[jboss-cvs] Picketbox SVN: r458 - in trunk: security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/message/config and 7 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Fri Oct 4 17:01:18 EDT 2013
Author: sguilhen at redhat.com
Date: 2013-10-04 17:01:17 -0400 (Fri, 04 Oct 2013)
New Revision: 458
Modified:
trunk/security-jboss-sx/jbosssx/pom.xml
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/message/config/JBossAuthConfigFactory.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/auth/JASPIServerAuthenticationManager.java
trunk/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/authentication/jaspi/JASPIServerAuthenticationManagerUnitTestCase.java
trunk/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/security/vault/SecurityVaultUnitTestCase.java
trunk/security-jboss-sx/parent/pom.xml
trunk/security-spi/parent/pom.xml
trunk/security-spi/spi/pom.xml
trunk/security-spi/spi/src/main/java/org/jboss/security/ServerAuthenticationManager.java
Log:
Fixed the registration logic in JBossAuthConfigFactory. Changed JASPIServerAuthenticationManager to store the AuthException in the security context
Modified: trunk/security-jboss-sx/jbosssx/pom.xml
===================================================================
--- trunk/security-jboss-sx/jbosssx/pom.xml 2013-09-11 08:12:49 UTC (rev 457)
+++ trunk/security-jboss-sx/jbosssx/pom.xml 2013-10-04 21:01:17 UTC (rev 458)
@@ -117,7 +117,7 @@
<dependencies>
<dependency>
<groupId>org.jboss.spec.javax.security.auth.message</groupId>
- <artifactId>jboss-jaspi-api_1.0_spec</artifactId>
+ <artifactId>jboss-jaspi-api_1.1_spec</artifactId>
<scope>compile</scope>
</dependency>
<dependency>
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/message/config/JBossAuthConfigFactory.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/message/config/JBossAuthConfigFactory.java 2013-09-11 08:12:49 UTC (rev 457)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/message/config/JBossAuthConfigFactory.java 2013-10-04 21:01:17 UTC (rev 458)
@@ -26,8 +26,6 @@
import java.util.HashMap;
import java.util.List;
import java.util.Map;
-import java.util.StringTokenizer;
-import java.util.UUID;
import javax.security.auth.message.config.AuthConfigFactory;
import javax.security.auth.message.config.AuthConfigProvider;
@@ -47,31 +45,21 @@
public class JBossAuthConfigFactory extends AuthConfigFactory
{
/**
- * Map of String key to provider
+ * Map of String key to provider.
*/
- private Map<String, AuthConfigProvider> keyProviderMap = new HashMap<String, AuthConfigProvider>();
+ private Map<String, AuthConfigProvider> keyToAuthConfigProviderMap = new HashMap<String, AuthConfigProvider>();
/**
- * Map of key to listener
+ * Map of key to listener.
*/
- private Map<String, RegistrationListener> keyListenerMap = new HashMap<String, RegistrationListener>();
+ private Map<String, RegistrationListener> keyToRegistrationListenerMap = new HashMap<String, RegistrationListener>();
/**
- * Map of registration id to description
+ * Map of key to registration context.
*/
- private Map<String, String> idToDescriptionMap = new HashMap<String, String>();
-
+ private Map<String, RegistrationContext> keyToRegistrationContextMap = new HashMap<String, RegistrationContext>();
+
/**
- * Map of registration id to key
- */
- private Map<String, String> idKeyMap = new HashMap<String, String>();
-
- /**
- * Map of provider to a list of registration ids
- */
- private Map<AuthConfigProvider, List<String>> providerToIDListMap = new HashMap<AuthConfigProvider, List<String>>();
-
- /**
* <p>
* Creates an instance of {@code JBossAuthConfigFactory}.
