Author: mwringe
Date: 2011-03-31 17:02:39 -0400 (Thu, 31 Mar 2011)
New Revision: 6157
Removed:
portal/trunk/component/web/security/src/main/java/org/exoplatform/web/security/PortalLoginModule.java
Modified:
portal/trunk/component/web/security/src/main/java/org/exoplatform/web/login/ClusteredSSOFilter.java
portal/trunk/examples/portal/README.txt
portal/trunk/examples/portal/ear/src/main/application/META-INF/gatein-jboss-beans.xml
portal/trunk/packaging/jboss-as5/pkg/src/main/resources/jboss/server/default/deploy/gatein.ear/META-INF/gatein-jboss-beans.xml
portal/trunk/packaging/jboss-as6/pkg/src/main/resources/jboss/server/default/deploy/gatein.ear/META-INF/gatein-jboss-beans.xml
portal/trunk/packaging/jetty/pkg/src/main/resources/jetty/etc/login.conf
portal/trunk/packaging/tomcat/pkg/src/main/resources/tomcat/conf/jaas.conf
portal/trunk/server/jboss/patch-ear/src/main/jboss/server/default/deploy/gatein.ear/META-INF/gatein-jboss-beans.xml
portal/trunk/wsrp-integration/extension-component/src/main/java/org/gatein/integration/wsrp/wss/JBoss5WSSServiceIntegration.java
Log:
GTNPORTAL-1845: remove PortalLoginModule, the credentials are being added to the servlet
session in the wci module now.
Modified:
portal/trunk/component/web/security/src/main/java/org/exoplatform/web/login/ClusteredSSOFilter.java
===================================================================
---
portal/trunk/component/web/security/src/main/java/org/exoplatform/web/login/ClusteredSSOFilter.java 2011-03-31
19:03:18 UTC (rev 6156)
+++
portal/trunk/component/web/security/src/main/java/org/exoplatform/web/login/ClusteredSSOFilter.java 2011-03-31
21:02:39 UTC (rev 6157)
@@ -25,7 +25,6 @@
import org.exoplatform.container.ExoContainer;
import org.exoplatform.container.web.AbstractFilter;
-import org.exoplatform.web.security.PortalLoginModule;
import org.gatein.wci.security.Credentials;
import org.jboss.web.tomcat.security.login.WebAuthentication;
@@ -49,8 +48,8 @@
{
HttpServletRequest httpRequest = (HttpServletRequest)request;
- Credentials credentials =
(Credentials)httpRequest.getSession().getAttribute(PortalLoginModule.AUTHENTICATED_CREDENTIALS);
-
+ Credentials credentials =
(Credentials)httpRequest.getSession().getAttribute(Credentials.CREDENTIALS);
+
// Make programatic login if authenticated credentials are present in session -
they were set in another cluster node
if (credentials != null && httpRequest.getRemoteUser() == null)
{
@@ -65,7 +64,7 @@
// This is a workaround... without this code this attr will vanish from session
after first request - don't ask...
if (credentials != null && httpRequest.getSession(false) != null)
{
-
httpRequest.getSession(false).setAttribute(PortalLoginModule.AUTHENTICATED_CREDENTIALS,
credentials);
+ httpRequest.getSession(false).setAttribute(Credentials.CREDENTIALS,
credentials);
}
}
else
Deleted:
portal/trunk/component/web/security/src/main/java/org/exoplatform/web/security/PortalLoginModule.java
===================================================================
---
portal/trunk/component/web/security/src/main/java/org/exoplatform/web/security/PortalLoginModule.java 2011-03-31
19:03:18 UTC (rev 6156)
+++
portal/trunk/component/web/security/src/main/java/org/exoplatform/web/security/PortalLoginModule.java 2011-03-31
21:02:39 UTC (rev 6157)
@@ -1,199 +0,0 @@
-/**
- * Copyright (C) 2009 eXo Platform SAS.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-
-package org.exoplatform.web.security;
-
-import org.exoplatform.container.ExoContainer;
-import org.exoplatform.services.log.ExoLogger;
-import org.exoplatform.services.log.Log;
-import org.exoplatform.services.security.jaas.AbstractLoginModule;
-import org.exoplatform.web.login.InitiateLoginServlet;
-import org.gatein.wci.security.Credentials;
-
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
-import javax.security.auth.login.LoginException;
-import javax.servlet.http.HttpServletRequest;
-import java.lang.reflect.Method;
-
-/**
- * A login module implementation that relies on the token store to check the
- * password validity. If the token store provides a valid {@link Credentials}
- * value then password stacking is used and the two entries are added in the
- * shared state map. The first entry is keyed by
- * <code>javax.security.auth.login.name</code> and contains the
- * {@link Credentials#getUsername()} value, the second entry is keyed by
- * <code>javax.security.auth.login.password</code> and contains the
- * {@link Credentials#getPassword()} ()} value.
