[jboss-cvs] jbosssx/src/main/org/jboss/security/auth/login ...

Anil Saldhana anil.saldhana at jboss.com
Wed Jul 26 16:52:47 EDT 2006 

  User: asaldhana
  Date: 06/07/26 16:52:47

  Modified:    src/main/org/jboss/security/auth/login 
                        DynamicLoginConfig.java
  Log:
  JBAS-3422:Service should not load the global conf/login-config.xml
  
  Revision  Changes    Path
  1.13      +36 -1     jbosssx/src/main/org/jboss/security/auth/login/DynamicLoginConfig.java
  
  (In the diff below, changes in quantity of whitespace are not shown.)
  
  Index: DynamicLoginConfig.java
  ===================================================================
  RCS file: /cvsroot/jboss/jbosssx/src/main/org/jboss/security/auth/login/DynamicLoginConfig.java,v
  retrieving revision 1.12
  retrieving revision 1.13
  diff -u -b -r1.12 -r1.13
  --- DynamicLoginConfig.java	29 Jun 2006 20:55:34 -0000	1.12
  +++ DynamicLoginConfig.java	26 Jul 2006 20:52:47 -0000	1.13
  @@ -28,9 +28,11 @@
   import javax.management.ObjectName;
   import javax.security.auth.login.AppConfigurationEntry;
   
  +import org.jboss.mx.util.MBeanProxy;
   import org.jboss.security.config.ApplicationPolicy;
   import org.jboss.security.config.PolicyConfig;
   import org.jboss.system.ServiceMBeanSupport;
  +import org.jboss.system.server.ServerConfigImplMBean;
   import org.jboss.deployment.DeploymentException;
   
   /** A security config mbean that loads an xml login configuration using the
  @@ -60,7 +62,8 @@
    @see org.jboss.security.auth.login.XMLLoginConfig
   
    @author Scott.Stark at jboss.org
  - @version $Revision: 1.12 $
  + @author Anil.Saldhana at jboss.org
  + @version $Revision: 1.13 $
    */
   public class DynamicLoginConfig extends ServiceMBeanSupport
      implements DynamicLoginConfigMBean
  @@ -191,6 +194,11 @@
         }
         else
         {
  +         //JBAS-3422: Ensure that the AuthConf is neither null nor default login-config.xml 
  +         if( authConf== null || authConf.length() == 0)
  +            throw new IllegalStateException("AuthConf is null. Please " +
  +                  "configure an appropriate config resource");
  +          
            // Look for the authConf as resource
            ClassLoader loader = Thread.currentThread().getContextClassLoader();
            URL loginConfig = loader.getResource(authConf);
  @@ -208,6 +216,7 @@
            }
            if( loginConfig != null )
            {
  +            validateAuthConfigURL(loginConfig.toExternalForm());
               log.debug("Using JAAS AuthConfig: "+loginConfig.toExternalForm());
               MBeanServer server = super.getServer();
               Object[] args = {loginConfig};
  @@ -241,4 +250,30 @@
            server.invoke(loginConfigService, "removeConfigs", args, sig);
         }
      }
  +   
  +   /**
  +    * Ensure that the AuthConfig resource is not defaulting to
  +    * the default login-config in the conf directory
  +    * @param url
  +    * @throws Exception
  +    */
  +   private void validateAuthConfigURL(String url) throws Exception
  +   {
  +      String msg = "AuthConfig is defaulting to conf/login-config.xml. " +
  +            "Please check your archive.";
  +      ServerConfigImplMBean mb = null;
  +      try
  +      {
  +         mb = (ServerConfigImplMBean)MBeanProxy.get(ServerConfigImplMBean.class,
  +               ServerConfigImplMBean.OBJECT_NAME, server);
  +         URL serverConfigURL = mb.getServerConfigURL();
  +         if(url.equalsIgnoreCase(serverConfigURL.toExternalForm() + "login-config.xml"))
  +            throw new IllegalStateException(msg);
  +      }
  +      finally
  +      {
  +         //Clear the proxy
  +         mb = null;
  +      } 
  +   }
   }

More information about the jboss-cvs-commits mailing list