* </p>
@@ -95,10 +83,10 @@
throw PicketBoxMessages.MESSAGES.invalidNullArgument("listener");
String[] arr = new String[0];
- String input = layer + "^" + appContext;
- String allLayer = "null" + "^" + appContext;
- String allContext = layer + "^" + "null";
- String general = "null" + "^" + "null";
+ String input = layer + appContext;
+ String allLayer = "null" + appContext;
+ String allContext = layer + "null";
+ String general = "nullnull";
RegistrationListener origListener = null;
String key = null;
@@ -112,20 +100,13 @@
key = allContext;
if (i == 3)
key = general;
- origListener = (RegistrationListener) keyListenerMap.get(key);
+ origListener = keyToRegistrationListenerMap.get(key);
}
if (origListener == listener)
{
- keyListenerMap.remove(key);
+ keyToRegistrationListenerMap.remove(key);
// Get the ID List
- AuthConfigProvider provider = (AuthConfigProvider) keyProviderMap.get(key);
- if (provider != null)
- {
- List<String> list = providerToIDListMap.get(provider);
- arr = new String[list.size()];
- list.toArray(arr);
- }
}
return arr;
}
@@ -136,16 +117,14 @@
*/
public AuthConfigProvider getConfigProvider(String layer, String appContext, RegistrationListener listener)
{
- if (appContext == null)
- appContext = " ";
- String input = layer + "^" + appContext;
- String allLayer = "null" + "^" + appContext;
- String allContext = layer + "^" + "null";
- String general = "null" + "^" + "null";
+ String input = new StringBuilder().append(layer).append(appContext).toString();
+ String allLayer = "null" + appContext;
+ String allContext = layer + "null";
+ String general = "nullnull";
AuthConfigProvider acp = null;
String key = null;
- for (int i = 0; i < 4 && acp == null; i++)
+ for (int i = 0; i < 4; i++)
{
if (i == 0)
key = input;
@@ -155,12 +134,18 @@
key = allContext;
if (i == 3)
key = general;
- acp = keyProviderMap.get(key);
+
+ if (this.keyToAuthConfigProviderMap.containsKey(key))
+ {
+ acp = this.keyToAuthConfigProviderMap.get(key);
+ break;
+ }
}
-
- if (acp != null && listener != null)
- this.keyListenerMap.put(key, listener);
+ //
+ if (listener != null)
+ this.keyToRegistrationListenerMap.put(input, listener);
+
return acp;
}
@@ -170,37 +155,7 @@
*/
public RegistrationContext getRegistrationContext(String registrationID)
{
- String key = idKeyMap.get(registrationID);
- StringTokenizer st = new StringTokenizer(key, "^");
- if (st.countTokens() < 2)
- throw PicketBoxMessages.MESSAGES.invalidKeyFormat(key);
-
- final String layer = st.nextToken();
- final String appCtx = st.nextToken();
- final String description = (String) idToDescriptionMap.get(registrationID);
-
- return new RegistrationContext()
- {
- public String getAppContext()
- {
- return appCtx.equals("null") ? null : appCtx;
- }
-
- public String getDescription()
- {
- return description;
- }
-
- public String getMessageLayer()
- {
- return layer.equals("null") ? null : layer;
- }
-
- public boolean isPersistent()
- {
- return false;
- }
- };
+ return this.keyToRegistrationContextMap.get(registrationID);
}
/*
@@ -212,13 +167,16 @@
List<String> al = new ArrayList<String>();
if (provider == null)
{
- al.addAll(idKeyMap.keySet());
+ al.addAll(keyToAuthConfigProviderMap.keySet());
}
else
{
- List<String> list = this.providerToIDListMap.get(provider);
- if (list != null)
- al.addAll(list);
+ // get all entries that have the supplied provider as value and store their keys.
+ for (Map.Entry<String, AuthConfigProvider> entry : this.keyToAuthConfigProviderMap.entrySet())
+ {
+ if (entry.getValue().equals(provider))
+ al.add(entry.getKey());
+ }
}
String[] sarr = new String[al.size()];
al.toArray(sarr);
@@ -237,13 +195,11 @@
* (non-Javadoc)
* @see javax.security.auth.message.config.AuthConfigFactory#registerConfigProvider(java.lang.String, java.util.Map, java.lang.String, java.lang.String, java.lang.String)
*/
- @SuppressWarnings("rawtypes")
public String registerConfigProvider(String className, Map properties, String layer, String appContext,
String description)
{
// Instantiate the provider
AuthConfigProvider acp = null;
-
if (className != null) {
try
{
@@ -257,7 +213,31 @@
throw PicketBoxMessages.MESSAGES.failedToRegisterAuthConfigProvider(className, e);
}
}
- return this.registerConfigProvider(acp, layer, appContext, description);
+
+ // build the provider registration id using layer + appContext, which is a unique pair.