- *
- * @author <a href="mailto:julien.viet@exoplatform.com">Julien
Viet</a>
- * @version $Revision$
- */
-public class PortalLoginModule extends AbstractLoginModule
-{
-
- /** Logger. */
- private static final Log log = ExoLogger.getLogger(PortalLoginModule.class);
-
- /** JACC get context method. */
- private static final Method getContextMethod;
-
- static
- {
- Method getContext = null;
- if (isClusteredSSO())
- {
- log.debug("About to configure clustered SSO");
- try
- {
- Class<?> policyContextClass =
Thread.currentThread().getContextClassLoader().loadClass("javax.security.jacc.PolicyContext");
- getContext = policyContextClass.getDeclaredMethod("getContext",
String.class);
- }
- catch (ClassNotFoundException ignore)
- {
- log.debug("JACC not found ignoring it", ignore);
- }
- catch (Exception e)
- {
- log.error("Could not obtain JACC get context method", e);
- }
- }
-
- //
- getContextMethod = getContext;
- }
-
- public static final String AUTHENTICATED_CREDENTIALS =
"authenticatedCredentials";
-
- /**
- * @see javax.security.auth.spi.LoginModule#login()
- */
- @SuppressWarnings("unchecked")
- public boolean login() throws LoginException
- {
-
- Callback[] callbacks = new Callback[2];
- callbacks[0] = new NameCallback("Username");
- callbacks[1] = new PasswordCallback("Password", false);
-
- try
- {
- callbackHandler.handle(callbacks);
- String password = new String(((PasswordCallback)callbacks[1]).getPassword());
-
- Credentials c = null;
-
- //
- // For clustered config check credentials stored and propagated in session. This
won't work in tomcat because
- // of lack of JACC PolicyContext so the code must be a bit defensive
- if (getContextMethod != null &&
password.startsWith(InitiateLoginServlet.COOKIE_NAME))
- {
- HttpServletRequest request;
- try
- {
- request = (HttpServletRequest)getContextMethod.invoke(null,
"javax.servlet.http.HttpServletRequest");
- Object o = request.getSession().getAttribute(AUTHENTICATED_CREDENTIALS);
-
- if (o instanceof Credentials)
- {
- c = (Credentials) o;
- }
- }
- catch(Throwable e)
- {
- log.error(this,e);
- log.error("LoginModule error. Turn off session credentials checking
with proper configuration option of " +
- "LoginModule set to false");
- }
- }
-
- if (c != null)
- {
- sharedState.put("javax.security.auth.login.name", c.getUsername());
- sharedState.put("javax.security.auth.login.password",
c.getPassword());
- }
- return true;
- }
- catch (Exception e)
- {
- LoginException le = new LoginException();
- le.initCause(e);
- throw le;
- }
- }
-
- /**
- * @see javax.security.auth.spi.LoginModule#commit()
- */
- public boolean commit() throws LoginException
- {
-
- if (getContextMethod != null &&
- sharedState.containsKey("javax.security.auth.login.name") &&
- sharedState.containsKey("javax.security.auth.login.password"))
- {
- String uid =
(String)sharedState.get("javax.security.auth.login.name");
- String pass =
(String)sharedState.get("javax.security.auth.login.password");
-
- Credentials wc = new Credentials(uid, pass);
-
- HttpServletRequest request = null;
- try
- {
- request = (HttpServletRequest)getContextMethod.invoke(null,
"javax.servlet.http.HttpServletRequest");
- request.getSession().setAttribute(AUTHENTICATED_CREDENTIALS, wc);
- }
- catch(Exception e)
- {
- log.error(this,e);
- log.error("LoginModule error. Turn off session credentials checking with
proper configuration option of " +
- "LoginModule set to false");
- }
- }
- return true;
- }
-
- /**
- * @see javax.security.auth.spi.LoginModule#abort()
- */
- public boolean abort() throws LoginException
- {
- return true;
- }
-
- /**
- * @see javax.security.auth.spi.LoginModule#logout()
- */
- public boolean logout() throws LoginException
- {
- return true;
- }
-
- @Override
- protected Log getLogger()
- {
- return log;
- }
-
- protected static boolean isClusteredSSO()
