diff options
author | Jan Bartel | 2015-11-26 04:30:50 +0000 |
---|---|---|
committer | Jan Bartel | 2015-11-26 04:31:19 +0000 |
commit | 81b2a6a4de22ebb3d3e1c857e686bccbfd636c4d (patch) | |
tree | 427fd9750c1ead250cbd871c0a2971e6eebe7b3b /jetty-security | |
parent | 18a3af1951002116218a445c403a95c0c24939ab (diff) | |
download | org.eclipse.jetty.project-81b2a6a4de22ebb3d3e1c857e686bccbfd636c4d.tar.gz org.eclipse.jetty.project-81b2a6a4de22ebb3d3e1c857e686bccbfd636c4d.tar.xz org.eclipse.jetty.project-81b2a6a4de22ebb3d3e1c857e686bccbfd636c4d.zip |
483059 Remove cache of authenticated users
Diffstat (limited to 'jetty-security')
9 files changed, 401 insertions, 595 deletions
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java b/jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java new file mode 100644 index 0000000000..c38a195aa5 --- /dev/null +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java @@ -0,0 +1,270 @@ +// +// ======================================================================== +// Copyright (c) 1995-2015 Mort Bay Consulting Pty. Ltd. +// ------------------------------------------------------------------------ +// All rights reserved. This program and the accompanying materials +// are made available under the terms of the Eclipse Public License v1.0 +// and Apache License v2.0 which accompanies this distribution. +// +// The Eclipse Public License is available at +// http://www.eclipse.org/legal/epl-v10.html +// +// The Apache License v2.0 is available at +// http://www.opensource.org/licenses/apache2.0.php +// +// You may elect to redistribute this code under either of these licenses. +// ======================================================================== +// + + +package org.eclipse.jetty.security; + +import java.io.Serializable; +import java.security.Principal; + +import javax.security.auth.Subject; +import javax.servlet.ServletRequest; + + +import org.eclipse.jetty.server.UserIdentity; +import org.eclipse.jetty.util.component.AbstractLifeCycle; +import org.eclipse.jetty.util.log.Log; +import org.eclipse.jetty.util.log.Logger; +import org.eclipse.jetty.util.security.Credential; + +/** + * AbstractLoginService + * + * + */ +public abstract class AbstractLoginService extends AbstractLifeCycle implements LoginService +{ + private static final Logger LOG = Log.getLogger(AbstractLoginService.class); + + protected IdentityService _identityService=new DefaultIdentityService(); + protected String _name; + protected boolean _fullValidate = false; + + + + + + /* ------------------------------------------------------------ */ + /** + * RolePrincipal + * + * + */ + public static class RolePrincipal implements Principal,Serializable + { + private static final long serialVersionUID = 2998397924051854402L; + private final String _roleName; + public RolePrincipal(String name) + { + _roleName=name; + } + public String getName() + { + return _roleName; + } + } + + + /* ------------------------------------------------------------ */ + /** + * UserPrincipal + * + * + */ + public static class UserPrincipal implements Principal,Serializable + { + private static final long serialVersionUID = -6226920753748399662L; + private final String _name; + private final Credential _credential; + + + /* -------------------------------------------------------- */ + public UserPrincipal(String name,Credential credential) + { + _name=name; + _credential=credential; + } + + /* -------------------------------------------------------- */ + public boolean authenticate(Object credentials) + { + return _credential!=null && _credential.check(credentials); + } + + /* -------------------------------------------------------- */ + public boolean authenticate (Credential c) + { + return(_credential != null && c != null && _credential.equals(c)); + } + + /* ------------------------------------------------------------ */ + public String getName() + { + return _name; + } + + + + /* -------------------------------------------------------- */ + @Override + public String toString() + { + return _name; + } + } + + + + + /* ------------------------------------------------------------ */ + protected abstract String[] loadRoleInfo (UserPrincipal user); + + + /* ------------------------------------------------------------ */ + protected abstract UserPrincipal loadUserInfo (String username); + + + + + /* ------------------------------------------------------------ */ + /** + * @see org.eclipse.jetty.security.LoginService#getName() + */ + @Override + public String getName() + { + return _name; + } + + /* ------------------------------------------------------------ */ + /** Set the identityService. + * @param identityService the identityService to set + */ + public void setIdentityService(IdentityService identityService) + { + if (isRunning()) + throw new IllegalStateException("Running"); + _identityService = identityService; + } + + /* ------------------------------------------------------------ */ + /** Set the name. + * @param name the name to set + */ + public void setName(String name) + { + if (isRunning()) + throw new IllegalStateException("Running"); + _name = name; + } + + /* ------------------------------------------------------------ */ + @Override + public String toString() + { + return this.getClass().getSimpleName()+"["+_name+"]"; + } + + + /* ------------------------------------------------------------ */ + /** + * @see org.eclipse.jetty.security.LoginService#login(java.lang.String, java.lang.Object, javax.servlet.ServletRequest) + */ + @Override + public UserIdentity login(String username, Object credentials, ServletRequest request) + { + if (username == null) + return null; + + UserPrincipal userPrincipal = loadUserInfo(username); + if (userPrincipal.authenticate(credentials)) + { + //safe to load the roles + String[] roles = loadRoleInfo(userPrincipal); + + Subject subject = new Subject(); + subject.getPrincipals().add(userPrincipal); + subject.getPrivateCredentials().add(userPrincipal._credential); + if (roles!=null) + for (String role : roles) + subject.getPrincipals().add(new RolePrincipal(role)); + subject.setReadOnly(); + return _identityService.newUserIdentity(subject,userPrincipal,roles); + } + + return null; + + } + + + /* ------------------------------------------------------------ */ + /** + * @see org.eclipse.jetty.security.LoginService#validate(org.eclipse.jetty.server.UserIdentity) + */ + @Override + public boolean validate(UserIdentity user) + { + if (!isFullValidate()) + return true; //if we have a user identity it must be valid + + //Do a full validation back against the user store + UserPrincipal fresh = loadUserInfo(user.getUserPrincipal().getName()); + if (fresh == null) + return false; //user no longer exists + + if (user.getUserPrincipal() instanceof UserPrincipal) + { + System.err.println("VALIDATING user "+fresh.getName()); + return fresh.authenticate(((UserPrincipal)user.getUserPrincipal())._credential); + } + + throw new IllegalStateException("UserPrincipal not KnownUser"); //can't validate + } + + + /* ------------------------------------------------------------ */ + /** + * @see org.eclipse.jetty.security.LoginService#getIdentityService() + */ + @Override + public IdentityService getIdentityService() + { + return _identityService; + } + + + /* ------------------------------------------------------------ */ + /** + * @see org.eclipse.jetty.security.LoginService#logout(org.eclipse.jetty.server.UserIdentity) + */ + @Override + public void logout(UserIdentity user) + { + //Override in subclasses + + } + + /* ------------------------------------------------------------ */ + /** + * @return + */ + public boolean isFullValidate() + { + return _fullValidate; + } + + /* ------------------------------------------------------------ */ + /** + * @param fullValidate + */ + public void setFullValidate(boolean fullValidate) + { + _fullValidate = fullValidate; + } + +} diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/HashLoginService.java b/jetty-security/src/main/java/org/eclipse/jetty/security/HashLoginService.java index 659083b7cf..f0774a707d 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/HashLoginService.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/HashLoginService.java @@ -23,7 +23,6 @@ import java.util.ArrayList; import java.util.List; import java.util.Set; -import org.eclipse.jetty.security.MappedLoginService.KnownUser; import org.eclipse.jetty.security.PropertyUserStore.UserListener; import org.eclipse.jetty.server.UserIdentity; import org.eclipse.jetty.util.Scanner; @@ -49,45 +48,17 @@ import org.eclipse.jetty.util.security.Credential; * <p> * If DIGEST Authentication is used, the password must be in a recoverable format, either plain text or OBF:. */ -public class HashLoginService extends MappedLoginService implements UserListener +public class HashLoginService extends AbstractLoginService { private static final Logger LOG = Log.getLogger(HashLoginService.class); - private PropertyUserStore _propertyUserStore; - private String _config; - private Resource _configResource; - private Scanner _scanner; - private boolean hotReload = false; // default is not to reload + protected PropertyUserStore _propertyUserStore; + protected String _config; + protected Resource _configResource; + protected boolean hotReload = false; // default is not to reload - public class HashKnownUser extends KnownUser - { - String[] _roles; - - /** - * @param name - * @param credential - */ - public HashKnownUser(String name, Credential credential) - { - super(name, credential); - } - - - - public void setRoles (String[] roles) - { - _roles = roles; - } - - public String[] getRoles() - { - return _roles; - } - } - - /* ------------------------------------------------------------ */ public HashLoginService() @@ -161,46 +132,11 @@ public class HashLoginService extends MappedLoginService implements UserListener this.hotReload = enable; } - /* ------------------------------------------------------------ */ - /** - * sets the refresh interval (in seconds) - * @param sec the refresh interval - * @deprecated use {@link #setHotReload(boolean)} instead - */ - @Deprecated - public void setRefreshInterval(int sec) - { - } - - /* ------------------------------------------------------------ */ - /** - * @return refresh interval in seconds for how often the properties file should be checked for changes - * @deprecated use {@link #isHotReload()} instead - */ - @Deprecated - public int getRefreshInterval() - { - return (hotReload)?1:0; - } + /* ------------------------------------------------------------ */ @Override - protected UserIdentity loadUser(String username) - { - return null; - } - - /* ------------------------------------------------------------ */ - @Override - public void loadUsers() throws IOException - { - // TODO: Consider refactoring MappedLoginService to not have to override with unused methods - } - - - - @Override - protected String[] loadRoleInfo(KnownUser user) + protected String[] loadRoleInfo(UserPrincipal user) { UserIdentity id = _propertyUserStore.getUserIdentity(user.getName()); if (id == null) @@ -218,13 +154,17 @@ public class HashLoginService extends MappedLoginService implements UserListener return list.toArray(new String[roles.size()]); } + + + + /* ------------------------------------------------------------ */ @Override - protected KnownUser loadUserInfo(String userName) + protected UserPrincipal loadUserInfo(String userName) { UserIdentity id = _propertyUserStore.getUserIdentity(userName); if (id != null) { - return (KnownUser)id.getUserPrincipal(); + return (UserPrincipal)id.getUserPrincipal(); } return null; @@ -249,7 +189,6 @@ public class HashLoginService extends MappedLoginService implements UserListener _propertyUserStore = new PropertyUserStore(); _propertyUserStore.setHotReload(hotReload); _propertyUserStore.setConfigPath(_config); - _propertyUserStore.registerUserListener(this); _propertyUserStore.start(); } } @@ -262,28 +201,5 @@ public class HashLoginService extends MappedLoginService implements UserListener protected void doStop() throws Exception { super.doStop(); - if (_scanner != null) - _scanner.stop(); - _scanner = null; - } - - /* ------------------------------------------------------------ */ - @Override - public void update(String userName, Credential credential, String[] roleArray) - { - if (LOG.isDebugEnabled()) - LOG.debug("update: " + userName + " Roles: " + roleArray.length); - //TODO need to remove and replace the authenticated user? - } - - - - /* ------------------------------------------------------------ */ - @Override - public void remove(String userName) - { - if (LOG.isDebugEnabled()) - LOG.debug("remove: " + userName); - removeUser(userName); } } diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/JDBCLoginService.java b/jetty-security/src/main/java/org/eclipse/jetty/security/JDBCLoginService.java index 4294b74ef5..09b5df9512 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/JDBCLoginService.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/JDBCLoginService.java @@ -59,7 +59,7 @@ import org.eclipse.jetty.util.security.Credential; * */ -public class JDBCLoginService extends MappedLoginService +public class JDBCLoginService extends AbstractLoginService { private static final Logger LOG = Log.getLogger(JDBCLoginService.class); @@ -71,8 +71,6 @@ public class JDBCLoginService extends MappedLoginService protected String _userTableKey; protected String _userTablePasswordField; protected String _roleTableRoleField; - protected int _cacheTime; - protected long _lastHashPurge; protected Connection _con; protected String _userSql; protected String _roleSql; @@ -83,7 +81,7 @@ public class JDBCLoginService extends MappedLoginService * * */ - public class JDBCKnownUser extends KnownUser + public class JDBCUserPrincipal extends UserPrincipal { int _userKey; @@ -91,7 +89,7 @@ public class JDBCLoginService extends MappedLoginService * @param name * @param credential */ - public JDBCKnownUser(String name, Credential credential, int key) + public JDBCUserPrincipal(String name, Credential credential, int key) { super(name, credential); _userKey = key; @@ -162,20 +160,18 @@ public class JDBCLoginService extends MappedLoginService String _userRoleTable = properties.getProperty("userroletable"); String _userRoleTableUserKey = properties.getProperty("userroletableuserkey"); String _userRoleTableRoleKey = properties.getProperty("userroletablerolekey"); - _cacheTime = new Integer(properties.getProperty("cachetime")); + if (_jdbcDriver == null || _jdbcDriver.equals("") || _url == null || _url.equals("") || _userName == null || _userName.equals("") - || _password == null - || _cacheTime < 0) + || _password == null) { LOG.warn("UserRealm " + getName() + " has not been properly configured"); } - _cacheTime *= 1000; - _lastHashPurge = 0; + _userSql = "select " + _userTableKey + "," + _userTablePasswordField + " from " + _userTable + " where " + _userTableUserField + " = ?"; _roleSql = "select r." + _roleTableRoleField + " from " @@ -235,80 +231,15 @@ public class JDBCLoginService extends MappedLoginService } } - /* ------------------------------------------------------------ */ - @Override - public UserIdentity login(String username, Object credentials, ServletRequest request) - { - long now = System.currentTimeMillis(); - if (now - _lastHashPurge > _cacheTime || _cacheTime == 0) - { - _users.clear(); - _lastHashPurge = now; - closeConnection(); - } - - return super.login(username,credentials, request); - } - - /* ------------------------------------------------------------ */ - @Override - protected void loadUsers() - { - } + - /* ------------------------------------------------------------ */ - @Deprecated - protected UserIdentity loadUser(String username) - { - try - { - if (null == _con) - connectDatabase(); - - if (null == _con) - throw new SQLException("Can't connect to database"); - - try (PreparedStatement stat1 = _con.prepareStatement(_userSql)) - { - stat1.setObject(1, username); - try (ResultSet rs1 = stat1.executeQuery()) - { - if (rs1.next()) - { - int key = rs1.getInt(_userTableKey); - String credentials = rs1.getString(_userTablePasswordField); - - - List<String> roles = new ArrayList<String>(); - - try (PreparedStatement stat2 = _con.prepareStatement(_roleSql)) - { - stat2.setInt(1, key); - try (ResultSet rs2 = stat2.executeQuery()) - { - while (rs2.next()) - roles.add(rs2.getString(_roleTableRoleField)); - } - } - return putUser(username, Credential.getCredential(credentials), roles.toArray(new String[roles.size()])); - } - } - } - } - catch (SQLException e) - { - LOG.warn("UserRealm " + getName() + " could not load user information from database", e); - closeConnection(); - } - return null; - } - + /* ------------------------------------------------------------ */ /** * @see org.eclipse.jetty.security.MappedLoginService#loadUserInfo(java.lang.String) * @Override */ - public KnownUser loadUserInfo (String username) + public UserPrincipal loadUserInfo (String username) { try { @@ -328,7 +259,7 @@ public class JDBCLoginService extends MappedLoginService int key = rs1.getInt(_userTableKey); String credentials = rs1.getString(_userTablePasswordField); - return new JDBCKnownUser (username, Credential.getCredential(credentials), key); + return new JDBCUserPrincipal (username, Credential.getCredential(credentials), key); } } } @@ -343,14 +274,14 @@ public class JDBCLoginService extends MappedLoginService } - + /* ------------------------------------------------------------ */ /** - * @see org.eclipse.jetty.security.MappedLoginService#loadRoleInfo(org.eclipse.jetty.security.MappedLoginService.KnownUser) + * @see org.eclipse.jetty.security.MappedLoginService#loadRoleInfo(org.eclipse.jetty.security.UserPrincipal.KnownUser) * @Override */ - public String[] loadRoleInfo (KnownUser user) + public String[] loadRoleInfo (UserPrincipal user) { - JDBCKnownUser jdbcUser = (JDBCKnownUser)user; + JDBCUserPrincipal jdbcUser = (JDBCUserPrincipal)user; try { @@ -385,7 +316,19 @@ public class JDBCLoginService extends MappedLoginService + + /* ------------------------------------------------------------ */ + /** + * @see org.eclipse.jetty.util.component.AbstractLifeCycle#doStop() + */ + @Override + protected void doStop() throws Exception + { + closeConnection(); + super.doStop(); + } + /* ------------------------------------------------------------ */ /** * Close an existing connection */ diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/MappedLoginService.java b/jetty-security/src/main/java/org/eclipse/jetty/security/MappedLoginService.java deleted file mode 100644 index 310a4db8bc..0000000000 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/MappedLoginService.java +++ /dev/null @@ -1,375 +0,0 @@ -// -// ======================================================================== -// Copyright (c) 1995-2015 Mort Bay Consulting Pty. Ltd. -// ------------------------------------------------------------------------ -// All rights reserved. This program and the accompanying materials -// are made available under the terms of the Eclipse Public License v1.0 -// and Apache License v2.0 which accompanies this distribution. -// -// The Eclipse Public License is available at -// http://www.eclipse.org/legal/epl-v10.html -// -// The Apache License v2.0 is available at -// http://www.opensource.org/licenses/apache2.0.php -// -// You may elect to redistribute this code