[jboss-cvs] JBossAS SVN: r112539 - projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Dec 22 09:52:25 EST 2011
Author: tfonteyn
Date: 2011-12-22 09:52:23 -0500 (Thu, 22 Dec 2011)
New Revision: 112539
Modified:
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/AbstractServerLoginModule.java
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/AnonLoginModule.java
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/BaseCertLoginModule.java
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/CertRolesLoginModule.java
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/DatabaseCertLoginModule.java
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/DatabaseServerLoginModule.java
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/IdentityLoginModule.java
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapExtLoginModule.java
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapLoginModule.java
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/MemoryUsersRolesLoginModule.java
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/ProxyLoginModule.java
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/RoleMappingLoginModule.java
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/RunAsLoginModule.java
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/SimpleServerLoginModule.java
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/UsernamePasswordLoginModule.java
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/UsersLoginModule.java
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/UsersRolesLoginModule.java
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/XMLLoginModule.java
Log:
[JBAPP-7794]
Modified: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/AbstractServerLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/AbstractServerLoginModule.java 2011-12-22 11:24:01 UTC (rev 112538)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/AbstractServerLoginModule.java 2011-12-22 14:52:23 UTC (rev 112539)
@@ -25,8 +25,12 @@
import java.lang.reflect.Constructor;
import java.security.Principal;
import java.security.acl.Group;
+import java.util.Arrays;
import java.util.Enumeration;
+import java.util.HashSet;
import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
import java.util.Map;
import java.util.Set;
@@ -72,6 +76,18 @@
*/
public abstract class AbstractServerLoginModule implements LoginModule
{
+ private static final String PASSWORD_STACKING = "password-stacking";
+ private static final String USE_FIRST_PASSWORD = "useFirstPass";
+ private static final String PRINCIPAL_CLASS = "principalClass";
+ private static final String UNAUTHENTICATED_IDENTITY = "unauthenticatedIdentity";
+
+ private static final String[] ALL_VALID_OPTIONS =
+ {
+ PASSWORD_STACKING,USE_FIRST_PASSWORD,PRINCIPAL_CLASS,UNAUTHENTICATED_IDENTITY,
+ SecurityConstants.SECURITY_DOMAIN_OPTION
+ };
+ private HashSet<String> validOptions;
+
protected Subject subject;
protected CallbackHandler callbackHandler;
@SuppressWarnings("unchecked")
@@ -133,19 +149,33 @@
(String)options.get(SecurityConstants.SECURITY_DOMAIN_OPTION));
}
+ // if the set is null, the subclasses did not implement checking for valid options, so skip
+ if (validOptions != null)
+ {
+ // otherwise, add our own and check all options against the "valid" list
+ addValidOptions(ALL_VALID_OPTIONS);
+ for (Object key : options.keySet())
+ {
+ if (!validOptions.contains((String)key))
+ {
+ log.warn("Invalid or misspelled option: " + key);
+ }
+ }
+ }
+
/* Check for password sharing options. Any non-null value for
password_stacking sets useFirstPass as this module has no way to
validate any shared password.
*/
- String passwordStacking = (String) options.get("password-stacking");
- if( passwordStacking != null && passwordStacking.equalsIgnoreCase("useFirstPass") )
+ String passwordStacking = (String) options.get(PASSWORD_STACKING);
+ if( passwordStacking != null && passwordStacking.equalsIgnoreCase(USE_FIRST_PASSWORD) )
useFirstPass = true;
// Check for a custom Principal implementation
- principalClassName = (String) options.get("principalClass");
+ principalClassName = (String) options.get(PRINCIPAL_CLASS);
// Check for unauthenticatedIdentity option.
- String name = (String) options.get("unauthenticatedIdentity");
+ String name = (String) options.get(UNAUTHENTICATED_IDENTITY);
if( name != null )
{
try
@@ -351,4 +381,19 @@
}
return p;
}
+
+ /**
+ * Each subclass should call this from within their initialize method BEFORE calling super.initialize()
+ * The base class will then check the options
+ *
+ * @param subClassValidOptions
+ */
+ protected void addValidOptions(final String[] moduleValidOptions)
+ {
+ if (validOptions==null)
+ {
+ validOptions = new HashSet<String>();
+ }
+ validOptions.addAll(Arrays.asList(moduleValidOptions));
+ }
}
\ No newline at end of file
Modified: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/AnonLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/AnonLoginModule.java 2011-12-22 11:24:01 UTC (rev 112538)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/AnonLoginModule.java 2011-12-22 14:52:23 UTC (rev 112539)
@@ -38,7 +38,7 @@
{
/**
* Override to return an empty Roles set.
