[gatein-commits] gatein SVN: r2901 - in components/sso/trunk/agent/src/main/java/org/gatein/sso/agent: login and 1 other directory.

do-not-reply at jboss.org do-not-reply at jboss.org
Thu Apr 29 12:22:50 EDT 2010 

Author: sohil.shah at jboss.com
Date: 2010-04-29 12:22:50 -0400 (Thu, 29 Apr 2010)
New Revision: 2901

Modified:
   components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/filter/SPNEGOFilter.java
   components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/login/SPNEGORolesModule.java
Log:
GTNPORTAL-1120 - GateIn+SPNEGO integration: old userId is used when having ticket for new user
GTNPORTAL-1121 - GateIn+SPNEGO integration: org.hibernate.HibernateException: createCriteria is not valid without active transaction (thrown from SPNEGOFilter)

Modified: components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/filter/SPNEGOFilter.java
===================================================================
--- components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/filter/SPNEGOFilter.java	2010-04-29 15:45:34 UTC (rev 2900)
+++ components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/filter/SPNEGOFilter.java	2010-04-29 16:22:50 UTC (rev 2901)
@@ -29,42 +29,28 @@
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 
-import javax.transaction.TransactionManager;
-import javax.transaction.Status;
-import javax.naming.InitialContext;
-
 import org.exoplatform.container.web.AbstractFilter;
-import org.exoplatform.services.organization.OrganizationService;
-import org.exoplatform.services.organization.User;
 import org.exoplatform.services.security.Authenticator;
 import org.exoplatform.services.security.IdentityRegistry;
 import org.exoplatform.services.security.Identity;
 
 /**
+ * Note: This Filter should not be needed anymore. Once various SPNEGO scenarios have been tested and stabilized, I would recommend removing this from the codebase in 
+ * a future release of the module
+ * 
  * @author <a href="mailto:sshah at redhat.com">Sohil Shah</a>
  */
 public class SPNEGOFilter extends AbstractFilter
 {
 	
-	public void destroy()
-	{
-	}
-
 	public void doFilter(ServletRequest request, ServletResponse response,
 			FilterChain chain) throws IOException, ServletException
 	{
-		HttpServletRequest httpRequest = (HttpServletRequest)request;
-		
-		boolean isStartedHere = this.startTx();		
+		HttpServletRequest httpRequest = (HttpServletRequest)request;		
 		try
 		{
 			String remoteUser = httpRequest.getRemoteUser();
-			
-			//System.out.println("-----------------------------------------------------------------");						
-			//System.out.println("SPNEGO TX Filter (TX Started: )"+isStartedHere);
-			//System.out.println("RequestURL: "+httpRequest.getRequestURI());
-			//System.out.println("RemoteUser: "+remoteUser);			
-			
+									
 			if(remoteUser != null)
 			{								
 				//Check and make sure the IdentityRegistry is consistent
@@ -76,78 +62,20 @@
 					.getComponentInstanceOfType(Authenticator.class);
 					
 					Identity identity = authenticator.createIdentity(remoteUser);
+					
 					identityRegistry.register(identity);
 				}
-				
-				OrganizationService orgService =
-                  (OrganizationService)getContainer().getComponentInstanceOfType(OrganizationService.class);
-				User user = orgService.getUserHandler().findUserByName(remoteUser);
-				
-				//System.out.println("Exo User : "+user);
 			}
-			//System.out.println("-----------------------------------------------------------------");
 			
-			chain.doFilter(request, response);
-			
-			if(isStartedHere)
-			{				
-				this.commit();
-			}
+			chain.doFilter(request, response);						
 		}
 		catch(Throwable t)
-		{
-			if(isStartedHere)
-			{
-				this.rollback();
-			}
-			
+		{						
 			throw new RuntimeException(t);
 		}
 	}
-	
-	private boolean startTx()
+
+	public void destroy()
 	{
-		try
-		{
-			TransactionManager tm = (TransactionManager)new InitialContext().lookup("java:/TransactionManager");
-			
-			if(tm.getStatus() == Status.STATUS_NO_TRANSACTION)
-			{
-				tm.begin();
-				return true;
-			}
-			
-			return false;
-		}
-		catch(Throwable t)
-		{
-			return false;
-		}
 	}
-	
-	private void commit()
-	{
-		try
-		{
-			TransactionManager tm = (TransactionManager)new InitialContext().lookup("java:/TransactionManager");
-			tm.commit();
-		}
-		catch(Throwable t)
-		{
-			throw new RuntimeException(t);
-		}
-	}
-	
-	private void rollback()
-	{
-		try
-		{
-			TransactionManager tm = (TransactionManager)new InitialContext().lookup("java:/TransactionManager");
-			tm.rollback();
-		}
-		catch(Throwable t)
-		{			
-			throw new RuntimeException(t);
-		}
-	}
 }

