Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan Bartel2015-12-03 00:57:51 -0500
committerJan Bartel2015-12-03 00:57:51 -0500
commit9ff55cb301fa9f55215d35fa462ece42f71925a0 (patch)
tree76623ca74b0bf813bfb080eab1faae7d6b0c50ed /jetty-security/src/main/java/org/eclipse
parent82ffc4f3554ef9d6070e2d2d8bfaf1ec7a9a44a7 (diff)
parent4bbd060ca8468f3289ef049379a7cf4ec20ececa (diff)
downloadorg.eclipse.jetty.project-9ff55cb301fa9f55215d35fa462ece42f71925a0.tar.gz
org.eclipse.jetty.project-9ff55cb301fa9f55215d35fa462ece42f71925a0.tar.xz
org.eclipse.jetty.project-9ff55cb301fa9f55215d35fa462ece42f71925a0.zip
Merge branch 'master' into session-refactor
Conflicts: jetty-infinispan/src/main/java/org/eclipse/jetty/session/infinispan/InfinispanSessionManager.java jetty-nosql/src/main/java/org/eclipse/jetty/nosql/NoSqlSessionManager.java jetty-nosql/src/main/java/org/eclipse/jetty/nosql/mongodb/MongoSessionIdManager.java jetty-nosql/src/main/java/org/eclipse/jetty/nosql/mongodb/MongoSessionManager.java jetty-server/src/main/java/org/eclipse/jetty/server/session/JDBCSessionIdManager.java jetty-server/src/main/java/org/eclipse/jetty/server/session/JDBCSessionManager.java tests/test-sessions/test-jdbc-sessions/src/test/java/org/eclipse/jetty/server/session/JdbcTestServer.java tests/test-sessions/test-mongodb-sessions/src/test/java/org/eclipse/jetty/nosql/mongodb/MongoTestServer.java tests/test-sessions/test-sessions-common/src/main/java/org/eclipse/jetty/server/session/AbstractInvalidationSessionTest.java
Diffstat (limited to 'jetty-security/src/main/java/org/eclipse')
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java248
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/Authenticator.java27
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintAware.java10
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/HashLoginService.java91
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/JDBCLoginService.java140
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/MappedLoginService.java344
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/PropertyUserStore.java49
7 files changed, 402 insertions, 507 deletions
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java b/jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java
new file mode 100644
index 0000000000..696a378662
--- /dev/null
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java
@@ -0,0 +1,248 @@
+//
+// ========================================================================
+// Copyright (c) 1995-2015 Mort Bay Consulting Pty. Ltd.
+// ------------------------------------------------------------------------
+// All rights reserved. This program and the accompanying materials
+// are made available under the terms of the Eclipse Public License v1.0
+// and Apache License v2.0 which accompanies this distribution.
+//
+// The Eclipse Public License is available at
+// http://www.eclipse.org/legal/epl-v10.html
+//
+// The Apache License v2.0 is available at
+// http://www.opensource.org/licenses/apache2.0.php
+//
+// You may elect to redistribute this code under either of these licenses.
+// ========================================================================
+//
+
+
+package org.eclipse.jetty.security;
+
+import java.io.Serializable;
+import java.security.Principal;
+
+import javax.security.auth.Subject;
+import javax.servlet.ServletRequest;
+
+
+import org.eclipse.jetty.server.UserIdentity;
+import org.eclipse.jetty.util.component.AbstractLifeCycle;
+import org.eclipse.jetty.util.log.Log;
+import org.eclipse.jetty.util.log.Logger;
+import org.eclipse.jetty.util.security.Credential;
+
+/**
+ * AbstractLoginService
+ */
+public abstract class AbstractLoginService extends AbstractLifeCycle implements LoginService
+{
+ private static final Logger LOG = Log.getLogger(AbstractLoginService.class);
+
+ protected IdentityService _identityService=new DefaultIdentityService();
+ protected String _name;
+ protected boolean _fullValidate = false;
+
+
+ /* ------------------------------------------------------------ */
+ /**
+ * RolePrincipal
+ */
+ public static class RolePrincipal implements Principal,Serializable
+ {
+ private static final long serialVersionUID = 2998397924051854402L;
+ private final String _roleName;
+ public RolePrincipal(String name)
+ {
+ _roleName=name;
+ }
+ public String getName()
+ {
+ return _roleName;
+ }
+ }
+
+
+ /* ------------------------------------------------------------ */
+ /**
+ * UserPrincipal
+ */
+ public static class UserPrincipal implements Principal,Serializable
+ {
+ private static final long serialVersionUID = -6226920753748399662L;
+ private final String _name;
+ private final Credential _credential;
+
+
+ /* -------------------------------------------------------- */
+ public UserPrincipal(String name,Credential credential)
+ {
+ _name=name;
+ _credential=credential;
+ }
+
+ /* -------------------------------------------------------- */
+ public boolean authenticate(Object credentials)
+ {
+ return _credential!=null && _credential.check(credentials);
+ }
+
+ /* -------------------------------------------------------- */
+ public boolean authenticate (Credential c)
+ {
+ return(_credential != null && c != null && _credential.equals(c));
+ }
+
+ /* ------------------------------------------------------------ */
+ public String getName()
+ {
+ return _name;
+ }
+
+
+
+ /* -------------------------------------------------------- */
+ @Override
+ public String toString()
+ {
+ return _name;
+ }
+ }
+
+ /* ------------------------------------------------------------ */
+ protected abstract String[] loadRoleInfo (UserPrincipal user);
+
+ /* ------------------------------------------------------------ */
+ protected abstract UserPrincipal loadUserInfo (String username);
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.security.LoginService#getName()
+ */
+ @Override
+ public String getName()
+ {
+ return _name;
+ }
+
+ /* ------------------------------------------------------------ */
+ /** Set the identityService.
