Author: sohil.shah(a)jboss.com Date: 2010-04-03 10:31:40 -0400 (Sat, 03 Apr 2010) New Revision: 2470 Added: components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/filter/ components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/filter/SPNEGOTxFilter.java Modified: components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/login/SPNEGORolesModule.java components/sso/trunk/spnego/ components/sso/trunk/spnego/pom.xml Log: spnego logout fix Added: components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/filter/SPNEGOTxFilter.java =================================================================== --- components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/filter/SPNEGOTxFilter.java (rev 0) +++ components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/filter/SPNEGOTxFilter.java 2010-04-03 14:31:40 UTC (rev 2470) @@ -0,0 +1,145 @@ +/* +* JBoss, a division of Red Hat +* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated +* by the @authors tag. See the copyright.txt in the distribution for a +* full listing of individual contributors. +* +* This is free software; you can redistribute it and/or modify it +* under the terms of the GNU Lesser General Public License as +* published by the Free Software Foundation; either version 2.1 of +* the License, or (at your option) any later version. +* +* This software is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +* Lesser General Public License for more details. +* +* You should have received a copy of the GNU Lesser General Public +* License along with this software; if not, write to the Free +* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA +* 02110-1301 USA, or see the FSF site: http://www.fsf.org. +*/ +package org.gatein.sso.agent.filter; + +import java.io.IOException; + +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; + +import javax.transaction.TransactionManager; +import javax.transaction.Status; +import javax.naming.InitialContext; + +import org.exoplatform.container.web.AbstractFilter; +import org.exoplatform.services.organization.OrganizationService; +import org.exoplatform.services.organization.User; + +/** + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> + */ +public class SPNEGOTxFilter extends AbstractFilter +{ + + public void destroy() + { + } + + public void doFilter(ServletRequest request, ServletResponse response, + FilterChain chain) throws IOException, ServletException + { + HttpServletRequest httpRequest = (HttpServletRequest)request; + + boolean isStartedHere = this.startTx(); + try + { + String remoteUser = httpRequest.getRemoteUser(); + + System.out.println("-----------------------------------------------------------------"); + System.out.println("SPNEGO TX Filter invoked...(TX Started: )"+isStartedHere); + System.out.println("RequestURL: "+httpRequest.getRequestURI()); + System.out.println("RemoteUser: "+remoteUser); + + if(remoteUser != null) + { + OrganizationService orgService = + (OrganizationService)getContainer().getComponentInstanceOfType(OrganizationService.class); + User user = orgService.getUserHandler().findUserByName(remoteUser); + + System.out.println("Exo User: "+user); + } + System.out.println("-----------------------------------------------------------------"); + + chain.doFilter(request, response); + + if(isStartedHere) + { + this.commit(); + } + } + catch(Throwable t) + { + t.printStackTrace(); + + if(isStartedHere) + { + this.rollback(); + } + + throw new RuntimeException(t); + } + } + + private boolean startTx() + { + try + { + TransactionManager tm = (TransactionManager)new InitialContext().lookup("java:/TransactionManager"); + + if(tm.getStatus() == Status.STATUS_NO_TRANSACTION) + { + tm.begin(); + return true; + } + + return false; + } + catch(Throwable t) + { + t.printStackTrace(); + return false; + } + } + + private void commit() + { + try + { + TransactionManager tm = (TransactionManager)new InitialContext().lookup("java:/TransactionManager"); + tm.commit(); + } + catch(Throwable t) + { + t.printStackTrace(); + throw new RuntimeException(t); + } + } + + private void rollback() + { + try + { + TransactionManager tm = (TransactionManager)new InitialContext().lookup("java:/TransactionManager"); + tm.rollback(); + } + catch(Throwable t) + { + t.printStackTrace(); + throw new RuntimeException(t); + } + } +} Modified: components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/login/SPNEGORolesModule.java =================================================================== --- components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/login/SPNEGORolesModule.java 