diff options
Diffstat (limited to 'jetty-security/src/main/java/org/eclipse/jetty/security/HashLoginService.java')
-rw-r--r-- | jetty-security/src/main/java/org/eclipse/jetty/security/HashLoginService.java | 123 |
1 files changed, 110 insertions, 13 deletions
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/HashLoginService.java b/jetty-security/src/main/java/org/eclipse/jetty/security/HashLoginService.java index beb051b621..d49f158946 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/HashLoginService.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/HashLoginService.java @@ -19,7 +19,11 @@ package org.eclipse.jetty.security; import java.io.IOException; +import java.util.ArrayList; +import java.util.List; +import java.util.Set; +import org.eclipse.jetty.security.MappedLoginService.KnownUser; import org.eclipse.jetty.security.PropertyUserStore.UserListener; import org.eclipse.jetty.server.UserIdentity; import org.eclipse.jetty.util.Scanner; @@ -31,18 +35,18 @@ import org.eclipse.jetty.util.security.Credential; /* ------------------------------------------------------------ */ /** * Properties User Realm. - * + * <p> * An implementation of UserRealm that stores users and roles in-memory in HashMaps. - * <P> + * <p> * Typically these maps are populated by calling the load() method or passing a properties resource to the constructor. The format of the properties file is: * - * <PRE> + * <pre> * username: password [,rolename ...] - * </PRE> + * </pre> * * Passwords may be clear text, obfuscated or checksummed. The class com.eclipse.Util.Password should be used to generate obfuscated passwords or password * checksums. - * + * <p> * If DIGEST Authentication is used, the password must be in a recoverable format, either plain text or OBF:. */ public class HashLoginService extends MappedLoginService implements UserListener @@ -52,7 +56,29 @@ public class HashLoginService extends MappedLoginService implements UserListener private PropertyUserStore _propertyUserStore; private String _config; private Resource _configResource; - private int _refreshInterval = 0;// default is not to reload + private boolean hotReload = false; // default is not to reload + + + + public class HashKnownUser extends KnownUser + { + String[] _roles; + + public HashKnownUser(String name, Credential credential) + { + super(name, credential); + } + + public void setRoles (String[] roles) + { + _roles = roles; + } + + public String[] getRoles() + { + return _roles; + } + } /* ------------------------------------------------------------ */ public HashLoginService() @@ -101,17 +127,51 @@ public class HashLoginService extends MappedLoginService implements UserListener { _config = config; } + + /** + * Is hot reload enabled on this user store + * + * @return true if hot reload was enabled before startup + */ + public boolean isHotReload() + { + return hotReload; + } + + /** + * Enable Hot Reload of the Property File + * + * @param enable true to enable, false to disable + */ + public void setHotReload(boolean enable) + { + if (isRunning()) + { + throw new IllegalStateException("Cannot set hot reload while user store is running"); + } + this.hotReload = enable; + } /* ------------------------------------------------------------ */ - public void setRefreshInterval(int msec) + /** + * sets the refresh interval (in seconds) + * @param sec the refresh interval + * @deprecated use {@link #setHotReload(boolean)} instead + */ + @Deprecated + public void setRefreshInterval(int sec) { - _refreshInterval = msec; } /* ------------------------------------------------------------ */ + /** + * @return refresh interval in seconds for how often the properties file should be checked for changes + * @deprecated use {@link #isHotReload()} instead + */ + @Deprecated public int getRefreshInterval() { - return _refreshInterval; + return (hotReload)?1:0; } /* ------------------------------------------------------------ */ @@ -128,6 +188,41 @@ public class HashLoginService extends MappedLoginService implements UserListener // TODO: Consider refactoring MappedLoginService to not have to override with unused methods } + + + @Override + protected String[] loadRoleInfo(KnownUser user) + { + UserIdentity id = _propertyUserStore.getUserIdentity(user.getName()); + if (id == null) + return null; + + + Set<RolePrincipal> roles = id.getSubject().getPrincipals(RolePrincipal.class); + if (roles == null) + return null; + + List<String> list = new ArrayList<>(); + for (RolePrincipal r:roles) + list.add(r.getName()); + + return list.toArray(new String[roles.size()]); + } + + @Override + protected KnownUser loadUserInfo(String userName) + { + UserIdentity id = _propertyUserStore.getUserIdentity(userName); + if (id != null) + { + return (KnownUser)id.getUserPrincipal(); + } + + return null; + } + + + /* ------------------------------------------------------------ */ /** * @see org.eclipse.jetty.util.component.AbstractLifeCycle#doStart() @@ -140,11 +235,11 @@ public class HashLoginService extends MappedLoginService implements UserListener if (_propertyUserStore == null) { if(LOG.isDebugEnabled()) - LOG.debug("doStart: Starting new PropertyUserStore. PropertiesFile: " + _config + " refreshInterval: " + _refreshInterval); + LOG.debug("doStart: Starting new PropertyUserStore. PropertiesFile: " + _config + " hotReload: " + hotReload); _propertyUserStore = new PropertyUserStore(); - _propertyUserStore.setRefreshInterval(_refreshInterval); - _propertyUserStore.setConfig(_config); + _propertyUserStore.setHotReload(hotReload); + _propertyUserStore.setConfigPath(_config); _propertyUserStore.registerUserListener(this); _propertyUserStore.start(); } @@ -169,9 +264,11 @@ public class HashLoginService extends MappedLoginService implements UserListener { if (LOG.isDebugEnabled()) LOG.debug("update: " + userName + " Roles: " + roleArray.length); - putUser(userName,credential,roleArray); + //TODO need to remove and replace the authenticated user? } + + /* ------------------------------------------------------------ */ @Override public void remove(String userName) |