From eacd75bbfdb4dc58eea5053f80c7c9177211db28 Mon Sep 17 00:00:00 2001 From: Greg Wilkins Date: Thu, 27 Sep 2012 10:13:23 +1000 Subject: 390161 jetty-9 do not share DeferredAuthentication --- .../eclipse/jetty/security/SecurityHandler.java | 3 - .../authentication/BasicAuthenticator.java | 6 +- .../authentication/ClientCertAuthenticator.java | 8 +-- .../authentication/DeferredAuthentication.java | 70 ++++++---------------- .../authentication/DigestAuthenticator.java | 6 +- .../security/authentication/FormAuthenticator.java | 17 +++--- .../authentication/LoginAuthenticator.java | 1 - .../authentication/SpnegoAuthenticator.java | 4 +- 8 files changed, 40 insertions(+), 75 deletions(-) (limited to 'jetty-security') diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java b/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java index d2009310d5..95bcbde894 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java @@ -525,8 +525,6 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti else if (authentication instanceof Authentication.Deferred) { DeferredAuthentication deferred= (DeferredAuthentication)authentication; - deferred.setIdentityService(_identityService); - deferred.setLoginService(_loginService); baseRequest.setAuthentication(authentication); try @@ -536,7 +534,6 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti finally { previousIdentity = deferred.getPreviousAssociation(); - deferred.setIdentityService(null); } if (authenticator!=null) diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/BasicAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/BasicAuthenticator.java index ec0bda78da..ec2fb04b0d 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/BasicAuthenticator.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/BasicAuthenticator.java @@ -67,8 +67,8 @@ public class BasicAuthenticator extends LoginAuthenticator try { if (!mandatory) - return _deferred; - + return new DeferredAuthentication(this); + if (credentials != null) { int space=credentials.indexOf(' '); @@ -96,7 +96,7 @@ public class BasicAuthenticator extends LoginAuthenticator } } - if (_deferred.isDeferred(response)) + if (DeferredAuthentication.isDeferred(response)) return Authentication.UNAUTHENTICATED; response.setHeader(HttpHeaders.WWW_AUTHENTICATE, "basic realm=\"" + _loginService.getName() + '"'); diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/ClientCertAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/ClientCertAuthenticator.java index 5a50944892..a4bef236a3 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/ClientCertAuthenticator.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/ClientCertAuthenticator.java @@ -88,8 +88,8 @@ public class ClientCertAuthenticator extends LoginAuthenticator public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException { if (!mandatory) - return _deferred; - + return new DeferredAuthentication(this); + HttpServletRequest request = (HttpServletRequest)req; HttpServletResponse response = (HttpServletResponse)res; X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate"); @@ -129,8 +129,8 @@ public class ClientCertAuthenticator extends LoginAuthenticator } } } - - if (!_deferred.isDeferred(response)) + + if (!DeferredAuthentication.isDeferred(response)) { response.sendError(HttpServletResponse.SC_FORBIDDEN); return Authentication.SEND_FAILURE; diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DeferredAuthentication.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DeferredAuthentication.java index c4f72f8f7e..158058c94f 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DeferredAuthentication.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DeferredAuthentication.java @@ -43,22 +43,9 @@ import org.eclipse.jetty.util.log.Logger; public class DeferredAuthentication implements Authentication.Deferred { private static final Logger LOG = Log.getLogger(DeferredAuthentication.class); - - protected final Authenticator _authenticator; - - private LoginService _loginService; - private IdentityService _identityService; + protected final LoginAuthenticator _authenticator; private Object _previousAssociation; - - /* ------------------------------------------------------------ */ - public DeferredAuthentication(Authenticator authenticator) - { - if (authenticator == null) - throw new NullPointerException("No Authenticator"); - this._authenticator = authenticator; - } - /* ------------------------------------------------------------ */ public DeferredAuthentication(LoginAuthenticator authenticator) { @@ -66,36 +53,6 @@ public class DeferredAuthentication implements Authentication.Deferred throw new NullPointerException("No Authenticator"); this._authenticator = authenticator; } - - /* ------------------------------------------------------------ */ - /** Get the identityService. - * @return the identityService - */ - public IdentityService getIdentityService() - { - return _identityService; - } - - /* ------------------------------------------------------------ */ - /** Set the identityService. - * @param identityService the identityService to set - */ - public void setIdentityService(IdentityService identityService) - { - _identityService = identityService; - } - - /* ------------------------------------------------------------ */ - public LoginService getLoginService() - { - return _loginService; - } - - /* ------------------------------------------------------------ */ - public void setLoginService(LoginService loginService) - { - _loginService = loginService; - } /* ------------------------------------------------------------ */ /** @@ -109,8 +66,11 @@ public class DeferredAuthentication implements Authentication.Deferred if (authentication!