Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan Bartel2015-11-25 23:30:50 -0500
committerJan Bartel2015-11-25 23:31:19 -0500
commit81b2a6a4de22ebb3d3e1c857e686bccbfd636c4d (patch)
tree427fd9750c1ead250cbd871c0a2971e6eebe7b3b /jetty-security/src/main/java/org/eclipse
parent18a3af1951002116218a445c403a95c0c24939ab (diff)
downloadorg.eclipse.jetty.project-81b2a6a4de22ebb3d3e1c857e686bccbfd636c4d.tar.gz
org.eclipse.jetty.project-81b2a6a4de22ebb3d3e1c857e686bccbfd636c4d.tar.xz
org.eclipse.jetty.project-81b2a6a4de22ebb3d3e1c857e686bccbfd636c4d.zip
483059 Remove cache of authenticated users
Diffstat (limited to 'jetty-security/src/main/java/org/eclipse')
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java270
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/HashLoginService.java110
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/JDBCLoginService.java109
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/MappedLoginService.java375
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/PropertyUserStore.java49
5 files changed, 323 insertions, 590 deletions
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java b/jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java
new file mode 100644
index 0000000000..c38a195aa5
--- /dev/null
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java
@@ -0,0 +1,270 @@
+//
+// ========================================================================
+// Copyright (c) 1995-2015 Mort Bay Consulting Pty. Ltd.
+// ------------------------------------------------------------------------
+// All rights reserved. This program and the accompanying materials
+// are made available under the terms of the Eclipse Public License v1.0
+// and Apache License v2.0 which accompanies this distribution.
+//
+// The Eclipse Public License is available at
+// http://www.eclipse.org/legal/epl-v10.html
+//
+// The Apache License v2.0 is available at
+// http://www.opensource.org/licenses/apache2.0.php
+//
+// You may elect to redistribute this code under either of these licenses.
+// ========================================================================
+//
+
+
+package org.eclipse.jetty.security;
+
+import java.io.Serializable;
+import java.security.Principal;
+
+import javax.security.auth.Subject;
+import javax.servlet.ServletRequest;
+
+
+import org.eclipse.jetty.server.UserIdentity;
+import org.eclipse.jetty.util.component.AbstractLifeCycle;
+import org.eclipse.jetty.util.log.Log;
+import org.eclipse.jetty.util.log.Logger;
+import org.eclipse.jetty.util.security.Credential;
+
+/**
+ * AbstractLoginService
+ *
+ *
+ */
+public abstract class AbstractLoginService extends AbstractLifeCycle implements LoginService
+{
+ private static final Logger LOG = Log.getLogger(AbstractLoginService.class);
+
+ protected IdentityService _identityService=new DefaultIdentityService();
+ protected String _name;
+ protected boolean _fullValidate = false;
+
+
+
+
+
+ /* ------------------------------------------------------------ */
+ /**
+ * RolePrincipal
+ *
+ *
+ */
+ public static class RolePrincipal implements Principal,Serializable
+ {
+ private static final long serialVersionUID = 2998397924051854402L;
+ private final String _roleName;
+ public RolePrincipal(String name)
+ {
+ _roleName=name;
+ }
+ public String getName()
+ {
+ return _roleName;
+ }
+ }
+
+
+ /* ------------------------------------------------------------ */
+ /**
+ * UserPrincipal
+ *
+ *
+ */
+ public static class UserPrincipal implements Principal,Serializable
+ {
+ private static final long serialVersionUID = -6226920753748399662L;
+ private final String _name;
+ private final Credential _credential;
+
+
+ /* -------------------------------------------------------- */
+ public UserPrincipal(String name,Credential credential)
+ {
+ _name=name;
+ _credential=credential;
+ }
+
+ /* -------------------------------------------------------- */
+ public boolean authenticate(Object credentials)
+ {
+ return _credential!=null && _credential.check(credentials);
+ }
+
+ /* -------------------------------------------------------- */
+ public boolean authenticate (Credential c)
+ {
+ return(_credential != null && c != null && _credential.equals(c));
+ }
+
+ /* ------------------------------------------------------------ */
+ public String getName()
+ {
+ return _name;
+ }
+
+
+
+ /* -------------------------------------------------------- */
+ @Override
+ public String toString()
+ {
+ return _name;
+ }
+ }
+
+
+
+
+ /* ------------------------------------------------------------ */
+ protected abstract String[] loadRoleInfo (UserPrincipal user);
+
+
+ /* ------------------------------------------------------------ */
+ protected abstract UserPrincipal loadUserInfo (String username);
+
+
+
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.security.LoginService#getName()
+ */
+ @Override
+ public String getName()
+ {
+ return _name;
+ }
+
+ /* ------------------------------------------------------------ */
+ /** Set the identityService.
