[gatein-commits] gatein SVN: r2901 - in components/sso/trunk/agent/src/main/java/org/gatein/sso/agent: login and 1 other directory.
do-not-reply at jboss.org
do-not-reply at jboss.org
Thu Apr 29 12:22:50 EDT 2010
Author: sohil.shah at jboss.com
Date: 2010-04-29 12:22:50 -0400 (Thu, 29 Apr 2010)
New Revision: 2901
Modified:
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/filter/SPNEGOFilter.java
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/login/SPNEGORolesModule.java
Log:
GTNPORTAL-1120 - GateIn+SPNEGO integration: old userId is used when having ticket for new user
GTNPORTAL-1121 - GateIn+SPNEGO integration: org.hibernate.HibernateException: createCriteria is not valid without active transaction (thrown from SPNEGOFilter)
Modified: components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/filter/SPNEGOFilter.java
===================================================================
--- components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/filter/SPNEGOFilter.java 2010-04-29 15:45:34 UTC (rev 2900)
+++ components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/filter/SPNEGOFilter.java 2010-04-29 16:22:50 UTC (rev 2901)
@@ -29,42 +29,28 @@
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
-import javax.transaction.TransactionManager;
-import javax.transaction.Status;
-import javax.naming.InitialContext;
-
import org.exoplatform.container.web.AbstractFilter;
-import org.exoplatform.services.organization.OrganizationService;
-import org.exoplatform.services.organization.User;
import org.exoplatform.services.security.Authenticator;
import org.exoplatform.services.security.IdentityRegistry;
import org.exoplatform.services.security.Identity;
/**
+ * Note: This Filter should not be needed anymore. Once various SPNEGO scenarios have been tested and stabilized, I would recommend removing this from the codebase in
+ * a future release of the module
+ *
* @author <a href="mailto:sshah at redhat.com">Sohil Shah</a>
*/
public class SPNEGOFilter extends AbstractFilter
{
- public void destroy()
- {
- }
-
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException
{
- HttpServletRequest httpRequest = (HttpServletRequest)request;
-
- boolean isStartedHere = this.startTx();
+ HttpServletRequest httpRequest = (HttpServletRequest)request;
try
{
String remoteUser = httpRequest.getRemoteUser();
-
- //System.out.println("-----------------------------------------------------------------");
- //System.out.println("SPNEGO TX Filter (TX Started: )"+isStartedHere);
- //System.out.println("RequestURL: "+httpRequest.getRequestURI());
- //System.out.println("RemoteUser: "+remoteUser);
-
+
if(remoteUser != null)
{
//Check and make sure the IdentityRegistry is consistent
@@ -76,78 +62,20 @@
.getComponentInstanceOfType(Authenticator.class);
Identity identity = authenticator.createIdentity(remoteUser);
+
identityRegistry.register(identity);
}
-
- OrganizationService orgService =
- (OrganizationService)getContainer().getComponentInstanceOfType(OrganizationService.class);
- User user = orgService.getUserHandler().findUserByName(remoteUser);
-
- //System.out.println("Exo User : "+user);
}
- //System.out.println("-----------------------------------------------------------------");
- chain.doFilter(request, response);
-
- if(isStartedHere)
- {
- this.commit();
- }
+ chain.doFilter(request, response);
}
catch(Throwable t)
- {
- if(isStartedHere)
- {
- this.rollback();
- }
-
+ {
throw new RuntimeException(t);
}
}
-
- private boolean startTx()
+
+ public void destroy()
{
- try
- {
- TransactionManager tm = (TransactionManager)new InitialContext().lookup("java:/TransactionManager");
-
- if(tm.getStatus() == Status.STATUS_NO_TRANSACTION)
- {
- tm.begin();
- return true;
- }
-
- return false;
- }
- catch(Throwable t)
- {
- return false;
- }
}
-
- private void commit()
- {
- try
- {
- TransactionManager tm = (TransactionManager)new InitialContext().lookup("java:/TransactionManager");
- tm.commit();
- }
- catch(Throwable t)
- {
- throw new RuntimeException(t);
- }
- }
-
- private void rollback()
