diff options
| author | Jan Bartel | 2015-12-03 05:57:51 +0000 |
|---|---|---|
| committer | Jan Bartel | 2015-12-03 05:57:51 +0000 |
| commit | 9ff55cb301fa9f55215d35fa462ece42f71925a0 (patch) | |
| tree | 76623ca74b0bf813bfb080eab1faae7d6b0c50ed /jetty-security/src/main/java/org/eclipse | |
| parent | 82ffc4f3554ef9d6070e2d2d8bfaf1ec7a9a44a7 (diff) | |
| parent | 4bbd060ca8468f3289ef049379a7cf4ec20ececa (diff) | |
| download | org.eclipse.jetty.project-9ff55cb301fa9f55215d35fa462ece42f71925a0.tar.gz org.eclipse.jetty.project-9ff55cb301fa9f55215d35fa462ece42f71925a0.tar.xz org.eclipse.jetty.project-9ff55cb301fa9f55215d35fa462ece42f71925a0.zip | |
Merge branch 'master' into session-refactor
Conflicts:
jetty-infinispan/src/main/java/org/eclipse/jetty/session/infinispan/InfinispanSessionManager.java
jetty-nosql/src/main/java/org/eclipse/jetty/nosql/NoSqlSessionManager.java
jetty-nosql/src/main/java/org/eclipse/jetty/nosql/mongodb/MongoSessionIdManager.java
jetty-nosql/src/main/java/org/eclipse/jetty/nosql/mongodb/MongoSessionManager.java
jetty-server/src/main/java/org/eclipse/jetty/server/session/JDBCSessionIdManager.java
jetty-server/src/main/java/org/eclipse/jetty/server/session/JDBCSessionManager.java
tests/test-sessions/test-jdbc-sessions/src/test/java/org/eclipse/jetty/server/session/JdbcTestServer.java
tests/test-sessions/test-mongodb-sessions/src/test/java/org/eclipse/jetty/nosql/mongodb/MongoTestServer.java
tests/test-sessions/test-sessions-common/src/main/java/org/eclipse/jetty/server/session/AbstractInvalidationSessionTest.java
Diffstat (limited to 'jetty-security/src/main/java/org/eclipse')
7 files changed, 402 insertions, 507 deletions
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java b/jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java new file mode 100644 index 0000000000..696a378662 --- /dev/null +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java @@ -0,0 +1,248 @@ +// +// ======================================================================== +// Copyright (c) 1995-2015 Mort Bay Consulting Pty. Ltd. +// ------------------------------------------------------------------------ +// All rights reserved. This program and the accompanying materials +// are made available under the terms of the Eclipse Public License v1.0 +// and Apache License v2.0 which accompanies this distribution. +// +// The Eclipse Public License is available at +// http://www.eclipse.org/legal/epl-v10.html +// +// The Apache License v2.0 is available at +// http://www.opensource.org/licenses/apache2.0.php +// +// You may elect to redistribute this code under either of these licenses. +// ======================================================================== +// + + +package org.eclipse.jetty.security; + +import java.io.Serializable; +import java.security.Principal; + +import javax.security.auth.Subject; +import javax.servlet.ServletRequest; + + +import org.eclipse.jetty.server.UserIdentity; +import org.eclipse.jetty.util.component.AbstractLifeCycle; +import org.eclipse.jetty.util.log.Log; +import org.eclipse.jetty.util.log.Logger; +import org.eclipse.jetty.util.security.Credential; + +/** + * AbstractLoginService + */ +public abstract class AbstractLoginService extends AbstractLifeCycle implements LoginService +{ + private static final Logger LOG = Log.getLogger(AbstractLoginService.class); + + protected IdentityService _identityService=new DefaultIdentityService(); + protected String _name; + protected boolean _fullValidate = false; + + + /* ------------------------------------------------------------ */ + /** + * RolePrincipal + */ + public static class RolePrincipal implements Principal,Serializable + { + private static final long serialVersionUID = 2998397924051854402L; + private final String _roleName; + public RolePrincipal(String name) + { + _roleName=name; + } + public String getName() + { + return _roleName; + } + } + + + /* ------------------------------------------------------------ */ + /** + * UserPrincipal + */ + public static class UserPrincipal implements Principal,Serializable + { + private static final long serialVersionUID = -6226920753748399662L; + private final String _name; + private final Credential _credential; + + + /* -------------------------------------------------------- */ + public UserPrincipal(String name,Credential credential) + { + _name=name; + _credential=credential; + } + + /* -------------------------------------------------------- */ + public boolean authenticate(Object credentials) + { + return _credential!