From do-not-reply at jboss.org Sat Apr  3 10:31:40 2010
Content-Type: multipart/mixed; boundary="===============3122636038653819127=="
MIME-Version: 1.0
From: do-not-reply at jboss.org
To: gatein-commits at lists.jboss.org
Subject: [gatein-commits] gatein SVN: r2470 - in components/sso/trunk:
 agent/src/main/java/org/gatein/sso/agent/filter and 2 other directories.
Date: Sat, 03 Apr 2010 10:31:40 -0400
Message-ID: <201004031431.o33EVeck005206@svn01.web.mwc.hst.phx2.redhat.com>

--===============3122636038653819127==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Author: sohil.shah(a)jboss.com
Date: 2010-04-03 10:31:40 -0400 (Sat, 03 Apr 2010)
New Revision: 2470

Added:
   components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/filter/
   components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/filter/SPN=
EGOTxFilter.java
Modified:
   components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/login/SPNE=
GORolesModule.java
   components/sso/trunk/spnego/
   components/sso/trunk/spnego/pom.xml
Log:
spnego logout fix

Added: components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/filter=
/SPNEGOTxFilter.java
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/filter/SP=
NEGOTxFilter.java	                        (rev 0)
+++ components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/filter/SP=
NEGOTxFilter.java	2010-04-03 14:31:40 UTC (rev 2470)
@@ -0,0 +1,145 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as =
indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.gatein.sso.agent.filter;
+
+import java.io.IOException;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+
+import javax.transaction.TransactionManager;
+import javax.transaction.Status;
+import javax.naming.InitialContext;
+
+import org.exoplatform.container.web.AbstractFilter;
+import org.exoplatform.services.organization.OrganizationService;
+import org.exoplatform.services.organization.User;
+
+/**
+ * @author <a href=3D"mailto:sshah(a)redhat.com">Sohil Shah</a>
+ */
+public class SPNEGOTxFilter extends AbstractFilter
+{
+	=

+	public void destroy()
+	{
+	}
+
+	public void doFilter(ServletRequest request, ServletResponse response,
+			FilterChain chain) throws IOException, ServletException
+	{
+		HttpServletRequest httpRequest =3D (HttpServletRequest)request;
+		=

+		boolean isStartedHere =3D this.startTx();		=

+		try
+		{
+			String remoteUser =3D httpRequest.getRemoteUser();
+			=

+			System.out.println("---------------------------------------------------=
--------------");
+			System.out.println("SPNEGO TX Filter invoked...(TX Started: )"+isStarte=
dHere);
+			System.out.println("RequestURL: "+httpRequest.getRequestURI());
+			System.out.println("RemoteUser: "+remoteUser);			=

+			=

+			if(remoteUser !=3D null)
+			{
+				OrganizationService orgService =3D
+                  (OrganizationService)getContainer().getComponentInstance=
OfType(OrganizationService.class);
+				User user =3D orgService.getUserHandler().findUserByName(remoteUser);
+				=

+				System.out.println("Exo User: "+user);
+			}
+			System.out.println("---------------------------------------------------=
--------------");
+			=

+			chain.doFilter(request, response);
+			=

+			if(isStartedHere)
+			{				=

+				this.commit();
+			}
+		}
+		catch(Throwable t)
+		{
+			t.printStackTrace();
+			=

+			if(isStartedHere)
+			{
+				this.rollback();
+			}
+			=

+			throw new RuntimeException(t);
+		}
+	}
+	=

+	private boolean startTx()
+	{
+		try
+		{
+			TransactionManager tm =3D (TransactionManager)new InitialContext().look=
up("java:/TransactionManager");
+			=

+			if(tm.getStatus() =3D=3D Status.STATUS_NO_TRANSACTION)
+			{
+				tm.begin();
+				return true;
+			}
+			=

+			return false;
+		}
+		catch(Throwable t)
+		{
+			t.printStackTrace();
+			return false;
+		}
+	}
+	=

+	private void commit()
+	{
+		try
+		{
+			TransactionManager tm =3D (TransactionManager)new InitialContext().look=
up("java:/TransactionManager");
+			tm.commit();
+		}
+		catch(Throwable t)
+		{
+			t.printStackTrace();
+			throw new RuntimeException(t);
+		}
+	}
+	=

+	private void rollback()
+	{
+		try
+		{
+			TransactionManager tm =3D (TransactionManager)new InitialContext().look=
up("java:/TransactionManager");
+			tm.rollback();
+		}
+		catch(Throwable t)
+		{
+			t.printStackTrace();
+			throw new RuntimeException(t);
+		}
+	}
+}

Modified: components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/log=
in/SPNEGORolesModule.java
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/login/SPN=
EGORolesModule.java	2010-04-02 17:37:38 UTC (rev 2469)
+++ components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/login/SPN=
EGORolesModule.java	2010-04-03 14:31:40 UTC (rev 2470)
@@ -24,8 +24,14 @@
 =

 import java.security.Principal;
 import java.security.acl.Group;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
 import java.util.Map;
+import java.util.Set;
 =