+ * @param identityService the identityService to set
+ */
+ public void setIdentityService(IdentityService identityService)
+ {
+ if (isRunning())
+ throw new IllegalStateException("Running");
+ _identityService = identityService;
+ }
+
+ /* ------------------------------------------------------------ */
+ /** Set the name.
+ * @param name the name to set
+ */
+ public void setName(String name)
+ {
+ if (isRunning())
+ throw new IllegalStateException("Running");
+ _name = name;
+ }
+
+ /* ------------------------------------------------------------ */
+ @Override
+ public String toString()
+ {
+ return this.getClass().getSimpleName()+"["+_name+"]";
+ }
+
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.security.LoginService#login(java.lang.String, java.lang.Object, javax.servlet.ServletRequest)
+ */
+ @Override
+ public UserIdentity login(String username, Object credentials, ServletRequest request)
+ {
+ if (username == null)
+ return null;
+
+ UserPrincipal userPrincipal = loadUserInfo(username);
+ if (userPrincipal.authenticate(credentials))
+ {
+ //safe to load the roles
+ String[] roles = loadRoleInfo(userPrincipal);
+
+ Subject subject = new Subject();
+ subject.getPrincipals().add(userPrincipal);
+ subject.getPrivateCredentials().add(userPrincipal._credential);
+ if (roles!=null)
+ for (String role : roles)
+ subject.getPrincipals().add(new RolePrincipal(role));
+ subject.setReadOnly();
+ return _identityService.newUserIdentity(subject,userPrincipal,roles);
+ }
+
+ return null;
+
+ }
+
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.security.LoginService#validate(org.eclipse.jetty.server.UserIdentity)
+ */
+ @Override
+ public boolean validate(UserIdentity user)
+ {
+ if (!isFullValidate())
+ return true; //if we have a user identity it must be valid
+
+ //Do a full validation back against the user store
+ UserPrincipal fresh = loadUserInfo(user.getUserPrincipal().getName());
+ if (fresh == null)
+ return false; //user no longer exists
+
+ if (user.getUserPrincipal() instanceof UserPrincipal)
+ {
+ System.err.println("VALIDATING user "+fresh.getName());
+ return fresh.authenticate(((UserPrincipal)user.getUserPrincipal())._credential);
+ }
+
+ throw new IllegalStateException("UserPrincipal not KnownUser"); //can't validate
+ }
+
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.security.LoginService#getIdentityService()
+ */
+ @Override
+ public IdentityService getIdentityService()
+ {
+ return _identityService;
+ }
+
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.security.LoginService#logout(org.eclipse.jetty.server.UserIdentity)
+ */
+ @Override
+ public void logout(UserIdentity user)
+ {
+ //Override in subclasses
+
+ }
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @return
+ */
+ public boolean isFullValidate()
+ {
+ return _fullValidate;
+ }
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @param fullValidate
+ */
+ public void setFullValidate(boolean fullValidate)
+ {
+ _fullValidate = fullValidate;
+ }
+
+}
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/HashLoginService.java b/jetty-security/src/main/java/org/eclipse/jetty/security/HashLoginService.java
index 659083b7cf..f0774a707d 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/HashLoginService.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/HashLoginService.java
@@ -23,7 +23,6 @@ import java.util.ArrayList;
import java.util.List;
import java.util.Set;
-import org.eclipse.jetty.security.MappedLoginService.KnownUser;
import org.eclipse.jetty.security.PropertyUserStore.UserListener;
import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.util.Scanner;
@@ -49,45 +48,17 @@ import org.eclipse.jetty.util.security.Credential;
* <p>
* If DIGEST Authentication is used, the password must be in a recoverable format, either plain text or OBF:.