under either of these licenses. -// ======================================================================== -// - - -package org.eclipse.jetty.security; - -import java.io.IOException; -import java.io.Serializable; -import java.security.Principal; -import java.util.Map; -import java.util.concurrent.ConcurrentHashMap; -import java.util.concurrent.ConcurrentMap; - -import javax.security.auth.Subject; -import javax.servlet.ServletRequest; - -import org.eclipse.jetty.server.UserIdentity; -import org.eclipse.jetty.util.component.AbstractLifeCycle; -import org.eclipse.jetty.util.log.Log; -import org.eclipse.jetty.util.log.Logger; -import org.eclipse.jetty.util.security.Credential; - - - -/* ------------------------------------------------------------ */ -/** - * A login service that keeps UserIdentities in a concurrent map - * either as the source or a cache of the users. - * - */ -public abstract class MappedLoginService extends AbstractLifeCycle implements LoginService -{ - private static final Logger LOG = Log.getLogger(MappedLoginService.class); - - protected IdentityService _identityService=new DefaultIdentityService(); - protected String _name; - protected final ConcurrentMap<String, UserIdentity> _users=new ConcurrentHashMap<String, UserIdentity>(); - - /* ------------------------------------------------------------ */ - protected MappedLoginService() - { - } - - /* ------------------------------------------------------------ */ - /** Get the name. - * @return the name - */ - public String getName() - { - return _name; - } - - /* ------------------------------------------------------------ */ - /** Get the identityService. - * @return the identityService - */ - public IdentityService getIdentityService() - { - return _identityService; - } - - /* ------------------------------------------------------------ */ - /** Get the users. - * @return the users - */ - public ConcurrentMap<String, UserIdentity> getUsers() - { - return _users; - } - - /* ------------------------------------------------------------ */ - /** Set the identityService. - * @param identityService the identityService to set - */ - public void setIdentityService(IdentityService identityService) - { - if (isRunning()) - throw new IllegalStateException("Running"); - _identityService = identityService; - } - - /* ------------------------------------------------------------ */ - /** Set the name. - * @param name the name to set - */ - public void setName(String name) - { - if (isRunning()) - throw new IllegalStateException("Running"); - _name = name; - } - - /* ------------------------------------------------------------ */ - /** Set the users. - * @param users the users to set - */ - public void setUsers(Map<String, UserIdentity> users) - { - if (isRunning()) - throw new IllegalStateException("Running"); - _users.clear(); - _users.putAll(users); - } - - /* ------------------------------------------------------------ */ - /** - * @see org.eclipse.jetty.util.component.AbstractLifeCycle#doStart() - */ - @Override - protected void doStart() throws Exception - { - loadUsers(); - super.doStart(); - } - - /* ------------------------------------------------------------ */ - @Override - protected void doStop() throws Exception - { - super.doStop(); - } - - /* ------------------------------------------------------------ */ - public void logout(UserIdentity identity) - { - LOG.debug("logout {}",identity); - - //TODO should remove the user????? - } - - /* ------------------------------------------------------------ */ - @Override - public String toString() - { - return this.getClass().getSimpleName()+"["+_name+"]"; - } - - /* ------------------------------------------------------------ */ - /** Put user into realm. - * Called by implementations to put the user data loaded from - * file/db etc into the user structure. - * @param userName User name - * @param info a UserIdentity instance, or a String password or Credential instance - * @return User instance - */ - protected synchronized UserIdentity putUser(String userName, Object info) - { - final UserIdentity identity; - if (info instanceof UserIdentity) - identity=(UserIdentity)info; - else - { - Credential credential = (info instanceof Credential)?(Credential)info:Credential.getCredential(info.toString()); - - Principal userPrincipal = new KnownUser(userName,credential); - Subject subject = new Subject(); - subject.getPrincipals().add(userPrincipal); - subject.getPrivateCredentials().add(credential); - subject.setReadOnly(); - identity=_identityService.newUserIdentity(subject,userPrincipal,IdentityService.NO_ROLES); - } - - _users.put(userName,identity); - return identity; - } - - /* ------------------------------------------------------------ */ - /** Put user into realm. - * @param userName The user to add - * @param credential The users Credentials - * @param roles The users roles - * @return UserIdentity - */ - public synchronized UserIdentity putUser(String userName, Credential credential, String[] roles) - { - Principal userPrincipal = new KnownUser(userName,credential); - Subject subject = new Subject(); - subject.getPrincipals().add(userPrincipal); - subject.getPrivateCredentials().add(credential); - - if (roles!