+import javax.management.MBeanServer;
+import javax.management.ObjectName;
 import javax.security.auth.Subject;
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.login.LoginException;
@@ -40,13 +46,13 @@
 import org.exoplatform.services.security.Identity;
 import org.exoplatform.services.security.Authenticator;
 import org.exoplatform.services.security.IdentityRegistry;
+import org.exoplatform.container.monitor.jvm.J2EEServerInfo;
+import org.exoplatform.services.security.jaas.UserPrincipal;
 =

 /**
- * Login module to work in conjunction with SPNEGOAuthenticator to handle =
the
- * authentication requirements.
+ * The LoginModule that is responsible for setting up the proper GateIn ro=
les corresponding to the SPNEGO principal that was authenticated
  * =

- * @author darran.lofthouse(a)jboss.com
- * @version $Revision: 83572 $
+ * @author <a href=3D"mailto:sshah(a)redhat.com">Sohil Shah</a>
  */
 public class SPNEGORolesModule extends AbstractServerLoginModule
 {
@@ -171,7 +177,7 @@
 				IdentityRegistry identityRegistry =3D (IdentityRegistry) getContainer()
 						.getComponentInstanceOfType(IdentityRegistry.class);
 =

-				// TODO: Add check for single check
+				// Check for single check
 				if(identityRegistry.getIdentity(this.identity.getUserId()) !=3D null)
 				{
 					//already logged in
@@ -193,4 +199,87 @@
 			throw new LoginException(e.getMessage());
 		}
 	}
+	=

+	@Override
+   public boolean logout() throws LoginException
+   {
+      org.exoplatform.container.monitor.jvm.J2EEServerInfo info =3D new J2=
EEServerInfo();
+      MBeanServer jbossServer =3D info.getMBeanServer();
+
+      //
+      if (jbossServer !=3D null)
+      {
+         try
+         {
+
+            log.debug("Performing JBoss security manager cache eviction");
+
+            ObjectName securityManagerName =3D new ObjectName("jboss.secur=
ity:service=3DJaasSecurityManager");
+
+            // Obtain user name
+            String userName =3D null;
+            Set<UserPrincipal> userPrincipals =3D subject.getPrincipals(Us=
erPrincipal.class);
+            if (!userPrincipals.isEmpty())
+            {
+               // There should be one
+               userName =3D userPrincipals.iterator().next().getName();
+            }
+
+            //
+            if (userName !=3D null)
+            {
+               log.debug("Going to perform JBoss security manager cache ev=
iction for user " + userName);
+
+               //
+               List allPrincipals =3D
+                  (List)jbossServer.invoke(securityManagerName, "getAuthen=
ticationCachePrincipals",
+                     new Object[]{realmName}, new String[]{String.class.ge=
tName()});
+
+               // Make a copy to avoid some concurrent mods
+               allPrincipals =3D new ArrayList(allPrincipals);
+
+               // Lookup for invalidation key, it must be the same princip=
al!
+               Principal key =3D null;
+               for (Iterator i =3D allPrincipals.iterator(); i.hasNext();)
+               {
+                  Principal principal =3D (Principal)i.next();
+                  if (principal.getName().equals(userName))
+                  {
+                     key =3D principal;
+                     break;
+                  }
+               }
+
+               // Perform invalidation
+               if (key !=3D null)
+               {
+                  jbossServer.invoke(securityManagerName, "flushAuthentica=
tionCache", new Object[]{realmName, key},
+                     new String[]{String.class.getName(), Principal.class.=
getName()});
+                  log.debug("Performed JBoss security manager cache evicti=
on for user " + userName + " with principal "
+                     + key);
+               }
+               else
+               {
+                  log.warn("No principal found when performing JBoss secur=
ity manager cache eviction for user "
+                     + userName);
+               }
+            }
+            else
+            {
+               log.warn("No user name found when performing JBoss security=
 manager cache eviction");
+            }
+         }
+         catch (Exception e)
+         {
+            log.error("Could not perform JBoss security manager cache evic=
tion", e);
+         }
+      }
+      else
+      {
+         log.debug("Could not find mbean server for performing JBoss secur=
ity manager cache eviction");
+      }
+
+      //
+      return true;
+   }
 }


Property changes on: components/sso/trunk/spnego
___________________________________________________________________
Name: svn:ignore
   + target


Modified: components/sso/trunk/spnego/pom.xml
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- components/sso/trunk/spnego/pom.xml	2010-04-02 17:37:38 UTC (rev 2469)
+++ components/sso/trunk/spnego/pom.xml	2010-04-03 14:31:40 UTC (rev 2470)
@@ -72,7 +72,7 @@
 										=

 										<copy
 											file=3D"${settings.localRepository}/org/gatein/sso/spnego/${pro=
ject.version}/${project.artifactId}-${project.version}.jar"
-											todir=3D"${gatein.location}/lib" overwrite=3D"true" />
+											todir=3D"${gatein.location}/deploy/gatein.ear/lib" overwrite=3D=
"true" />
 									</tasks>
 								</configuration>
 								<goals>


--===============3122636038653819127==--