- * @return an array comtaning an empty 'Roles' Group.
+ * @return an array containing an empty 'Roles' Group.
*/
protected Group[] getRoleSets() throws LoginException
{
@@ -48,7 +48,7 @@
}
/**
- * Overriden to return null.
+ * Overridden to return null.
* @return null always
*/
protected String getUsersPassword() throws LoginException
Modified: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/BaseCertLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/BaseCertLoginModule.java 2011-12-22 11:24:01 UTC (rev 112538)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/BaseCertLoginModule.java 2011-12-22 14:52:23 UTC (rev 112539)
@@ -62,6 +62,14 @@
*/
public class BaseCertLoginModule extends AbstractServerLoginModule
{
+ private static final String SECURITY_DOMAIN = "securityDomain";
+ private static final String VERIFIER = "verifier";
+
+ private static final String[] ALL_VALID_OPTIONS =
+ {
+ SECURITY_DOMAIN,VERIFIER
+ };
+
/** A principal derived from the certificate alias */
private Principal identity;
/** The client certificate */
@@ -91,11 +99,12 @@
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map<String,?> sharedState, Map<String,?> options)
{
+ addValidOptions(ALL_VALID_OPTIONS);
super.initialize(subject, callbackHandler, sharedState, options);
trace = log.isTraceEnabled();
// Get the security domain and default to "other"
- String sd = (String) options.get("securityDomain");
+ String sd = (String) options.get(SECURITY_DOMAIN);
if (sd == null)
sd = "java:/jaas/other";
@@ -126,7 +135,7 @@
log.error("Unable to find the securityDomain named: " + sd, e);
}
- String option = (String) options.get("verifier");
+ String option = (String) options.get(VERIFIER);
if( option != null )
{
try
Modified: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/CertRolesLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/CertRolesLoginModule.java 2011-12-22 11:24:01 UTC (rev 112538)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/CertRolesLoginModule.java 2011-12-22 14:52:23 UTC (rev 112539)
@@ -43,6 +43,15 @@
*/
public class CertRolesLoginModule extends BaseCertLoginModule
{
+ private static final String ROLES_PROPERTIES = "rolesProperties";
+ private static final String DEFAULT_ROLES_PROPERTIES = "defaultRolesProperties";
+ private static final String ROLE_GROUP_SEPERATOR = "roleGroupSeperator";
+
+ private static final String[] ALL_VALID_OPTIONS =
+ {
+ ROLES_PROPERTIES,DEFAULT_ROLES_PROPERTIES,ROLE_GROUP_SEPERATOR
+ };
+
/** The name of the default properties resource containing user/roles */
private String defaultRolesRsrcName = "defaultRoles.properties";
/**
@@ -75,6 +84,7 @@
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map<String,?> sharedState, Map<String,?> options)
{
+ addValidOptions(ALL_VALID_OPTIONS);
super.initialize(subject, callbackHandler, sharedState, options);
trace = log.isTraceEnabled();
if( trace )
@@ -82,13 +92,13 @@
try
{
- String option = (String) options.get("rolesProperties");
+ String option = (String) options.get(ROLES_PROPERTIES);
if (option != null)
rolesRsrcName = option;
- option = (String) options.get("defaultRolesProperties");
+ option = (String) options.get(DEFAULT_ROLES_PROPERTIES);
if (option != null)
defaultRolesRsrcName = option;
- option = (String) options.get("roleGroupSeperator");
+ option = (String) options.get(ROLE_GROUP_SEPERATOR);
if( option != null )
roleGroupSeperator = option.charAt(0);
// Load the properties file that contains the list of users and passwords
Modified: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/DatabaseCertLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/DatabaseCertLoginModule.java 2011-12-22 11:24:01 UTC (rev 112538)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/DatabaseCertLoginModule.java 2011-12-22 14:52:23 UTC (rev 112539)
@@ -42,6 +42,15 @@
*/
public class DatabaseCertLoginModule extends BaseCertLoginModule
{
+ private static final String DS_JNDI_NAME = "dsJndiName";
+ private static final String ROLES_QUERY = "rolesQuery";
+ private static final String SUSPEND_RESUME = "suspendResume";
+
+ private static final String[] ALL_VALID_OPTIONS =
+ {
+ DS_JNDI_NAME,ROLES_QUERY,SUSPEND_RESUME
+ };
+
/** The JNDI name of the DataSource to use */
private String dsJndiName;
/** The sql query to obtain the user roles */
@@ -59,16 +68,17 @@
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map<String,?> sharedState, Map<String,?> options)