Modified: components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/login/SPNEGORolesModule.java
===================================================================
--- components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/login/SPNEGORolesModule.java	2010-04-29 15:45:34 UTC (rev 2900)
+++ components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/login/SPNEGORolesModule.java	2010-04-29 16:22:50 UTC (rev 2901)
@@ -24,12 +24,22 @@
 
 import java.security.Principal;
 import java.security.acl.Group;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
 import java.util.Map;
+import java.util.Set;
 
+import javax.management.MBeanServer;
+import javax.management.ObjectName;
 import javax.security.auth.Subject;
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.login.LoginException;
+import javax.security.jacc.PolicyContext;
 
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
 import org.jboss.security.SimpleGroup;
 import org.jboss.security.auth.spi.AbstractServerLoginModule;
 
@@ -40,6 +50,8 @@
 import org.exoplatform.services.security.Identity;
 import org.exoplatform.services.security.Authenticator;
 import org.exoplatform.services.security.IdentityRegistry;
+import org.exoplatform.container.monitor.jvm.J2EEServerInfo;
+import org.exoplatform.services.security.jaas.UserPrincipal;
 
 /**
  * The LoginModule that is responsible for setting up the proper GateIn roles
@@ -192,4 +204,91 @@
 			throw new LoginException(e.getMessage());
 		}
 	}
+	
+	 public boolean logout() throws LoginException
+   {
+      org.exoplatform.container.monitor.jvm.J2EEServerInfo info = new J2EEServerInfo();
+      MBeanServer jbossServer = info.getMBeanServer();
+
+      //
+      if (jbossServer != null)
+      {
+         try
+         {
+
+            log.debug("Performing JBoss security manager cache eviction");
+
+            ObjectName securityManagerName = new ObjectName("jboss.security:service=JaasSecurityManager");
+            
+            //Obtain the httpsession key
+            HttpServletRequest request = (HttpServletRequest) PolicyContext.getContext("javax.servlet.http.HttpServletRequest");
+            HttpSession session = request.getSession(false);
+            String sessionId = session.getId();
+
+            //
+            if (sessionId != null)
+            {
+            	String userName = null;
+	            Set<UserPrincipal> userPrincipals = subject.getPrincipals(UserPrincipal.class);
+	            if (!userPrincipals.isEmpty())
+	            {
+	               // There should be one
+	               userName = userPrincipals.iterator().next().getName();
+	            }
+	            
+              log.debug("Going to perform JBoss security manager cache eviction for user " + userName);
+
+               //
+               List allPrincipals =
+                  (List)jbossServer.invoke(securityManagerName, "getAuthenticationCachePrincipals",
+                     new Object[]{realmName}, new String[]{String.class.getName()});
+
+               // Make a copy to avoid some concurrent mods
+               allPrincipals = new ArrayList(allPrincipals);
+
+               // Lookup for invalidation key, it must be the same principal!
+               Principal key = null;
+               for (Iterator i = allPrincipals.iterator(); i.hasNext();)
+               {
+                  Principal principal = (Principal)i.next();
+                  
+                  if (principal.getName().equals(sessionId))
+                  {
+                     key = principal;
+                     break;
+                  }                  
+               }
+
+               // Perform invalidation
+               if (key != null)
+               {
+                  jbossServer.invoke(securityManagerName, "flushAuthenticationCache", new Object[]{realmName, key},
+                     new String[]{String.class.getName(), Principal.class.getName()});
+                  log.debug("Performed JBoss security manager cache eviction for user " + sessionId + " with principal "
+                     + key);
+               }
+               else
+               {
+                  log.warn("No principal found when performing JBoss security manager cache eviction for user "
+                     + userName);
+               }
+            }
+            else
+            {
+               log.warn("No user name found when performing JBoss security manager cache eviction");
+            }
+         }
+         catch (Exception e)
+         {
+            log.error("Could not perform JBoss security manager cache eviction", e);
+         }
+      }
+      else
+      {
+         log.debug("Could not find mbean server for performing JBoss security manager cache eviction");
+      }
+
+      //
+      return true;
+   }
 }

More information about the gatein-commits mailing list