[jboss-cvs] jbosssx/src/main/org/jboss/security/auth/login ...
Anil Saldhana
anil.saldhana at jboss.com
Wed Jul 26 17:56:12 EDT 2006
User: asaldhana
Date: 06/07/26 17:56:12
Modified: src/main/org/jboss/security/auth/login Tag: Branch_3_2
DynamicLoginConfig.java
Log:
JBAS-3210: Allow absolute login-config.xml url
JBAS-3422: Do not allow defaulting to global conf/login-config.xml
Revision Changes Path
No revision
No revision
1.1.2.5 +47 -1 jbosssx/src/main/org/jboss/security/auth/login/DynamicLoginConfig.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: DynamicLoginConfig.java
===================================================================
RCS file: /cvsroot/jboss/jbosssx/src/main/org/jboss/security/auth/login/DynamicLoginConfig.java,v
retrieving revision 1.1.2.4
retrieving revision 1.1.2.5
diff -u -b -r1.1.2.4 -r1.1.2.5
--- DynamicLoginConfig.java 1 Dec 2005 19:49:52 -0000 1.1.2.4
+++ DynamicLoginConfig.java 26 Jul 2006 21:56:12 -0000 1.1.2.5
@@ -25,7 +25,9 @@
import javax.management.MBeanServer;
import javax.management.ObjectName;
+import org.jboss.mx.util.MBeanProxy;
import org.jboss.system.ServiceMBeanSupport;
+import org.jboss.system.server.ServerConfigImplMBean;
import org.jboss.deployment.DeploymentException;
/** A security config mbean that loads an xml login configuration using the
@@ -55,7 +57,8 @@
@see org.jboss.security.auth.login.XMLLoginConfig
@author Scott.Stark at jboss.org
- @version $Revision: 1.1.2.4 $
+ @author Anil.Saldhana at jboss.org
+ @version $Revision: 1.1.2.5 $
*/
public class DynamicLoginConfig extends ServiceMBeanSupport
implements DynamicLoginConfigMBean
@@ -148,12 +151,29 @@
*/
protected void startService() throws Exception
{
+ //JBAS-3422: Ensure that the AuthConf is neither null nor default login-config.xml
+ if( authConf== null || authConf.length() == 0)
+ throw new IllegalStateException("AuthConf is null. Please " +
+ "configure an appropriate config resource");
+
// Look for the authConf as resource
ClassLoader loader = Thread.currentThread().getContextClassLoader();
URL loginConfig = loader.getResource(authConf);
+ if(loginConfig == null)
+ {
+ try
+ {
+ //JBAS-3210: Allow an absolute url
+ loginConfig = new URL(authConf);
+ }catch(Exception e)
+ {
+ loginConfig = null;
+ }
+ }
if( loginConfig != null )
{
log.debug("Using JAAS AuthConfig: "+loginConfig.toExternalForm());
+ validateAuthConfigURL(loginConfig.toExternalForm());
MBeanServer server = super.getServer();
Object[] args = {loginConfig};
String[] sig = {URL.class.getName()};
@@ -185,4 +205,30 @@
server.invoke(loginConfigService, "removeConfigs", args, sig);
}
}
+
+ /**
+ * Ensure that the AuthConfig resource is not defaulting to
+ * the default login-config in the conf directory
+ * @param url
+ * @throws Exception
+ */
+ private void validateAuthConfigURL(String url) throws Exception
+ {
+ String msg = "AuthConfig is defaulting to conf/login-config.xml. " +
+ "Please check your archive.";
+ ServerConfigImplMBean mb = null;
+ try
+ {
+ mb = (ServerConfigImplMBean)MBeanProxy.get(ServerConfigImplMBean.class,
+ ServerConfigImplMBean.OBJECT_NAME, server);
+ URL serverConfigURL = mb.getServerConfigURL();
+ if(url.equalsIgnoreCase(serverConfigURL.toExternalForm() + "login-config.xml"))
+ throw new IllegalStateException(msg);
+ }
+ finally
+ {
+ //Clear the proxy
+ mb = null;
+ }
+ }
}
More information about the jboss-cvs-commits
mailing list