[jboss-cvs] JBossAS SVN: r65601 - in trunk: testsuite/src/main/org/jboss/test/web/servlets and 6 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Sep 25 13:41:22 EDT 2007
Author: anil.saldhana at jboss.com
Date: 2007-09-25 13:41:22 -0400 (Tue, 25 Sep 2007)
New Revision: 65601
Added:
trunk/testsuite/src/main/org/jboss/test/web/servlets/ProgrammaticLoginTestServlet.java
trunk/testsuite/src/main/org/jboss/test/web/test/WebProgrammaticLoginTestCase.java
trunk/testsuite/src/resources/web/programmatic/
trunk/testsuite/src/resources/web/programmatic/WEB-INF/
trunk/testsuite/src/resources/web/programmatic/WEB-INF/jboss-web.xml
trunk/testsuite/src/resources/web/programmatic/WEB-INF/jbosstest-web.xml
trunk/testsuite/src/resources/web/programmatic/application.xml
trunk/tomcat/src/main/org/jboss/web/tomcat/security/login/
trunk/tomcat/src/main/org/jboss/web/tomcat/security/login/WebAuthentication.java
Modified:
trunk/testsuite/imports/sections/web.xml
trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java
trunk/tomcat/src/main/org/jboss/web/tomcat/security/SecurityAssociationValve.java
Log:
JBAS-4405: Programmatic web authentication
Modified: trunk/testsuite/imports/sections/web.xml
===================================================================
--- trunk/testsuite/imports/sections/web.xml 2007-09-25 16:50:01 UTC (rev 65600)
+++ trunk/testsuite/imports/sections/web.xml 2007-09-25 17:41:22 UTC (rev 65601)
@@ -605,6 +605,35 @@
<include name="index.html"/>
</fileset>
</war>
+
+ <!-- JBAS-4077: Programmatic Web Login -->
+ <war destfile="${build.lib}/programmaticweblogin.war"
+ webxml="${build.resources}/web/programmatic/WEB-INF/jbosstest-web.xml">
+ <webinf dir="${build.resources}/web/form-auth">
+ <include name="jboss-web.xml"/>
+ </webinf>
+ <classes dir="${build.classes}">
+ <include name="org/jboss/test/web/servlets/Programm*Servlet.class"/>
+ </classes>
+ </war>
+ <zip destfile="${build.lib}/programmaticweblogin.ear">
+ <zipfileset dir="${build.resources}/web/form-auth" prefix="META-INF">
+ <include name="jboss-app.xml"/>
+ <include name="security-config.xml"/>
+ </zipfileset>
+ <zipfileset dir="${build.resources}/web/programmatic" prefix="META-INF">
+ <include name="application.xml"/>
+ </zipfileset>
+ <zipfileset dir="${build.resources}/web"
+ fullpath="form-auth-users.properties"
+ includes="users.properties"/>
+ <zipfileset dir="${build.resources}/web"
+ fullpath="form-auth-roles.properties"
+ includes="roles.properties"/>
+ <zipfileset dir="${build.lib}" includes="programmatic*.war"/>
+ <zipfileset dir="${build.resources}/web/form-auth"
+ includes="jboss-service.xml"/>
+ </zip>
<!-- War java2ClassLoadingCompliance=true test -->
<war destfile="${build.lib}/class-loading.war"
Added: trunk/testsuite/src/main/org/jboss/test/web/servlets/ProgrammaticLoginTestServlet.java
===================================================================
--- trunk/testsuite/src/main/org/jboss/test/web/servlets/ProgrammaticLoginTestServlet.java (rev 0)
+++ trunk/testsuite/src/main/org/jboss/test/web/servlets/ProgrammaticLoginTestServlet.java 2007-09-25 17:41:22 UTC (rev 65601)
@@ -0,0 +1,71 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.web.servlets;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.jboss.web.tomcat.security.login.WebAuthentication;
+
+//$Id$
+
+/**
+ * JBAS-4077: Programmatic Web Login
+ * Servlet picks up the username, password from the request parameters
+ * and then does the web authentication
+ * @author Anil.Saldhana at redhat.com
+ * @since Mar 12, 2007
+ * @version $Revision$
+ */
+public class ProgrammaticLoginTestServlet extends HttpServlet
+{
+ private static final long serialVersionUID = 1L;
+
+ protected void service(HttpServletRequest request, HttpServletResponse response)
+ throws ServletException, IOException
+ {
+ String username = request.getParameter("username");
+ String pass = request.getParameter("pass");
+
+ if(username == null || pass == null)
+ throw new RuntimeException("username or password is null");
+ WebAuthentication pwl = new WebAuthentication();
+ pwl.login(username, pass);
+
+ //Only when there is web login, does the principal be visible
+ log("User Principal="+request.getUserPrincipal());
+ log("isUserInRole(Authorized User)="+request.isUserInRole("AuthorizedUser"));
+ if(request.getUserPrincipal() == null || !request.isUserInRole("AuthorizedUser"))
+ throw new ServletException("User is not authenticated or the isUserInRole check failed");
+
+
+ //Log the user out
+ pwl.logout();
+
+ if(request.getUserPrincipal() != null || request.isUserInRole("AuthorizedUser"))
+ throw new ServletException("User is still authenticated or pass: isUserInRole(Authorized User)");
