfig config = context.getLoginConfig(); - - // No -- Save this request and redirect to the form login page - if (!loginAction) { - session = request.getSessionInternal(true); if (log.isDebugEnabled()) { - log.debug("Save request in session '" + session.getIdInternal() + "'"); + log.debug("Reauthentication failed, proceed normally"); } - try { - saveRequest(request, session); - } catch (IOException ioe) { - log.debug("Request body too big to save during authentication"); - response.sendError(HttpServletResponse.SC_FORBIDDEN, - sm.getString("authenticator.requestBodyTooBig")); - return AuthStatus.FAILURE; - } - forwardToLoginPage(request, response, config); - return AuthStatus.SEND_CONTINUE; } + } - // Yes -- Acknowledge the request, validate the specified - // credentials - // and redirect to the error page if they are not correct - request.getResponse().sendAcknowledgement(); - Realm realm = context.getRealm(); - // TODO fix character encoding - // if (characterEncoding != null) { - // request.setCharacterEncoding(characterEncoding); - // } - String username = request.getParameter(Constants.FORM_USERNAME); - String password = request.getParameter(Constants.FORM_PASSWORD); + // Is this the re-submit of the original request URI after + // successful + // authentication? If so, forward the *original* request instead. + if (matchRequest(request)) { + session = request.getSessionInternal(true); if (log.isDebugEnabled()) { - log.debug("Authenticating username '" + username + "'"); + log.debug("Restore request from session '" + session.getIdInternal() + "'"); } - principal = realm.authenticate(username, password); - if (principal == null) { - forwardToErrorPage(request, response, config); + principal = (Principal) session.getNote(Constants.FORM_PRINCIPAL_NOTE); + CallerPrincipalCallback principalCallback = new CallerPrincipalCallback(clientSubject, + principal); + GroupPrincipalCallback groupCallback = new GroupPrincipalCallback(clientSubject, + context.getRealm().getRoles(principal)); + handler.handle(new Callback[] { principalCallback, groupCallback }); + + // If we're caching principals we no longer needgetPrincipal the + // username + // and password in the session, so remove them + if (isCache()) { + session.removeNote(Constants.SESS_USERNAME_NOTE); + session.removeNote(Constants.SESS_PASSWORD_NOTE); + } + if (restoreRequest(request, session)) { + if (log.isDebugEnabled()) { + log.debug("Proceed to restored request"); + } + return AuthStatus.SUCCESS; + } else { + if (log.isDebugEnabled()) { + log.debug("Restore of original request failed"); + } + response.sendError(HttpServletResponse.SC_BAD_REQUEST); return AuthStatus.FAILURE; } + } + // Acquire references to objects we will need to evaluate + MessageBytes uriMB = MessageBytes.newInstance(); + CharChunk uriCC = uriMB.getCharChunk(); + uriCC.setLimit(-1); + String contextPath = request.getContextPath(); + String requestURI = request.getDecodedRequestURI(); + + // Is this the action request from the login page? + boolean loginAction = requestURI.startsWith(contextPath) + && requestURI.endsWith(Constants.FORM_ACTION); + + LoginConfig config = context.getLoginConfig(); + + // No -- Save this request and redirect to the form login page + if (!loginAction) { + session = request.getSessionInternal(true); if (log.isDebugEnabled()) { - log.debug("Authentication of '" + username + "' was successful"); - } - - if (session == null) { - session = request.getSessionInternal(false); + log.debug("Save request in session '" + session.getIdInternal() + "'"); } - if (session == null) { - // if (containerLog.isDebugEnabled()) { - // containerLog.debug - // ("User took so long to log on the session expired"); - // } - if (landingPage == null) { - response.sendError(HttpServletResponse.SC_REQUEST_TIMEOUT, - sm.getString("authenticator.sessionExpired")); - } else { - // Make the authenticator think the user originally - // requested - // the landing page - String uri = request.getContextPath() + landingPage; - SavedRequest saved = new SavedRequest(); - saved.setMethod("GET"); - saved.setRequestURI(uri); - saved.setDecodedRequestURI(uri); - request.getSessionInternal(true).setNote(Constants.FORM_REQUEST_NOTE, saved); - response.sendRedirect(response.encodeRedirectURL(uri)); - } + try { + saveRequest(request, session); + } catch (IOException ioe) { + log.debug("Request body too big to save during authentication"); + response.sendError(HttpServletResponse.SC_FORBIDDEN, + sm.getString("authenticator.requestBodyTooBig")); return AuthStatus.FAILURE; } + forwardToLoginPage(request, response, config); + return AuthStatus.SEND_CONTINUE; + } - // Save the authenticated Principal in our session - session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal); + // Yes -- Acknowledge the request, validate the specified + // credentials + // and redirect to the error page if they are not correct + request.getResponse().sendAcknowledgement(); + Realm realm = context.getRealm(); + // TODO fix character encoding + // if (characterEncoding != null) { + // request.setCharacterEncoding(characterEncoding); + // } + String username = request.getParameter(Constants.FORM_USERNAME); + String password = request.getParameter(Constants.FORM_PASSWORD); + if (log.isDebugEnabled()) { + log.debug("Authenticating username '" + username + "'"); + } + principal = realm.authenticate(username, password); + if (principal == null) { + forwardToErrorPage(request, response, config); + return AuthStatus.FAILURE; + } - // Save the username and password as well - session.setNote(Constants.SESS_USERNAME_NOTE, username); - session.setNote(Constants.SESS_PASSWORD_NOTE, password); - - // Redirect the user to the original request URI (which will cause - // the original request to be restored) - requestURI = savedRequestURL(session); - if (log.isDebugEnabled()) { - log.debug("Redirecting to original '" + requestURI + "'"); - } - if (requestURI == null) { - if (landingPage == null) { - response.sendError(HttpServletResponse.SC_BAD_REQUEST, - sm.getString("authenticator.formlogin")); - } else { - // Make the authenticator think the user originally - // requested - // the landing page - String uri = request.getContextPath() + landingPage; - SavedRequest saved = new SavedRequest(); - saved.setMethod("GET"); - saved.setRequestURI(uri); - saved.setDecodedRequestURI(uri); - session.setNote(Constants.FORM_REQUEST_NOTE, saved); - response.sendRedirect(response.encodeRedirectURL(uri)); - } + if (log.isDebugEnabled()) { + log.debug("Authentication of '" + username + "' was successful"); + } + + if (session == null) { + session = request.getSessionInternal(false); + } + if (session == null) { + // if (containerLog.isDebugEnabled()) { + // containerLog.debug + // ("User took so long to log on the session expired"); + // } + if (landingPage == null) { + response.sendError(HttpServletResponse.SC_REQUEST_TIMEOUT, + sm.getString("authenticator.sessionExpired")); } else { - // Until the Servlet API allows specifying the type of redirect - // to - // use. - Response internalResponse = request.getResponse(); - String location = response.encodeRedirectURL(requestURI); - if ("HTTP/1.1".equals(request.getProtocol())) { - internalResponse.sendRedirect(location, HttpServletResponse.SC_SEE_OTHER); - } else { - internalResponse.sendRedirect(location, HttpServletResponse.SC_FOUND); - } + // Make the authenticator think the user originally + // requested + // the landing page + String uri = request.getContextPath() + landingPage; + SavedRequest saved = new SavedRequest(); + saved.setMethod("GET"); + saved.setRequestURI(uri); + saved.setDecodedRequestURI(uri); + request.getSessionInternal(true).setNote(Constants.FORM_REQUEST_NOTE, saved); + response.sendRedirect(response.encodeRedirectURL(uri)); } return AuthStatus.FAILURE; - } catch (Exception e) { - throw new AuthException(e.getMessage()); } + // Save the authenticated Principal in our session + session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal); + + // Save the username and password as well + session.setNote(Constants.SESS_USERNAME_NOTE, username); + session.setNote(Constants.SESS_PASSWORD_NOTE, password); + + // Redirect the user to the original request URI (which will cause + // the original request to be restored) + requestURI = savedRequestURL(session); + if (log.isDebugEnabled()) { + log.debug("Redirecting to original '" + requestURI + "'"); + } + if (requestURI == null) { + if (landingPage == null) { + response.sendError(HttpServletResponse.SC_BAD_REQUEST, + sm.getString("authenticator.formlogin")); + } else { + // Make the authenticator think the user originally + // requested + // the landing page + String uri = request.getContextPath() + landingPage; + SavedRequest saved = new SavedRequest(); + saved.setMethod("GET"); + saved.setRequestURI(uri); + saved.setDecodedRequestURI(uri); + session.setNote(Constants.FORM_REQUEST_NOTE, saved); + response.sendRedirect(response.encodeRedirectURL(uri)); + } + } else { + // Until the Servlet API allows specifying the type of redirect + // to + // use. + Response internalResponse = request.getResponse(); + String location = response.encodeRedirectURL(requestURI); + if ("HTTP/1.1".equals(request.getProtocol())) { + internalResponse.sendRedirect(location, HttpServletResponse.SC_SEE_OTHER); + } else { + internalResponse.sendRedirect(location, HttpServletResponse.SC_FOUND); + } + } + return AuthStatus.FAILURE; } --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org