+ * @param identityService the identityService to set
+ */
+ public void setIdentityService(IdentityService identityService)
+ {
+ if (isRunning())
+ throw new IllegalStateException("Running");
+ _identityService = identityService;
+ }
+
+ /* ------------------------------------------------------------ */
+ /** Set the name.
+ * @param name the name to set
+ */
+ public void setName(String name)
+ {
+ if (isRunning())
+ throw new IllegalStateException("Running");
+ _name = name;
+ }
+
+ /* ------------------------------------------------------------ */
+ @Override
+ public String toString()
+ {
+ return this.getClass().getSimpleName()+"["+_name+"]";
+ }
+
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.security.LoginService#login(java.lang.String, java.lang.Object, javax.servlet.ServletRequest)
+ */
+ @Override
+ public UserIdentity login(String username, Object credentials, ServletRequest request)
+ {
+ if (username == null)
+ return null;
+
+ UserPrincipal userPrincipal = loadUserInfo(username);
+ if (userPrincipal.authenticate(credentials))
+ {
+ //safe to load the roles
+ String[] roles = loadRoleInfo(userPrincipal);
+
+ Subject subject = new Subject();
+ subject.getPrincipals().add(userPrincipal);
+ subject.getPrivateCredentials().add(userPrincipal._credential);
+ if (roles!=null)
+ for (String role : roles)
+ subject.getPrincipals().add(new RolePrincipal(role));
+ subject.setReadOnly();
+ return _identityService.newUserIdentity(subject,userPrincipal,roles);
+ }
+
+ return null;
+
+ }
+
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.security.LoginService#validate(org.eclipse.jetty.server.UserIdentity)
+ */
+ @Override
+ public boolean validate(UserIdentity user)
+ {
+ if (!isFullValidate())
+ return true; //if we have a user identity it must be valid
+
+ //Do a full validation back against the user store
+ UserPrincipal fresh = loadUserInfo(user.getUserPrincipal().getName());
+ if (fresh == null)
+ return false; //user no longer exists
+
+ if (user.getUserPrincipal() instanceof UserPrincipal)
+ {
+ System.err.println("VALIDATING user "+fresh.getName());
+ return fresh.authenticate(((UserPrincipal)user.getUserPrincipal())._credential);
+ }
+
+ throw new IllegalStateException("UserPrincipal not KnownUser"); //can't validate
+ }
+
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.security.LoginService#getIdentityService()
+ */
+ @Override
+ public IdentityService getIdentityService()
+ {
+ return _identityService;
+ }
+
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.security.LoginService#logout(org.eclipse.jetty.server.UserIdentity)
+ */
+ @Override
+ public void logout(UserIdentity user)
+ {
+ //Override in subclasses
+
+ }
+
+ /* ------------------------------------------------------------ */
+ public boolean isFullValidate()
+ {
+ return _fullValidate;
+ }
+
+ /* ------------------------------------------------------------ */
+ public void setFullValidate(boolean fullValidate)
+ {
+ _fullValidate = fullValidate;
+ }
+
+}
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/Authenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/Authenticator.java
index 423fcad941..c509f3741f 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/Authenticator.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/Authenticator.java
@@ -43,7 +43,8 @@ public interface Authenticator
/* ------------------------------------------------------------ */
/**
* Configure the Authenticator
- * @param configuration
+ *
+ * @param configuration the configuration
*/
void setConfiguration(AuthConfiguration configuration);
@@ -64,13 +65,16 @@ public interface Authenticator
* where the http method of the original request causing authentication
* is not the same as the http method resulting from the redirect
* after authentication.