- {
- try
- {
- TransactionManager tm = (TransactionManager)new InitialContext().lookup("java:/TransactionManager");
- tm.rollback();
- }
- catch(Throwable t)
- {
- throw new RuntimeException(t);
- }
- }
}
Modified: components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/login/SPNEGORolesModule.java
===================================================================
--- components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/login/SPNEGORolesModule.java 2010-04-29 15:45:34 UTC (rev 2900)
+++ components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/login/SPNEGORolesModule.java 2010-04-29 16:22:50 UTC (rev 2901)
@@ -24,12 +24,22 @@
import java.security.Principal;
import java.security.acl.Group;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
import java.util.Map;
+import java.util.Set;
+import javax.management.MBeanServer;
+import javax.management.ObjectName;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
+import javax.security.jacc.PolicyContext;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
import org.jboss.security.SimpleGroup;
import org.jboss.security.auth.spi.AbstractServerLoginModule;
@@ -40,6 +50,8 @@
import org.exoplatform.services.security.Identity;
import org.exoplatform.services.security.Authenticator;
import org.exoplatform.services.security.IdentityRegistry;
+import org.exoplatform.container.monitor.jvm.J2EEServerInfo;
+import org.exoplatform.services.security.jaas.UserPrincipal;
/**
* The LoginModule that is responsible for setting up the proper GateIn roles
@@ -192,4 +204,91 @@
throw new LoginException(e.getMessage());
}
}
+
+ public boolean logout() throws LoginException
+ {
+ org.exoplatform.container.monitor.jvm.J2EEServerInfo info = new J2EEServerInfo();
+ MBeanServer jbossServer = info.getMBeanServer();
+
+ //
+ if (jbossServer != null)
+ {
+ try
+ {
+
+ log.debug("Performing JBoss security manager cache eviction");
+
+ ObjectName securityManagerName = new ObjectName("jboss.security:service=JaasSecurityManager");
+
+ //Obtain the httpsession key
+ HttpServletRequest request = (HttpServletRequest) PolicyContext.getContext("javax.servlet.http.HttpServletRequest");
+ HttpSession session = request.getSession(false);
+ String sessionId = session.getId();
+
+ //
+ if (sessionId != null)
+ {
+ String userName = null;
+ Set<UserPrincipal> userPrincipals = subject.getPrincipals(UserPrincipal.class);
+ if (!userPrincipals.isEmpty())
+ {
+ // There should be one
+ userName = userPrincipals.iterator().next().getName();
+ }
+
+ log.debug("Going to perform JBoss security manager cache eviction for user " + userName);
+
+ //
+ List allPrincipals =
+ (List)jbossServer.invoke(securityManagerName, "getAuthenticationCachePrincipals",
+ new Object[]{realmName}, new String[]{String.class.getName()});
+
+ // Make a copy to avoid some concurrent mods
+ allPrincipals = new ArrayList(allPrincipals);
+
+ // Lookup for invalidation key, it must be the same principal!
+ Principal key = null;
+ for (Iterator i = allPrincipals.iterator(); i.hasNext();)
+ {
+ Principal principal = (Principal)i.next();
+
+ if (principal.getName().equals(sessionId))
+ {
+ key = principal;
+ break;
+ }
+ }
+
+ // Perform invalidation
+ if (key != null)
+ {
+ jbossServer.invoke(securityManagerName, "flushAuthenticationCache", new Object[]{realmName, key},
+ new String[]{String.class.getName(), Principal.class.getName()});
+ log.debug("Performed JBoss security manager cache eviction for user " + sessionId + " with principal "
+ + key);
+ }
+ else
+ {
+ log.warn("No principal found when performing JBoss security manager cache eviction for user "
+ + userName);
+ }
+ }
+ else
+ {
+ log.warn("No user name found when performing JBoss security manager cache eviction");
+ }
+ }
+ catch (Exception e)
+ {
+ log.error("Could not perform JBoss security manager cache eviction", e);
+ }
+ }
+ else
+ {
+ log.debug("Could not find mbean server for performing JBoss security manager cache eviction");
+ }
+
+ //
+ return true;
+ }
}
More information about the gatein-commits
mailing list