{
+ addValidOptions(ALL_VALID_OPTIONS);
super.initialize(subject, callbackHandler, sharedState, options);
- dsJndiName = (String) options.get("dsJndiName");
+ dsJndiName = (String) options.get(DS_JNDI_NAME);
if( dsJndiName == null )
dsJndiName = "java:/DefaultDS";
- Object tmp = options.get("rolesQuery");
+ Object tmp = options.get(ROLES_QUERY);
if( tmp != null )
rolesQuery = tmp.toString();
- tmp = options.get("suspendResume");
+ tmp = options.get(SUSPEND_RESUME);
if( tmp != null )
suspendResume = Boolean.valueOf(tmp.toString()).booleanValue();
Modified: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/DatabaseServerLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/DatabaseServerLoginModule.java 2011-12-22 11:24:01 UTC (rev 112538)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/DatabaseServerLoginModule.java 2011-12-22 14:52:23 UTC (rev 112539)
@@ -70,6 +70,17 @@
*/
public class DatabaseServerLoginModule extends UsernamePasswordLoginModule
{
+ private static final String DS_JNDI_NAME = "dsJndiName";
+ private static final String ROLES_QUERY = "rolesQuery";
+ private static final String SUSPEND_RESUME = "suspendResume";
+ private static final String PRINCIPALS_QUERY = "principalsQuery";
+ private static final String TRANSACTION_MANAGER_JNDI_NAME = "transactionManagerJndiName";
+
+ private static final String[] ALL_VALID_OPTIONS =
+ {
+ DS_JNDI_NAME,ROLES_QUERY,SUSPEND_RESUME,PRINCIPALS_QUERY
+ };
+
/** The JNDI name of the DataSource to use */
protected String dsJndiName;
/** The sql query to obtain the user password */
@@ -97,31 +108,35 @@
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map<String,?> sharedState, Map<String,?> options)
{
- super.initialize(subject, callbackHandler, sharedState, options);
- dsJndiName = (String) options.get("dsJndiName");
+ addValidOptions(ALL_VALID_OPTIONS);
+ super.initialize(subject, callbackHandler, sharedState, options);
+ dsJndiName = (String) options.get(DS_JNDI_NAME);
if( dsJndiName == null )
dsJndiName = "java:/DefaultDS";
- Object tmp = options.get("principalsQuery");
+ Object tmp = options.get(PRINCIPALS_QUERY);
if( tmp != null )
principalsQuery = tmp.toString();
- tmp = options.get("rolesQuery");
+ tmp = options.get(ROLES_QUERY);
if( tmp != null )
rolesQuery = tmp.toString();
- tmp = options.get("suspendResume");
+ tmp = options.get(SUSPEND_RESUME);
if( tmp != null )
suspendResume = Boolean.valueOf(tmp.toString()).booleanValue();
+
+ //Get the Transaction Manager JNDI Name
+ String jname = (String) options.get("TRANSACTION_MANAGER_JNDI_NAME");
+ if(jname != null)
+ this.TX_MGR_JNDI_NAME = jname;
+
if (trace)
{
log.trace("DatabaseServerLoginModule, dsJndiName="+dsJndiName);
log.trace("principalsQuery="+principalsQuery);
log.trace("rolesQuery="+rolesQuery);
log.trace("suspendResume="+suspendResume);
+ log.trace("transactionManagerJndiName="+jname);
}
- //Get the Transaction Manager JNDI Name
- String jname = (String) options.get("transactionManagerJndiName");
- if(jname != null)
- this.TX_MGR_JNDI_NAME = jname;
-
+
try
{
if(this.suspendResume)
Modified: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/IdentityLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/IdentityLoginModule.java 2011-12-22 11:24:01 UTC (rev 112538)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/IdentityLoginModule.java 2011-12-22 14:52:23 UTC (rev 112539)
@@ -50,6 +50,14 @@
*/
public class IdentityLoginModule extends AbstractServerLoginModule
{
+ private static final String PRINCIPAL = "principal";
+ private static final String ROLES = "roles";
+
+ private static final String[] ALL_VALID_OPTIONS =
+ {
+ PRINCIPAL,ROLES
+ };
+
private String principalName;
private String roleNames;
@@ -60,11 +68,12 @@
public void initialize(Subject subject, CallbackHandler handler,
Map<String,?> sharedState, Map<String,?> options)
{
+ addValidOptions(ALL_VALID_OPTIONS);
super.initialize(subject, handler, sharedState, options);
- principalName = (String) options.get("principal");
+ principalName = (String) options.get(PRINCIPAL);
if( principalName == null )
principalName = "guest";
- roleNames = (String) options.get("roles");
+ roleNames = (String) options.get(ROLES);
}
@SuppressWarnings("unchecked")
