[gatein-commits] gatein SVN: r4512 - in portal/branches/wci: component/web/security/src/main/java/org/exoplatform/web/security and 8 other directories.
do-not-reply at jboss.org
do-not-reply at jboss.org
Tue Oct 5 12:00:16 EDT 2010
Author: alain_defrance
Date: 2010-10-05 12:00:13 -0400 (Tue, 05 Oct 2010)
New Revision: 4512
Removed:
portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/login/PortalLoginController.java
Modified:
portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/login/InitiateLoginServlet.java
portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/login/LogoutControl.java
portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/security/Credentials.java
portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/security/PortalLoginModule.java
portal/branches/wci/examples/portal/README.txt
portal/branches/wci/examples/portal/ear/src/main/application/META-INF/gatein-jboss-beans.xml
portal/branches/wci/examples/portal/war/src/main/webapp/WEB-INF/web.xml
portal/branches/wci/packaging/tomcat/pkg/src/main/resources/tomcat/conf/jaas.conf
portal/branches/wci/server/jboss/patch-ear/src/main/jboss/server/default/deploy/gatein.ear/META-INF/gatein-jboss-beans.xml
portal/branches/wci/server/tomcat/patch/src/main/tomcat/conf/jaas.conf
portal/branches/wci/server/tomcat7/patch/src/main/tomcat/conf/jaas.conf
portal/branches/wci/web/portal/src/main/webapp/WEB-INF/web.xml
Log:
use LoginModule & LoginController from WCI
Modified: portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/login/InitiateLoginServlet.java
===================================================================
--- portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/login/InitiateLoginServlet.java 2010-10-05 15:59:17 UTC (rev 4511)
+++ portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/login/InitiateLoginServlet.java 2010-10-05 16:00:13 UTC (rev 4512)
@@ -28,6 +28,7 @@
import org.gatein.common.logging.LoggerFactory;
import org.gatein.wci.authentication.AuthenticationResult;
import org.gatein.wci.authentication.GenericAuthenticationResult;
+import org.gatein.wci.authentication.WCICredentials;
import org.gatein.wci.impl.DefaultServletContainerFactory;
import java.io.IOException;
@@ -54,9 +55,6 @@
/** . */
public static final String COOKIE_NAME = "rememberme";
- /** . */
- public static final String CREDENTIALS = "credentials";
-
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException
{
@@ -64,7 +62,7 @@
HttpSession session = req.getSession();
// Looking for credentials stored in the session
- Credentials credentials = (Credentials)session.getAttribute(InitiateLoginServlet.CREDENTIALS);
+ WCICredentials credentials = (WCICredentials)session.getAttribute(WCICredentials.CREDENTIALS);
//
if (credentials == null)
@@ -77,7 +75,7 @@
if (token != null)
{
AbstractTokenService tokenService = AbstractTokenService.getInstance(CookieTokenService.class);
- credentials = tokenService.validateToken(token, false);
+ credentials = tokenService.validateToken(token, false).getWCICredentials();
if (credentials == null)
{
log.debug("Login initiated with no credentials in session but found token an invalid " + token + " " +
@@ -111,20 +109,46 @@
}
else
{
- // WCI authentication
- AuthenticationResult result = DefaultServletContainerFactory.getInstance().getServletContainer()
- .login(req, resp, credentials.getUsername(), credentials.getPassword());
+ try
+ {
+ // WCI authentication
+ AuthenticationResult result = DefaultServletContainerFactory.getInstance().getServletContainer()
+ .login(req, resp, credentials.getUsername(), credentials.getPassword());
- log.debug("Login initiated with credentials in session, performing authentication");
- if (result instanceof GenericAuthenticationResult)
- {
- GenericAuthenticationResult genericAuthentication = (GenericAuthenticationResult) result;