=null && _credential.check(credentials); + } + + /* -------------------------------------------------------- */ + public boolean authenticate (Credential c) + { + return(_credential != null && c != null && _credential.equals(c)); + } + + /* ------------------------------------------------------------ */ + public String getName() + { + return _name; + } + + + + /* -------------------------------------------------------- */ + @Override + public String toString() + { + return _name; + } + } + + /* ------------------------------------------------------------ */ + protected abstract String[] loadRoleInfo (UserPrincipal user); + + /* ------------------------------------------------------------ */ + protected abstract UserPrincipal loadUserInfo (String username); + + /* ------------------------------------------------------------ */ + /** + * @see org.eclipse.jetty.security.LoginService#getName() + */ + @Override + public String getName() + { + return _name; + } + + /* ------------------------------------------------------------ */ + /** Set the identityService. + * @param identityService the identityService to set + */ + public void setIdentityService(IdentityService identityService) + { + if (isRunning()) + throw new IllegalStateException("Running"); + _identityService = identityService; + } + + /* ------------------------------------------------------------ */ + /** Set the name. + * @param name the name to set + */ + public void setName(String name) + { + if (isRunning()) + throw new IllegalStateException("Running"); + _name = name; + } + + /* ------------------------------------------------------------ */ + @Override + public String toString() + { + return this.getClass().getSimpleName()+"["+_name+"]"; + } + + + /* ------------------------------------------------------------ */ + /** + * @see org.eclipse.jetty.security.LoginService#login(java.lang.String, java.lang.Object, javax.servlet.ServletRequest) + */ + @Override + public UserIdentity login(String username, Object credentials, ServletRequest request) + { + if (username == null) + return null; + + UserPrincipal userPrincipal = loadUserInfo(username); + if (userPrincipal.authenticate(credentials)) + { + //safe to load the roles + String[] roles = loadRoleInfo(userPrincipal); + + Subject subject = new Subject(); + subject.getPrincipals().add(userPrincipal); + subject.getPrivateCredentials().add(userPrincipal._credential); + if (roles!=null) + for (String role : roles) + subject.getPrincipals().add(new RolePrincipal(role)); + subject.setReadOnly(); + return _identityService.newUserIdentity(subject,userPrincipal,roles); + } + + return null; + + } + + + /* ------------------------------------------------------------ */ + /** + * @see org.eclipse.jetty.security.LoginService#validate(org.eclipse.jetty.server.UserIdentity) + */ + @Override + public boolean validate(UserIdentity user) + { + if (!isFullValidate()) + return true; //if we have a user identity it must be valid + + //Do a full validation back against the user store + UserPrincipal fresh = loadUserInfo(user.getUserPrincipal().getName()); + if (fresh == null) + return false; //user no longer exists + + if (user.getUserPrincipal() instanceof UserPrincipal) + { + System.err.println("VALIDATING user "+fresh.getName()); + return fresh.authenticate(((UserPrincipal)user.getUserPrincipal())._credential); + } + + throw new IllegalStateException("UserPrincipal not KnownUser"); //can't validate + } + + + /* ------------------------------------------------------------ */ + /** + * @see org.eclipse.jetty.security.LoginService#getIdentityService() + */ + @Override + public IdentityService getIdentityService() + { + return _identityService; + } + + + /* ------------------------------------------------------------ */ + /** + * @see org.eclipse.jetty.security.LoginService#logout(org.eclipse.jetty.server.UserIdentity) + */ + @Override + public void logout(UserIdentity user) + { + //Override in subclasses + + } + + /* ------------------------------------------------------------ */ + public boolean isFullValidate() + { + return _fullValidate; + } + + /* ------------------------------------------------------------ */ + public void setFullValidate(boolean fullValidate) + { + _fullValidate = fullValidate; + } + +} diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/Authenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/Authenticator.java index 423fcad941..c509f3741f 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/Authenticator.