From 73401791d7317918b3bdb32e9e61378bba33be71 Mon Sep 17 00:00:00 2001 From: Greg Wilkins Date: Mon, 24 Sep 2012 11:40:03 +1000 Subject: 390161 jetty-9 do not share DeferredAuthentication --- .../eclipse/jetty/security/SecurityHandler.java | 3 - .../authentication/BasicAuthenticator.java | 7 +- .../authentication/ClientCertAuthenticator.java | 7 +- .../authentication/DeferredAuthentication.java | 106 +++++++++++---------- .../authentication/DigestAuthenticator.java | 7 +- .../security/authentication/FormAuthenticator.java | 4 +- .../authentication/LoginAuthenticator.java | 2 +- .../authentication/SpnegoAuthenticator.java | 9 +- 8 files changed, 77 insertions(+), 68 deletions(-) (limited to 'jetty-security/src/main/java') diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java b/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java index 5372c20843..34a5246f9c 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java @@ -506,8 +506,6 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti else if (authentication instanceof Authentication.Deferred) { DeferredAuthentication deferred= (DeferredAuthentication)authentication; - deferred.setIdentityService(_identityService); - deferred.setLoginService(_loginService); baseRequest.setAuthentication(authentication); try @@ -517,7 +515,6 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti finally { previousIdentity = deferred.getPreviousAssociation(); - deferred.setIdentityService(null); } if (authenticator!=null) diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/BasicAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/BasicAuthenticator.java index 96927abf98..b65da3047e 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/BasicAuthenticator.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/BasicAuthenticator.java @@ -48,6 +48,7 @@ public class BasicAuthenticator extends LoginAuthenticator /** * @see org.eclipse.jetty.security.Authenticator#getAuthMethod() */ + @Override public String getAuthMethod() { return Constraint.__BASIC_AUTH; @@ -57,6 +58,7 @@ public class BasicAuthenticator extends LoginAuthenticator /** * @see org.eclipse.jetty.security.Authenticator#validateRequest(javax.servlet.ServletRequest, javax.servlet.ServletResponse, boolean) */ + @Override public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException { HttpServletRequest request = (HttpServletRequest)req; @@ -66,7 +68,7 @@ public class BasicAuthenticator extends LoginAuthenticator try { if (!mandatory) - return _deferred; + return new DeferredAuthentication(this); if (credentials != null) { @@ -95,7 +97,7 @@ public class BasicAuthenticator extends LoginAuthenticator } } - if (_deferred.isDeferred(response)) + if (DeferredAuthentication.isDeferred(response)) return Authentication.UNAUTHENTICATED; response.setHeader(HttpHeader.WWW_AUTHENTICATE.asString(), "basic realm=\"" + _loginService.getName() + '"'); @@ -108,6 +110,7 @@ public class BasicAuthenticator extends LoginAuthenticator } } + @Override public boolean secureResponse(ServletRequest req, ServletResponse res, boolean mandatory, User validatedUser) throws ServerAuthException { return true; diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/ClientCertAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/ClientCertAuthenticator.java index 0db6551c5a..9eedbf56ce 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/ClientCertAuthenticator.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/ClientCertAuthenticator.java @@ -75,6 +75,7 @@ public class ClientCertAuthenticator extends LoginAuthenticator super(); } + @Override public String getAuthMethod() { return Constraint.__CERT_AUTH; @@ -84,10 +85,11 @@ public class ClientCertAuthenticator extends LoginAuthenticator * @return Authentication for request * @throws ServerAuthException */ + @Override public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException { if (!mandatory) - return _deferred; + return new DeferredAuthentication(this); HttpServletRequest request = (HttpServletRequest)req; HttpServletResponse response = (HttpServletResponse)res; @@ -129,7 +131,7 @@ public class ClientCertAuthenticator extends LoginAuthenticator } } - if (!_deferred.isDeferred(response)) + if (!DeferredAuthentication.isDeferred(response)) { response.sendError(HttpServletResponse.SC_FORBIDDEN); return Authentication.SEND_FAILURE; @@ -181,6 +183,7 @@ public class ClientCertAuthenticator extends LoginAuthenticator return CertificateUtils.loadCRL(crlPath); } + @Override public boolean secureResponse(ServletRequest req, ServletResponse res, boolean mandatory, User validatedUser) throws ServerAuthException { return true; diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DeferredAuthentication.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DeferredAuthentication.java index d3435d3f60..2cbd37f342 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DeferredAuthentication.