2010-04-02 17:37:38 UTC (rev 2469) +++ components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/login/SPNEGORolesModule.java 2010-04-03 14:31:40 UTC (rev 2470) @@ -24,8 +24,14 @@ import java.security.Principal; import java.security.acl.Group; +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; import java.util.Map; +import java.util.Set; +import javax.management.MBeanServer; +import javax.management.ObjectName; import javax.security.auth.Subject; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.login.LoginException; @@ -40,13 +46,13 @@ import org.exoplatform.services.security.Identity; import org.exoplatform.services.security.Authenticator; import org.exoplatform.services.security.IdentityRegistry; +import org.exoplatform.container.monitor.jvm.J2EEServerInfo; +import org.exoplatform.services.security.jaas.UserPrincipal; /** - * Login module to work in conjunction with SPNEGOAuthenticator to handle the - * authentication requirements. + * The LoginModule that is responsible for setting up the proper GateIn roles corresponding to the SPNEGO principal that was authenticated * - * @author darran.lofthouse(a)jboss.com - * @version $Revision: 83572 $ + * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a> */ public class SPNEGORolesModule extends AbstractServerLoginModule { @@ -171,7 +177,7 @@ IdentityRegistry identityRegistry = (IdentityRegistry) getContainer() .getComponentInstanceOfType(IdentityRegistry.class); - // TODO: Add check for single check + // Check for single check if(identityRegistry.getIdentity(this.identity.getUserId()) != null) { //already logged in @@ -193,4 +199,87 @@ throw new LoginException(e.getMessage()); } } + + @Override + public boolean logout() throws LoginException + { + org.exoplatform.container.monitor.jvm.J2EEServerInfo info = new J2EEServerInfo(); + MBeanServer jbossServer = info.getMBeanServer(); + + // + if (jbossServer != null) + { + try + { + + log.debug("Performing JBoss security manager cache eviction"); + + ObjectName securityManagerName = new ObjectName("jboss.security:service=JaasSecurityManager"); + + // Obtain user name + String userName = null; + Set<UserPrincipal> userPrincipals = subject.getPrincipals(UserPrincipal.class); + if (!userPrincipals.isEmpty()) + { + // There should be one + userName = userPrincipals.iterator().next().getName(); + } + + // + if (userName != null) + { + log.debug("Going to perform JBoss security manager cache eviction for user " + userName); + + // + List allPrincipals = + (List)jbossServer.invoke(securityManagerName, "getAuthenticationCachePrincipals", + new Object[]{realmName}, new String[]{String.class.getName()}); + + // Make a copy to avoid some concurrent mods + allPrincipals = new ArrayList(allPrincipals); + + // Lookup for invalidation key, it must be the same principal! + Principal key = null; + for (Iterator i = allPrincipals.iterator(); i.hasNext();) + { + Principal principal = (Principal)i.next(); + if (principal.getName().equals(userName)) + { + key = principal; + break; + } + } + + // Perform invalidation + if (key != null) + { + jbossServer.invoke(securityManagerName, "flushAuthenticationCache", new Object[]{realmName, key}, + new String[]{String.class.getName(), Principal.class.getName()}); + log.debug("Performed JBoss security manager cache eviction for user " + userName + " with principal " + + key); + } + else + { + log.warn("No principal found when performing JBoss security manager cache eviction for user " + + userName); + } + } + else + { + log.warn("No user name found when performing JBoss security manager cache eviction"); + } + } + catch (Exception e) + { + log.error("Could not perform JBoss security manager cache eviction", e); + } + } + else + { + log.debug("Could not find mbean server for performing JBoss security manager cache eviction"); + } + + // + return true; + } } Property changes on: components/sso/trunk/spnego ___________________________________________________________________ Name: svn:ignore + target Modified: components/sso/trunk/spnego/pom.xml =================================================================== --- components/sso/trunk/spnego/pom.xml 2010-04-02 17:37:38 UTC (rev 2469) +++ components/sso/trunk/spnego/pom.xml 2010-04-03 14:31:40 UTC (rev 2470) @@ -72,7 +72,7 @@ <copy file="${settings.localRepository}/org/gatein/sso/spnego/${project.version}/${project.artifactId}-${project.version}.jar" - todir="${gatein.location}/lib" overwrite="true" /> + todir="${gatein.location}/deploy/gatein.ear/lib" overwrite="true" /> </tasks> </configuration> <goals>