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/Authenticator.java @@ -43,7 +43,8 @@ public interface Authenticator /* ------------------------------------------------------------ */ /** * Configure the Authenticator - * @param configuration + * + * @param configuration the configuration */ void setConfiguration(AuthConfiguration configuration); @@ -64,13 +65,16 @@ public interface Authenticator * where the http method of the original request causing authentication * is not the same as the http method resulting from the redirect * after authentication. - * @param request + * + * @param request the request to manipulate */ void prepareRequest(ServletRequest request); /* ------------------------------------------------------------ */ - /** Validate a request + /** + * Validate a request + * * @param request The request * @param response The response * @param mandatory True if authentication is mandatory. @@ -79,18 +83,20 @@ public interface Authenticator * implement {@link org.eclipse.jetty.server.Authentication.ResponseSent}. If Authentication is not manditory, then a * {@link org.eclipse.jetty.server.Authentication.Deferred} may be returned. * - * @throws ServerAuthException + * @throws ServerAuthException if unable to validate request */ Authentication validateRequest(ServletRequest request, ServletResponse response, boolean mandatory) throws ServerAuthException; /* ------------------------------------------------------------ */ /** - * @param request - * @param response - * @param mandatory - * @param validatedUser + * is response secure + * + * @param request the request + * @param response the response + * @param mandatory if security is mandator + * @param validatedUser the user that was validated * @return true if response is secure - * @throws ServerAuthException + * @throws ServerAuthException if unable to test response */ boolean secureResponse(ServletRequest request, ServletResponse response, boolean mandatory, User validatedUser) throws ServerAuthException; @@ -106,7 +112,8 @@ public interface Authenticator String getAuthMethod(); String getRealmName(); - /** Get a SecurityHandler init parameter + /** + * Get a SecurityHandler init parameter * @see SecurityHandler#getInitParameter(String) * @param param parameter name * @return Parameter value or null diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintAware.java b/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintAware.java index 15f64dc430..d06898e845 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintAware.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintAware.java @@ -29,15 +29,15 @@ public interface ConstraintAware /* ------------------------------------------------------------ */ /** Set Constraint Mappings and roles. * Can only be called during initialization. - * @param constraintMappings - * @param roles + * @param constraintMappings the mappings + * @param roles the roles */ void setConstraintMappings(List<ConstraintMapping> constraintMappings, Set<String> roles); /* ------------------------------------------------------------ */ /** Add a Constraint Mapping. * May be called for running webapplication as an annotated servlet is instantiated. - * @param mapping + * @param mapping the mapping */ void addConstraintMapping(ConstraintMapping mapping); @@ -45,7 +45,7 @@ public interface ConstraintAware /* ------------------------------------------------------------ */ /** Add a Role definition. * May be called on running webapplication as an annotated servlet is instantiated. - * @param role + * @param role the role */ void addRole(String role); @@ -53,7 +53,7 @@ public interface ConstraintAware * See Servlet Spec 31, sec 13.8.4, pg 145 * When true, requests with http methods not explicitly covered either by inclusion or omissions * in constraints, will have access denied. - * @param deny + * @param deny true for denied method access */ void setDenyUncoveredHttpMethods(boolean deny); diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/HashLoginService.java b/jetty-security/src/main/java/org/eclipse/jetty/security/HashLoginService.java index 5d606528ee..108ca0ad6f 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/HashLoginService.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/HashLoginService.java @@ -19,6 +19,9 @@ package org.eclipse.jetty.security; import java.io.IOException; +import java.util.ArrayList; +import java.util.List; +import java.util.Set; import org.eclipse.jetty.security.PropertyUserStore.UserListener; import org.eclipse.jetty.server.UserIdentity; @@ -45,15 +48,15 @@ import org.eclipse.jetty.util.security.Credential; * <p> * If DIGEST Authentication is used, the password must be in a recoverable format, either plain text or OBF:. */ -public class HashLoginService extends MappedLoginService implements UserListener +public class HashLoginService extends AbstractLoginService { private static final Logger LOG = Log.getLogger(HashLoginService.class); - private PropertyUserStore _propertyUserStore; - private String _config; - private Resource _configResource; - private Scanner _scanner; - private boolean hotReload = false; // default is not to reload + protected PropertyUserStore _propertyUserStore; + protected String _config; + protected Resource _configResource; + protected boolean hotReload = false; // default is not to reload + /* ------------------------------------------------------------ */ public HashLoginService() @@ -127,41 +130,45 @@ public class HashLoginService extends MappedLoginService implements UserListener this.hotReload = enable; } - /* ------------------------------------------------------------ */ - /** - * sets the refresh interval (in seconds) - * @param sec the refresh interval - * @deprecated use {@link #setHotReload(boolean)} instead - */ - @Deprecated - public void setRefreshInterval(int sec) - { - } - - /* ------------------------------------------------------------ */ - /** - * @return refresh interval in seconds for how often the properties file should be checked for changes - * @deprecated use {@link #isHotReload()} instead - */ - @Deprecated - public int getRefreshInterval() - { - return (hotReload)?1:0; - } + /* ------------------------------------------------------------ */ @Override - protected UserIdentity loadUser(String username) + protected String[] loadRoleInfo(UserPrincipal user) { - return null; + UserIdentity id = _propertyUserStore.getUserIdentity(user.getName()); + if (id == null) + return null; + + + Set<RolePrincipal> roles = id.getSubject().getPrincipals(RolePrincipal.class); + if (roles == null) + return null; + + List<String> list = new ArrayList<>(); + for (RolePrincipal r:roles) + list.add(r.getName()); + + return list.toArray(new String[roles.size()]); } + + + /* ------------------------------------------------------------ */ @Override - public void loadUsers() throws IOException + protected UserPrincipal loadUserInfo(String userName) { - // TODO: Consider refactoring MappedLoginService to not have to override with unused methods + UserIdentity id = _propertyUserStore.getUserIdentity(userName); + if (id != null) + { + return (UserPrincipal)id.getUserPrincipal(); + } + + return null; } + + /* ------------------------------------------------------------ */ /** @@ -180,7 +187,6 @@ public class HashLoginService extends MappedLoginService implements UserListener _propertyUserStore = new PropertyUserStore(); _propertyUserStore.setHotReload(hotReload); _propertyUserStore.setConfigPath(_config); - _propertyUserStore.registerUserListener(this); _propertyUserStore.start(); } } @@ -193,26 +199,5 @@ public class HashLoginService extends MappedLoginService implements UserListener protected void doStop() throws Exception { super.doStop(); - if (_scanner != null) - _scanner.stop(); - _scanner = null; - } - - /* ------------------------------------------------------------ */ - @Override - public void update(String userName, Credential credential, String[] roleArray) - { - if (LOG.isDebugEnabled()) - LOG.debug("update: " + userName + " Roles: " + roleArray.length); - putUser(userName,credential,roleArray); - } - - /* ------------------------------------------------------------ */ - @Override - public void remove(String userName) - { - if (LOG.isDebugEnabled()) - LOG.debug("remove: " + userName); - removeUser(userName); } } diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/JDBCLoginService.java b/jetty-security/src/main/java/org/eclipse/jetty/security/JDBCLoginService.java index 089b894911..7f38d07a49 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/JDBCLoginService.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/JDBCLoginService.java @@ -41,25 +41,18 @@ import org.eclipse.jetty.util.security.Credential; /* ------------------------------------------------------------ */ /** * HashMapped User Realm with JDBC as data source. - * The login() method checks the inherited Map for the user. If the user is not + * The {@link #login(String, Object, ServletRequest)} method checks the inherited Map for the user. If the user is not * found, it will fetch details from the database and populate the inherited - * Map. It then calls the superclass login() method to perform the actual + * Map. It then calls the superclass {@link #login(String, Object, ServletRequest)} method to perform the actual * authentication. Periodically (controlled by configuration parameter), * internal hashes are cleared. Caching can be disabled by setting cache refresh * interval to zero. Uses one database connection that is initialized at - * startup. Reconnect on failures. authenticate() is 'synchronized'. - * + * startup. Reconnect on failures. + * <p> * An example properties file for configuration is in - * $JETTY_HOME/etc/jdbcRealm.properties - * - * @version $Id: JDBCLoginService.java 4792 2009-03-18 21:55:52Z gregw $ - * - * - * - * + * <code>${jetty.home}/etc/jdbcRealm.properties</code> */ - -public class JDBCLoginService extends MappedLoginService +public class JDBCLoginService extends AbstractLoginService { private static final Logger LOG = Log.getLogger(JDBCLoginService.class); @@ -71,12 +64,30 @@ public class JDBCLoginService extends MappedLoginService