[jboss-cvs] jbosssx/src/main/org/jboss/security/auth/login ...
Anil Saldhana
anil.saldhana at jboss.com
Wed Jul 26 16:52:47 EDT 2006
User: asaldhana
Date: 06/07/26 16:52:47
Modified: src/main/org/jboss/security/auth/login
DynamicLoginConfig.java
Log:
JBAS-3422:Service should not load the global conf/login-config.xml
Revision Changes Path
1.13 +36 -1 jbosssx/src/main/org/jboss/security/auth/login/DynamicLoginConfig.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: DynamicLoginConfig.java
===================================================================
RCS file: /cvsroot/jboss/jbosssx/src/main/org/jboss/security/auth/login/DynamicLoginConfig.java,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -b -r1.12 -r1.13
--- DynamicLoginConfig.java 29 Jun 2006 20:55:34 -0000 1.12
+++ DynamicLoginConfig.java 26 Jul 2006 20:52:47 -0000 1.13
@@ -28,9 +28,11 @@
import javax.management.ObjectName;
import javax.security.auth.login.AppConfigurationEntry;
+import org.jboss.mx.util.MBeanProxy;
import org.jboss.security.config.ApplicationPolicy;
import org.jboss.security.config.PolicyConfig;
import org.jboss.system.ServiceMBeanSupport;
+import org.jboss.system.server.ServerConfigImplMBean;
import org.jboss.deployment.DeploymentException;
/** A security config mbean that loads an xml login configuration using the
@@ -60,7 +62,8 @@
@see org.jboss.security.auth.login.XMLLoginConfig
@author Scott.Stark at jboss.org
- @version $Revision: 1.12 $
+ @author Anil.Saldhana at jboss.org
+ @version $Revision: 1.13 $
*/
public class DynamicLoginConfig extends ServiceMBeanSupport
implements DynamicLoginConfigMBean
@@ -191,6 +194,11 @@
}
else
{
+ //JBAS-3422: Ensure that the AuthConf is neither null nor default login-config.xml
+ if( authConf== null || authConf.length() == 0)
+ throw new IllegalStateException("AuthConf is null. Please " +
+ "configure an appropriate config resource");
+
// Look for the authConf as resource
ClassLoader loader = Thread.currentThread().getContextClassLoader();
URL loginConfig = loader.getResource(authConf);
@@ -208,6 +216,7 @@
}
if( loginConfig != null )
{
+ validateAuthConfigURL(loginConfig.toExternalForm());
log.debug("Using JAAS AuthConfig: "+loginConfig.toExternalForm());
MBeanServer server = super.getServer();
Object[] args = {loginConfig};
@@ -241,4 +250,30 @@
server.invoke(loginConfigService, "removeConfigs", args, sig);
}
}
+
+ /**
+ * Ensure that the AuthConfig resource is not defaulting to
+ * the default login-config in the conf directory
+ * @param url
+ * @throws Exception
+ */
+ private void validateAuthConfigURL(String url) throws Exception
+ {
+ String msg = "AuthConfig is defaulting to conf/login-config.xml. " +
+ "Please check your archive.";
+ ServerConfigImplMBean mb = null;
+ try
+ {
+ mb = (ServerConfigImplMBean)MBeanProxy.get(ServerConfigImplMBean.class,
+ ServerConfigImplMBean.OBJECT_NAME, server);
+ URL serverConfigURL = mb.getServerConfigURL();
+ if(url.equalsIgnoreCase(serverConfigURL.toExternalForm() + "login-config.xml"))
+ throw new IllegalStateException(msg);
+ }
+ finally
+ {
+ //Clear the proxy
+ mb = null;
+ }
+ }
}
More information about the jboss-cvs-commits
mailing list