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DeferredAuthentication.java @@ -44,22 +44,9 @@ import org.eclipse.jetty.util.log.Logger; public class DeferredAuthentication implements Authentication.Deferred { private static final Logger LOG = Log.getLogger(DeferredAuthentication.class); - - protected final Authenticator _authenticator; - - private LoginService _loginService; - private IdentityService _identityService; + protected final LoginAuthenticator _authenticator; private Object _previousAssociation; - - /* ------------------------------------------------------------ */ - public DeferredAuthentication(Authenticator authenticator) - { - if (authenticator == null) - throw new NullPointerException("No Authenticator"); - this._authenticator = authenticator; - } - /* ------------------------------------------------------------ */ public DeferredAuthentication(LoginAuthenticator authenticator) { @@ -68,40 +55,11 @@ public class DeferredAuthentication implements Authentication.Deferred this._authenticator = authenticator; } - /* ------------------------------------------------------------ */ - /** Get the identityService. - * @return the identityService - */ - public IdentityService getIdentityService() - { - return _identityService; - } - - /* ------------------------------------------------------------ */ - /** Set the identityService. - * @param identityService the identityService to set - */ - public void setIdentityService(IdentityService identityService) - { - _identityService = identityService; - } - - /* ------------------------------------------------------------ */ - public LoginService getLoginService() - { - return _loginService; - } - - /* ------------------------------------------------------------ */ - public void setLoginService(LoginService loginService) - { - _loginService = loginService; - } - /* ------------------------------------------------------------ */ /** * @see org.eclipse.jetty.server.Authentication.Deferred#authenticate(ServletRequest) */ + @Override public Authentication authenticate(ServletRequest request) { try @@ -110,8 +68,11 @@ public class DeferredAuthentication implements Authentication.Deferred if (authentication!=null && (authentication instanceof Authentication.User) && !(authentication instanceof Authentication.ResponseSent)) { - if (_identityService!=null) - _previousAssociation=_identityService.associate(((Authentication.User)authentication).getUserIdentity()); + LoginService login_service= _authenticator.getLoginService(); + IdentityService identity_service=login_service.getIdentityService(); + + if (identity_service!=null) + _previousAssociation=identity_service.associate(((Authentication.User)authentication).getUserIdentity()); return authentication; } } @@ -126,13 +87,17 @@ public class DeferredAuthentication implements Authentication.Deferred /** * @see org.eclipse.jetty.server.Authentication.Deferred#authenticate(javax.servlet.ServletRequest, javax.servlet.ServletResponse) */ + @Override public Authentication authenticate(ServletRequest request, ServletResponse response) { try { + LoginService login_service= _authenticator.getLoginService(); + IdentityService identity_service=login_service.getIdentityService(); + Authentication authentication = _authenticator.validateRequest(request,response,true); - if (authentication instanceof Authentication.User && _identityService!=null) - _previousAssociation=_identityService.associate(((Authentication.User)authentication).getUserIdentity()); + if (authentication instanceof Authentication.User && identity_service!=null) + _previousAssociation=identity_service.associate(((Authentication.User)authentication).getUserIdentity()); return authentication; } catch (ServerAuthException e) @@ -146,16 +111,20 @@ public class DeferredAuthentication implements Authentication.Deferred /** * @see org.eclipse.jetty.server.Authentication.Deferred#login(java.lang.String, java.lang.String) */ + @Override public Authentication login(String username, String password) { - if (_loginService!=null) + LoginService login_service= _authenticator.getLoginService(); + IdentityService identity_service=login_service.getIdentityService(); + + if (login_service!=null) { - UserIdentity user = _loginService.login(username,password); + UserIdentity user = login_service.login(username,password); if (user!=null) { UserAuthentication authentication = new UserAuthentication("API",user); - if (_identityService!=null) - _previousAssociation=_identityService.associate(user); + if (identity_service!=null) + _previousAssociation=identity_service.associate(user); return authentication; } } @@ -183,146 +152,179 @@ public class DeferredAuthentication implements Authentication.Deferred /* ------------------------------------------------------------ */ final static HttpServletResponse __deferredResponse = new HttpServletResponse() { + @Override public void addCookie(Cookie cookie) { } + @Override public void addDateHeader(String name, long date) { } + @Override public void addHeader(String name, String value) { } + @Override public void addIntHeader(String name, int value) { } + @Override public boolean containsHeader(String name) { return false; } + @Override public String encodeRedirectURL(String url) { return null; } + @Override public String encodeRedirectUrl(String url) { return null; } + @Override public String encodeURL(String url) { return null; } + @Override public String encodeUrl(String url) { return null; } + @Override public void sendError(int sc) throws IOException { } + @Override public void sendError(int sc, String msg) throws IOException { } + @Override public void sendRedirect(String location) throws IOException { } + @Override public void setDateHeader(String name, long date) { } + @Override public void setHeader(String name, String value) { } + @Override public void