Modified: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapExtLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapExtLoginModule.java 2011-12-22 11:24:01 UTC (rev 112538)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapExtLoginModule.java 2011-12-22 14:52:23 UTC (rev 112539)
@@ -180,6 +180,19 @@
private static final String USERNAME_END_STRING = "usernameEndString";
+ private static final String[] ALL_VALID_OPTIONS =
+ {
+ ROLES_CTX_DN_OPT,ROLE_ATTRIBUTE_ID_OPT,ROLE_ATTRIBUTE_ID_OPT,
+ ROLE_NAME_ATTRIBUTE_ID_OPT,PARSE_ROLE_NAME_FROM_DN_OPT,
+ BIND_DN,BIND_CREDENTIAL,BASE_CTX_DN,BASE_FILTER_OPT,
+ ROLE_FILTER_OPT,ROLE_RECURSION,DEFAULT_ROLE,
+ SEARCH_TIME_LIMIT_OPT,SEARCH_SCOPE_OPT,SECURITY_DOMAIN_OPT,
+ DISTINGUISHED_NAME_ATTRIBUTE_OPT,PARSE_USERNAME,USERNAME_BEGIN_STRING,USERNAME_END_STRING,
+
+ Context.INITIAL_CONTEXT_FACTORY,Context.SECURITY_AUTHENTICATION,Context.SECURITY_PROTOCOL,
+ Context.PROVIDER_URL,Context.SECURITY_PRINCIPAL,Context.SECURITY_CREDENTIALS
+ };
+
protected String bindDN;
protected String bindCredential;
@@ -225,6 +238,7 @@
public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
{
+ addValidOptions(ALL_VALID_OPTIONS);
super.initialize(subject, callbackHandler, sharedState, options);
trace = log.isTraceEnabled();
}
@@ -432,6 +446,11 @@
constraints.setTimeLimit(searchTimeLimit);
rolesSearch(ctx, constraints, username, userDN, recursion, 0);
}
+ catch(Exception e)
+ {
+ log.warn(e);
+ throw e;
+ }
finally
{
if (ctx != null)
Modified: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapLoginModule.java 2011-12-22 11:24:01 UTC (rev 112538)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapLoginModule.java 2011-12-22 14:52:23 UTC (rev 112539)
@@ -25,6 +25,7 @@
import java.security.acl.Group;
import java.util.Arrays;
import java.util.Iterator;
+import java.util.Map;
import java.util.Properties;
import java.util.Map.Entry;
@@ -37,6 +38,8 @@
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import org.jboss.security.SimpleGroup;
@@ -164,7 +167,7 @@
* @version $Revision$
*/
public class LdapLoginModule extends UsernamePasswordLoginModule
-{
+{
private static final String PRINCIPAL_DN_PREFIX_OPT = "principalDNPrefix";
private static final String PRINCIPAL_DN_SUFFIX_OPT = "principalDNSuffix";
@@ -189,10 +192,31 @@
private static final String SECURITY_DOMAIN_OPT = "jaasSecurityDomain";
+ private static final String ALLOW_EMPTY_PASSWORDS = "allowEmptyPasswords";
+
+ private static final String[] ALL_VALID_OPTIONS =
+ {
+ PRINCIPAL_DN_PREFIX_OPT,PRINCIPAL_DN_SUFFIX_OPT,ROLES_CTX_DN_OPT,USER_ROLES_CTX_DN_ATTRIBUTE_ID_OPT,
+ UID_ATTRIBUTE_ID_OPT,ROLE_ATTRIBUTE_ID_OPT,MATCH_ON_USER_DN_OPT,
+ ROLE_ATTRIBUTE_IS_DN_OPT,ROLE_NAME_ATTRIBUTE_ID_OPT,
+ SEARCH_TIME_LIMIT_OPT,SEARCH_SCOPE_OPT,SECURITY_DOMAIN_OPT,ALLOW_EMPTY_PASSWORDS,
+
+ Context.INITIAL_CONTEXT_FACTORY,Context.SECURITY_AUTHENTICATION,Context.SECURITY_PROTOCOL,
+ Context.PROVIDER_URL,Context.SECURITY_PRINCIPAL,Context.SECURITY_CREDENTIALS
+ };
+
public LdapLoginModule()
{
}
-
+
+ @Override
+ public void initialize(Subject subject, CallbackHandler callbackHandler,
+ Map<String,?> sharedState, Map<String,?> options)
+ {
+ addValidOptions(ALL_VALID_OPTIONS);
+ super.initialize(subject, callbackHandler, sharedState, options);
+ }
+
private transient SimpleGroup userRoles = new SimpleGroup("Roles");
/** Overridden to return an empty password string as typically one cannot
@@ -235,7 +259,7 @@
{
// Check for an allowEmptyPasswords option
boolean allowEmptyPasswords = true;
- String flag = (String) options.get("allowEmptyPasswords");
+ String flag = (String) options.get(ALLOW_EMPTY_PASSWORDS);
if (flag != null)
allowEmptyPasswords = Boolean.valueOf(flag).booleanValue();
if (allowEmptyPasswords == false)
Modified: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/MemoryUsersRolesLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/MemoryUsersRolesLoginModule.java 2011-12-22 11:24:01 UTC (rev 112538)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/MemoryUsersRolesLoginModule.java 2011-12-22 14:52:23 UTC (rev 112539)
@@ -39,6 +39,14 @@
*/
public class MemoryUsersRolesLoginModule extends UsersRolesLoginModule
{
+ private static final String USERS = "users";
+ private static final String ROLES = "roles";
+
+ private static final String[] ALL_VALID_OPTIONS =
+ {
+ USERS,ROLES
+ };
+
private Properties users;
private Properties roles;
@@ -55,9 +63,10 @@
Map<String,?> sharedState, Map<String,?> options)
{
// First extract the users/roles Properties from the options