- * @param request
+ *
+ * @param request the request to manipulate
*/
void prepareRequest(ServletRequest request);
/* ------------------------------------------------------------ */
- /** Validate a request
+ /**
+ * Validate a request
+ *
* @param request The request
* @param response The response
* @param mandatory True if authentication is mandatory.
@@ -79,18 +83,20 @@ public interface Authenticator
* implement {@link org.eclipse.jetty.server.Authentication.ResponseSent}. If Authentication is not manditory, then a
* {@link org.eclipse.jetty.server.Authentication.Deferred} may be returned.
*
- * @throws ServerAuthException
+ * @throws ServerAuthException if unable to validate request
*/
Authentication validateRequest(ServletRequest request, ServletResponse response, boolean mandatory) throws ServerAuthException;
/* ------------------------------------------------------------ */
/**
- * @param request
- * @param response
- * @param mandatory
- * @param validatedUser
+ * is response secure
+ *
+ * @param request the request
+ * @param response the response
+ * @param mandatory if security is mandator
+ * @param validatedUser the user that was validated
* @return true if response is secure
- * @throws ServerAuthException
+ * @throws ServerAuthException if unable to test response
*/
boolean secureResponse(ServletRequest request, ServletResponse response, boolean mandatory, User validatedUser) throws ServerAuthException;
@@ -106,7 +112,8 @@ public interface Authenticator
String getAuthMethod();
String getRealmName();
- /** Get a SecurityHandler init parameter
+ /**
+ * Get a SecurityHandler init parameter
* @see SecurityHandler#getInitParameter(String)
* @param param parameter name
* @return Parameter value or null
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintAware.java b/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintAware.java
index 15f64dc430..d06898e845 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintAware.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintAware.java
@@ -29,15 +29,15 @@ public interface ConstraintAware
/* ------------------------------------------------------------ */
/** Set Constraint Mappings and roles.
* Can only be called during initialization.
- * @param constraintMappings
- * @param roles
+ * @param constraintMappings the mappings
+ * @param roles the roles
*/
void setConstraintMappings(List<ConstraintMapping> constraintMappings, Set<String> roles);
/* ------------------------------------------------------------ */
/** Add a Constraint Mapping.
* May be called for running webapplication as an annotated servlet is instantiated.
- * @param mapping
+ * @param mapping the mapping
*/
void addConstraintMapping(ConstraintMapping mapping);
@@ -45,7 +45,7 @@ public interface ConstraintAware
/* ------------------------------------------------------------ */
/** Add a Role definition.
* May be called on running webapplication as an annotated servlet is instantiated.
- * @param role
+ * @param role the role
*/
void addRole(String role);
@@ -53,7 +53,7 @@ public interface ConstraintAware
* See Servlet Spec 31, sec 13.8.4, pg 145
* When true, requests with http methods not explicitly covered either by inclusion or omissions
* in constraints, will have access denied.
- * @param deny
+ * @param deny true for denied method access
*/
void setDenyUncoveredHttpMethods(boolean deny);
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/HashLoginService.java b/jetty-security/src/main/java/org/eclipse/jetty/security/HashLoginService.java
index 5d606528ee..108ca0ad6f 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/HashLoginService.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/HashLoginService.java
@@ -19,6 +19,9 @@
package org.eclipse.jetty.security;
import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Set;
import org.eclipse.jetty.security.PropertyUserStore.UserListener;
import org.eclipse.jetty.server.UserIdentity;
@@ -45,15 +48,15 @@ import org.eclipse.jetty.util.security.Credential;
* <p>
* If DIGEST Authentication is used, the password must be in a recoverable format, either plain text or OBF:.