- req.getSession().removeAttribute(InitiateLoginServlet.CREDENTIALS);
- sendAuth(resp, credentials.getUsername(), genericAuthentication.getTicket());
+ log.debug("Login initiated with credentials in session, performing authentication");
+ if (result instanceof GenericAuthenticationResult)
+ {
+ // if we do have a remember me
+ String rememberme = req.getParameter("rememberme");
+ if ("true".equals(rememberme))
+ {
+ boolean isRemember = "true".equals(req.getParameter(InitiateLoginServlet.COOKIE_NAME));
+ if (isRemember)
+ {
+ //Create token
+ AbstractTokenService tokenService = AbstractTokenService.getInstance(CookieTokenService.class);
+ String cookieToken = tokenService.createToken(new Credentials(credentials));
+
+ log.debug("Found a remember me request parameter, created a persistent token " + cookieToken + " for it and set it up " +
+ "in the next response");
+ Cookie cookie = new Cookie(InitiateLoginServlet.COOKIE_NAME, cookieToken);
+ cookie.setPath(req.getContextPath());
+ cookie.setMaxAge((int)tokenService.getValidityTime() / 1000);
+ resp.addCookie(cookie);
+ }
+ }
+ ((GenericAuthenticationResult) result).perform(req, resp);
+ }
+ else
+ {
+
+ resp.sendRedirect(resp.encodeRedirectURL(""));
+ }
}
- else
+ catch (Exception e)
{
- resp.sendRedirect(resp.encodeRedirectURL(""));
+ // TODO : login fails
+ getServletContext().getRequestDispatcher("/portal/errorlogin").forward(req, resp);
}
}
}
Modified: portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/login/LogoutControl.java
===================================================================
--- portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/login/LogoutControl.java 2010-10-05 15:59:17 UTC (rev 4511)
+++ portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/login/LogoutControl.java 2010-10-05 16:00:13 UTC (rev 4512)
@@ -25,8 +25,14 @@
*/
public class LogoutControl
{
- private static final ThreadLocal<Boolean> wantLogout = new ThreadLocal<Boolean>();
-
+ private static final ThreadLocal<Boolean> wantLogout = new ThreadLocal<Boolean>()
+ {
+ @Override
+ protected Boolean initialValue() {
+ return false;
+ }
+ };
+
public static void cancelLogout()
{
wantLogout.set(false);
@@ -41,4 +47,4 @@
{
return wantLogout.get();
}
-}
+}
\ No newline at end of file
Deleted: portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/login/PortalLoginController.java
===================================================================
--- portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/login/PortalLoginController.java 2010-10-05 15:59:17 UTC (rev 4511)
+++ portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/login/PortalLoginController.java 2010-10-05 16:00:13 UTC (rev 4512)
@@ -1,118 +0,0 @@
-/**
- * Copyright (C) 2009 eXo Platform SAS.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-
-package org.exoplatform.web.login;
-
-import org.exoplatform.container.web.AbstractHttpServlet;
-import org.exoplatform.web.security.Credentials;
-import org.exoplatform.web.security.security.AbstractTokenService;
-import org.exoplatform.web.security.security.CookieTokenService;
-import org.gatein.common.logging.Logger;
-import org.gatein.common.logging.LoggerFactory;
-
-import java.io.IOException;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-/**
- * @author <a href="mailto:trong.tran at exoplatform.com">Tran The Trong</a>
- * @version $Revision$
- */
-public class PortalLoginController extends AbstractHttpServlet
-{
-
- /** . */
- private static final Logger log = LoggerFactory.getLogger(PortalLoginController.class);
-
- protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException
- {
- String username = req.getParameter("username");
- String password = req.getParameter("password");
-
- //
- if (username == null)
- {
- log.error("Tried to access the portal login controller without username provided");