- this.users = (Properties) options.get("users");
- this.roles = (Properties) options.get("roles");
+ this.users = (Properties) options.get(USERS);
+ this.roles = (Properties) options.get(ROLES);
// Now initialize the superclass which will invoke createUsers/createRoles
+ addValidOptions(ALL_VALID_OPTIONS);
super.initialize(subject, callbackHandler, sharedState, options);
}
Modified: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/ProxyLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/ProxyLoginModule.java 2011-12-22 11:24:01 UTC (rev 112538)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/ProxyLoginModule.java 2011-12-22 14:52:23 UTC (rev 112539)
@@ -21,6 +21,8 @@
*/
package org.jboss.security.auth.spi;
+import java.util.Arrays;
+import java.util.HashSet;
import java.util.Map;
import javax.security.auth.Subject;
@@ -28,6 +30,8 @@
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
+import org.jboss.logging.Logger;
+
/** A proxy LoginModule that loads a delegate LoginModule using
the current thread context class loader. The purpose of this
module is to work around the current JAAS class loader limitation
@@ -42,6 +46,14 @@
*/
public class ProxyLoginModule implements LoginModule
{
+ private static final String MODULE_NAME = "moduleName";
+
+ private static final String[] ALL_VALID_OPTIONS =
+ {
+ MODULE_NAME
+ };
+
+ protected Logger log;
private String moduleName;
private LoginModule delegate;
@@ -62,7 +74,21 @@
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map<String,?> sharedState, Map<String,?> options)
{
- moduleName = (String) options.get("moduleName");
+ log = Logger.getLogger(getClass());
+
+ /* TODO: this module should really extend AbstractServerLoginModule where the options check is integrated.
+ * the code here has been intentionally kept identical
+ */
+ HashSet<String> validOptions = new HashSet<String>(Arrays.asList(ALL_VALID_OPTIONS));
+ for (Object key : options.keySet())
+ {
+ if (!validOptions.contains((String)key))
+ {
+ log.warn("Invalid or misspelled option: " + key);
+ }
+ }
+
+ moduleName = (String) options.get(MODULE_NAME);
if( moduleName == null )
{
System.out.println("Required moduleName option not given");
Modified: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/RoleMappingLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/RoleMappingLoginModule.java 2011-12-22 11:24:01 UTC (rev 112538)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/RoleMappingLoginModule.java 2011-12-22 14:52:23 UTC (rev 112539)
@@ -25,8 +25,11 @@
import java.security.acl.Group;
import java.util.Enumeration;
import java.util.Iterator;
+import java.util.Map;
import java.util.Properties;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
@@ -49,6 +52,14 @@
*/
public class RoleMappingLoginModule extends AbstractServerLoginModule
{
+ private static final String REPlACE_ROLE = "replaceRole";
+ private static final String ROLES_PROPERTIES = "rolesProperties";
+
+ private static final String[] ALL_VALID_OPTIONS =
+ {
+ REPlACE_ROLE,ROLES_PROPERTIES
+ };
+
private static Logger log = Logger.getLogger(RoleMappingLoginModule.class);
private boolean trace = log.isTraceEnabled();
@@ -56,7 +67,15 @@
* Should the matching role be replaced
*/
protected boolean REPLACE_ROLE = false;
-
+
+ @Override
+ public void initialize(Subject subject, CallbackHandler callbackHandler,
+ Map<String,?> sharedState, Map<String,?> options)
+ {
+ addValidOptions(ALL_VALID_OPTIONS);
+ super.initialize(subject, callbackHandler, sharedState, options);
+ }
+
/**
* @see LoginModule#login()
*/
@@ -90,12 +109,12 @@
*/
protected Group[] getRoleSets() throws LoginException
{
- String rep = (String)options.get("replaceRole");
+ String rep = (String)options.get(REPlACE_ROLE);
if("true".equalsIgnoreCase(rep))
this.REPLACE_ROLE = true;
//Get the properties file name from the options
- String propFileName = (String)options.get("rolesProperties");
+ String propFileName = (String)options.get(ROLES_PROPERTIES);
if(propFileName == null)
throw new IllegalStateException("rolesProperties option needs to be provided");
// Replace any system property references like ${x}
Modified: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/RunAsLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/RunAsLoginModule.java 2011-12-22 11:24:01 UTC (rev 112538)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/RunAsLoginModule.java 2011-12-22 14:52:23 UTC (rev 112539)