*/
-public class HashLoginService extends MappedLoginService implements UserListener
+public class HashLoginService extends AbstractLoginService
{
private static final Logger LOG = Log.getLogger(HashLoginService.class);
- private PropertyUserStore _propertyUserStore;
- private String _config;
- private Resource _configResource;
- private Scanner _scanner;
- private boolean hotReload = false; // default is not to reload
+ protected PropertyUserStore _propertyUserStore;
+ protected String _config;
+ protected Resource _configResource;
+ protected boolean hotReload = false; // default is not to reload
+
/* ------------------------------------------------------------ */
public HashLoginService()
@@ -127,41 +130,45 @@ public class HashLoginService extends MappedLoginService implements UserListener
this.hotReload = enable;
}
- /* ------------------------------------------------------------ */
- /**
- * sets the refresh interval (in seconds)
- * @param sec the refresh interval
- * @deprecated use {@link #setHotReload(boolean)} instead
- */
- @Deprecated
- public void setRefreshInterval(int sec)
- {
- }
-
- /* ------------------------------------------------------------ */
- /**
- * @return refresh interval in seconds for how often the properties file should be checked for changes
- * @deprecated use {@link #isHotReload()} instead
- */
- @Deprecated
- public int getRefreshInterval()
- {
- return (hotReload)?1:0;
- }
+
/* ------------------------------------------------------------ */
@Override
- protected UserIdentity loadUser(String username)
+ protected String[] loadRoleInfo(UserPrincipal user)
{
- return null;
+ UserIdentity id = _propertyUserStore.getUserIdentity(user.getName());
+ if (id == null)
+ return null;
+
+
+ Set<RolePrincipal> roles = id.getSubject().getPrincipals(RolePrincipal.class);
+ if (roles == null)
+ return null;
+
+ List<String> list = new ArrayList<>();
+ for (RolePrincipal r:roles)
+ list.add(r.getName());
+
+ return list.toArray(new String[roles.size()]);
}
+
+
+
/* ------------------------------------------------------------ */
@Override
- public void loadUsers() throws IOException
+ protected UserPrincipal loadUserInfo(String userName)
{
- // TODO: Consider refactoring MappedLoginService to not have to override with unused methods
+ UserIdentity id = _propertyUserStore.getUserIdentity(userName);
+ if (id != null)
+ {
+ return (UserPrincipal)id.getUserPrincipal();
+ }
+
+ return null;
}
+
+
/* ------------------------------------------------------------ */
/**
@@ -180,7 +187,6 @@ public class HashLoginService extends MappedLoginService implements UserListener
_propertyUserStore = new PropertyUserStore();
_propertyUserStore.setHotReload(hotReload);
_propertyUserStore.setConfigPath(_config);
- _propertyUserStore.registerUserListener(this);
_propertyUserStore.start();
}
}
@@ -193,26 +199,5 @@ public class HashLoginService extends MappedLoginService implements UserListener
protected void doStop() throws Exception
{
super.doStop();
- if (_scanner != null)
- _scanner.stop();
- _scanner = null;
- }
-
- /* ------------------------------------------------------------ */
- @Override
- public void update(String userName, Credential credential, String[] roleArray)
- {
- if (LOG.isDebugEnabled())
- LOG.debug("update: " + userName + " Roles: " + roleArray.length);
- putUser(userName,credential,roleArray);
- }
-
- /* ------------------------------------------------------------ */
- @Override
- public void remove(String userName)
- {
- if (LOG.isDebugEnabled())
- LOG.debug("remove: " + userName);
- removeUser(userName);
}
}
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/JDBCLoginService.java b/jetty-security/src/main/java/org/eclipse/jetty/security/JDBCLoginService.java
index 089b894911..7f38d07a49 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/JDBCLoginService.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/JDBCLoginService.java
@@ -41,25 +41,18 @@ import org.eclipse.jetty.util.security.Credential;
/* ------------------------------------------------------------ */
/**
* HashMapped User Realm with JDBC as data source.
- * The login() method checks the inherited Map for the user. If the user is not
+ * The {@link #login(String, Object, ServletRequest)} method checks the inherited Map for the user. If the user is not
* found, it will fetch details from the database and populate the inherited
- * Map. It then calls the superclass login() method to perform the actual
+ * Map. It then calls the superclass {@link #login(String, Object, ServletRequest)} method to perform the actual
* authentication. Periodically (controlled by configuration parameter),
* internal hashes are cleared. Caching can be disabled by setting cache refresh
* interval to zero. Uses one database connection that is initialized at
- * startup. Reconnect on failures. authenticate() is 'synchronized'.
- *
+ * startup. Reconnect on failures.