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "No username provided");
- return;
- }
- if (password == null)
- {
- log.error("Tried to access the portal login controller without password provided");
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "No password provided");
- return;
- }
-
- //
- log.debug("Found username and password and set credentials in http session");
- Credentials credentials = new Credentials(username, password);
- req.getSession().setAttribute(InitiateLoginServlet.CREDENTIALS, credentials);
-
- // Obtain initial URI
- String uri = req.getParameter("initialURI");
-
- // otherwise compute one
- if (uri == null || uri.length() == 0)
- {
- uri = req.getContextPath() + "/private/classic";
- log.debug("No initial URI found, will use default " + uri + " instead ");
- }
- else
- {
- log.debug("Found initial URI " + uri);
- }
-
- // if we do have a remember me
- String rememberme = req.getParameter("rememberme");
- if ("true".equals(rememberme))
- {
- boolean isRemember = "true".equals(req.getParameter(InitiateLoginServlet.COOKIE_NAME));
- if (isRemember)
- {
- //Create token
- AbstractTokenService tokenService = AbstractTokenService.getInstance(CookieTokenService.class);
- String cookieToken = tokenService.createToken(credentials);
-
- log.debug("Found a remember me request parameter, created a persistent token " + cookieToken + " for it and set it up " +
- "in the next response");
- Cookie cookie = new Cookie(InitiateLoginServlet.COOKIE_NAME, cookieToken);
- cookie.setPath(req.getContextPath());
- cookie.setMaxAge((int)tokenService.getValidityTime() / 1000);
- resp.addCookie(cookie);
- }
- }
-
- //
- resp.sendRedirect(uri);
- }
-
- protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException
- {
- doGet(req, resp);
- }
-
- @Override
- protected boolean requirePortalEnvironment()
- {
- return true;
- }
-}
Modified: portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/security/Credentials.java
===================================================================
--- portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/security/Credentials.java 2010-10-05 15:59:17 UTC (rev 4511)
+++ portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/security/Credentials.java 2010-10-05 16:00:13 UTC (rev 4512)
@@ -89,4 +89,9 @@
{
return password;
}
+
+ public WCICredentials getWCICredentials()
+ {
+ return new WCICredentials(username, password);
+ }
}
Modified: portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/security/PortalLoginModule.java
===================================================================
--- portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/security/PortalLoginModule.java 2010-10-05 15:59:17 UTC (rev 4511)
+++ portal/branches/wci/component/web/security/src/main/java/org/exoplatform/web/security/PortalLoginModule.java 2010-10-05 16:00:13 UTC (rev 4512)
@@ -25,8 +25,6 @@
import org.exoplatform.services.security.jaas.AbstractLoginModule;
import org.exoplatform.web.login.InitiateLoginServlet;
import org.exoplatform.web.security.security.CookieTokenService;
-import org.gatein.wci.authentication.GenericAuthentication;
-import org.gatein.wci.authentication.WCICredentials;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
@@ -100,38 +98,30 @@
callbackHandler.handle(callbacks);
String password = new String(((PasswordCallback)callbacks[1]).getPassword());
- WCICredentials wciCredentials = GenericAuthentication.TICKET_SERVICE.validateToken(password, true);
Credentials c = null;
- if (wciCredentials != null)
- {
- c = new Credentials(wciCredentials);
- }
- else
- {
- ExoContainer container = getContainer();
- Object o =
- ((CookieTokenService)container.getComponentInstanceOfType(CookieTokenService.class)).validateToken(
- password, false);
+ ExoContainer container = getContainer();
+ Object o =