setIntHeader(String name, int value) { } + @Override public void setStatus(int sc) { } + @Override public void setStatus(int sc, String sm) { } + @Override public void flushBuffer() throws IOException { } + @Override public int getBufferSize() { return 1024; } + @Override public String getCharacterEncoding() { return null; } + @Override public String getContentType() { return null; } + @Override public Locale getLocale() { return null; } + @Override public ServletOutputStream getOutputStream() throws IOException { return __nullOut; } + @Override public PrintWriter getWriter() throws IOException { return IO.getNullPrintWriter(); } + @Override public boolean isCommitted() { return true; } + @Override public void reset() { } + @Override public void resetBuffer() { } + @Override public void setBufferSize(int size) { } + @Override public void setCharacterEncoding(String charset) { } + @Override public void setContentLength(int len) { } + @Override public void setContentType(String type) { } + @Override public void setLocale(Locale loc) { } + @Override public Collection getHeaderNames() { return Collections.emptyList(); diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java index ba3e964b9f..8c06f06e6a 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java @@ -105,22 +105,25 @@ public class DigestAuthenticator extends LoginAuthenticator } /* ------------------------------------------------------------ */ + @Override public String getAuthMethod() { return Constraint.__DIGEST_AUTH; } /* ------------------------------------------------------------ */ + @Override public boolean secureResponse(ServletRequest req, ServletResponse res, boolean mandatory, User validatedUser) throws ServerAuthException { return true; } /* ------------------------------------------------------------ */ + @Override public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException { if (!mandatory) - return _deferred; + return new DeferredAuthentication(this); HttpServletRequest request = (HttpServletRequest)req; HttpServletResponse response = (HttpServletResponse)res; @@ -196,7 +199,7 @@ public class DigestAuthenticator extends LoginAuthenticator } - if (!_deferred.isDeferred(response)) + if (!DeferredAuthentication.isDeferred(response)) { String domain = request.getContextPath(); if (domain == null) diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java index ce758f5be7..3ad5a9c127 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java @@ -193,10 +193,10 @@ public class FormAuthenticator extends LoginAuthenticator mandatory|=isJSecurityCheck(uri); if (!mandatory) - return _deferred; + return new DeferredAuthentication(this); if (isLoginOrErrorPage(URIUtil.addPaths(request.getServletPath(),request.getPathInfo())) &&!DeferredAuthentication.isDeferred(response)) - return _deferred; + return new DeferredAuthentication(this); HttpSession session = request.getSession(true); diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java index d44a21ea9e..44c571e7db 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java @@ -33,7 +33,6 @@ public abstract class LoginAuthenticator implements Authenticator { private static final Logger LOG = Log.getLogger(LoginAuthenticator.class); - protected final DeferredAuthentication _deferred=new DeferredAuthentication(this); protected LoginService _loginService; protected IdentityService _identityService; private boolean _renewSession; @@ -42,6 +41,7 @@ public abstract class LoginAuthenticator implements Authenticator { } + @Override public void setConfiguration(AuthConfiguration configuration) { _loginService=configuration.getLoginService(); diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SpnegoAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SpnegoAuthenticator.java index 87193ba0cf..2981e18fab 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SpnegoAuthenticator.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SpnegoAuthenticator.java @@ -37,12 +37,10 @@ import org.eclipse.jetty.util.security.Constraint; public class SpnegoAuthenticator extends LoginAuthenticator { private static final Logger LOG = Log.getLogger(SpnegoAuthenticator.class); - private String _authMethod = Constraint.__SPNEGO_AUTH; public SpnegoAuthenticator() { - } /** @@ -54,11 +52,13 @@ public class SpnegoAuthenticator extends LoginAuthenticator _authMethod = authMethod; } + @Override public String getAuthMethod() { return _authMethod; } + @Override public Authentication validateRequest(ServletRequest request, ServletResponse response, boolean mandatory) throws ServerAuthException { HttpServletRequest req = (HttpServletRequest)request; @@ -68,7 +68,7 @@ public class SpnegoAuthenticator extends LoginAuthenticator if (!mandatory) { - return _deferred; + return new DeferredAuthentication(this); } // check to see if we have authorization headers required to continue @@ -76,7 +76,7 @@ public class SpnegoAuthenticator extends LoginAuthenticator { try { - if (_deferred.isDeferred(res)) + if (DeferredAuthentication.isDeferred(res)) { return Authentication.UNAUTHENTICATED; } @@ -106,6 +106,7 @@ public class SpnegoAuthenticator extends LoginAuthenticator return Authentication.UNAUTHENTICATED; } + @Override public boolean secureResponse(ServletRequest request, ServletResponse response, boolean mandatory, User validatedUser) throws ServerAuthException { return true; -- cgit v1.2.3