[jboss-cvs] jbosssx/src/main/org/jboss/security/auth/login ...
Anil Saldhana
anil.saldhana at jboss.com
Wed Jul 26 16:34:01 EDT 2006
User: asaldhana
Date: 06/07/26 16:34:01
Modified: src/main/org/jboss/security/auth/login Tag: Branch_4_0
DynamicLoginConfig.java
Log:
JBAS-3422: Ensure that the service does not default to the global conf/login-config.xml
Revision Changes Path
No revision
No revision
1.4.6.4 +37 -2 jbosssx/src/main/org/jboss/security/auth/login/DynamicLoginConfig.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: DynamicLoginConfig.java
===================================================================
RCS file: /cvsroot/jboss/jbosssx/src/main/org/jboss/security/auth/login/DynamicLoginConfig.java,v
retrieving revision 1.4.6.3
retrieving revision 1.4.6.4
diff -u -b -r1.4.6.3 -r1.4.6.4
--- DynamicLoginConfig.java 16 May 2006 16:38:43 -0000 1.4.6.3
+++ DynamicLoginConfig.java 26 Jul 2006 20:34:01 -0000 1.4.6.4
@@ -28,7 +28,9 @@
import javax.management.ObjectName;
import javax.security.auth.login.AppConfigurationEntry;
+import org.jboss.mx.util.MBeanProxy;
import org.jboss.system.ServiceMBeanSupport;
+import org.jboss.system.server.ServerConfigImplMBean;
import org.jboss.deployment.DeploymentException;
/** A security config mbean that loads an xml login configuration using the
@@ -58,7 +60,8 @@
@see org.jboss.security.auth.login.XMLLoginConfig
@author Scott.Stark at jboss.org
- @version $Revision: 1.4.6.3 $
+ @author Anil.Saldhana at jboss.org
+ @version $Revision: 1.4.6.4 $
*/
public class DynamicLoginConfig extends ServiceMBeanSupport
implements DynamicLoginConfigMBean
@@ -182,6 +185,11 @@
}
else
{
+ //JBAS-3422: Ensure that the AuthConf is neither null nor default login-config.xml
+ if( authConf== null || authConf.length() == 0)
+ throw new IllegalStateException("AuthConf is null. Please " +
+ "configure an appropriate config resource");
+
// Look for the authConf as resource
ClassLoader loader = Thread.currentThread().getContextClassLoader();
URL loginConfig = loader.getResource(authConf);
@@ -198,6 +206,7 @@
}
if( loginConfig != null )
{
+ validateAuthConfigURL(loginConfig.toExternalForm());
log.debug("Using JAAS AuthConfig: "+loginConfig.toExternalForm());
MBeanServer server = super.getServer();
Object[] args = {loginConfig};
@@ -231,4 +240,30 @@
server.invoke(loginConfigService, "removeConfigs", args, sig);
}
}
+
+ /**
+ * Ensure that the AuthConfig resource is not defaulting to
+ * the default login-config in the conf directory
+ * @param url
+ * @throws Exception
+ */
+ private void validateAuthConfigURL(String url) throws Exception
+ {
+ String msg = "AuthConfig is defaulting to conf/login-config.xml. " +
+ "Please check your archive.";
+ ServerConfigImplMBean mb = null;
+ try
+ {
+ mb = (ServerConfigImplMBean)MBeanProxy.get(ServerConfigImplMBean.class,
+ ServerConfigImplMBean.OBJECT_NAME, server);
+ URL serverConfigURL = mb.getServerConfigURL();
+ if(url.equalsIgnoreCase(serverConfigURL.toExternalForm() + "login-config.xml"))
+ throw new IllegalStateException(msg);
+ }
+ finally
+ {
+ //Clear the proxy
+ mb = null;
+ }
+ }
}
More information about the jboss-cvs-commits
mailing list