*/
-public class HashLoginService extends MappedLoginService implements UserListener
+public class HashLoginService extends AbstractLoginService
{
private static final Logger LOG = Log.getLogger(HashLoginService.class);
- private PropertyUserStore _propertyUserStore;
- private String _config;
- private Resource _configResource;
- private Scanner _scanner;
- private boolean hotReload = false; // default is not to reload
+ protected PropertyUserStore _propertyUserStore;
+ protected String _config;
+ protected Resource _configResource;
+ protected boolean hotReload = false; // default is not to reload
- public class HashKnownUser extends KnownUser
- {
- String[] _roles;
-
- /**
- * @param name
- * @param credential
- */
- public HashKnownUser(String name, Credential credential)
- {
- super(name, credential);
- }
-
-
-
- public void setRoles (String[] roles)
- {
- _roles = roles;
- }
-
- public String[] getRoles()
- {
- return _roles;
- }
- }
-
-
/* ------------------------------------------------------------ */
public HashLoginService()
@@ -161,46 +132,11 @@ public class HashLoginService extends MappedLoginService implements UserListener
this.hotReload = enable;
}
- /* ------------------------------------------------------------ */
- /**
- * sets the refresh interval (in seconds)
- * @param sec the refresh interval
- * @deprecated use {@link #setHotReload(boolean)} instead
- */
- @Deprecated
- public void setRefreshInterval(int sec)
- {
- }
-
- /* ------------------------------------------------------------ */
- /**
- * @return refresh interval in seconds for how often the properties file should be checked for changes
- * @deprecated use {@link #isHotReload()} instead
- */
- @Deprecated
- public int getRefreshInterval()
- {
- return (hotReload)?1:0;
- }
+
/* ------------------------------------------------------------ */
@Override
- protected UserIdentity loadUser(String username)
- {
- return null;
- }
-
- /* ------------------------------------------------------------ */
- @Override
- public void loadUsers() throws IOException
- {
- // TODO: Consider refactoring MappedLoginService to not have to override with unused methods
- }
-
-
-
- @Override
- protected String[] loadRoleInfo(KnownUser user)
+ protected String[] loadRoleInfo(UserPrincipal user)
{
UserIdentity id = _propertyUserStore.getUserIdentity(user.getName());
if (id == null)
@@ -218,13 +154,17 @@ public class HashLoginService extends MappedLoginService implements UserListener
return list.toArray(new String[roles.size()]);
}
+
+
+
+ /* ------------------------------------------------------------ */
@Override
- protected KnownUser loadUserInfo(String userName)
+ protected UserPrincipal loadUserInfo(String userName)
{
UserIdentity id = _propertyUserStore.getUserIdentity(userName);
if (id != null)
{
- return (KnownUser)id.getUserPrincipal();
+ return (UserPrincipal)id.getUserPrincipal();
}
return null;
@@ -249,7 +189,6 @@ public class HashLoginService extends MappedLoginService implements UserListener
_propertyUserStore = new PropertyUserStore();
_propertyUserStore.setHotReload(hotReload);
_propertyUserStore.setConfigPath(_config);
- _propertyUserStore.registerUserListener(this);
_propertyUserStore.start();
}
}
@@ -262,28 +201,5 @@ public class HashLoginService extends MappedLoginService implements UserListener
protected void doStop() throws Exception
{
super.doStop();
- if (_scanner != null)
- _scanner.stop();
- _scanner = null;
- }
-
- /* ------------------------------------------------------------ */
- @Override
- public void update(String userName, Credential credential, String[] roleArray)
- {
- if (LOG.isDebugEnabled())
- LOG.debug("update: " + userName + " Roles: " + roleArray.length);
- //TODO need to remove and replace the authenticated user?