@@ -21,12 +21,15 @@
*/
package org.jboss.security.auth.spi;
+import java.util.Arrays;
+import java.util.HashSet;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.spi.LoginModule;
+import org.jboss.logging.Logger;
import org.jboss.security.RunAsIdentity;
import org.jboss.security.SecurityAssociation;
@@ -39,23 +42,48 @@
*/
public class RunAsLoginModule implements LoginModule
{
+ private static final String ROLE_NAME = "roleName";
+ private static final String PRINCIPLE_NAME = "principalName";
+
+ private static final String[] ALL_VALID_OPTIONS =
+ {
+ ROLE_NAME,PRINCIPLE_NAME
+ };
+
+ protected Logger log;
private String roleName;
private String principalName;
private boolean pushedRole;
+ private static final String NOBODY = "nobody";
+
/** Look for the roleName option that specifies the role to use as the
* run-as role. If not specified a default role name of nobody is used.
*/
public void initialize(Subject subject, CallbackHandler handler,
Map<String,?> sharedState, Map<String,?> options)
{
- roleName = (String) options.get("roleName");
+ log = Logger.getLogger(getClass());
+
+ /* TODO: this module should really extend AbstractServerLoginModule where the options check is integrated.
+ * the code here has been intentionally kept identical
+ */
+ HashSet<String> validOptions = new HashSet<String>(Arrays.asList(ALL_VALID_OPTIONS));
+ for (Object key : options.keySet())
+ {
+ if (!validOptions.contains((String)key))
+ {
+ log.warn("Invalid or misspelled option: " + key);
+ }
+ }
+
+ roleName = (String) options.get(ROLE_NAME);
if( roleName == null )
- roleName = "nobody";
+ roleName = NOBODY;
- principalName = (String) options.get("principalName");
+ principalName = (String) options.get(PRINCIPLE_NAME);
if( principalName == null )
- principalName = "nobody";
+ principalName = NOBODY;
}
/** Push the run as role using the SecurityAssociation.pushRunAsIdentity method
Modified: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/SimpleServerLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/SimpleServerLoginModule.java 2011-12-22 11:24:01 UTC (rev 112538)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/SimpleServerLoginModule.java 2011-12-22 14:52:23 UTC (rev 112539)
@@ -47,6 +47,8 @@
*/
public class SimpleServerLoginModule extends UsernamePasswordLoginModule
{
+ //TODO: should this module ever get "options", then we need to implement ALL_VALID_OPTIONS
+
private SimplePrincipal user;
private boolean guestOnly;
Modified: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/UsernamePasswordLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/UsernamePasswordLoginModule.java 2011-12-22 11:24:01 UTC (rev 112538)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/UsernamePasswordLoginModule.java 2011-12-22 14:52:23 UTC (rev 112539)
@@ -58,6 +58,27 @@
*/
public abstract class UsernamePasswordLoginModule extends AbstractServerLoginModule
{
+ private static final String HASH_ALGORITHM = "hashAlgorithm";
+ private static final String HASH_ENCODING = "hashEncoding";
+ private static final String HASH_CHARSET = "hashCharset";
+ private static final String HASH_STORE_PASSWORD = "hashStorePassword";
+ private static final String HASH_USER_PASSWORD = "hashUserPassword";
+ private static final String DIGEST_CALLBACK = "digestCallback";
+ private static final String STORE_DIGEST_CALLBACK = "storeDigestCallback";
+ private static final String IGNORE_PASSWORD_CASE = "ignorePasswordCase";
+ private static final String LEGACY_CREATE_PASSWORD_HASH = "legacyCreatePasswordHash";
+ private static final String THROW_VALIDATE_ERROR = "throwValidateError";
+ private static final String INPUT_VALIDATOR = "inputValidator";
+
+ private static final String[] ALL_VALID_OPTIONS =
+ {
+ HASH_ALGORITHM,HASH_ENCODING,HASH_CHARSET,
+ HASH_STORE_PASSWORD,HASH_USER_PASSWORD,
+ DIGEST_CALLBACK,STORE_DIGEST_CALLBACK,
+ IGNORE_PASSWORD_CASE,LEGACY_CREATE_PASSWORD_HASH,
+ THROW_VALIDATE_ERROR,INPUT_VALIDATOR
+ };
+
/** The login identity */
private Principal identity;
/** The proof of login identity */
@@ -115,42 +136,43 @@
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map<String,?> sharedState, Map<String,?> options)
{
+ addValidOptions(ALL_VALID_OPTIONS);
super.initialize(subject, callbackHandler, sharedState, options);
-
+
// Check to see if password hashing has been enabled.