=null) - for (String role : roles) - subject.getPrincipals().add(new RolePrincipal(role)); - - subject.setReadOnly(); - UserIdentity identity=_identityService.newUserIdentity(subject,userPrincipal,roles); - _users.put(userName,identity); - return identity; - } - - - - - public synchronized UserIdentity putUser (KnownUser userPrincipal, String[] roles) - { - Subject subject = new Subject(); - subject.getPrincipals().add(userPrincipal); - subject.getPrivateCredentials().add(userPrincipal._credential); - if (roles!=null) - for (String role : roles) - subject.getPrincipals().add(new RolePrincipal(role)); - subject.setReadOnly(); - UserIdentity identity=_identityService.newUserIdentity(subject,userPrincipal,roles); - _users.put(userPrincipal._name,identity); - return identity; - } - - - /* ------------------------------------------------------------ */ - public void removeUser(String username) - { - _users.remove(username); - } - - /* ------------------------------------------------------------ */ - /** - * @see org.eclipse.jetty.security.LoginService#login(java.lang.String, java.lang.Object, ServletRequest) - */ - public UserIdentity login(String username, Object credentials, ServletRequest request) - { - if (username == null) - return null; - - UserIdentity user = _users.get(username); - - if (user==null) - { - KnownUser userPrincipal = loadUserInfo(username); - if (userPrincipal.authenticate(credentials)) - { - //safe to load the roles - String[] roles = loadRoleInfo(userPrincipal); - user = putUser(userPrincipal, roles); - return user; - } - } - else - { - UserPrincipal principal = (UserPrincipal)user.getUserPrincipal(); - if (principal.authenticate(credentials)) - return user; - } - return null; - } - - /* ------------------------------------------------------------ */ - public boolean validate(UserIdentity user) - { - if (_users.containsKey(user.getUserPrincipal().getName())) - return true; - - if (loadUser(user.getUserPrincipal().getName())!=null) - return true; - - return false; - } - /* ------------------------------------------------------------ */ - protected abstract String[] loadRoleInfo (KnownUser user); - /* ------------------------------------------------------------ */ - protected abstract KnownUser loadUserInfo (String username); - /* ------------------------------------------------------------ */ - protected abstract UserIdentity loadUser(String username); - - /* ------------------------------------------------------------ */ - protected abstract void loadUsers() throws IOException; - - - /* ------------------------------------------------------------ */ - /* ------------------------------------------------------------ */ - /* ------------------------------------------------------------ */ - public interface UserPrincipal extends Principal,Serializable - { - boolean authenticate(Object credentials); - public boolean isAuthenticated(); - } - - /* ------------------------------------------------------------ */ - /* ------------------------------------------------------------ */ - /* ------------------------------------------------------------ */ - public static class RolePrincipal implements Principal,Serializable - { - private static final long serialVersionUID = 2998397924051854402L; - private final String _roleName; - public RolePrincipal(String name) - { - _roleName=name; - } - public String getName() - { - return _roleName; - } - } - - /* ------------------------------------------------------------ */ - /* ------------------------------------------------------------ */ - /* ------------------------------------------------------------ */ - public static class Anonymous implements UserPrincipal,Serializable - { - private static final long serialVersionUID = 1097640442553284845L; - - public boolean isAuthenticated() - { - return false; - } - - public String getName() - { - return "Anonymous"; - } - - public boolean authenticate(Object credentials) - { - return false; - } - - } - - /* ------------------------------------------------------------ */ - /* ------------------------------------------------------------ */ - /* ------------------------------------------------------------ */ - public static class KnownUser implements UserPrincipal,Serializable - { - private static final long serialVersionUID = -6226920753748399662L; - private final String _name; - private final Credential _credential; - - /* -------------------------------------------------------- */ - public KnownUser(String name,Credential credential) - { - _name=name; - _credential=credential; - } - - /* -------------------------------------------------------- */ - public boolean authenticate(Object credentials) - { - return _credential!