[jboss-cvs] JBossAS SVN: r66440 - branches/Branch_4_2/tomcat/src/main/org/jboss/web/tomcat/security.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Oct 25 11:50:40 EDT 2007
Author: sguilhen at redhat.com
Date: 2007-10-25 11:50:40 -0400 (Thu, 25 Oct 2007)
New Revision: 66440
Modified:
branches/Branch_4_2/tomcat/src/main/org/jboss/web/tomcat/security/GenericHeaderAuthenticator.java
Log:
JBAS-4804: Added the httpHeaderForSSOAuth and sessionCookieForSSOAuth attributes to GenericHeaderAuthenticator to allow the injection of the ssoid header and session cookie name.
Modified: branches/Branch_4_2/tomcat/src/main/org/jboss/web/tomcat/security/GenericHeaderAuthenticator.java
===================================================================
--- branches/Branch_4_2/tomcat/src/main/org/jboss/web/tomcat/security/GenericHeaderAuthenticator.java 2007-10-25 15:06:36 UTC (rev 66439)
+++ branches/Branch_4_2/tomcat/src/main/org/jboss/web/tomcat/security/GenericHeaderAuthenticator.java 2007-10-25 15:50:40 UTC (rev 66440)
@@ -25,17 +25,17 @@
import java.security.Principal;
import java.util.StringTokenizer;
-import javax.management.JMException;
-import javax.management.ObjectName;
+import javax.management.JMException;
+import javax.management.ObjectName;
import javax.servlet.http.Cookie;
import org.apache.catalina.Realm;
import org.apache.catalina.Session;
-import org.apache.catalina.authenticator.Constants;
+import org.apache.catalina.authenticator.Constants;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.deploy.LoginConfig;
-import org.jboss.logging.Logger;
+import org.jboss.logging.Logger;
/**
* JBAS-2283: Provide custom header based authentication support
@@ -46,22 +46,91 @@
* is the SESSION cookie
*
* @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
* @version $Revision$
* @since Sep 11, 2006
*/
public class GenericHeaderAuthenticator extends ExtendedFormAuthenticator
{
protected static Logger log = Logger.getLogger(GenericHeaderAuthenticator.class);
+
protected boolean trace = log.isTraceEnabled();
+ // JBAS-4804: GenericHeaderAuthenticator injection of ssoid and sessioncookie name.
+ private String httpHeaderForSSOAuth = null;
+
+ private String sessionCookieForSSOAuth = null;
+
+ /**
+ * <p>
+ * Obtain the value of the <code>httpHeaderForSSOAuth</code> attribute. This attribute is
+ * used to indicate the request header ids that have to be checked in order to retrieve the SSO
+ * identity set by a third party security system.
+ * </p>
+ *
+ * @return a <code>String</code> containing the value of the <code>httpHeaderForSSOAuth</code>
+ * attribute.
+ */
+ public String getHttpHeaderForSSOAuth()
+ {
+ return httpHeaderForSSOAuth;
+ }
+
+ /**
+ * <p>
+ * Set the value of the <code>httpHeaderForSSOAuth</code> attribute. This attribute is
+ * used to indicate the request header ids that have to be checked in order to retrieve the SSO
+ * identity set by a third party security system.
+ * </p>
+ *
+ * @param httpHeaderForSSOAuth a <code>String</code> containing the value of the
+ * <code>httpHeaderForSSOAuth</code> attribute.
+ */
+ public void setHttpHeaderForSSOAuth(String httpHeaderForSSOAuth)
+ {
+ this.httpHeaderForSSOAuth = httpHeaderForSSOAuth;
+ }
+
+ /**
+ * <p>
+ * Obtain the value of the <code>sessionCookieForSSOAuth</code> attribute. This attribute is used
+ * to indicate the names of the SSO cookies that may be present in the request object.
+ * </p>
+ *
+ * @return a <code>String</code> containing the names (separated by a <code>','</code>) of the SSO cookies
+ * that may have been set by a third party security system in the request.
+ */
+ public String getSessionCookieForSSOAuth()
+ {
+ return sessionCookieForSSOAuth;
+ }
+
+ /**
+ * <p>
+ * Set the value of the <code>sessionCookieForSSOAuth</code> attribute. This attribute is used
+ * to indicate the names of the SSO cookies that may be present in the request object.
+ * </p>
+ *
+ * @param sessionCookieForSSOAuth a <code>String</code> containing the names (separated by a
+ * <code>','</code>) of the SSO cookies that may have been set by a third party security system in
+ * the request.
+ */
+ public void setSessionCookieForSSOAuth(String sessionCookieForSSOAuth)
+ {
+ this.sessionCookieForSSOAuth = sessionCookieForSSOAuth;
+ }
+
+ /**
+ * <p>
+ * Creates an instance of <code>GenericHeaderAuthenticator</code>.