// If an algorithm is set, check for a format and charset.
- hashAlgorithm = (String) options.get("hashAlgorithm");
+ hashAlgorithm = (String) options.get(HASH_ALGORITHM);
if( hashAlgorithm != null )
{
- hashEncoding = (String) options.get("hashEncoding");
+ hashEncoding = (String) options.get(HASH_ENCODING);
if( hashEncoding == null )
hashEncoding = Util.BASE64_ENCODING;
- hashCharset = (String) options.get("hashCharset");
+ hashCharset = (String) options.get(HASH_CHARSET);
if( log.isTraceEnabled() )
{
log.trace("Password hashing activated: algorithm = " + hashAlgorithm
+ ", encoding = " + hashEncoding
+ ", charset = " + (hashCharset == null ? "{default}" : hashCharset)
- + ", callback = " + options.get("digestCallback")
- + ", storeCallback = " + options.get("storeDigestCallback")
+ + ", callback = " + options.get(DIGEST_CALLBACK)
+ + ", storeCallback = " + options.get(STORE_DIGEST_CALLBACK)
);
}
}
- String flag = (String) options.get("ignorePasswordCase");
+ String flag = (String) options.get(IGNORE_PASSWORD_CASE);
ignorePasswordCase = Boolean.valueOf(flag).booleanValue();
- flag = (String) options.get("hashStorePassword");
+ flag = (String) options.get(HASH_STORE_PASSWORD);
hashStorePassword = Boolean.valueOf(flag).booleanValue();
- flag = (String) options.get("hashUserPassword");
+ flag = (String) options.get(HASH_USER_PASSWORD);
if( flag != null )
hashUserPassword = Boolean.valueOf(flag).booleanValue();
- flag = (String) options.get("legacyCreatePasswordHash");
+ flag = (String) options.get(LEGACY_CREATE_PASSWORD_HASH);
if( flag != null )
legacyCreatePasswordHash = Boolean.valueOf(flag).booleanValue();
- flag = (String) options.get("throwValidateError");
+ flag = (String) options.get(THROW_VALIDATE_ERROR);
if(flag != null)
this.throwValidateError = Boolean.valueOf(flag).booleanValue();
// instantiate the input validator class.