+ * <p>
* An example properties file for configuration is in
- * $JETTY_HOME/etc/jdbcRealm.properties
- *
- * @version $Id: JDBCLoginService.java 4792 2009-03-18 21:55:52Z gregw $
- *
- *
- *
- *
+ * <code>${jetty.home}/etc/jdbcRealm.properties</code>
*/
-
-public class JDBCLoginService extends MappedLoginService
+public class JDBCLoginService extends AbstractLoginService
{
private static final Logger LOG = Log.getLogger(JDBCLoginService.class);
@@ -71,12 +64,30 @@ public class JDBCLoginService extends MappedLoginService
protected String _userTableKey;
protected String _userTablePasswordField;
protected String _roleTableRoleField;
- protected int _cacheTime;
- protected long _lastHashPurge;
protected Connection _con;
protected String _userSql;
protected String _roleSql;
+
+ /**
+ * JDBCKnownUser
+ */
+ public class JDBCUserPrincipal extends UserPrincipal
+ {
+ int _userKey;
+
+ public JDBCUserPrincipal(String name, Credential credential, int key)
+ {
+ super(name, credential);
+ _userKey = key;
+ }
+
+
+ public int getUserKey ()
+ {
+ return _userKey;
+ }
+ }
/* ------------------------------------------------------------ */
public JDBCLoginService()
@@ -110,9 +121,6 @@ public class JDBCLoginService extends MappedLoginService
/* ------------------------------------------------------------ */
- /**
- * @see org.eclipse.jetty.security.MappedLoginService#doStart()
- */
@Override
protected void doStart() throws Exception
{
@@ -136,20 +144,18 @@ public class JDBCLoginService extends MappedLoginService
String _userRoleTable = properties.getProperty("userroletable");
String _userRoleTableUserKey = properties.getProperty("userroletableuserkey");
String _userRoleTableRoleKey = properties.getProperty("userroletablerolekey");
- _cacheTime = new Integer(properties.getProperty("cachetime"));
+
if (_jdbcDriver == null || _jdbcDriver.equals("")
|| _url == null
|| _url.equals("")
|| _userName == null
|| _userName.equals("")
- || _password == null
- || _cacheTime < 0)
+ || _password == null)
{
LOG.warn("UserRealm " + getName() + " has not been properly configured");
}
- _cacheTime *= 1000;
- _lastHashPurge = 0;
+
_userSql = "select " + _userTableKey + "," + _userTablePasswordField + " from " + _userTable + " where " + _userTableUserField + " = ?";
_roleSql = "select r." + _roleTableRoleField
+ " from "
@@ -164,7 +170,7 @@ public class JDBCLoginService extends MappedLoginService
+ " = u."
+ _userRoleTableRoleKey;
- Loader.loadClass(this.getClass(), _jdbcDriver).newInstance();
+ Loader.loadClass(_jdbcDriver).newInstance();
super.doStart();
}
@@ -209,30 +215,11 @@ public class JDBCLoginService extends MappedLoginService
}
}
- /* ------------------------------------------------------------ */
- @Override
- public UserIdentity login(String username, Object credentials, ServletRequest request)
- {
- long now = System.currentTimeMillis();
- if (now - _lastHashPurge > _cacheTime || _cacheTime == 0)
- {
- _users.clear();
- _lastHashPurge = now;
- closeConnection();
- }
-
- return super.login(username,credentials, request);
- }
-
- /* ------------------------------------------------------------ */
- @Override
- protected void loadUsers()
- {
- }
+
+
/* ------------------------------------------------------------ */
- @Override
- protected UserIdentity loadUser(String username)
+ public UserPrincipal loadUserInfo (String username)
{
try
{
@@ -251,18 +238,8 @@ public class JDBCLoginService extends MappedLoginService
{
int key = rs1.getInt(_userTableKey);
String credentials = rs1.getString(_userTablePasswordField);
- List<String> roles = new ArrayList<String>();
- try (PreparedStatement stat2 = _con.prepareStatement(_roleSql))
- {
- stat2.setInt(1, key);
- try (ResultSet rs2 = stat2.executeQuery())
- {
- while (rs2.next())
- roles.add(rs2.getString(_roleTableRoleField));
- }
- }
- return putUser(username, credentials, roles.toArray(new String[roles.size()]));
+ return new JDBCUserPrincipal (username, Credential.getCredential(credentials), key);
}
}
}
@@ -272,16 +249,60 @@ public class JDBCLoginService extends MappedLoginService
LOG.warn("UserRealm " + getName() + " could not load user information from database", e);
closeConnection();
}
+
return null;
}
+
/* ------------------------------------------------------------ */
- protected UserIdentity putUser (String username, String credentials, String[] roles)
+ public String[] loadRoleInfo (UserPrincipal user)
{
- return putUser(username, Credential.getCredential(credentials),roles);
+ JDBCUserPrincipal jdbcUser = (JDBCUserPrincipal)user;
+
+ try
+ {
+ if (null == _con)
+ connectDatabase();
+
+ if (null == _con)
+ throw new SQLException("Can't connect to database");
+
+
+ List<String> roles = new ArrayList<String>();
+
+ try (PreparedStatement stat2 = _con.prepareStatement(_roleSql))
+ {
+ stat2.setInt(1, jdbcUser.getUserKey());
+ try (ResultSet rs2 = stat2.executeQuery())
+ {
+ while (rs2.next())
+ roles.add(rs2.getString(_roleTableRoleField));
+ return roles.toArray(new String[roles.size()]);
+ }
+ }
+ }
+ catch (SQLException e)
+ {
+ LOG.warn("UserRealm " + getName() + " could not load user information from database", e);
+ closeConnection();
+ }
+
+ return null;
}
+ /* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.util.component.AbstractLifeCycle#doStop()
+ */
+ @Override
+ protected void doStop() throws Exception
+ {
+ closeConnection();
+ super.doStop();
+ }
+
+ /* ------------------------------------------------------------ */
/**
* Close an existing connection
*/
@@ -294,5 +315,4 @@ public class JDBCLoginService extends MappedLoginService
}
_con = null;
}
-
}
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/MappedLoginService.java b/jetty-security/src/main/java/org/eclipse/jetty/security/MappedLoginService.java
deleted file mode 100644
index 70b4c95329..0000000000
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/MappedLoginService.java
+++ /dev/null
@@ -1,344 +0,0 @@
-//
-// ========================================================================
-// Copyright (c) 1995-2015 Mort Bay Consulting Pty. Ltd.