+ String registrationID = new StringBuilder().append(layer).append(appContext).toString();
+
+ // check if we already have a registration for the layer/appContext key.
+ AuthConfigProvider oldProvider = this.keyToAuthConfigProviderMap.put(registrationID, acp);
+ if (oldProvider != null)
+ {
+ // registration already exists and provider has been replaced. Update the registration context.
+ JBossRegistrationContext context = (JBossRegistrationContext) this.keyToRegistrationContextMap.get(registrationID);
+ context.setDescription(description);
+ context.setIsPersistent(true);
+ // if there is a listener attached to the registration, notify it that the registration has been replaced.
+ RegistrationListener listener = this.keyToRegistrationListenerMap.get(registrationID);
+ if (listener != null)
+ listener.notify(layer, appContext);
+ }
+ else
+ {
+ // create a registration context for the new registration.
+ RegistrationContext context = new JBossRegistrationContext(layer, appContext, description, true);
+ this.keyToRegistrationContextMap.put(registrationID, context);
+ }
+
+ return registrationID;
}
/*
@@ -266,34 +246,29 @@
*/
public String registerConfigProvider(AuthConfigProvider provider, String layer, String appContext, String description)
{
- StringBuilder key = new StringBuilder();
- key.append(layer == null ? "null" : layer);
- key.append("^");
- key.append(appContext == null ? "null" : appContext);
+ String registrationID = new StringBuilder().append(layer).append(appContext).toString();
- String keystr = key.toString();
- keyProviderMap.put(keystr, provider);
+ // check if we already have a registration for the layer/appContext key.
+ AuthConfigProvider oldProvider = this.keyToAuthConfigProviderMap.put(registrationID, provider);
+ if (oldProvider != null)
+ {
+ // registration already exists and provider has been replaced. Update the registration context.
+ JBossRegistrationContext context = (JBossRegistrationContext) this.keyToRegistrationContextMap.get(registrationID);
+ context.setDescription(description);
+ context.setIsPersistent(false);
+ // if there is a listener attached to the registration, notify it that the registration has been replaced.
+ RegistrationListener listener = this.keyToRegistrationListenerMap.get(registrationID);
+ if (listener != null)
+ listener.notify(layer, appContext);
+ }
+ else
+ {
+ // create a registration context for the new registration.
+ RegistrationContext context = new JBossRegistrationContext(layer, appContext, description, false);
+ this.keyToRegistrationContextMap.put(registrationID, context);
+ }
- // Generate a GUID
- UUID guid = UUID.randomUUID();
- String providerID = guid.toString();
- this.idKeyMap.put(providerID, keystr);
-
- List<String> list = this.providerToIDListMap.get(provider);
- if (list == null)
- list = new ArrayList<String>();
- list.add(providerID);
-
- this.providerToIDListMap.put(provider, list);
- if (description != null)
- this.idToDescriptionMap.put(providerID, description);
-
- // Check if their is a pre-existing listener
- RegistrationListener listener = keyListenerMap.get(keystr);
- if (listener != null)
- listener.notify(layer, appContext);
-
- return providerID;
+ return registrationID;
}
/*
@@ -305,18 +280,75 @@
if (registrationID == null)
throw PicketBoxMessages.MESSAGES.invalidNullArgument("registrationID");
- String key = idKeyMap.get(registrationID);
- if (key != null)
- {
- RegistrationListener listener = this.keyListenerMap.get(key);
- RegistrationContext rc = this.getRegistrationContext(registrationID);
+ RegistrationListener listener = this.keyToRegistrationListenerMap.get(registrationID);
+ RegistrationContext rc = this.keyToRegistrationContextMap.get(registrationID);
- this.keyProviderMap.remove(key);
- // Notify the listener of the change
- if (listener != null)
- listener.notify(rc.getMessageLayer(), rc.getAppContext());
- return true;
- }
- return false;
+ // remove the provider and notify listener of the change.
