Author: aparfonov
Date: 2010-09-22 03:48:29 -0400 (Wed, 22 Sep 2010)
New Revision: 3172
Modified:
core/branches/2.3.x/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/Identity.java
core/branches/2.3.x/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/jaas/DefaultLoginModule.java
core/branches/2.3.x/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/jaas/IdentitySetLoginModule.java
core/branches/2.3.x/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/web/JAASConversationStateListener.java
core/branches/2.3.x/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/web/SetCurrentIdentityFilter.java
Log:
COR-213 : restore Identity fro authenticated users
Modified:
core/branches/2.3.x/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/Identity.java
===================================================================
---
core/branches/2.3.x/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/Identity.java 2010-09-21
15:39:20 UTC (rev 3171)
+++
core/branches/2.3.x/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/Identity.java 2010-09-22
07:48:29 UTC (rev 3172)
@@ -25,10 +25,11 @@
import javax.security.auth.Subject;
/**
- * Created by The eXo Platform SAS .<br/> User Session encapsulates user's
- * principals such as name, groups along with JAAS subject (useful in J2EE
- * environment) as well as other optional attributes
- *
+ * Created by The eXo Platform SAS .<br/>
+ * User Session encapsulates user's principals such as name, groups along with
+ * JAAS subject (useful in J2EE environment) as well as other optional
+ * attributes
+ *
* @author Gennady Azarenkov
* @version $Id: $
*/
@@ -118,7 +119,7 @@
/**
* Check is user member of group.
- *
+ *
* @param group the group.
* @return true if user has any membershipType for given group, false
* otherwise.
@@ -159,7 +160,7 @@
/**
* Sets the roles for J2EE environment using.
- *
+ *
* @param roles the roles.
*/
public void setRoles(Collection<String> roles)
@@ -177,6 +178,9 @@
/**
* @return @see {@link Subject} .
+ * @deprecated Do not need store subject any more. It was used before to
+ * perform logout, since tomcat 6.0.21 logout implemented in
+ * web-container.
*/
public Subject getSubject()
{
@@ -185,6 +189,7 @@
/**
* @param subject @see {@link Subject} .
+ * @deprecated See {@link #getSubject()}
*/
public void setSubject(Subject subject)
{
@@ -193,7 +198,7 @@
/**
* Check is given {@link MembershipEntry} presents in user's memberships.
- *
+ *
* @param checkMe the MembershipEntry.
* @return true if presents false otherwise.
*/
Modified:
core/branches/2.3.x/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/jaas/DefaultLoginModule.java
===================================================================
---
core/branches/2.3.x/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/jaas/DefaultLoginModule.java 2010-09-21
15:39:20 UTC (rev 3171)
+++
core/branches/2.3.x/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/jaas/DefaultLoginModule.java 2010-09-22
07:48:29 UTC (rev 3172)
@@ -34,7 +34,7 @@
/**
* Created by The eXo Platform SAS .
- *
+ *
* @author Gennady Azarenkov
* @version $Id: $
*/
@@ -53,8 +53,8 @@
protected Identity identity;
/**
- * Is allowed for one user login again if he already login.
- * If must set in LM options.
+ * Is allowed for one user login again if he already login. If must set in LM
+ * options.
*/
protected boolean singleLogin;
@@ -66,7 +66,7 @@
}
/**
- * {@inheritDoc}
+ * {@inheritDoc}
*/
public void afterInitialize()
{
@@ -130,7 +130,7 @@
{
log.debug(e.getMessage());
}
-
+
throw new LoginException(e.getMessage());
}
}
@@ -149,6 +149,10 @@
if (singleLogin && identityRegistry.getIdentity(identity.getUserId()) !=
null)
throw new LoginException("User " + identity.getUserId() + "
already logined.");
+ // TODO Remove subject from identity if nod need it in eXo environment.
+ // Do not need implement logout by self if use tomcat 6.0.21 and later.
+ // See deprecation comments in
+ // org.exoplatform.services.security.web.JAASConversationStateListener
identity.setSubject(subject);
identityRegistry.register(identity);
Modified:
core/branches/2.3.x/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/jaas/IdentitySetLoginModule.java
===================================================================
---
core/branches/2.3.x/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/jaas/IdentitySetLoginModule.java 2010-09-21
15:39:20 UTC (rev 3171)
+++
core/branches/2.3.x/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/jaas/IdentitySetLoginModule.java 2010-09-22
07:48:29 UTC (rev 3172)
@@ -36,7 +36,7 @@
* Required name of user MUST be passed to LM via sharedState (see method
* {@link #initialize(Subject, CallbackHandler, Map, Map)}), with name
* javax.security.auth.login.name.
- *
+ *
* @author <a href="mailto:andrew00x@gmail.com">Andrey
Parfonov</a>
* @version $Id: $
*/
@@ -92,6 +92,10 @@
throw new LoginException("User " + userId + " already
logined.");
Identity identity = authenticator.createIdentity(userId);
+ // TODO Remove subject from identity if nod need it in eXo environment.