+ ((CookieTokenService)container.getComponentInstanceOfType(CookieTokenService.class)).validateToken(
+ password, false);
- //
- // For clustered config check credentials stored and propagated in session. This won't work in tomcat because
- // of lack of JACC PolicyContext so the code must be a bit defensive
- if (o == null && getContextMethod != null && password.startsWith(InitiateLoginServlet.COOKIE_NAME))
+ //
+ // For clustered config check credentials stored and propagated in session. This won't work in tomcat because
+ // of lack of JACC PolicyContext so the code must be a bit defensive
+ if (o == null && getContextMethod != null && password.startsWith(InitiateLoginServlet.COOKIE_NAME))
+ {
+ HttpServletRequest request;
+ try
{
- HttpServletRequest request;
- try
- {
- request = (HttpServletRequest)getContextMethod.invoke(null, "javax.servlet.http.HttpServletRequest");
- o = request.getSession().getAttribute(AUTHENTICATED_CREDENTIALS);
- }
- catch(Throwable e)
- {
- log.error(this,e);
- log.error("LoginModule error. Turn off session credentials checking with proper configuration option of " +
- "LoginModule set to false");
- }
-
+ request = (HttpServletRequest)getContextMethod.invoke(null, "javax.servlet.http.HttpServletRequest");
+ o = request.getSession().getAttribute(AUTHENTICATED_CREDENTIALS);
}
+ catch(Throwable e)
+ {
+ log.error(this,e);
+ log.error("LoginModule error. Turn off session credentials checking with proper configuration option of " +
+ "LoginModule set to false");
+ }
+
if (o instanceof Credentials) {
c = (Credentials) o;
}
Modified: portal/branches/wci/examples/portal/README.txt
===================================================================
--- portal/branches/wci/examples/portal/README.txt 2010-10-05 15:59:17 UTC (rev 4511)
+++ portal/branches/wci/examples/portal/README.txt 2010-10-05 16:00:13 UTC (rev 4512)
@@ -52,6 +52,9 @@
7. Define the related realm in your file tomcat/conf/jaas.conf, as below:
gatein-domain-sample-portal {
+ org.gatein.wci.security.WCILoginModule optional
+ portalContainerName="sample-portal"
+ realmName="gatein-domain-sample-portal";
org.exoplatform.web.security.PortalLoginModule required
portalContainerName="sample-portal"
realmName="gatein-domain-sample-portal";
Modified: portal/branches/wci/examples/portal/ear/src/main/application/META-INF/gatein-jboss-beans.xml
===================================================================
--- portal/branches/wci/examples/portal/ear/src/main/application/META-INF/gatein-jboss-beans.xml 2010-10-05 15:59:17 UTC (rev 4511)
+++ portal/branches/wci/examples/portal/ear/src/main/application/META-INF/gatein-jboss-beans.xml 2010-10-05 16:00:13 UTC (rev 4512)
@@ -2,6 +2,10 @@
<application-policy xmlns="urn:jboss:security-beans:1.0" name="gatein-domain-sample-portal">
<authentication>
+ <login-module code="org.gatein.wci.security.WCILoginModule" flag="optional">
+ <module-option name="portalContainerName">sample-portal</module-option>
+ <module-option name="realmName">gatein-domain-sample-portal</module-option>
+ </login-module>
<login-module code="org.exoplatform.web.security.PortalLoginModule" flag="required">
<module-option name="portalContainerName">sample-portal</module-option>
<module-option name="realmName">gatein-domain-sample-portal</module-option>
Modified: portal/branches/wci/examples/portal/war/src/main/webapp/WEB-INF/web.xml
===================================================================
--- portal/branches/wci/examples/portal/war/src/main/webapp/WEB-INF/web.xml 2010-10-05 15:59:17 UTC (rev 4511)
+++ portal/branches/wci/examples/portal/war/src/main/webapp/WEB-INF/web.xml 2010-10-05 16:00:13 UTC (rev 4512)
@@ -169,7 +169,7 @@
<servlet>
<servlet-name>PortalLoginController</servlet-name>
- <servlet-class>org.exoplatform.web.login.PortalLoginController</servlet-class>
+ <servlet-class>org.gatein.wci.security.WCILoginController</servlet-class>