- }
-
-
-
- /* ------------------------------------------------------------ */
- @Override
- public void remove(String userName)
- {
- if (LOG.isDebugEnabled())
- LOG.debug("remove: " + userName);
- removeUser(userName);
}
}
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/JDBCLoginService.java b/jetty-security/src/main/java/org/eclipse/jetty/security/JDBCLoginService.java
index 4294b74ef5..09b5df9512 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/JDBCLoginService.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/JDBCLoginService.java
@@ -59,7 +59,7 @@ import org.eclipse.jetty.util.security.Credential;
*
*/
-public class JDBCLoginService extends MappedLoginService
+public class JDBCLoginService extends AbstractLoginService
{
private static final Logger LOG = Log.getLogger(JDBCLoginService.class);
@@ -71,8 +71,6 @@ public class JDBCLoginService extends MappedLoginService
protected String _userTableKey;
protected String _userTablePasswordField;
protected String _roleTableRoleField;
- protected int _cacheTime;
- protected long _lastHashPurge;
protected Connection _con;
protected String _userSql;
protected String _roleSql;
@@ -83,7 +81,7 @@ public class JDBCLoginService extends MappedLoginService
*
*
*/
- public class JDBCKnownUser extends KnownUser
+ public class JDBCUserPrincipal extends UserPrincipal
{
int _userKey;
@@ -91,7 +89,7 @@ public class JDBCLoginService extends MappedLoginService
* @param name
* @param credential
*/
- public JDBCKnownUser(String name, Credential credential, int key)
+ public JDBCUserPrincipal(String name, Credential credential, int key)
{
super(name, credential);
_userKey = key;
@@ -162,20 +160,18 @@ public class JDBCLoginService extends MappedLoginService
String _userRoleTable = properties.getProperty("userroletable");
String _userRoleTableUserKey = properties.getProperty("userroletableuserkey");
String _userRoleTableRoleKey = properties.getProperty("userroletablerolekey");
- _cacheTime = new Integer(properties.getProperty("cachetime"));
+
if (_jdbcDriver == null || _jdbcDriver.equals("")
|| _url == null
|| _url.equals("")
|| _userName == null
|| _userName.equals("")
- || _password == null
- || _cacheTime < 0)
+ || _password == null)
{
LOG.warn("UserRealm " + getName() + " has not been properly configured");
}
- _cacheTime *= 1000;
- _lastHashPurge = 0;
+
_userSql = "select " + _userTableKey + "," + _userTablePasswordField + " from " + _userTable + " where " + _userTableUserField + " = ?";
_roleSql = "select r." + _roleTableRoleField
+ " from "
@@ -235,80 +231,15 @@ public class JDBCLoginService extends MappedLoginService
}
}
- /* ------------------------------------------------------------ */
- @Override
- public UserIdentity login(String username, Object credentials, ServletRequest request)
- {
- long now = System.currentTimeMillis();
- if (now - _lastHashPurge > _cacheTime || _cacheTime == 0)
- {
- _users.clear();
- _lastHashPurge = now;
- closeConnection();
- }
-
- return super.login(username,credentials, request);
- }
-
- /* ------------------------------------------------------------ */
- @Override
- protected void loadUsers()
- {
- }
+
- /* ------------------------------------------------------------ */
- @Deprecated
- protected UserIdentity loadUser(String username)
- {
- try
- {
- if (null == _con)
- connectDatabase();
-
- if (null == _con)
- throw new SQLException("Can't connect to database");
-
- try (PreparedStatement stat1 = _con.prepareStatement(_userSql))
- {
- stat1.setObject(1, username);
- try (ResultSet rs1 = stat1.executeQuery())
- {
- if (rs1.next())
- {
- int key = rs1.getInt(_userTableKey);
- String credentials = rs1.getString(_userTablePasswordField);
-
-
- List<String> roles = new ArrayList<String>();
-
- try (PreparedStatement stat2 = _con.prepareStatement(_roleSql))
- {
- stat2.setInt(1, key);
- try (ResultSet rs2 = stat2.executeQuery())