-// ------------------------------------------------------------------------
-// All rights reserved. This program and the accompanying materials
-// are made available under the terms of the Eclipse Public License v1.0
-// and Apache License v2.0 which accompanies this distribution.
-//
-// The Eclipse Public License is available at
-// http://www.eclipse.org/legal/epl-v10.html
-//
-// The Apache License v2.0 is available at
-// http://www.opensource.org/licenses/apache2.0.php
-//
-// You may elect to redistribute this code under either of these licenses.
-// ========================================================================
-//
-
-
-package org.eclipse.jetty.security;
-
-import java.io.IOException;
-import java.io.Serializable;
-import java.security.Principal;
-import java.util.Map;
-import java.util.concurrent.ConcurrentHashMap;
-import java.util.concurrent.ConcurrentMap;
-
-import javax.security.auth.Subject;
-import javax.servlet.ServletRequest;
-
-import org.eclipse.jetty.server.UserIdentity;
-import org.eclipse.jetty.util.component.AbstractLifeCycle;
-import org.eclipse.jetty.util.log.Log;
-import org.eclipse.jetty.util.log.Logger;
-import org.eclipse.jetty.util.security.Credential;
-
-
-
-/* ------------------------------------------------------------ */
-/**
- * A login service that keeps UserIdentities in a concurrent map
- * either as the source or a cache of the users.
- *
- */
-public abstract class MappedLoginService extends AbstractLifeCycle implements LoginService
-{
- private static final Logger LOG = Log.getLogger(MappedLoginService.class);
-
- protected IdentityService _identityService=new DefaultIdentityService();
- protected String _name;
- protected final ConcurrentMap<String, UserIdentity> _users=new ConcurrentHashMap<String, UserIdentity>();
-
- /* ------------------------------------------------------------ */
- protected MappedLoginService()
- {
- }
-
- /* ------------------------------------------------------------ */
- /** Get the name.
- * @return the name
- */
- public String getName()
- {
- return _name;
- }
-
- /* ------------------------------------------------------------ */
- /** Get the identityService.
- * @return the identityService
- */
- public IdentityService getIdentityService()
- {
- return _identityService;
- }
-
- /* ------------------------------------------------------------ */
- /** Get the users.
- * @return the users
- */
- public ConcurrentMap<String, UserIdentity> getUsers()
- {
- return _users;
- }
-
- /* ------------------------------------------------------------ */
- /** Set the identityService.
- * @param identityService the identityService to set
- */
- public void setIdentityService(IdentityService identityService)
- {
- if (isRunning())
- throw new IllegalStateException("Running");
- _identityService = identityService;
- }
-
- /* ------------------------------------------------------------ */
- /** Set the name.
- * @param name the name to set
- */
- public void setName(String name)
- {
- if (isRunning())
- throw new IllegalStateException("Running");
- _name = name;
- }
-
- /* ------------------------------------------------------------ */
- /** Set the users.