+ * </p>
+ */
public GenericHeaderAuthenticator()
{
- super();
+ super();
}
-
- public boolean authenticate(Request request,
- Response response, LoginConfig config)
- throws IOException
+
+ public boolean authenticate(Request request, Response response, LoginConfig config) throws IOException
{
log.trace("Authenticating user");
@@ -77,15 +146,15 @@
Session session = request.getSessionInternal(true);
String username = getUserId(request);
- String password = getSessionCookie(request);
+ String password = getSessionCookie(request);
//Check if there is sso id as well as sessionkey
- if(username == null || password == null )
+ if (username == null || password == null)
{
log.trace("Username is null or password(sessionkey) is null:fallback to form auth");
return super.authenticate(request, response, config);
- }
- principal = realm.authenticate(username,password);
+ }
+ principal = realm.authenticate(username, password);
if (principal == null)
{
@@ -94,19 +163,19 @@
}
session.setNote(Constants.SESS_USERNAME_NOTE, username);
- session.setNote(Constants.SESS_PASSWORD_NOTE, password);
+ session.setNote(Constants.SESS_PASSWORD_NOTE, password);
request.setUserPrincipal(principal);
register(request, response, principal, Constants.FORM_METHOD, username, password);
return true;
- }
-
+ }
+
/**
* Get the username from the request header
* @param request
* @return
*/
- protected String getUserId(Request request)
+ protected String getUserId(Request request)
{
String ssoid = null;
//We can have a comma-separated ids
@@ -117,63 +186,63 @@
}
catch (JMException e)
{
- if(trace)
+ if (trace)
log.trace("getUserId exception", e);
}
- if(ids == null || ids.length() == 0)
+ if (ids == null || ids.length() == 0)
throw new IllegalStateException("Http headers configuration in tomcat service missing");
-
- StringTokenizer st = new StringTokenizer(ids,",");
- while(st.hasMoreTokens())
+
+ StringTokenizer st = new StringTokenizer(ids, ",");
+ while (st.hasMoreTokens())
{
ssoid = request.getHeader(st.nextToken());
- if(ssoid != null)
+ if (ssoid != null)
break;
}
- if(trace)
+ if (trace)
log.trace("SSOID-" + ssoid);
return ssoid;
}
-
+
/**
* Obtain the session cookie from the request
* @param request
* @return
*/
- protected String getSessionCookie(Request request)
- {
+ protected String getSessionCookie(Request request)
+ {
Cookie[] cookies = request.getCookies();
- log.trace("Cookies:"+cookies);
+ log.trace("Cookies:" + cookies);
int numCookies = cookies != null ? cookies.length : 0;
-
+
//We can have comma-separated ids
String ids = "";
try
{
ids = this.getSessionCookieId();
- log.trace("Session Cookie Ids="+ids);
+ log.trace("Session Cookie Ids=" + ids);
}
catch (JMException e)
{
- if(trace)
+ if (trace)
log.trace("checkSessionCookie exception", e);
}
- if(ids == null || ids.length() == 0)
+ if (ids == null || ids.length() == 0)
throw new IllegalStateException("Session cookies configuration in tomcat service missing");
-
- StringTokenizer st = new StringTokenizer(ids,",");
- while(st.hasMoreTokens())
- {
+
+ StringTokenizer st = new StringTokenizer(ids, ",");
+ while (st.hasMoreTokens())
+ {
String cookieToken = st.nextToken();
String val = getCookieValue(cookies, numCookies, cookieToken);
- if(val != null)
- return val;
+ if (val != null)
+ return val;
}
- if(trace)
- log.trace("Session Cookie not found");
+ if (trace)
+ log.trace("Session Cookie not found");
return null;
- }
-
+ }
+
/**
* Get the configured header identity id
* in the tomcat service
@@ -181,22 +250,24 @@
* @throws JMException
*/
protected String getIdentityHeaderId() throws JMException
- {
- return (String)mserver.getAttribute(new ObjectName("jboss.web:service=WebServer"),
- "HttpHeaderForSSOAuth");
+ {
+ if (this.httpHeaderForSSOAuth != null)
+ return this.httpHeaderForSSOAuth;
+ return (String) mserver.getAttribute(new ObjectName("jboss.web:service=WebServer"), "HttpHeaderForSSOAuth");
}
-
+
/**
* Get the configured session cookie id in the tomcat service
* @return
* @throws JMException
*/
protected String getSessionCookieId() throws JMException
- {
- return (String)mserver.getAttribute(new ObjectName("jboss.web:service=WebServer"),
- "SessionCookieForSSOAuth");
+ {
+ if (this.sessionCookieForSSOAuth != null)
+ return this.sessionCookieForSSOAuth;
+ return (String) mserver.getAttribute(new ObjectName("jboss.web:service=WebServer"), "SessionCookieForSSOAuth");
}
-
+
/**
* Get the value of a cookie if the name matches the token
* @param cookies array of cookies
@@ -204,21 +275,19 @@
* @param token Key
* @return value of cookie
*/
- protected String getCookieValue(Cookie[] cookies, int numCookies,
- String token)
- {
- for(int i = 0; i < numCookies; i++)
+ protected String getCookieValue(Cookie[] cookies, int numCookies, String token)
+ {
+ for (int i = 0; i < numCookies; i++)
{
- Cookie cookie = cookies[i];
- log.trace("Matching cookieToken:"+token+" with cookie name="
- + cookie.getName());
- if(token.equals(cookie.getName()))
+ Cookie cookie = cookies[i];
+ log.trace("Matching cookieToken:" + token + " with cookie name=" + cookie.getName());
+ if (token.equals(cookie.getName()))
{
- if(trace)
- log.trace("Cookie-" + token + " value=" + cookie.getValue());
- return cookie.getValue();
+ if (trace)
+ log.trace("Cookie-" + token + " value=" + cookie.getValue());
+ return cookie.getValue();
}
- }
+ }
return null;
}
}
More information about the jboss-cvs-commits
mailing list