=null && _credential.check(credentials); - } - - /* ------------------------------------------------------------ */ - public String getName() - { - return _name; - } - - /* -------------------------------------------------------- */ - public boolean isAuthenticated() - { - return true; - } - - /* -------------------------------------------------------- */ - @Override - public String toString() - { - return _name; - } - } -} - diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/PropertyUserStore.java b/jetty-security/src/main/java/org/eclipse/jetty/security/PropertyUserStore.java index 0bab932957..2d7a6368a6 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/PropertyUserStore.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/PropertyUserStore.java @@ -33,8 +33,7 @@ import java.util.Set; import javax.security.auth.Subject; -import org.eclipse.jetty.security.MappedLoginService.KnownUser; -import org.eclipse.jetty.security.MappedLoginService.RolePrincipal; + import org.eclipse.jetty.server.UserIdentity; import org.eclipse.jetty.util.PathWatcher; import org.eclipse.jetty.util.PathWatcher.PathWatchEvent; @@ -64,17 +63,17 @@ public class PropertyUserStore extends AbstractLifeCycle implements PathWatcher. { private static final Logger LOG = Log.getLogger(PropertyUserStore.class); - private Path _configPath; - private Resource _configResource; + protected Path _configPath; + protected Resource _configResource; - private PathWatcher pathWatcher; - private boolean hotReload = false; // default is not to reload + protected PathWatcher pathWatcher; + protected boolean hotReload = false; // default is not to reload - private IdentityService _identityService = new DefaultIdentityService(); - private boolean _firstLoad = true; // true if first load, false from that point on - private final List<String> _knownUsers = new ArrayList<String>(); - private final Map<String, UserIdentity> _knownUserIdentities = new HashMap<String, UserIdentity>(); - private List<UserListener> _listeners; + protected IdentityService _identityService = new DefaultIdentityService(); + protected boolean _firstLoad = true; // true if first load, false from that point on + protected final List<String> _knownUsers = new ArrayList<String>(); + protected final Map<String, UserIdentity> _knownUserIdentities = new HashMap<String, UserIdentity>(); + protected List<UserListener> _listeners; /** * Get the config (as a string) @@ -186,27 +185,7 @@ public class PropertyUserStore extends AbstractLifeCycle implements PathWatcher. this.hotReload = enable; } - /* ------------------------------------------------------------ */ - /** - * sets the refresh interval (in seconds) - * @param sec the refresh interval - * @deprecated use {@link #setHotReload(boolean)} instead - */ - @Deprecated - public void setRefreshInterval(int sec) - { - } - - /* ------------------------------------------------------------ */ - /** - * @return refresh interval in seconds for how often the properties file should be checked for changes - * @deprecated use {@link #isHotReload()} instead - */ - @Deprecated - public int getRefreshInterval() - { - return (hotReload)?1:0; - } + @Override public String toString() @@ -221,7 +200,7 @@ public class PropertyUserStore extends AbstractLifeCycle implements PathWatcher. } /* ------------------------------------------------------------ */ - private void loadUsers() throws IOException + protected void loadUsers() throws IOException { if (_configPath == null) return; @@ -259,7 +238,7 @@ public class PropertyUserStore extends AbstractLifeCycle implements PathWatcher. known.add(username); Credential credential = Credential.getCredential(credentials); - Principal userPrincipal = new KnownUser(username,credential); + Principal userPrincipal = new AbstractLoginService.UserPrincipal(username,credential); Subject subject = new Subject(); subject.getPrincipals().add(userPrincipal); subject.getPrivateCredentials().add(credential); @@ -268,7 +247,7 @@ public class PropertyUserStore extends AbstractLifeCycle implements PathWatcher. { for (String role : roleArray) { - subject.getPrincipals().add(new RolePrincipal(role)); + subject.getPrincipals().add(new AbstractLoginService.RolePrincipal(role)); } } diff --git a/jetty-security/src/test/java/org/eclipse/jetty/security/AliasedConstraintTest.java b/jetty-security/src/test/java/org/eclipse/jetty/security/AliasedConstraintTest.java index 7da1a9b889..abf0c7ace5 100644 --- a/jetty-security/src/test/java/org/eclipse/jetty/security/AliasedConstraintTest.java +++ b/jetty-security/src/test/java/org/eclipse/jetty/security/AliasedConstraintTest.java @@ -62,7 +62,8 @@ public class AliasedConstraintTest private static Server server;