- {
- while (rs2.next())
- roles.add(rs2.getString(_roleTableRoleField));
- }
- }
- return putUser(username, Credential.getCredential(credentials), roles.toArray(new String[roles.size()]));
- }
- }
- }
- }
- catch (SQLException e)
- {
- LOG.warn("UserRealm " + getName() + " could not load user information from database", e);
- closeConnection();
- }
- return null;
- }
-
+ /* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.security.MappedLoginService#loadUserInfo(java.lang.String)
* @Override
*/
- public KnownUser loadUserInfo (String username)
+ public UserPrincipal loadUserInfo (String username)
{
try
{
@@ -328,7 +259,7 @@ public class JDBCLoginService extends MappedLoginService
int key = rs1.getInt(_userTableKey);
String credentials = rs1.getString(_userTablePasswordField);
- return new JDBCKnownUser (username, Credential.getCredential(credentials), key);
+ return new JDBCUserPrincipal (username, Credential.getCredential(credentials), key);
}
}
}
@@ -343,14 +274,14 @@ public class JDBCLoginService extends MappedLoginService
}
-
+ /* ------------------------------------------------------------ */
/**
- * @see org.eclipse.jetty.security.MappedLoginService#loadRoleInfo(org.eclipse.jetty.security.MappedLoginService.KnownUser)
+ * @see org.eclipse.jetty.security.MappedLoginService#loadRoleInfo(org.eclipse.jetty.security.UserPrincipal.KnownUser)
* @Override
*/
- public String[] loadRoleInfo (KnownUser user)
+ public String[] loadRoleInfo (UserPrincipal user)
{
- JDBCKnownUser jdbcUser = (JDBCKnownUser)user;
+ JDBCUserPrincipal jdbcUser = (JDBCUserPrincipal)user;
try
{
@@ -385,7 +316,19 @@ public class JDBCLoginService extends MappedLoginService
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.util.component.AbstractLifeCycle#doStop()
+ */
+ @Override
+ protected void doStop() throws Exception
+ {
+ closeConnection();
+ super.doStop();
+ }
+ /* ------------------------------------------------------------ */
/**
* Close an existing connection
*/
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/MappedLoginService.java b/jetty-security/src/main/java/org/eclipse/jetty/security/MappedLoginService.java
deleted file mode 100644
index 310a4db8bc..0000000000
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/MappedLoginService.java
+++ /dev/null
@@ -1,375 +0,0 @@
-//
-// ========================================================================
-// Copyright (c) 1995-2015 Mort Bay Consulting Pty. Ltd.
-// ------------------------------------------------------------------------
-// All rights reserved. This program and the accompanying materials
-// are made available under the terms of the Eclipse Public License v1.0
-// and Apache License v2.0 which accompanies this distribution.
-//
-// The Eclipse Public License is available at
-// http://www.eclipse.org/legal/epl-v10.html
-//
-// The Apache License v2.0 is available at
-// http://www.opensource.org/licenses/apache2.0.php
-//
-// You may elect to redistribute this code under either of these licenses.
-// ========================================================================
-//
-
-
-package org.eclipse.jetty.security;
-
-import java.io.IOException;
-import java.io.Serializable;
-import java.security.Principal;
-import java.util.Map;
-import java.util.concurrent.ConcurrentHashMap;
-import java.util.concurrent.ConcurrentMap;
-
-import javax.security.auth.Subject;
-import javax.servlet.ServletRequest;
-
-import org.eclipse.jetty.server.UserIdentity;
-import org.eclipse.jetty.util.component.AbstractLifeCycle;
-import org.eclipse.jetty.util.log.Log;
-import org.eclipse.jetty.util.log.Logger;
-import org.eclipse.jetty.util.security.Credential;
-
-
-
-/* ------------------------------------------------------------ */
-/**
- * A login service that keeps UserIdentities in a concurrent map
- * either as the source or a cache of the users.