- {
- return ExoContainer.getProfiles().contains("cluster");
- }
-}
Modified: portal/trunk/examples/portal/README.txt
===================================================================
--- portal/trunk/examples/portal/README.txt 2011-03-31 19:03:18 UTC (rev 6156)
+++ portal/trunk/examples/portal/README.txt 2011-03-31 21:02:39 UTC (rev 6157)
@@ -55,9 +55,6 @@
org.gatein.wci.security.WCILoginModule optional
portalContainerName="sample-portal"
realmName="gatein-domain-sample-portal";
- org.exoplatform.web.security.PortalLoginModule required
- portalContainerName="sample-portal"
- realmName="gatein-domain-sample-portal";
org.exoplatform.services.security.jaas.SharedStateLoginModule required
portalContainerName="sample-portal"
realmName="gatein-domain-sample-portal";
Modified:
portal/trunk/examples/portal/ear/src/main/application/META-INF/gatein-jboss-beans.xml
===================================================================
---
portal/trunk/examples/portal/ear/src/main/application/META-INF/gatein-jboss-beans.xml 2011-03-31
19:03:18 UTC (rev 6156)
+++
portal/trunk/examples/portal/ear/src/main/application/META-INF/gatein-jboss-beans.xml 2011-03-31
21:02:39 UTC (rev 6157)
@@ -6,10 +6,6 @@
<module-option
name="portalContainerName">sample-portal</module-option>
<module-option
name="realmName">gatein-domain-sample-portal</module-option>
</login-module>
- <login-module code="org.exoplatform.web.security.PortalLoginModule"
flag="required">
- <module-option
name="portalContainerName">sample-portal</module-option>
- <module-option
name="realmName">gatein-domain-sample-portal</module-option>
- </login-module>
<login-module
code="org.exoplatform.services.security.jaas.SharedStateLoginModule"
flag="required">
<module-option
name="portalContainerName">sample-portal</module-option>
<module-option
name="realmName">gatein-domain-sample-portal</module-option>
Modified:
portal/trunk/packaging/jboss-as5/pkg/src/main/resources/jboss/server/default/deploy/gatein.ear/META-INF/gatein-jboss-beans.xml
===================================================================
---
portal/trunk/packaging/jboss-as5/pkg/src/main/resources/jboss/server/default/deploy/gatein.ear/META-INF/gatein-jboss-beans.xml 2011-03-31
19:03:18 UTC (rev 6156)
+++
portal/trunk/packaging/jboss-as5/pkg/src/main/resources/jboss/server/default/deploy/gatein.ear/META-INF/gatein-jboss-beans.xml 2011-03-31
21:02:39 UTC (rev 6157)
@@ -6,10 +6,6 @@
<module-option
name="portalContainerName">portal</module-option>
<module-option
name="realmName">gatein-domain</module-option>
</login-module>
- <login-module code="org.exoplatform.web.security.PortalLoginModule"
flag="required">
- <module-option
name="portalContainerName">portal</module-option>
- <module-option
name="realmName">gatein-domain</module-option>
- </login-module>
<login-module
code="org.exoplatform.services.security.jaas.SharedStateLoginModule"
flag="required">
<module-option
name="portalContainerName">portal</module-option>
<module-option
name="realmName">gatein-domain</module-option>
Modified:
portal/trunk/packaging/jboss-as6/pkg/src/main/resources/jboss/server/default/deploy/gatein.ear/META-INF/gatein-jboss-beans.xml
===================================================================
---
portal/trunk/packaging/jboss-as6/pkg/src/main/resources/jboss/server/default/deploy/gatein.ear/META-INF/gatein-jboss-beans.xml 2011-03-31
19:03:18 UTC (rev 6156)
+++
portal/trunk/packaging/jboss-as6/pkg/src/main/resources/jboss/server/default/deploy/gatein.ear/META-INF/gatein-jboss-beans.xml 2011-03-31
21:02:39 UTC (rev 6157)
@@ -6,10 +6,6 @@
<module-option
name="portalContainerName">portal</module-option>
<module-option
name="realmName">gatein-domain</module-option>
</login-module>
- <login-module code="org.exoplatform.web.security.PortalLoginModule"
flag="required">
- <module-option