private static LocalConnector connector;
private static ConstraintSecurityHandler security;
-
+
+
@BeforeClass
public static void startServer() throws Exception
{
@@ -73,7 +74,8 @@ public class AliasedConstraintTest ContextHandler context = new ContextHandler();
SessionHandler session = new SessionHandler();
- HashLoginService loginService = new HashLoginService(TEST_REALM);
+ TestLoginService loginService = new TestLoginService(TEST_REALM);
+
loginService.putUser("user0",new Password("password"),new String[] {});
loginService.putUser("user",new Password("password"),new String[] { "user" });
loginService.putUser("user2",new Password("password"),new String[] { "user" });
diff --git a/jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java b/jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java index 4a37e6c82c..288bd7df88 100644 --- a/jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java +++ b/jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java @@ -85,7 +85,8 @@ public class ConstraintTest ContextHandler _context = new ContextHandler(); SessionHandler _session = new SessionHandler(); - HashLoginService _loginService = new HashLoginService(TEST_REALM); + TestLoginService _loginService = new TestLoginService(TEST_REALM); + _loginService.putUser("user0", new Password("password"), new String[]{}); _loginService.putUser("user",new Password("password"), new String[] {"user"}); _loginService.putUser("user2",new Password("password"), new String[] {"user"}); diff --git a/jetty-security/src/test/java/org/eclipse/jetty/security/SpecExampleConstraintTest.java b/jetty-security/src/test/java/org/eclipse/jetty/security/SpecExampleConstraintTest.java index 007d5ed978..004eeab755 100644 --- a/jetty-security/src/test/java/org/eclipse/jetty/security/SpecExampleConstraintTest.java +++ b/jetty-security/src/test/java/org/eclipse/jetty/security/SpecExampleConstraintTest.java @@ -69,8 +69,9 @@ public class SpecExampleConstraintTest ContextHandler _context = new ContextHandler(); _session = new SessionHandler(); - HashLoginService _loginService = new HashLoginService(TEST_REALM); - _loginService.putUser("fred",new Password("password")); + TestLoginService _loginService = new TestLoginService(TEST_REALM); + + _loginService.putUser("fred",new Password("password"), IdentityService.NO_ROLES); _loginService.putUser("harry",new Password("password"), new String[] {"HOMEOWNER"}); _loginService.putUser("chris",new Password("password"), new String[] {"CONTRACTOR"}); _loginService.putUser("steven", new Password("password"), new String[] {"SALESCLERK"}); diff --git a/jetty-security/src/test/java/org/eclipse/jetty/security/TestLoginService.java b/jetty-security/src/test/java/org/eclipse/jetty/security/TestLoginService.java new file mode 100644 index 0000000000..222fe136e2 --- /dev/null +++ b/jetty-security/src/test/java/org/eclipse/jetty/security/TestLoginService.java @@ -0,0 +1,69 @@ +// +// ======================================================================== +// Copyright (c) 1995-2015 Mort Bay Consulting Pty. Ltd. +// ------------------------------------------------------------------------ +// All rights reserved. This program and the accompanying materials +// are made available under the terms of the Eclipse Public License v1.0 +// and Apache License v2.0 which accompanies this distribution. +// +// The Eclipse Public License is available at +// http://www.eclipse.org/legal/epl-v10.html +// +// The Apache License v2.0 is available at +// http://www.opensource.org/licenses/apache2.0.php +// +// You may elect to redistribute this code under either of these licenses. +// ======================================================================== +// + + +package org.eclipse.jetty.security; + +import java.util.HashMap; +import java.util.Map; + +import org.eclipse.jetty.util.security.Credential; + +/** + * TestLoginService + * + * + */ +public class TestLoginService extends AbstractLoginService +{ + protected Map<String, UserPrincipal> _users = new HashMap<>(); + protected Map<String, String[]> _roles = new HashMap<>(); + + + + public TestLoginService(String name) + { + setName(name); + } + + public void putUser (String username, Credential credential, String[] roles) + { + UserPrincipal userPrincipal = new UserPrincipal(username,credential); + _users.put(username, userPrincipal); + _roles.put(username, roles); + } + + /** + * @see org.eclipse.jetty.security.AbstractLoginService#loadRoleInfo(org.eclipse.jetty.security.AbstractLoginService.UserPrincipal) + */ + @Override + protected String[] loadRoleInfo(UserPrincipal user) + { + return _roles.get(user.getName()); + } + + /** + * @see org.eclipse.jetty.security.AbstractLoginService#loadUserInfo(java.lang.String) + */ + @Override + protected UserPrincipal loadUserInfo(String username) + { + return _users.get(username); + } + +} |