- *
- */
-public abstract class MappedLoginService extends AbstractLifeCycle implements LoginService
-{
- private static final Logger LOG = Log.getLogger(MappedLoginService.class);
-
- protected IdentityService _identityService=new DefaultIdentityService();
- protected String _name;
- protected final ConcurrentMap<String, UserIdentity> _users=new ConcurrentHashMap<String, UserIdentity>();
-
- /* ------------------------------------------------------------ */
- protected MappedLoginService()
- {
- }
-
- /* ------------------------------------------------------------ */
- /** Get the name.
- * @return the name
- */
- public String getName()
- {
- return _name;
- }
-
- /* ------------------------------------------------------------ */
- /** Get the identityService.
- * @return the identityService
- */
- public IdentityService getIdentityService()
- {
- return _identityService;
- }
-
- /* ------------------------------------------------------------ */
- /** Get the users.
- * @return the users
- */
- public ConcurrentMap<String, UserIdentity> getUsers()
- {
- return _users;
- }
-
- /* ------------------------------------------------------------ */
- /** Set the identityService.
- * @param identityService the identityService to set
- */
- public void setIdentityService(IdentityService identityService)
- {
- if (isRunning())
- throw new IllegalStateException("Running");
- _identityService = identityService;
- }
-
- /* ------------------------------------------------------------ */
- /** Set the name.
- * @param name the name to set
- */
- public void setName(String name)
- {
- if (isRunning())
- throw new IllegalStateException("Running");
- _name = name;
- }
-
- /* ------------------------------------------------------------ */
- /** Set the users.
- * @param users the users to set
- */
- public void setUsers(Map<String, UserIdentity> users)
- {
- if (isRunning())
- throw new IllegalStateException("Running");
- _users.clear();
- _users.putAll(users);
- }
-
- /* ------------------------------------------------------------ */
- /**
- * @see org.eclipse.jetty.util.component.AbstractLifeCycle#doStart()
- */
- @Override
- protected void doStart() throws Exception
- {
- loadUsers();
- super.doStart();
- }
-
- /* ------------------------------------------------------------ */
- @Override
- protected void doStop() throws Exception
- {
- super.doStop();
- }
-
- /* ------------------------------------------------------------ */
- public void logout(UserIdentity identity)
- {
- LOG.debug("logout {}",identity);
-
- //TODO should remove the user?????
- }
-
- /* ------------------------------------------------------------ */
- @Override
- public String toString()
- {
- return this.getClass().getSimpleName()+"["+_name+"]";
- }
-
- /* ------------------------------------------------------------ */
- /** Put user into realm.
- * Called by implementations to put the user data loaded from
- * file/db etc into the user structure.
- * @param userName User name
- * @param info a UserIdentity instance, or a String password or Credential instance
- * @return User instance
- */
- protected synchronized UserIdentity putUser(String userName, Object info)
- {
- final UserIdentity identity;
- if (info instanceof UserIdentity)
- identity=(UserIdentity)info;
- else
- {
- Credential credential = (info instanceof Credential)?(Credential)info:Credential.getCredential(info.toString());
-
- Principal userPrincipal = new KnownUser(userName,credential);
- Subject subject = new Subject();
- subject.getPrincipals().add(userPrincipal);
- subject.getPrivateCredentials().add(credential);
- subject.setReadOnly();
- identity=_identityService.newUserIdentity(subject,userPrincipal,IdentityService.NO_ROLES);
- }
-
- _users.put(userName,identity);
- return identity;
- }
-
- /* ------------------------------------------------------------ */
- /** Put user into realm.