protected String _userTableKey; protected String _userTablePasswordField; protected String _roleTableRoleField; - protected int _cacheTime; - protected long _lastHashPurge; protected Connection _con; protected String _userSql; protected String _roleSql; + + /** + * JDBCKnownUser + */ + public class JDBCUserPrincipal extends UserPrincipal + { + int _userKey; + + public JDBCUserPrincipal(String name, Credential credential, int key) + { + super(name, credential); + _userKey = key; + } + + + public int getUserKey () + { + return _userKey; + } + } /* ------------------------------------------------------------ */ public JDBCLoginService() @@ -110,9 +121,6 @@ public class JDBCLoginService extends MappedLoginService /* ------------------------------------------------------------ */ - /** - * @see org.eclipse.jetty.security.MappedLoginService#doStart() - */ @Override protected void doStart() throws Exception { @@ -136,20 +144,18 @@ public class JDBCLoginService extends MappedLoginService String _userRoleTable = properties.getProperty("userroletable"); String _userRoleTableUserKey = properties.getProperty("userroletableuserkey"); String _userRoleTableRoleKey = properties.getProperty("userroletablerolekey"); - _cacheTime = new Integer(properties.getProperty("cachetime")); + if (_jdbcDriver == null || _jdbcDriver.equals("") || _url == null || _url.equals("") || _userName == null || _userName.equals("") - || _password == null - || _cacheTime < 0) + || _password == null) { LOG.warn("UserRealm " + getName() + " has not been properly configured"); } - _cacheTime *= 1000; - _lastHashPurge = 0; + _userSql = "select " + _userTableKey + "," + _userTablePasswordField + " from " + _userTable + " where " + _userTableUserField + " = ?"; _roleSql = "select r." + _roleTableRoleField + " from " @@ -164,7 +170,7 @@ public class JDBCLoginService extends MappedLoginService + " = u." + _userRoleTableRoleKey; - Loader.loadClass(this.getClass(), _jdbcDriver).newInstance(); + Loader.loadClass(_jdbcDriver).newInstance(); super.doStart(); } @@ -209,30 +215,11 @@ public class JDBCLoginService extends MappedLoginService } } - /* ------------------------------------------------------------ */ - @Override - public UserIdentity login(String username, Object credentials, ServletRequest request) - { - long now = System.currentTimeMillis(); - if (now - _lastHashPurge > _cacheTime || _cacheTime == 0) - { - _users.clear(); - _lastHashPurge = now; - closeConnection(); - } - - return super.login(username,credentials, request); - } - - /* ------------------------------------------------------------ */ - @Override - protected void loadUsers() - { - } + + /* ------------------------------------------------------------ */ - @Override - protected UserIdentity loadUser(String username) + public UserPrincipal loadUserInfo (String username) { try { @@ -251,18 +238,8 @@ public class JDBCLoginService extends MappedLoginService { int key = rs1.getInt(_userTableKey); String credentials = rs1.getString(_userTablePasswordField); - List<String> roles = new ArrayList<String>(); - try (PreparedStatement stat2 = _con.prepareStatement(_roleSql)) - { - stat2.setInt(1, key); - try (ResultSet rs2 = stat2.executeQuery()) - { - while (rs2.next()) - roles.add(rs2.getString(_roleTableRoleField)); - } - } - return putUser(username, credentials, roles.toArray(new String[roles.size()])); + return new JDBCUserPrincipal (username, Credential.getCredential(credentials), key); } } } @@ -272,16 +249,60 @@ public class JDBCLoginService extends MappedLoginService LOG.warn("UserRealm " + getName() + " could not load user information from database", e); closeConnection(); } + return null; } + /* ------------------------------------------------------------ */ - protected UserIdentity putUser (String username, String credentials, String[] roles) + public String[] loadRoleInfo (UserPrincipal user) { - return putUser(username, Credential.getCredential(credentials),roles); + JDBCUserPrincipal jdbcUser = (JDBCUserPrincipal)user; + + try + { + if (null == _con) + connectDatabase(); + + if (null == _con) + throw new SQLException("Can't connect to database"); + + + List<String> roles = new ArrayList<String>(); + + try (PreparedStatement stat2 = _con.prepareStatement(_roleSql)) + { + stat2.setInt(1, jdbcUser.getUserKey()); + try (ResultSet rs2 = stat2.executeQuery()) + { + while (rs2.next()) + roles.add(rs2.getString(_roleTableRoleField)); + return roles.toArray(new String[roles.size()]); + } + } + } + catch (SQLException e) + { + LOG.warn("UserRealm " + getName() + " could not load user information from database", e); + closeConnection(); + } + + return null; } + /* ------------------------------------------------------------ */ + /** + * @see org.eclipse.jetty.util.component.AbstractLifeCycle#doStop() + */ + @Override + protected void doStop() throws Exception + { + closeConnection(); + super.doStop(); + } + + /* ------------------------------------------------------------ */ /** * Close an existing connection */ @@ -294,5 +315,4 @@ public class JDBCLoginService extends MappedLoginService } _con = null; } - } diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/MappedLoginService.java b/jetty-security/src/main/java/org/eclipse/jetty/security/MappedLoginService.java deleted file mode 100644 index 70b4c95329..0000000000 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/MappedLoginService.java +++ /dev/null @@ -1,344 +0,0 @@ -// -// ======================================================================== -// Copyright (c) 1995-2015 Mort Bay Consulting Pty. Ltd. -// ------------------------------------------------------------------------ -// All rights reserved. This program and the accompanying materials -// are made available under the terms of the Eclipse Public License v1.0 -// and Apache License v2.0 which accompanies this distribution. -// -// The Eclipse Public License is available at -// http://www.eclipse.org/legal/epl-v10.html -// -// The Apache License v2.0 is available at -// http://www.opensource.org/licenses/apache2.0.php -// -// You may elect to redistribute this code under either of these licenses. -// ======================================================================== -// - - -package org.eclipse.jetty.security; - -import java.io.IOException; -import java.io.Serializable; -import java.security.Principal; -import java.util.Map; -import java.util.concurrent.ConcurrentHashMap; -import java.util.concurrent.ConcurrentMap; - -import javax.security.auth.Subject; -import javax.servlet.ServletRequest; - -import org.eclipse.jetty.server.UserIdentity; -import org.eclipse.jetty.util.component.AbstractLifeCycle; -import org.eclipse.jetty.util.log.Log; -import org.eclipse.jetty.util.log.Logger; -import org.eclipse.jetty.util.security.Credential; - - - -/* ------------------------------------------------------------ */ -/** - * A login service that keeps UserIdentities in a concurrent map - * either as the source or a cache of the users. - * - */ -public abstract class MappedLoginService extends AbstractLifeCycle implements LoginService -{ - private static final Logger LOG = Log.getLogger(MappedLoginService.class); - - protected IdentityService _identityService=new DefaultIdentityService(); - protected String _name; - protected final ConcurrentMap<String, UserIdentity> _users=new ConcurrentHashMap<String, UserIdentity>(); - - /* ------------------------------------------------------------ */ - protected MappedLoginService() - { - } - - /* ------------------------------------------------------------ */ - /** Get the name. - * @return the name - */ - public String getName() - { - return _name; - } - - /* ------------------------------------------------------------ */ - /** Get the identityService. - * @return the identityService - */ - public IdentityService getIdentityService() - { - return _identityService; - } - - /* ------------------------------------------------------------ */ - /** Get the users. - * @return the users - */ - public ConcurrentMap<String, UserIdentity> getUsers() - { - return _users; - } - - /* ------------------------------------------------------------ */ - /** Set the identityService. - * @param identityService the identityService to set - */ - public void setIdentityService(IdentityService identityService) - { - if (isRunning()) - throw new IllegalStateException("Running"); - _identityService = identityService; - } - - /* ------------------------------------------------------------ */ - /** Set the name. - * @param name the name to set - */ - public void setName(String name) - { - if (isRunning()) - throw new IllegalStateException("Running"); - _name = name; - } - - /* ------------------------------------------------------------ */ - /** Set the users. - * @param users the users to set - */ - public void setUsers(Map<String, UserIdentity> users) - { - if (isRunning()) - throw new IllegalStateException("Running"); - _users.clear(); - _users.putAll(users); - } - - /* ------------------------------------------------------------ */ - /** - * @see org.eclipse.jetty.util.component.AbstractLifeCycle#doStart() - */ - @Override - protected void doStart() throws Exception - { - loadUsers(); - super.doStart(); - } - - /* ------------------------------------------------------------ */ - @Override - protected void doStop() throws Exception - { - super.doStop(); - } - - /* ------------------------------------------------------------ */ - public void logout(UserIdentity identity) - { - LOG.debug("logout {}",identity); - } - - /* ------------------------------------------------------------ */ - @Override - public String toString() - { - return this.getClass().getSimpleName()+"["+_name+"]"; - } - - /* ------------------------------------------------------------ */ - /** Put user into realm. - * Called by implementations to put the user data loaded from - * file/db etc into the user structure. - * @param userName User name - * @param info a UserIdentity instance, or a String password or Credential instance - * @return User instance - */ - protected synchronized UserIdentity putUser(String userName, Object info) - { - final UserIdentity identity; - if (info instanceof UserIdentity) - identity=(UserIdentity)info; - else - { - Credential credential = (info instanceof Credential)?