=null && (authentication instanceof Authentication.User) && !(authentication instanceof Authentication.ResponseSent)) { - if (_identityService!=null) - _previousAssociation=_identityService.associate(((Authentication.User)authentication).getUserIdentity()); + LoginService login_service= _authenticator.getLoginService(); + IdentityService identity_service=login_service.getIdentityService(); + + if (identity_service!=null) + _previousAssociation=identity_service.associate(((Authentication.User)authentication).getUserIdentity()); return authentication; } } @@ -129,9 +89,12 @@ public class DeferredAuthentication implements Authentication.Deferred { try { + LoginService login_service= _authenticator.getLoginService(); + IdentityService identity_service=login_service.getIdentityService(); + Authentication authentication = _authenticator.validateRequest(request,response,true); - if (authentication instanceof Authentication.User && _identityService!=null) - _previousAssociation=_identityService.associate(((Authentication.User)authentication).getUserIdentity()); + if (authentication instanceof Authentication.User && identity_service!=null) + _previousAssociation=identity_service.associate(((Authentication.User)authentication).getUserIdentity()); return authentication; } catch (ServerAuthException e) @@ -147,14 +110,17 @@ public class DeferredAuthentication implements Authentication.Deferred */ public Authentication login(String username, String password) { - if (_loginService!=null) + LoginService login_service= _authenticator.getLoginService(); + IdentityService identity_service=login_service.getIdentityService(); + + if (login_service!=null) { - UserIdentity user = _loginService.login(username,password); + UserIdentity user = login_service.login(username,password); if (user!=null) { UserAuthentication authentication = new UserAuthentication("API",user); - if (_identityService!=null) - _previousAssociation=_identityService.associate(user); + if (identity_service!=null) + _previousAssociation=identity_service.associate(user); return authentication; } } diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java index b95f9253a2..c42c26c871 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java @@ -121,8 +121,8 @@ public class DigestAuthenticator extends LoginAuthenticator public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException { if (!mandatory) - return _deferred; - + return new DeferredAuthentication(this); + HttpServletRequest request = (HttpServletRequest)req; HttpServletResponse response = (HttpServletResponse)res; String credentials = request.getHeader(HttpHeaders.AUTHORIZATION); @@ -197,7 +197,7 @@ public class DigestAuthenticator extends LoginAuthenticator } - if (!_deferred.isDeferred(response)) + if (!DeferredAuthentication.isDeferred(response)) { String domain = request.getContextPath(); if (domain == null) diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java index ccb00a200d..829a9d595b 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java @@ -191,11 +191,11 @@ public class FormAuthenticator extends LoginAuthenticator mandatory|=isJSecurityCheck(uri); if (!mandatory) - return _deferred; - + return new DeferredAuthentication(this); + if (isLoginOrErrorPage(URIUtil.addPaths(request.getServletPath(),request.getPathInfo())) &&!DeferredAuthentication.isDeferred(response)) - return _deferred; - + return new DeferredAuthentication(this); + HttpSession session = request.getSession(true); try @@ -300,9 +300,12 @@ public class FormAuthenticator extends LoginAuthenticator } // if we can't send challenge - if (_deferred.isDeferred(response)) - return Authentication.UNAUTHENTICATED; - + if (DeferredAuthentication.isDeferred(response)) + { + LOG.debug("auth deferred {}",session.getId()); + return Authentication.UNAUTHENTICATED; + } + // remember the current URI synchronized (session) { diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java index f7e30647a9..17e86574b6 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java @@ -29,7 +29,6 @@ import org.eclipse.jetty.server.session.AbstractSessionManager; public abstract class LoginAuthenticator implements Authenticator { - protected final DeferredAuthentication _deferred=new DeferredAuthentication(this); protected LoginService _loginService; protected IdentityService _identityService; private boolean _renewSession; diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SpnegoAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SpnegoAuthenticator.java index 4bce3993d6..ca5563f4e5 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SpnegoAuthenticator.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SpnegoAuthenticator.java @@ -69,7 +69,7 @@ public class SpnegoAuthenticator extends LoginAuthenticator if (!mandatory) { - return _deferred; + return new DeferredAuthentication(this); } // check to see if we have authorization headers required to continue @@ -77,7 +77,7 @@ public class SpnegoAuthenticator extends LoginAuthenticator { try { - if (_deferred.isDeferred(res)) + if (DeferredAuthentication.isDeferred(res)) { return Authentication.UNAUTHENTICATED; } -- cgit v1.2.3