[jboss-cvs] jbosssx/src/main/org/jboss/security/auth/login ...

Anil Saldhana anil.saldhana at jboss.com
Wed Jul 26 16:34:01 EDT 2006 

  User: asaldhana
  Date: 06/07/26 16:34:01

  Modified:    src/main/org/jboss/security/auth/login  Tag: Branch_4_0
                        DynamicLoginConfig.java
  Log:
  JBAS-3422: Ensure that the service does not default to the global conf/login-config.xml
  
  Revision  Changes    Path
  No                   revision
  
  
  No                   revision
  
  
  1.4.6.4   +37 -2     jbosssx/src/main/org/jboss/security/auth/login/DynamicLoginConfig.java
  
  (In the diff below, changes in quantity of whitespace are not shown.)
  
  Index: DynamicLoginConfig.java
  ===================================================================
  RCS file: /cvsroot/jboss/jbosssx/src/main/org/jboss/security/auth/login/DynamicLoginConfig.java,v
  retrieving revision 1.4.6.3
  retrieving revision 1.4.6.4
  diff -u -b -r1.4.6.3 -r1.4.6.4
  --- DynamicLoginConfig.java	16 May 2006 16:38:43 -0000	1.4.6.3
  +++ DynamicLoginConfig.java	26 Jul 2006 20:34:01 -0000	1.4.6.4
  @@ -28,7 +28,9 @@
   import javax.management.ObjectName;
   import javax.security.auth.login.AppConfigurationEntry;
   
  +import org.jboss.mx.util.MBeanProxy;
   import org.jboss.system.ServiceMBeanSupport;
  +import org.jboss.system.server.ServerConfigImplMBean;
   import org.jboss.deployment.DeploymentException;
   
   /** A security config mbean that loads an xml login configuration using the
  @@ -58,7 +60,8 @@
    @see org.jboss.security.auth.login.XMLLoginConfig
   
    @author Scott.Stark at jboss.org
  - @version $Revision: 1.4.6.3 $
  + @author Anil.Saldhana at jboss.org
  + @version $Revision: 1.4.6.4 $
    */
   public class DynamicLoginConfig extends ServiceMBeanSupport
      implements DynamicLoginConfigMBean
  @@ -182,6 +185,11 @@
         }
         else
         {
  +         //JBAS-3422: Ensure that the AuthConf is neither null nor default login-config.xml 
  +         if( authConf== null || authConf.length() == 0)
  +            throw new IllegalStateException("AuthConf is null. Please " +
  +                  "configure an appropriate config resource");
  +          
            // Look for the authConf as resource
            ClassLoader loader = Thread.currentThread().getContextClassLoader();
            URL loginConfig = loader.getResource(authConf);
  @@ -198,6 +206,7 @@
            } 
            if( loginConfig != null )
            {
  +            validateAuthConfigURL(loginConfig.toExternalForm());
               log.debug("Using JAAS AuthConfig: "+loginConfig.toExternalForm());
               MBeanServer server = super.getServer();
               Object[] args = {loginConfig};
  @@ -231,4 +240,30 @@
            server.invoke(loginConfigService, "removeConfigs", args, sig);
         }
      } 
  +   
  +   /**
  +    * Ensure that the AuthConfig resource is not defaulting to
  +    * the default login-config in the conf directory
  +    * @param url
  +    * @throws Exception
  +    */
  +   private void validateAuthConfigURL(String url) throws Exception
  +   {
  +      String msg = "AuthConfig is defaulting to conf/login-config.xml. " +
  +            "Please check your archive.";
  +      ServerConfigImplMBean mb = null;
  +      try
  +      {
  +         mb = (ServerConfigImplMBean)MBeanProxy.get(ServerConfigImplMBean.class,
  +               ServerConfigImplMBean.OBJECT_NAME, server);
  +         URL serverConfigURL = mb.getServerConfigURL();
  +         if(url.equalsIgnoreCase(serverConfigURL.toExternalForm() + "login-config.xml"))
  +            throw new IllegalStateException(msg);
  +      }
  +      finally
  +      {
  +         //Clear the proxy
  +         mb = null;
  +      } 
  +   }
   }

More information about the jboss-cvs-commits mailing list