From b764a1d13692dabe42cb9e267795f26c398cf1ad Mon Sep 17 00:00:00 2001 From: Greg Wilkins Date: Thu, 24 Apr 2014 15:46:08 +0200 Subject: 433244 Security manager lifecycle cleanup --- .../eclipse/jetty/security/HashLoginService.java | 4 ++ .../eclipse/jetty/security/SecurityHandler.java | 61 +++++++++++++--------- 2 files changed, 41 insertions(+), 24 deletions(-) (limited to 'jetty-security') diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/HashLoginService.java b/jetty-security/src/main/java/org/eclipse/jetty/security/HashLoginService.java index 55f7ed22a6..335aabd72b 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/HashLoginService.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/HashLoginService.java @@ -133,6 +133,7 @@ public class HashLoginService extends MappedLoginService implements UserListener /** * @see org.eclipse.jetty.util.component.AbstractLifeCycle#doStart() */ + @Override protected void doStart() throws Exception { super.doStart(); @@ -154,6 +155,7 @@ public class HashLoginService extends MappedLoginService implements UserListener /** * @see org.eclipse.jetty.util.component.AbstractLifeCycle#doStop() */ + @Override protected void doStop() throws Exception { super.doStop(); @@ -163,6 +165,7 @@ public class HashLoginService extends MappedLoginService implements UserListener } /* ------------------------------------------------------------ */ + @Override public void update(String userName, Credential credential, String[] roleArray) { if (LOG.isDebugEnabled()) @@ -171,6 +174,7 @@ public class HashLoginService extends MappedLoginService implements UserListener } /* ------------------------------------------------------------ */ + @Override public void remove(String userName) { if (LOG.isDebugEnabled()) diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java b/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java index 90c0d1b5ce..a6e108e9a7 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java @@ -43,6 +43,7 @@ import org.eclipse.jetty.server.handler.ContextHandler; import org.eclipse.jetty.server.handler.ContextHandler.Context; import org.eclipse.jetty.server.handler.HandlerWrapper; import org.eclipse.jetty.server.session.AbstractSession; +import org.eclipse.jetty.util.component.LifeCycle; import org.eclipse.jetty.util.log.Log; import org.eclipse.jetty.util.log.Logger; @@ -74,8 +75,6 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti private LoginService _loginService; private IdentityService _identityService; private boolean _renewSession=true; - private boolean _discoveredIdentityService = false; - private boolean _discoveredLoginService = false; /* ------------------------------------------------------------ */ protected SecurityHandler() @@ -266,20 +265,24 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti } /* ------------------------------------------------------------ */ - protected LoginService findLoginService() + protected LoginService findLoginService() throws Exception { Collection list = getServer().getBeans(LoginService.class); - + LoginService service = null; String realm=getRealmName(); if (realm!=null) { - for (LoginService service : list) - if (service.getName()!=null && service.getName().equals(realm)) - return service; + for (LoginService s : list) + if (s.getName()!=null && s.getName().equals(realm)) + { + service=s; + break; + } } else if (list.size()==1) - return list.iterator().next(); - return null; + service = list.iterator().next(); + + return service; } /* ------------------------------------------------------------ */ @@ -342,9 +345,10 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti if (_loginService==null) { setLoginService(findLoginService()); - _discoveredLoginService = true; + if (_loginService!=null) + unmanage(_loginService); } - + if (_identityService==null) { if (_loginService!=null) @@ -353,10 +357,16 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti if (_identityService==null) setIdentityService(findIdentityService()); - if (_identityService==null && _realmName!=null) - setIdentityService(new DefaultIdentityService()); - - _discoveredIdentityService = true; + if (_identityService==null) + { + if (_realmName!=null) + { + setIdentityService(new DefaultIdentityService()); + manage(_identityService); + } + } + else + unmanage(_identityService); } if (_loginService!=null) @@ -387,17 +397,16 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti protected void doStop() throws Exception { //if we discovered the services (rather than had them explicitly configured), remove them. - if (_discoveredIdentityService) + if (!isManaged(_identityService)) { removeBean(_identityService); - _identityService = null; - + _identityService = null; } - if (_discoveredLoginService) + if (!isManaged(_loginService)) { removeBean(_loginService); - _loginService = null; + _loginService=null; } super.doStop(); @@ -427,6 +436,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti /** * @see org.eclipse.jetty.security.Authenticator.AuthConfiguration#isSessionRenewedOnAuthentication() */ + @Override public boolean isSessionRenewedOnAuthentication() { return _renewSession; @@ -473,7 +483,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti { if (!baseRequest.isHandled()) { - response.sendError(Response.SC_FORBIDDEN); + response.sendError(HttpServletResponse.SC_FORBIDDEN); baseRequest.setHandled(true); } return; @@ -488,7 +498,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti LOG.warn("No authenticator for: "+roleInfo); if (!baseRequest.isHandled()) { - response.sendError(Response.SC_FORBIDDEN); + response.sendError(HttpServletResponse.SC_FORBIDDEN); baseRequest.setHandled(true); } return; @@ -524,7 +534,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti boolean authorized=checkWebResourcePermissions(pathInContext, baseRequest, base_response, roleInfo, userAuth.getUserIdentity()); if (!authorized) { - response.sendError(Response.SC_FORBIDDEN, "!role"); + response.sendError(HttpServletResponse.SC_FORBIDDEN, "!role"); baseRequest.setHandled(true); return; } @@ -574,7 +584,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti { // jaspi 3.8.3 send HTTP 500 internal server error, with message // from AuthException - response.sendError(Response.SC_INTERNAL_SERVER_ERROR, e.getMessage()); + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage()); } finally { @@ -634,6 +644,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti /* ------------------------------------------------------------ */ public class NotChecked implements Principal { + @Override public String getName() { return null; @@ -656,6 +667,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti /* ------------------------------------------------------------ */ public static final Principal __NO_USER = new Principal() { + @Override public String getName() { return null; @@ -680,6 +692,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti */ public static final Principal __NOBODY = new Principal() { + @Override public String getName() { return "Nobody"; -- cgit v1.2.3