Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGreg Wilkins2014-04-24 13:46:08 +0000
committerGreg Wilkins2014-04-24 13:46:08 +0000
commitb764a1d13692dabe42cb9e267795f26c398cf1ad (patch)
tree20fb4390ad1dfe1ef449f74dcffaa7dbf5991735 /jetty-security/src/main/java/org/eclipse/jetty
parent4b26faf8970906b5f22714735f4f9f55d247017e (diff)
downloadorg.eclipse.jetty.project-b764a1d13692dabe42cb9e267795f26c398cf1ad.tar.gz
org.eclipse.jetty.project-b764a1d13692dabe42cb9e267795f26c398cf1ad.tar.xz
org.eclipse.jetty.project-b764a1d13692dabe42cb9e267795f26c398cf1ad.zip
433244 Security manager lifecycle cleanup
Diffstat (limited to 'jetty-security/src/main/java/org/eclipse/jetty')
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/HashLoginService.java4
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java61
2 files changed, 41 insertions, 24 deletions
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/HashLoginService.java b/jetty-security/src/main/java/org/eclipse/jetty/security/HashLoginService.java
index 55f7ed22a6..335aabd72b 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/HashLoginService.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/HashLoginService.java
@@ -133,6 +133,7 @@ public class HashLoginService extends MappedLoginService implements UserListener
/**
* @see org.eclipse.jetty.util.component.AbstractLifeCycle#doStart()
*/
+ @Override
protected void doStart() throws Exception
{
super.doStart();
@@ -154,6 +155,7 @@ public class HashLoginService extends MappedLoginService implements UserListener
/**
* @see org.eclipse.jetty.util.component.AbstractLifeCycle#doStop()
*/
+ @Override
protected void doStop() throws Exception
{
super.doStop();
@@ -163,6 +165,7 @@ public class HashLoginService extends MappedLoginService implements UserListener
}
/* ------------------------------------------------------------ */
+ @Override
public void update(String userName, Credential credential, String[] roleArray)
{
if (LOG.isDebugEnabled())
@@ -171,6 +174,7 @@ public class HashLoginService extends MappedLoginService implements UserListener
}
/* ------------------------------------------------------------ */
+ @Override
public void remove(String userName)
{
if (LOG.isDebugEnabled())
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java b/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java
index 90c0d1b5ce..a6e108e9a7 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java
@@ -43,6 +43,7 @@ import org.eclipse.jetty.server.handler.ContextHandler;
import org.eclipse.jetty.server.handler.ContextHandler.Context;
import org.eclipse.jetty.server.handler.HandlerWrapper;
import org.eclipse.jetty.server.session.AbstractSession;
+import org.eclipse.jetty.util.component.LifeCycle;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;
@@ -74,8 +75,6 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
private LoginService _loginService;
private IdentityService _identityService;
private boolean _renewSession=true;
- private boolean _discoveredIdentityService = false;
- private boolean _discoveredLoginService = false;
/* ------------------------------------------------------------ */
protected SecurityHandler()
@@ -266,20 +265,24 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
}
/* ------------------------------------------------------------ */
- protected LoginService findLoginService()
+ protected LoginService findLoginService() throws Exception
{
Collection<LoginService> list = getServer().getBeans(LoginService.class);
-
+ LoginService service = null;
String realm=getRealmName();
if (realm!=null)
{
- for (LoginService service : list)
- if (service.getName()!=null && service.getName().equals(realm))
- return service;
+ for (LoginService s : list)
+ if (s.getName()!=null && s.getName().equals(realm))
+ {
+ service=s;
+ break;
+ }
}
else if (list.size()==1)
- return list.iterator().next();
- return null;
+ service = list.iterator().next();
+
+ return service;
}
/* ------------------------------------------------------------ */
@@ -342,9 +345,10 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
if (_loginService==null)
{
setLoginService(findLoginService());
- _discoveredLoginService = true;
+ if (_loginService!=null)
+ unmanage(_loginService);
}
-
+
if (_identityService==null)
{
if (_loginService!=null)
@@ -353,10 +357,16 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
if (_identityService==null)
setIdentityService(findIdentityService());
- if (_identityService==null && _realmName!=null)
- setIdentityService(new DefaultIdentityService());
-
- _discoveredIdentityService = true;
+ if (_identityService==null)
+ {
+ if (_realmName!=null)
+ {
+ setIdentityService(new DefaultIdentityService());
+ manage(_identityService);
+ }
+ }
+ else
+ unmanage(_identityService);
}
if (_loginService!=null)
@@ -387,17 +397,16 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
protected void doStop() throws Exception
{
//if we discovered the services (rather than had them explicitly configured), remove them.
- if (_discoveredIdentityService)
+ if (!isManaged(_identityService))
{
removeBean(_identityService);
- _identityService = null;
-
+ _identityService = null;
}
- if (_discoveredLoginService)
+ if (!isManaged(_loginService))
{
removeBean(_loginService);
- _loginService = null;
+ _loginService=null;
}
super.doStop();
@@ -427,6 +436,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
/**
* @see org.eclipse.jetty.security.Authenticator.AuthConfiguration#isSessionRenewedOnAuthentication()
*/
+ @Override
public boolean isSessionRenewedOnAuthentication()
{
return _renewSession;
@@ -473,7 +483,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
{
if (!baseRequest.isHandled())
{
- response.sendError(Response.SC_FORBIDDEN);
+ response.sendError(HttpServletResponse.SC_FORBIDDEN);
baseRequest.setHandled(true);
}
return;
@@ -488,7 +498,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
LOG.warn("No authenticator for: "+roleInfo);
if (!baseRequest.isHandled())
{
- response.sendError(Response.SC_FORBIDDEN);
+ response.sendError(HttpServletResponse.SC_FORBIDDEN);
baseRequest.setHandled(true);
}
return;
@@ -524,7 +534,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
boolean authorized=checkWebResourcePermissions(pathInContext, baseRequest, base_response, roleInfo, userAuth.getUserIdentity());
if (!authorized)
{
- response.sendError(Response.SC_FORBIDDEN, "!role");
+ response.sendError(HttpServletResponse.SC_FORBIDDEN, "!role");
baseRequest.setHandled(true);
return;
}
@@ -574,7 +584,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
{
// jaspi 3.8.3 send HTTP 500 internal server error, with message
// from AuthException
- response.sendError(Response.SC_INTERNAL_SERVER_ERROR, e.getMessage());
+ response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
}
finally
{
@@ -634,6 +644,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
/* ------------------------------------------------------------ */
public class NotChecked implements Principal
{
+ @Override
public String getName()
{
return null;
@@ -656,6 +667,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
/* ------------------------------------------------------------ */
public static final Principal __NO_USER = new Principal()
{
+ @Override
public String getName()
{
return null;
@@ -680,6 +692,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
*/
public static final Principal __NOBODY = new Principal()
{
+ @Override
public String getName()
{
return "Nobody";

Back to the top