- * @param users the users to set
- */
- public void setUsers(Map<String, UserIdentity> users)
- {
- if (isRunning())
- throw new IllegalStateException("Running");
- _users.clear();
- _users.putAll(users);
- }
-
- /* ------------------------------------------------------------ */
- /**
- * @see org.eclipse.jetty.util.component.AbstractLifeCycle#doStart()
- */
- @Override
- protected void doStart() throws Exception
- {
- loadUsers();
- super.doStart();
- }
-
- /* ------------------------------------------------------------ */
- @Override
- protected void doStop() throws Exception
- {
- super.doStop();
- }
-
- /* ------------------------------------------------------------ */
- public void logout(UserIdentity identity)
- {
- LOG.debug("logout {}",identity);
- }
-
- /* ------------------------------------------------------------ */
- @Override
- public String toString()
- {
- return this.getClass().getSimpleName()+"["+_name+"]";
- }
-
- /* ------------------------------------------------------------ */
- /** Put user into realm.
- * Called by implementations to put the user data loaded from
- * file/db etc into the user structure.
- * @param userName User name
- * @param info a UserIdentity instance, or a String password or Credential instance
- * @return User instance
- */
- protected synchronized UserIdentity putUser(String userName, Object info)
- {
- final UserIdentity identity;
- if (info instanceof UserIdentity)
- identity=(UserIdentity)info;
- else
- {
- Credential credential = (info instanceof Credential)?(Credential)info:Credential.getCredential(info.toString());
-
- Principal userPrincipal = new KnownUser(userName,credential);
- Subject subject = new Subject();
- subject.getPrincipals().add(userPrincipal);
- subject.getPrivateCredentials().add(credential);
- subject.setReadOnly();
- identity=_identityService.newUserIdentity(subject,userPrincipal,IdentityService.NO_ROLES);
- }
-
- _users.put(userName,identity);
- return identity;
- }
-
- /* ------------------------------------------------------------ */
- /** Put user into realm.
- * @param userName The user to add
- * @param credential The users Credentials
- * @param roles The users roles
- * @return UserIdentity
- */
- public synchronized UserIdentity putUser(String userName, Credential credential, String[] roles)
- {
- Principal userPrincipal = new KnownUser(userName,credential);
- Subject subject = new Subject();
- subject.getPrincipals().add(userPrincipal);
- subject.getPrivateCredentials().add(credential);
-
- if (roles!=null)
- for (String role : roles)
- subject.getPrincipals().add(new RolePrincipal(role));
-
- subject.setReadOnly();
- UserIdentity identity=_identityService.newUserIdentity(subject,userPrincipal,roles);
- _users.put(userName,identity);
- return identity;
- }
-
- /* ------------------------------------------------------------ */
- public void removeUser(String username)
- {
- _users.remove(username);
- }
-
- /* ------------------------------------------------------------ */
- /**
- * @see org.eclipse.jetty.security.LoginService#login(java.lang.String, java.lang.Object, ServletRequest)
- */
- public UserIdentity login(String username, Object credentials, ServletRequest request)
- {
- if (username == null)
- return null;
-
- UserIdentity user = _users.get(username);
-
- if (user==null)
- user = loadUser(username);
-
- if (user!=null)
- {
- UserPrincipal principal = (UserPrincipal)user.getUserPrincipal();
- if (principal.authenticate(credentials))
- return user;
- }
- return null;
- }
-
- /* ------------------------------------------------------------ */
- public boolean validate(UserIdentity user)
- {
- if (_users.containsKey(user.getUserPrincipal().getName()))
- return true;
-
- if (loadUser(user.getUserPrincipal().getName())!=null)
- return true;
-
- return false;
- }
-
- /* ------------------------------------------------------------ */
- protected abstract UserIdentity loadUser(String username);
-
- /* ------------------------------------------------------------ */
- protected abstract void loadUsers() throws IOException;
-
-
- /* ------------------------------------------------------------ */
- /* ------------------------------------------------------------ */
- /* ------------------------------------------------------------ */
- public interface UserPrincipal extends Principal,Serializable
- {
- boolean authenticate(Object credentials);
- public boolean isAuthenticated();
- }
-
- /* ------------------------------------------------------------ */
- /* ------------------------------------------------------------ */
- /* ------------------------------------------------------------ */
- public static class RolePrincipal implements Principal,Serializable
- {
- private static final long serialVersionUID = 2998397924051854402L;
- private final String _roleName;
- public RolePrincipal(String name)
- {
- _roleName=name;
- }
- public String getName()
- {
- return _roleName;
- }
- }
-
- /* ------------------------------------------------------------ */
- /* ------------------------------------------------------------ */
- /* ------------------------------------------------------------ */
- public static class Anonymous implements UserPrincipal,Serializable
- {