- * @param userName The user to add
- * @param credential The users Credentials
- * @param roles The users roles
- * @return UserIdentity
- */
- public synchronized UserIdentity putUser(String userName, Credential credential, String[] roles)
- {
- Principal userPrincipal = new KnownUser(userName,credential);
- Subject subject = new Subject();
- subject.getPrincipals().add(userPrincipal);
- subject.getPrivateCredentials().add(credential);
-
- if (roles!=null)
- for (String role : roles)
- subject.getPrincipals().add(new RolePrincipal(role));
-
- subject.setReadOnly();
- UserIdentity identity=_identityService.newUserIdentity(subject,userPrincipal,roles);
- _users.put(userName,identity);
- return identity;
- }
-
-
-
-
- public synchronized UserIdentity putUser (KnownUser userPrincipal, String[] roles)
- {
- Subject subject = new Subject();
- subject.getPrincipals().add(userPrincipal);
- subject.getPrivateCredentials().add(userPrincipal._credential);
- if (roles!=null)
- for (String role : roles)
- subject.getPrincipals().add(new RolePrincipal(role));
- subject.setReadOnly();
- UserIdentity identity=_identityService.newUserIdentity(subject,userPrincipal,roles);
- _users.put(userPrincipal._name,identity);
- return identity;
- }
-
-
- /* ------------------------------------------------------------ */
- public void removeUser(String username)
- {
- _users.remove(username);
- }
-
- /* ------------------------------------------------------------ */
- /**
- * @see org.eclipse.jetty.security.LoginService#login(java.lang.String, java.lang.Object, ServletRequest)
- */
- public UserIdentity login(String username, Object credentials, ServletRequest request)
- {
- if (username == null)
- return null;
-
- UserIdentity user = _users.get(username);
-
- if (user==null)
- {
- KnownUser userPrincipal = loadUserInfo(username);
- if (userPrincipal.authenticate(credentials))
- {
- //safe to load the roles
- String[] roles = loadRoleInfo(userPrincipal);
- user = putUser(userPrincipal, roles);
- return user;
- }
- }
- else
- {
- UserPrincipal principal = (UserPrincipal)user.getUserPrincipal();
- if (principal.authenticate(credentials))
- return user;
- }
- return null;
- }
-
- /* ------------------------------------------------------------ */
- public boolean validate(UserIdentity user)
- {
- if (_users.containsKey(user.getUserPrincipal().getName()))
- return true;
-
- if (loadUser(user.getUserPrincipal().getName())!=null)
- return true;
-
- return false;
- }
- /* ------------------------------------------------------------ */
- protected abstract String[] loadRoleInfo (KnownUser user);
- /* ------------------------------------------------------------ */
- protected abstract KnownUser loadUserInfo (String username);
- /* ------------------------------------------------------------ */
- protected abstract UserIdentity loadUser(String username);
-
- /* ------------------------------------------------------------ */
- protected abstract void loadUsers() throws IOException;
-
-
- /* ------------------------------------------------------------ */
- /* ------------------------------------------------------------ */
- /* ------------------------------------------------------------ */
- public interface UserPrincipal extends Principal,Serializable
- {
- boolean authenticate(Object credentials);
- public boolean isAuthenticated();
- }
-
- /* ------------------------------------------------------------ */
- /* ------------------------------------------------------------ */
- /* ------------------------------------------------------------ */
- public static class RolePrincipal implements Principal,Serializable
- {
- private static final long serialVersionUID = 2998397924051854402L;
- private final String _roleName;
- public RolePrincipal(String name)
- {
- _roleName=name;
- }
- public String getName()
- {
- return _roleName;
- }
- }
-
- /* ------------------------------------------------------------ */
- /* ------------------------------------------------------------ */
- /* ------------------------------------------------------------ */
- public static class Anonymous implements UserPrincipal,Serializable
- {
- private static final long serialVersionUID = 1097640442553284845L;
-
- public boolean isAuthenticated()
- {
- return false;
- }
-
- public String getName()
- {
- return "Anonymous";
- }
-
- public boolean authenticate(Object credentials)
- {
- return false;
- }
-
- }
-
- /* ------------------------------------------------------------ */
- /* ------------------------------------------------------------ */
- /* ------------------------------------------------------------ */
- public static class KnownUser implements UserPrincipal,Serializable
- {
- private static final long serialVersionUID = -6226920753748399662L;
- private final String _name;
- private final Credential _credential;
-
- /* -------------------------------------------------------- */
- public KnownUser(String name,Credential credential)
- {
- _name=name;
- _credential=credential;
- }
-
- /* -------------------------------------------------------- */
- public boolean authenticate(Object credentials)
- {
- return _credential!=null && _credential.check(credentials);
- }
-
- /* ------------------------------------------------------------ */
- public String getName()
- {
- return _name;
- }
-
- /* -------------------------------------------------------- */
- public boolean isAuthenticated()
- {
- return true;
- }
-
- /* -------------------------------------------------------- */
- @Override
- public String toString()
- {
- return _name;
- }
- }
-}
-
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/PropertyUserStore.java b/jetty-security/src/main/java/org/eclipse/jetty/security/PropertyUserStore.java
index 0bab932957..2d7a6368a6 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/PropertyUserStore.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/PropertyUserStore.java
@@ -33,8 +33,7 @@ import java.util.Set;
import javax.security.auth.Subject;
-import org.eclipse.jetty.security.MappedLoginService.KnownUser;
-import org.eclipse.jetty.security.MappedLoginService.RolePrincipal;
+
import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.util.PathWatcher;
import org.eclipse.jetty.util.PathWatcher.PathWatchEvent;
@@ -64,17 +63,17 @@ public class PropertyUserStore extends AbstractLifeCycle implements PathWatcher.
