8:25 a.m.
Author: mposolda
Date: 2012-02-13 09:25:23 -0500 (Mon, 13 Feb 2012)
New Revision: 8421
Added:
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/tomcat/
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/tomcat/ServletAccess.java
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/tomcat/ServletAccessValve.java
Modified:
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/login/SSOLoginModule.java
Log:
GTNSSO-5 SSO is now working with GateIn on Tomcat
Modified:
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/login/SSOLoginModule.java
===================================================================
---
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/login/SSOLoginModule.java 2012-02-13
12:10:57 UTC (rev 8420)
+++
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/login/SSOLoginModule.java 2012-02-13
14:25:23 UTC (rev 8421)
@@ -35,14 +35,14 @@
import org.exoplatform.services.security.Identity;
import org.exoplatform.services.security.UsernameCredential;
import org.exoplatform.services.security.jaas.AbstractLoginModule;
+import org.gatein.sso.agent.tomcat.ServletAccess;
/**
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
*/
public final class SSOLoginModule extends AbstractLoginModule
{
- private static final Log log = ExoLogger.getLogger(SSOLoginModule.class
- .getName());
+ private static final Log log = ExoLogger.getLogger(SSOLoginModule.class);
/** JACC get context method. */
private static Method getContextMethod;
@@ -75,26 +75,22 @@
String password = new String(((PasswordCallback) callbacks[1])
.getPassword());
-
- //
- // For clustered config check credentials stored and propagated in session.
This won't work in tomcat because
- // of lack of JACC PolicyContext so the code must be a bit defensive
+
+ // Check credentials stored and propagated in session.
String username = null;
- if (getContextMethod != null &&
password.startsWith("wci-ticket"))
- {
- HttpServletRequest request;
- try
- {
- request = (HttpServletRequest)getContextMethod.invoke(null,
"javax.servlet.http.HttpServletRequest");
- username =
(String)request.getSession().getAttribute("username");
- }
- catch(Throwable e)
- {
- log.error(this,e);
- log.error("LoginModule error. Turn off session credentials checking
with proper configuration option of " +
- "LoginModule set to false");
- }
- }
+ HttpServletRequest request = getCurrentHttpServletRequest();
+
+ if (request == null)
+ {
+ log.debug("HttpServletRequest is null. SSOLoginModule will be
ignored.");
+ return false;
+ }
+
+ if (password.startsWith("wci-ticket"))
+ {
+ username = (String)request.getSession().getAttribute("username");
+ }
+
if (username == null)
{
@@ -145,8 +141,40 @@
}
@Override
- protected Log getLogger()
+ protected Log getLogger()
{
return log;
}
+
+ protected HttpServletRequest getCurrentHttpServletRequest()
+ {
+ HttpServletRequest request = null;
+
+ // JBoss way
+ if (getContextMethod != null)
+ {
+ try
+ {
+ request = (HttpServletRequest)getContextMethod.invoke(null,
"javax.servlet.http.HttpServletRequest");
+ }
+ catch(Throwable e)
+ {
+ log.error("LoginModule error. Turn off session credentials checking with
proper configuration option of " +
+ "LoginModule set to false");
+ log.error(this, e);
+ }
+ }
+ // Tomcat way (Assumed that ServletAccessValve has been configured in context.xml)
+ else
+ {
+ request = ServletAccess.getRequest();
+ }
+
+ if (log.isTraceEnabled())
+ {
+ log.trace("Returning HttpServletRequest " + request);
+ }
+
+ return request;
+ }
}
\ No newline at end of file
Added:
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/tomcat/ServletAccess.java
===================================================================
---
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/tomcat/ServletAccess.java
(rev 0)
+++
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/tomcat/ServletAccess.java 2012-02-13
14:25:23 UTC (rev 8421)
@@ -0,0 +1,57 @@
+package org.gatein.sso.agent.tomcat;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ */
+public class ServletAccess
+{
+
+ private static ThreadLocal<Holder> holderThreadLocal = new
ThreadLocal<Holder>();
+
+ public static void setRequestAndResponse(HttpServletRequest request,
HttpServletResponse response)
+ {
+ holderThreadLocal.set(new Holder(request, response));
+ }
+
+ public static void resetRequestAndResponse()
+ {
+ holderThreadLocal.set(null);
+ }
+
+ public static HttpServletRequest getRequest()
+ {
+ Holder holder = holderThreadLocal.get();
+ if (holder != null)
+ {
+ return holder.servletRequest;
+ }
+
+ return null;
+ }
+
+ public static HttpServletResponse getResponse()
+ {
+ Holder holder = holderThreadLocal.get();
+ if (holder != null)
+ {
+ return holder.servletResponse;
+ }
+
+ return null;
+ }
+
+ private static class Holder
+ {
+ private final HttpServletRequest servletRequest;
+ private final HttpServletResponse servletResponse;
+
+ private Holder(HttpServletRequest servletRequest, HttpServletResponse
servletResponse)
+ {
+ this.servletRequest = servletRequest;
+ this.servletResponse = servletResponse;
+ }
+ }
+}
Added:
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/tomcat/ServletAccessValve.java
===================================================================
---
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/tomcat/ServletAccessValve.java
(rev 0)
+++
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/tomcat/ServletAccessValve.java 2012-02-13
14:25:23 UTC (rev 8421)
@@ -0,0 +1,45 @@
+package org.gatein.sso.agent.tomcat;
+
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.apache.catalina.valves.ValveBase;
+import org.gatein.common.logging.Logger;
+import org.gatein.common.logging.LoggerFactory;
+
+import javax.servlet.ServletException;
+import java.io.IOException;
+
+/**
+ * Valve for adding HttpServletRequest and HttpServletResponse into threadLocal so that
it can be accessed from
+ * Login Modules during authentication.
+ *
+ * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ */
+public class ServletAccessValve extends ValveBase
+{
+ private static final Logger log = LoggerFactory.getLogger(ServletAccessValve.class);
+
+ @Override
+ public void invoke(Request request, Response response) throws IOException,
ServletException
+ {
+ ServletAccess.setRequestAndResponse(request, response);
+ if (log.isTraceEnabled())
+ {
+ log.trace("Current HttpServletRequest and HttpServletResponse added to
ThreadLocal.");
+ }
+
+ try
+ {
+ getNext().invoke(request, response);
+ }
+ finally
+ {
+ ServletAccess.resetRequestAndResponse();
+ if (log.isTraceEnabled())
+ {
+ log.trace("Cleaning ThreadLocal");
+ }
+ }
+ }
+
+}