- private static final long serialVersionUID = 1097640442553284845L;
-
- public boolean isAuthenticated()
- {
- return false;
- }
-
- public String getName()
- {
- return "Anonymous";
- }
-
- public boolean authenticate(Object credentials)
- {
- return false;
- }
-
- }
-
- /* ------------------------------------------------------------ */
- /* ------------------------------------------------------------ */
- /* ------------------------------------------------------------ */
- public static class KnownUser implements UserPrincipal,Serializable
- {
- private static final long serialVersionUID = -6226920753748399662L;
- private final String _name;
- private final Credential _credential;
-
- /* -------------------------------------------------------- */
- public KnownUser(String name,Credential credential)
- {
- _name=name;
- _credential=credential;
- }
-
- /* -------------------------------------------------------- */
- public boolean authenticate(Object credentials)
- {
- return _credential!=null && _credential.check(credentials);
- }
-
- /* ------------------------------------------------------------ */
- public String getName()
- {
- return _name;
- }
-
- /* -------------------------------------------------------- */
- public boolean isAuthenticated()
- {
- return true;
- }
-
- /* -------------------------------------------------------- */
- @Override
- public String toString()
- {
- return _name;
- }
- }
-}
-
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/PropertyUserStore.java b/jetty-security/src/main/java/org/eclipse/jetty/security/PropertyUserStore.java
index 0bab932957..2d7a6368a6 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/PropertyUserStore.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/PropertyUserStore.java
@@ -33,8 +33,7 @@ import java.util.Set;
import javax.security.auth.Subject;
-import org.eclipse.jetty.security.MappedLoginService.KnownUser;
-import org.eclipse.jetty.security.MappedLoginService.RolePrincipal;
+
import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.util.PathWatcher;
import org.eclipse.jetty.util.PathWatcher.PathWatchEvent;
@@ -64,17 +63,17 @@ public class PropertyUserStore extends AbstractLifeCycle implements PathWatcher.
{
private static final Logger LOG = Log.getLogger(PropertyUserStore.class);
- private Path _configPath;
- private Resource _configResource;
+ protected Path _configPath;
+ protected Resource _configResource;
- private PathWatcher pathWatcher;
- private boolean hotReload = false; // default is not to reload
+ protected PathWatcher pathWatcher;
+ protected boolean hotReload = false; // default is not to reload
- private IdentityService _identityService = new DefaultIdentityService();
- private boolean _firstLoad = true; // true if first load, false from that point on
- private final List<String> _knownUsers = new ArrayList<String>();
- private final Map<String, UserIdentity> _knownUserIdentities = new HashMap<String, UserIdentity>();
- private List<UserListener> _listeners;
+ protected IdentityService _identityService = new DefaultIdentityService();
+ protected boolean _firstLoad = true; // true if first load, false from that point on
+ protected final List<String> _knownUsers = new ArrayList<String>();
+ protected final Map<String, UserIdentity> _knownUserIdentities = new HashMap<String, UserIdentity>();
+ protected List<UserListener> _listeners;
/**
* Get the config (as a string)
@@ -186,27 +185,7 @@ public class PropertyUserStore extends AbstractLifeCycle implements PathWatcher.
this.hotReload = enable;
}
- /* ------------------------------------------------------------ */
- /**
- * sets the refresh interval (in seconds)
- * @param sec the refresh interval
- * @deprecated use {@link #setHotReload(boolean)} instead
- */
- @Deprecated
- public void setRefreshInterval(int sec)
- {
- }
-
- /* ------------------------------------------------------------ */
- /**
- * @return refresh interval in seconds for how often the properties file should be checked for changes
- * @deprecated use {@link #isHotReload()} instead
- */
- @Deprecated
- public int getRefreshInterval()
- {
- return (hotReload)?1:0;
- }
+
@Override
public String toString()
@@ -221,7 +200,7 @@ public class PropertyUserStore extends AbstractLifeCycle implements PathWatcher.
}
/* ------------------------------------------------------------ */
- private void loadUsers() throws IOException
+ protected void loadUsers() throws IOException
{
if (_configPath == null)
return;
@@ -259,7 +238,7 @@ public class PropertyUserStore extends AbstractLifeCycle implements PathWatcher.
known.add(username);
Credential credential = Credential.getCredential(credentials);
- Principal userPrincipal = new KnownUser(username,credential);
+ Principal userPrincipal = new AbstractLoginService.UserPrincipal(username,credential);
Subject subject = new Subject();
subject.getPrincipals().add(userPrincipal);
subject.getPrivateCredentials().add(credential);
@@ -268,7 +247,7 @@ public class PropertyUserStore extends AbstractLifeCycle implements PathWatcher.
{
for (String role : roleArray)
{
- subject.getPrincipals().add(new RolePrincipal(role));
+ subject.getPrincipals().add(new AbstractLoginService.RolePrincipal(role));
}
}

Back to the top