+ // Do not need implement logout by self if use tomcat 6.0.21 and later.
+ // See deprecation comments in
+ // org.exoplatform.services.security.web.JAASConversationStateListener
identity.setSubject(subject);
identityRegistry.register(identity);
Modified:
core/branches/2.3.x/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/web/JAASConversationStateListener.java
===================================================================
---
core/branches/2.3.x/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/web/JAASConversationStateListener.java 2010-09-21
15:39:20 UTC (rev 3171)
+++
core/branches/2.3.x/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/web/JAASConversationStateListener.java 2010-09-22
07:48:29 UTC (rev 3172)
@@ -32,6 +32,13 @@
/**
* @author <a href="mailto:andrew00x@gmail.com">Andrey
Parfonov</a>
* @version $Id: $
+ * @deprecated Since use tomcat as default web-container do need use this
+ * listener any more. In tomcat 6.0.21 and later logout already
+ * implemented in
+ * <strong>org.apache.catalina.realm.GenericPrincipal</strong>.
+ * Detains described <a
+ *
href="https://issues.apache.org/bugzilla/show_bug.cgi?id=39231"
+ * >here</a> . Should use {@link ConversationStateListener}
instead.
*/
public class JAASConversationStateListener extends ConversationStateListener
{
@@ -67,10 +74,12 @@
}
else
{
- log.warn("Subject was not found in ConversationState
attributes.");
+ if (log.isDebugEnabled())
+ {
+ log.warn("Subject was not found in ConversationState
attributes.");
+ }
}
}
-
}
catch (Exception e)
{
Modified:
core/branches/2.3.x/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/web/SetCurrentIdentityFilter.java
===================================================================
---
core/branches/2.3.x/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/web/SetCurrentIdentityFilter.java 2010-09-21
15:39:20 UTC (rev 3171)
+++
core/branches/2.3.x/exo.core.component.security.core/src/main/java/org/exoplatform/services/security/web/SetCurrentIdentityFilter.java 2010-09-22
07:48:29 UTC (rev 3172)
@@ -23,6 +23,7 @@
import org.exoplatform.container.web.AbstractFilter;
import org.exoplatform.services.log.ExoLogger;
import org.exoplatform.services.log.Log;
+import org.exoplatform.services.security.Authenticator;
import org.exoplatform.services.security.ConversationRegistry;
import org.exoplatform.services.security.ConversationState;
import org.exoplatform.services.security.Identity;
@@ -32,6 +33,7 @@
import java.io.IOException;
import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
@@ -40,21 +42,33 @@
/**
* Created by The eXo Platform SAS .
- *
+ *
* @author <a href="mailto:gennady.azarenkov@exoplatform.com">Gennady
* Azarenkov</a>
- * @version $Id: SimpleSessionFactoryInitializedFilter.java 7163 2006-07-19
- * 07:30:39Z peterit $
+ * @version $Id: SetCurrentIdentityFilter.java 7163 2006-07-19 07:30:39Z peterit
+ * $
*/
public class SetCurrentIdentityFilter extends AbstractFilter
{
+ private boolean restoreIdentity;
+
/**
* Logger.
*/
private static Log log =
ExoLogger.getLogger("exo.core.component.security.core.SetCurrentIdentityFilter");
/**
+ * {@inheritDoc}
+ */
+ @Override
+ protected void afterInit(FilterConfig config) throws ServletException
+ {
+ super.afterInit(config);
+ restoreIdentity =
Boolean.parseBoolean(config.getInitParameter("restoreIdentity"));
+ }
+
+ /**
* Set current {@link ConversationState}, if it is not registered yet then
* create new one and register in {@link ConversationRegistry}. {@inheritDoc}
*/
@@ -134,12 +148,42 @@
if (identity != null)
{
state = new ConversationState(identity);
- // keep subject as attribute in ConversationState
+ // Keep subject as attribute in ConversationState.
+ // TODO remove this, do not need it any more.
state.setAttribute(ConversationState.SUBJECT, identity.getSubject());
}
else
- log.error("Not found identity in IdentityRegistry for user " +
userId + ", check Login Module.");
+ {
+ if (restoreIdentity)
+ {
+ if (log.isDebugEnabled())
+ {
+ log.debug("Not found identity for " + userId + " try
to restore it. ");
+ }
+ Authenticator authenticator =
+
(Authenticator)container.getComponentInstanceOfType(Authenticator.class);
+ try
+ {
+ identity = authenticator.createIdentity(userId);
+ identityRegistry.register(identity);
+ }
+ catch (Exception e)
+ {
+ log.error("Unable restore identity. " + e.getMessage(),
e);
+ }
+
+ if (identity != null)
+ {
+ state = new ConversationState(identity);
+ }
+ }
+ else
+ {
+ log.error("Not found identity in IdentityRegistry for user "
+ userId + ", check Login Module.");
+ }
+ }
+
if (state != null)
{
conversationRegistry.register(stateKey, state);
@@ -147,7 +191,6 @@
{
log.debug("Register Conversation state " +
httpSession.getId());
}
-
}
}
}