</servlet>
<servlet>
<servlet-name>InitiateLoginServlet</servlet-name>
Modified: portal/branches/wci/packaging/tomcat/pkg/src/main/resources/tomcat/conf/jaas.conf
===================================================================
--- portal/branches/wci/packaging/tomcat/pkg/src/main/resources/tomcat/conf/jaas.conf 2010-10-05 15:59:17 UTC (rev 4511)
+++ portal/branches/wci/packaging/tomcat/pkg/src/main/resources/tomcat/conf/jaas.conf 2010-10-05 16:00:13 UTC (rev 4512)
@@ -1,4 +1,5 @@
gatein-domain {
+ org.gatein.wci.security.WCILoginModule optional;
org.exoplatform.web.security.PortalLoginModule required;
org.exoplatform.services.security.jaas.SharedStateLoginModule required;
org.exoplatform.services.security.j2ee.TomcatLoginModule required;
Modified: portal/branches/wci/server/jboss/patch-ear/src/main/jboss/server/default/deploy/gatein.ear/META-INF/gatein-jboss-beans.xml
===================================================================
--- portal/branches/wci/server/jboss/patch-ear/src/main/jboss/server/default/deploy/gatein.ear/META-INF/gatein-jboss-beans.xml 2010-10-05 15:59:17 UTC (rev 4511)
+++ portal/branches/wci/server/jboss/patch-ear/src/main/jboss/server/default/deploy/gatein.ear/META-INF/gatein-jboss-beans.xml 2010-10-05 16:00:13 UTC (rev 4512)
@@ -2,6 +2,10 @@
<application-policy xmlns="urn:jboss:security-beans:1.0" name="gatein-domain">
<authentication>
+ <login-module code="org.gatein.wci.security.WCILoginModule" flag="optional">
+ <module-option name="portalContainerName">portal</module-option>
+ <module-option name="realmName">gatein-domain</module-option>
+ </login-module>
<login-module code="org.exoplatform.web.security.PortalLoginModule" flag="required">
<module-option name="portalContainerName">portal</module-option>
<module-option name="realmName">gatein-domain</module-option>
Modified: portal/branches/wci/server/tomcat/patch/src/main/tomcat/conf/jaas.conf
===================================================================
--- portal/branches/wci/server/tomcat/patch/src/main/tomcat/conf/jaas.conf 2010-10-05 15:59:17 UTC (rev 4511)
+++ portal/branches/wci/server/tomcat/patch/src/main/tomcat/conf/jaas.conf 2010-10-05 16:00:13 UTC (rev 4512)
@@ -1,4 +1,5 @@
gatein-domain {
+ org.gatein.wci.security.WCILoginModule optional;
org.exoplatform.web.security.PortalLoginModule required;
org.exoplatform.services.security.jaas.SharedStateLoginModule required;
org.exoplatform.services.security.j2ee.TomcatLoginModule required;
Modified: portal/branches/wci/server/tomcat7/patch/src/main/tomcat/conf/jaas.conf
===================================================================
--- portal/branches/wci/server/tomcat7/patch/src/main/tomcat/conf/jaas.conf 2010-10-05 15:59:17 UTC (rev 4511)
+++ portal/branches/wci/server/tomcat7/patch/src/main/tomcat/conf/jaas.conf 2010-10-05 16:00:13 UTC (rev 4512)
@@ -1,4 +1,5 @@
gatein-domain {
+ org.gatein.wci.security.WCILoginModule optional;
org.exoplatform.web.security.PortalLoginModule required;
org.exoplatform.services.security.jaas.SharedStateLoginModule required;
org.exoplatform.services.security.j2ee.TomcatLoginModule required;
Modified: portal/branches/wci/web/portal/src/main/webapp/WEB-INF/web.xml
===================================================================
--- portal/branches/wci/web/portal/src/main/webapp/WEB-INF/web.xml 2010-10-05 15:59:17 UTC (rev 4511)
+++ portal/branches/wci/web/portal/src/main/webapp/WEB-INF/web.xml 2010-10-05 16:00:13 UTC (rev 4512)
@@ -209,7 +209,7 @@
<servlet>
<servlet-name>PortalLoginController</servlet-name>
- <servlet-class>org.exoplatform.web.login.PortalLoginController</servlet-class>
+ <servlet-class>org.gatein.wci.security.WCILoginController</servlet-class>
</servlet>
<servlet>
<servlet-name>InitiateLoginServlet</servlet-name>
More information about the gatein-commits
mailing list