+ boolean removed = this.keyToAuthConfigProviderMap.containsKey(registrationID);
+ this.keyToAuthConfigProviderMap.remove(registrationID);
+ if (removed && listener != null)
+ listener.notify(rc.getMessageLayer(), rc.getAppContext());
+ this.keyToRegistrationContextMap.remove(registrationID);
+
+ return removed;
}
+
+ static class JBossRegistrationContext implements RegistrationContext {
+
+ private String messageLayer;
+
+ private String appContext;
+
+ private String description;
+
+ private boolean isPersistent;
+
+ JBossRegistrationContext(String layer, String appContext, String description, boolean isPersistent)
+ {
+ this.messageLayer = layer;
+ this.appContext = appContext;
+ this.description = description;
+ this.isPersistent = isPersistent;
+ }
+
+ public String getAppContext()
+ {
+ return this.appContext;
+ }
+
+ public void setAppContext(String appContext)
+ {
+ this.appContext = appContext;
+ }
+
+ public String getDescription()
+ {
+ return this.description;
+ }
+
+ public void setDescription(String description)
+ {
+ this.description = description;
+ }
+
+ public String getMessageLayer()
+ {
+ return this.messageLayer;
+ }
+
+ public void setMessageLayer(String messageLayer)
+ {
+ this.messageLayer = messageLayer;
+ }
+
+ public boolean isPersistent()
+ {
+ return this.isPersistent;
+ }
+
+ public void setIsPersistent(boolean isPersistent)
+ {
+ this.isPersistent = isPersistent;
+ }
+ }
}
\ No newline at end of file
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/auth/JASPIServerAuthenticationManager.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/auth/JASPIServerAuthenticationManager.java 2013-09-11 08:12:49 UTC (rev 457)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/auth/JASPIServerAuthenticationManager.java 2013-10-04 21:01:17 UTC (rev 458)
@@ -36,6 +36,7 @@
import org.jboss.security.PicketBoxLogger;
import org.jboss.security.PicketBoxMessages;
+import org.jboss.security.SecurityContextAssociation;
import org.jboss.security.ServerAuthenticationManager;
/**
@@ -95,6 +96,7 @@
}
catch(AuthException ae)
{
+ SecurityContextAssociation.getSecurityContext().getData().put(AuthException.class.getName(), ae);
PicketBoxLogger.LOGGER.debugIgnoredException(ae);
}
return AuthStatus.SUCCESS == status ;
@@ -126,6 +128,7 @@
}
catch(AuthException ae)
{
+ SecurityContextAssociation.getSecurityContext().getData().put(AuthException.class.getName(), ae);
PicketBoxLogger.LOGGER.debugIgnoredException(ae);
}
}
Modified: trunk/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/authentication/jaspi/JASPIServerAuthenticationManagerUnitTestCase.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/authentication/jaspi/JASPIServerAuthenticationManagerUnitTestCase.java 2013-09-11 08:12:49 UTC (rev 457)
+++ trunk/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/authentication/jaspi/JASPIServerAuthenticationManagerUnitTestCase.java 2013-10-04 21:01:17 UTC (rev 458)
@@ -67,8 +67,8 @@
"Test Config Provider");
jaspiManager = new JASPIServerAuthenticationManager("conf-jaspi", new JBossCallbackHandler());
-// SecurityContext jsc = new JBossSecurityContext("conf-jaspi");
-// SecurityContextAssociation.setSecurityContext(jsc);
+ SecurityContext jsc = new JBossSecurityContext("conf-jaspi");
+ SecurityContextAssociation.setSecurityContext(jsc);
XMLLoginConfigImpl xli = XMLLoginConfigImpl.getInstance();
SecurityActions.setJAASConfiguration(xli);
Modified: trunk/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/security/vault/SecurityVaultUnitTestCase.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/security/vault/SecurityVaultUnitTestCase.java 2013-09-11 08:12:49 UTC (rev 457)
+++ trunk/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/security/vault/SecurityVaultUnitTestCase.java 2013-10-04 21:01:17 UTC (rev 458)
@@ -387,7 +387,8 @@
cleanDirectory(targetVaultContent);
File originVault = new File(originalVaultContentDir);
for (File f : originVault.listFiles()) {
- SecurityVaultUnitTestCase.copyFile(f, new File(targetVaultContent.getAbsolutePath() + File.separator + f.getName()));
+ if (f.isFile()) // some version control systems add a hidden directory, we must make sure we won't copy those.