- flag = (String) options.get("inputValidator");
+ flag = (String) options.get(INPUT_VALIDATOR);
if(flag != null)
{
try
@@ -240,12 +262,12 @@
// Hash the user entered password if password hashing is in use
if( hashAlgorithm != null && hashUserPassword == true )
- password = createPasswordHash(username, password, "digestCallback");
+ password = createPasswordHash(username, password, DIGEST_CALLBACK);
// Validate the password supplied by the subclass
String expectedPassword = getUsersPassword();
// Allow the storeDigestCallback to hash the expected password
if( hashAlgorithm != null && hashStorePassword == true )
- expectedPassword = createPasswordHash(username, expectedPassword, "storeDigestCallback");
+ expectedPassword = createPasswordHash(username, expectedPassword, STORE_DIGEST_CALLBACK);
if( validatePassword(password, expectedPassword) == false )
{
Throwable ex = getValidateError();
Modified: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/UsersLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/UsersLoginModule.java 2011-12-22 11:24:01 UTC (rev 112538)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/UsersLoginModule.java 2011-12-22 14:52:23 UTC (rev 112539)
@@ -54,6 +54,13 @@
*/
public class UsersLoginModule extends UsernamePasswordLoginModule
{
+ private static final String USER_PROPERTIES = "usersProperties";
+
+ private static final String[] ALL_VALID_OPTIONS =
+ {
+ USER_PROPERTIES
+ };
+
/** The name of the properties resource containing user/passwords */
private String usersRsrcName = "users.properties";
/** The users.properties values */
@@ -68,11 +75,13 @@
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map<String,?> sharedState, Map<String,?> options)
{
+ addValidOptions(ALL_VALID_OPTIONS);
super.initialize(subject, callbackHandler, sharedState, options);
+
try
{
// Check for usersProperties & rolesProperties
- String option = (String) options.get("usersProperties");
+ String option = (String) options.get(USER_PROPERTIES);
if (option != null)
usersRsrcName = option;
Modified: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/UsersRolesLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/UsersRolesLoginModule.java 2011-12-22 11:24:01 UTC (rev 112538)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/UsersRolesLoginModule.java 2011-12-22 14:52:23 UTC (rev 112539)
@@ -64,6 +64,20 @@
*/
public class UsersRolesLoginModule extends UsernamePasswordLoginModule
{
+
+ private static final String USER_PROPERTIES = "usersProperties";
+ private static final String DEFAULT_USER_PROPERTIES = "defaultUsersProperties";
+ private static final String ROLES_PROPERTIES = "rolesProperties";
+ private static final String DEFAULT_ROLES_PROPERTIES = "defaultRolesProperties";
+ private static final String ROLE_GROUP_SEPERATOR = "roleGroupSeperator";
+
+ private static final String[] ALL_VALID_OPTIONS =
+ {
+ USER_PROPERTIES,DEFAULT_USER_PROPERTIES,
+ ROLES_PROPERTIES, DEFAULT_ROLES_PROPERTIES,
+ ROLE_GROUP_SEPERATOR
+ };
+
/** The name of the default properties resource containing user/passwords */
private String defaultUsersRsrcName = "defaultUsers.properties";
/** The name of the default properties resource containing user/roles */
@@ -76,7 +90,7 @@
private Properties users;
/** The roles.properties mappings */
private Properties roles;
- /** The character used to seperate the role group name from the username
+ /** The character used to separate the role group name from the username
* e.g., '.' in jduke.CallerPrincipal=...
*/
private char roleGroupSeperator = '.';
@@ -104,23 +118,24 @@
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map<String,?> sharedState, Map<String,?> options)
{
+ addValidOptions(ALL_VALID_OPTIONS);
super.initialize(subject, callbackHandler, sharedState, options);
try
{
// Check for usersProperties & rolesProperties
- String option = (String) options.get("usersProperties");
+ String option = (String) options.get(USER_PROPERTIES);
if (option != null)
usersRsrcName = option;
- option = (String) options.get("defaultUsersProperties");
+ option = (String) options.get(DEFAULT_USER_PROPERTIES);
if (option != null)
defaultUsersRsrcName = option;
- option = (String) options.get("rolesProperties");
+ option = (String) options.get(ROLES_PROPERTIES);
if (option != null)
rolesRsrcName = option;
- option = (String) options.get("defaultRolesProperties");
+ option = (String) options.get(DEFAULT_ROLES_PROPERTIES);
if (option != null)
defaultRolesRsrcName = option;
- option = (String) options.get("roleGroupSeperator");
+ option = (String) options.get(ROLE_GROUP_SEPERATOR);
if( option != null )
roleGroupSeperator = option.charAt(0);
// Load the properties file that contains the list of users and passwords
Modified: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/XMLLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/XMLLoginModule.java 2011-12-22 11:24:01 UTC (rev 112538)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/XMLLoginModule.java 2011-12-22 14:52:23 UTC (rev 112539)
@@ -67,7 +67,14 @@
*/
public class XMLLoginModule extends UsernamePasswordLoginModule
{
- /** The name of the properties resource containing user/passwords */
+ private static final String USER_INFO = "userInfo";
+
+ private static final String[] ALL_VALID_OPTIONS =
+ {
+ USER_INFO
+ };
+
+ /** The name of the properties resource containing user/passwords */
private Users users;
/** Initialize this LoginModule.
@@ -78,10 +85,11 @@
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map<String,?> sharedState, Map<String,?> options)
{
- super.initialize(subject, callbackHandler, sharedState, options);
+ addValidOptions(ALL_VALID_OPTIONS);
+ super.initialize(subject, callbackHandler, sharedState, options);
try
{
- users = (Users) options.get("userInfo");
+ users = (Users) options.get(USER_INFO);
}
catch (Exception e)
{
More information about the jboss-cvs-commits
mailing list