(Credential)info:Credential.getCredential(info.toString()); - - Principal userPrincipal = new KnownUser(userName,credential); - Subject subject = new Subject(); - subject.getPrincipals().add(userPrincipal); - subject.getPrivateCredentials().add(credential); - subject.setReadOnly(); - identity=_identityService.newUserIdentity(subject,userPrincipal,IdentityService.NO_ROLES); - } - - _users.put(userName,identity); - return identity; - } - - /* ------------------------------------------------------------ */ - /** Put user into realm. - * @param userName The user to add - * @param credential The users Credentials - * @param roles The users roles - * @return UserIdentity - */ - public synchronized UserIdentity putUser(String userName, Credential credential, String[] roles) - { - Principal userPrincipal = new KnownUser(userName,credential); - Subject subject = new Subject(); - subject.getPrincipals().add(userPrincipal); - subject.getPrivateCredentials().add(credential); - - if (roles!=null) - for (String role : roles) - subject.getPrincipals().add(new RolePrincipal(role)); - - subject.setReadOnly(); - UserIdentity identity=_identityService.newUserIdentity(subject,userPrincipal,roles); - _users.put(userName,identity); - return identity; - } - - /* ------------------------------------------------------------ */ - public void removeUser(String username) - { - _users.remove(username); - } - - /* ------------------------------------------------------------ */ - /** - * @see org.eclipse.jetty.security.LoginService#login(java.lang.String, java.lang.Object, ServletRequest) - */ - public UserIdentity login(String username, Object credentials, ServletRequest request) - { - if (username == null) - return null; - - UserIdentity user = _users.get(username); - - if (user==null) - user = loadUser(username); - - if (user!=null) - { - UserPrincipal principal = (UserPrincipal)user.getUserPrincipal(); - if (principal.authenticate(credentials)) - return user; - } - return null; - } - - /* ------------------------------------------------------------ */ - public boolean validate(UserIdentity user) - { - if (_users.containsKey(user.getUserPrincipal().getName())) - return true; - - if (loadUser(user.getUserPrincipal().getName())!=null) - return true; - - return false; - } - - /* ------------------------------------------------------------ */ - protected abstract UserIdentity loadUser(String username); - - /* ------------------------------------------------------------ */ - protected abstract void loadUsers() throws IOException; - - - /* ------------------------------------------------------------ */ - /* ------------------------------------------------------------ */ - /* ------------------------------------------------------------ */ - public interface UserPrincipal extends Principal,Serializable - { - boolean authenticate(Object credentials); - public boolean isAuthenticated(); - } - - /* ------------------------------------------------------------ */ - /* ------------------------------------------------------------ */ - /* ------------------------------------------------------------ */ - public static class RolePrincipal implements Principal,Serializable - { - private static final long serialVersionUID = 2998397924051854402L; - private final String _roleName; - public RolePrincipal(String name) - { - _roleName=name; - } - public String getName() - { - return _roleName; - } - } - - /* ------------------------------------------------------------ */ - /* ------------------------------------------------------------ */ - /* ------------------------------------------------------------ */ - public static class Anonymous implements UserPrincipal,Serializable - { - private static final long serialVersionUID = 1097640442553284845L; - - public boolean isAuthenticated() - { - return false; - } - - public String getName() - { - return "Anonymous"; - } - - public boolean authenticate(Object credentials) - { - return false; - } - - } - - /* ------------------------------------------------------------ */ - /* ------------------------------------------------------------ */ - /* ------------------------------------------------------------ */ - public static class KnownUser implements UserPrincipal,Serializable - { - private static final long serialVersionUID = -6226920753748399662L; - private final String _name; - private final Credential _credential; - - /* -------------------------------------------------------- */ - public KnownUser(String name,Credential credential) - { - _name=name; - _credential=credential; - } - - /* -------------------------------------------------------- */ - public boolean authenticate(Object credentials) - { - return _credential!