+ SecurityVaultUnitTestCase.copyFile(f, new File(targetVaultContent.getAbsolutePath() + File.separator + f.getName()));
}
}
Modified: trunk/security-jboss-sx/parent/pom.xml
===================================================================
--- trunk/security-jboss-sx/parent/pom.xml 2013-09-11 08:12:49 UTC (rev 457)
+++ trunk/security-jboss-sx/parent/pom.xml 2013-10-04 21:01:17 UTC (rev 458)
@@ -127,8 +127,8 @@
</dependency>
<dependency>
<groupId>org.jboss.spec.javax.security.auth.message</groupId>
- <artifactId>jboss-jaspi-api_1.0_spec</artifactId>
- <version>1.0.0.Final</version>
+ <artifactId>jboss-jaspi-api_1.1_spec</artifactId>
+ <version>1.0.0.Alpha1</version>
<scope>compile</scope>
</dependency>
<dependency>
Modified: trunk/security-spi/parent/pom.xml
===================================================================
--- trunk/security-spi/parent/pom.xml 2013-09-11 08:12:49 UTC (rev 457)
+++ trunk/security-spi/parent/pom.xml 2013-10-04 21:01:17 UTC (rev 458)
@@ -85,8 +85,8 @@
<dependencies>
<dependency>
<groupId>org.jboss.spec.javax.security.auth.message</groupId>
- <artifactId>jboss-jaspi-api_1.0_spec</artifactId>
- <version>1.0.0.Final</version>
+ <artifactId>jboss-jaspi-api_1.1_spec</artifactId>
+ <version>1.0.0.Alpha1</version>
<scope>compile</scope>
</dependency>
<dependency>
Modified: trunk/security-spi/spi/pom.xml
===================================================================
--- trunk/security-spi/spi/pom.xml 2013-09-11 08:12:49 UTC (rev 457)
+++ trunk/security-spi/spi/pom.xml 2013-10-04 21:01:17 UTC (rev 458)
@@ -39,7 +39,7 @@
<dependencies>
<dependency>
<groupId>org.jboss.spec.javax.security.auth.message</groupId>
- <artifactId>jboss-jaspi-api_1.0_spec</artifactId>
+ <artifactId>jboss-jaspi-api_1.1_spec</artifactId>
</dependency>
<dependency>
<groupId>org.picketbox</groupId>
Modified: trunk/security-spi/spi/src/main/java/org/jboss/security/ServerAuthenticationManager.java
===================================================================
--- trunk/security-spi/spi/src/main/java/org/jboss/security/ServerAuthenticationManager.java 2013-09-11 08:12:49 UTC (rev 457)
+++ trunk/security-spi/spi/src/main/java/org/jboss/security/ServerAuthenticationManager.java 2013-10-04 21:01:17 UTC (rev 458)
@@ -33,7 +33,11 @@
public interface ServerAuthenticationManager extends AuthenticationManager
{
/**
- * Authenticate a Subject given the request response JSR-196(JASPI) messages
+ * <p>Authenticate a Subject given the request response JSR-196(JASPI) messages.</p>
+ *
+ * <p>If any {@link javax.security.auth.message.AuthException} is thrown during the processing it will be available
+ * through {@link SecurityContext} context data with a key <code>javax.security.auth.message.AuthException</code>.</p>
+ *
* @param requestMessage
* @param clientSubject Pre-created or null subject
* @param layer Message Layer for the JASPI (Optional): Default: HTTP
@@ -44,7 +48,10 @@
CallbackHandler callbackHandler);
/**
- * Authenticate a Subject given the request response JSR-196(JASPI) messages
+ * <p>Authenticate a Subject given the request response JSR-196(JASPI) messages.</p>
+ *
+ * <p>If any {@link javax.security.auth.message.AuthException} is thrown during the processing it will be available
+ * through {@link SecurityContext} context data with a key <code>javax.security.auth.message.AuthException</code>.</p>
*
* @param messageInfo the object that contains the request and response messages.
* @param clientSubject the client subject.
@@ -60,7 +67,10 @@
* <p>
* Secures the response encapsulated in the specified {@code MessageInfo} object.
* </p>
- *
+ *
+ * <p>If any {@link javax.security.auth.message.AuthException} is thrown during the processing it will be available
+ * through {@link SecurityContext} context data with a key <code>javax.security.auth.message.AuthException</code>.</p>
+ *
* @param messageInfo the object that contains the request and response messages.
* @param serviceSubject an optional server {@code Subject} instance.
* @param layer the JASPI message layer.
More information about the jboss-cvs-commits
mailing list