name="portalContainerName">portal</module-option>
- <module-option
name="realmName">gatein-domain</module-option>
- </login-module>
<login-module
code="org.exoplatform.services.security.jaas.SharedStateLoginModule"
flag="required">
<module-option
name="portalContainerName">portal</module-option>
<module-option
name="realmName">gatein-domain</module-option>
Modified: portal/trunk/packaging/jetty/pkg/src/main/resources/jetty/etc/login.conf
===================================================================
--- portal/trunk/packaging/jetty/pkg/src/main/resources/jetty/etc/login.conf 2011-03-31
19:03:18 UTC (rev 6156)
+++ portal/trunk/packaging/jetty/pkg/src/main/resources/jetty/etc/login.conf 2011-03-31
21:02:39 UTC (rev 6157)
@@ -1,6 +1,5 @@
gatein-domain {
org.gatein.wci.security.WCILoginModule optional;
- org.exoplatform.web.security.PortalLoginModule required;
org.exoplatform.services.security.jaas.SharedStateLoginModule required;
org.exoplatform.services.security.j2ee.TomcatLoginModule required;
@@ -10,4 +9,4 @@
// portalContainerName=portal
// realmName=gatein-domain
-};
\ No newline at end of file
+};
Modified: portal/trunk/packaging/tomcat/pkg/src/main/resources/tomcat/conf/jaas.conf
===================================================================
--- portal/trunk/packaging/tomcat/pkg/src/main/resources/tomcat/conf/jaas.conf 2011-03-31
19:03:18 UTC (rev 6156)
+++ portal/trunk/packaging/tomcat/pkg/src/main/resources/tomcat/conf/jaas.conf 2011-03-31
21:02:39 UTC (rev 6157)
@@ -1,6 +1,5 @@
gatein-domain {
org.gatein.wci.security.WCILoginModule optional;
- org.exoplatform.web.security.PortalLoginModule required;
org.exoplatform.services.security.jaas.SharedStateLoginModule required;
org.exoplatform.services.security.j2ee.TomcatLoginModule required;
Modified:
portal/trunk/server/jboss/patch-ear/src/main/jboss/server/default/deploy/gatein.ear/META-INF/gatein-jboss-beans.xml
===================================================================
---
portal/trunk/server/jboss/patch-ear/src/main/jboss/server/default/deploy/gatein.ear/META-INF/gatein-jboss-beans.xml 2011-03-31
19:03:18 UTC (rev 6156)
+++
portal/trunk/server/jboss/patch-ear/src/main/jboss/server/default/deploy/gatein.ear/META-INF/gatein-jboss-beans.xml 2011-03-31
21:02:39 UTC (rev 6157)
@@ -6,10 +6,6 @@
<module-option
name="portalContainerName">portal</module-option>
<module-option
name="realmName">gatein-domain</module-option>
</login-module>
- <login-module code="org.exoplatform.web.security.PortalLoginModule"
flag="required">
- <module-option
name="portalContainerName">portal</module-option>
- <module-option
name="realmName">gatein-domain</module-option>
- </login-module>
<login-module
code="org.exoplatform.services.security.jaas.SharedStateLoginModule"
flag="required">
<module-option
name="portalContainerName">portal</module-option>
<module-option
name="realmName">gatein-domain</module-option>
Modified:
portal/trunk/wsrp-integration/extension-component/src/main/java/org/gatein/integration/wsrp/wss/JBoss5WSSServiceIntegration.java
===================================================================
---
portal/trunk/wsrp-integration/extension-component/src/main/java/org/gatein/integration/wsrp/wss/JBoss5WSSServiceIntegration.java 2011-03-31
19:03:18 UTC (rev 6156)
+++
portal/trunk/wsrp-integration/extension-component/src/main/java/org/gatein/integration/wsrp/wss/JBoss5WSSServiceIntegration.java 2011-03-31
21:02:39 UTC (rev 6157)
@@ -24,8 +24,8 @@
import org.gatein.wsrp.wss.WebServiceSecurityFactory;
import org.picocontainer.Startable;
+import org.wsrp.wss.jboss5.handlers.consumer.JBWSSecurityHandlerWrapper;
import org.wsrp.wss.jboss5.handlers.consumer.WSSecurityCredentialHandler;
-import org.wsrp.wss.jboss5.handlers.consumer.JBWSSecurityHandlerWrapper;
/**
* @author <a href="mailto:mwringe@redhat.com">Matt Wringe</a>