=null && _credential.check(credentials); - } - - /* ------------------------------------------------------------ */ - public String getName() - { - return _name; - } - - /* -------------------------------------------------------- */ - public boolean isAuthenticated() - { - return true; - } - - /* -------------------------------------------------------- */ - @Override - public String toString() - { - return _name; - } - } -} - diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/PropertyUserStore.java b/jetty-security/src/main/java/org/eclipse/jetty/security/PropertyUserStore.java index 0bab932957..2d7a6368a6 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/PropertyUserStore.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/PropertyUserStore.java @@ -33,8 +33,7 @@ import java.util.Set; import javax.security.auth.Subject; -import org.eclipse.jetty.security.MappedLoginService.KnownUser; -import org.eclipse.jetty.security.MappedLoginService.RolePrincipal; + import org.eclipse.jetty.server.UserIdentity; import org.eclipse.jetty.util.PathWatcher; import org.eclipse.jetty.util.PathWatcher.PathWatchEvent; @@ -64,17 +63,17 @@ public class PropertyUserStore extends AbstractLifeCycle implements PathWatcher. { private static final Logger LOG = Log.getLogger(PropertyUserStore.class); - private Path _configPath; - private Resource _configResource; + protected Path _configPath; + protected Resource _configResource; - private PathWatcher pathWatcher; - private boolean hotReload = false; // default is not to reload + protected PathWatcher pathWatcher; + protected boolean hotReload = false; // default is not to reload - private IdentityService _identityService = new DefaultIdentityService(); - private boolean _firstLoad = true; // true if first load, false from that point on - private final List<String> _knownUsers = new ArrayList<String>(); - private final Map<String, UserIdentity> _knownUserIdentities = new HashMap<String, UserIdentity>(); - private List<UserListener> _listeners; + protected IdentityService _identityService = new DefaultIdentityService(); + protected boolean _firstLoad = true; // true if first load, false from that point on + protected final List<String> _knownUsers = new ArrayList<String>(); + protected final Map<String, UserIdentity> _knownUserIdentities = new HashMap<String, UserIdentity>(); + protected List<UserListener> _listeners; /** * Get the config (as a string) @@ -186,27 +185,7 @@ public class PropertyUserStore extends AbstractLifeCycle implements PathWatcher. this.hotReload = enable; } - /* ------------------------------------------------------------ */ - /** - * sets the refresh interval (in seconds) - * @param sec the refresh interval - * @deprecated use {@link #setHotReload(boolean)} instead - */ - @Deprecated - public void setRefreshInterval(int sec) - { - } - - /* ------------------------------------------------------------ */ - /** - * @return refresh interval in seconds for how often the properties file should be checked for changes - * @deprecated use {@link #isHotReload()} instead - */ - @Deprecated - public int getRefreshInterval() - { - return (hotReload)?1:0; - } + @Override public String toString() @@ -221,7 +200,7 @@ public class PropertyUserStore extends AbstractLifeCycle implements PathWatcher. } /* ------------------------------------------------------------ */ - private void loadUsers() throws IOException + protected void loadUsers() throws IOException { if (_configPath == null) return; @@ -259,7 +238,7 @@ public class PropertyUserStore extends AbstractLifeCycle implements PathWatcher. known.add(username); Credential credential = Credential.getCredential(credentials); - Principal userPrincipal = new KnownUser(username,credential); + Principal userPrincipal = new AbstractLoginService.UserPrincipal(username,credential); Subject subject = new Subject(); subject.getPrincipals().add(userPrincipal); subject.getPrivateCredentials().add(credential); @@ -268,7 +247,7 @@ public class PropertyUserStore extends AbstractLifeCycle implements PathWatcher. { for (String role : roleArray) { - subject.getPrincipals().add(new RolePrincipal(role)); + subject.getPrincipals().add(new AbstractLoginService.RolePrincipal(role)); } } |