{
private static final Logger LOG = Log.getLogger(PropertyUserStore.class);
- private Path _configPath;
- private Resource _configResource;
+ protected Path _configPath;
+ protected Resource _configResource;
- private PathWatcher pathWatcher;
- private boolean hotReload = false; // default is not to reload
+ protected PathWatcher pathWatcher;
+ protected boolean hotReload = false; // default is not to reload
- private IdentityService _identityService = new DefaultIdentityService();
- private boolean _firstLoad = true; // true if first load, false from that point on
- private final List<String> _knownUsers = new ArrayList<String>();
- private final Map<String, UserIdentity> _knownUserIdentities = new HashMap<String, UserIdentity>();
- private List<UserListener> _listeners;
+ protected IdentityService _identityService = new DefaultIdentityService();
+ protected boolean _firstLoad = true; // true if first load, false from that point on
+ protected final List<String> _knownUsers = new ArrayList<String>();
+ protected final Map<String, UserIdentity> _knownUserIdentities = new HashMap<String, UserIdentity>();
+ protected List<UserListener> _listeners;
/**
* Get the config (as a string)
@@ -186,27 +185,7 @@ public class PropertyUserStore extends AbstractLifeCycle implements PathWatcher.
this.hotReload = enable;
}
- /* ------------------------------------------------------------ */
- /**
- * sets the refresh interval (in seconds)
- * @param sec the refresh interval
- * @deprecated use {@link #setHotReload(boolean)} instead
- */
- @Deprecated
- public void setRefreshInterval(int sec)
- {
- }
-
- /* ------------------------------------------------------------ */
- /**
- * @return refresh interval in seconds for how often the properties file should be checked for changes
- * @deprecated use {@link #isHotReload()} instead
- */
- @Deprecated
- public int getRefreshInterval()
- {
- return (hotReload)?1:0;
- }
+
@Override
public String toString()
@@ -221,7 +200,7 @@ public class PropertyUserStore extends AbstractLifeCycle implements PathWatcher.
}
/* ------------------------------------------------------------ */
- private void loadUsers() throws IOException
+ protected void loadUsers() throws IOException
{
if (_configPath == null)
return;
@@ -259,7 +238,7 @@ public class PropertyUserStore extends AbstractLifeCycle implements PathWatcher.
known.add(username);
Credential credential = Credential.getCredential(credentials);
- Principal userPrincipal = new KnownUser(username,credential);
+ Principal userPrincipal = new AbstractLoginService.UserPrincipal(username,credential);
Subject subject = new Subject();
subject.getPrincipals().add(userPrincipal);
subject.getPrivateCredentials().add(credential);
@@ -268,7 +247,7 @@ public class PropertyUserStore extends AbstractLifeCycle implements PathWatcher.
{
for (String role : roleArray)
{
- subject.getPrincipals().add(new RolePrincipal(role));
+ subject.getPrincipals().add(new AbstractLoginService.RolePrincipal(role));
}
}

Back to the top