+ }
+}
Added: trunk/testsuite/src/main/org/jboss/test/web/test/WebProgrammaticLoginTestCase.java
===================================================================
--- trunk/testsuite/src/main/org/jboss/test/web/test/WebProgrammaticLoginTestCase.java (rev 0)
+++ trunk/testsuite/src/main/org/jboss/test/web/test/WebProgrammaticLoginTestCase.java 2007-09-25 17:41:22 UTC (rev 65601)
@@ -0,0 +1,116 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.web.test;
+
+import java.net.HttpURLConnection;
+
+import junit.framework.Test;
+
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.HttpMethod;
+import org.apache.commons.httpclient.methods.GetMethod;
+import org.jboss.test.JBossTestCase;
+
+//$Id$
+
+/**
+ * JBAS-4077: Web Programmatic Login
+ * @author Anil.Saldhana at redhat.com
+ * @since Mar 12, 2007
+ * @version $Revision$
+ */
+public class WebProgrammaticLoginTestCase extends JBossTestCase
+{
+ private HttpClient httpConn = new HttpClient();
+
+ public WebProgrammaticLoginTestCase(String name)
+ {
+ super(name);
+ }
+
+ public static Test suite() throws Exception
+ {
+ return getDeploySetup(WebProgrammaticLoginTestCase.class,
+ "programmaticweblogin.ear");
+ }
+
+ /**
+ * Test unsuccessful login
+ * @throws Exception
+ */
+ public void testUnsuccessfulLogin() throws Exception
+ {
+ String baseURLNoAuth = "http://" + getServerHost()
+ + ":" + Integer.getInteger("web.port", 8080) + "/";
+ String path1 = "programmaticweblogin/TestServlet";
+ HttpMethod indexGet = null;
+ try
+ {
+ indexGet = new GetMethod(baseURLNoAuth+path1);
+ int responseCode = httpConn.executeMethod(indexGet);
+ assertTrue("Get Error("+responseCode+")",
+ responseCode == HttpURLConnection.HTTP_INTERNAL_ERROR);
+ }
+ finally
+ {
+ if(indexGet != null)
+ indexGet.releaseConnection();
+ }
+
+ path1 = path1 + "?username=dummy&pass=dummy";
+ try
+ {
+ indexGet = new GetMethod(baseURLNoAuth+path1);
+ int responseCode = httpConn.executeMethod(indexGet);
+ assertTrue("Get Error("+responseCode+")",
+ responseCode == HttpURLConnection.HTTP_INTERNAL_ERROR);
+ }
+ finally
+ {
+ if(indexGet != null)
+ indexGet.releaseConnection();
+ }
+ }
+
+ /**
+ * Test Successful programmatic login in a servlet
+ *
+ */
+ public void testSuccessfulLogin() throws Exception
+ {
+ String baseURLNoAuth = "http://" + getServerHost()
+ + ":" + Integer.getInteger("web.port", 8080) + "/";
+ String path1 = "programmaticweblogin/TestServlet?username=jduke&pass=theduke";
+ HttpMethod indexGet = null;
+ try
+ {
+ indexGet = new GetMethod(baseURLNoAuth+path1);
+ int responseCode = httpConn.executeMethod(indexGet);
+ assertTrue("Get OK("+responseCode+")", responseCode == HttpURLConnection.HTTP_OK);
+ }
+ finally
+ {
+ if(indexGet != null)
+ indexGet.releaseConnection();
+ }
+ }
+}
Added: trunk/testsuite/src/resources/web/programmatic/WEB-INF/jboss-web.xml
===================================================================
Added: trunk/testsuite/src/resources/web/programmatic/WEB-INF/jbosstest-web.xml
===================================================================
--- trunk/testsuite/src/resources/web/programmatic/WEB-INF/jbosstest-web.xml (rev 0)
+++ trunk/testsuite/src/resources/web/programmatic/WEB-INF/jbosstest-web.xml 2007-09-25 17:41:22 UTC (rev 65601)
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<web-app version="2.4"
+ xmlns="http://java.sun.com/xml/ns/j2ee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
+ http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
+
+ <description>Programmatic Web Login Tests</description>
+
+ <!-- ### Servlets -->
+ <servlet>
+ <servlet-name>TestServlet</servlet-name>
+ <servlet-class>org.jboss.test.web.servlets.ProgrammaticLoginTestServlet</servlet-class>
+ </servlet>
+
+ <!-- The servlet and jsp page mappings -->
+ <servlet-mapping>
+ <servlet-name>TestServlet</servlet-name>
+ <url-pattern>/TestServlet</url-pattern>
+ </servlet-mapping>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>JBossTest Servlets</realm-name>
+ </login-config>
+
+ <security-role>
+ <description>An AuthorizedUser is one with a valid username and password</description>
+ <role-name>AuthorizedUser</role-name>
+ </security-role>
+</web-app>
+
Added: trunk/testsuite/src/resources/web/programmatic/application.xml
===================================================================
--- trunk/testsuite/src/resources/web/programmatic/application.xml (rev 0)
+++ trunk/testsuite/src/resources/web/programmatic/application.xml 2007-09-25 17:41:22 UTC (rev 65601)
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE application PUBLIC
+ "-//Sun Microsystems, Inc.//DTD J2EE Application 1.3//EN"
+ "http://java.sun.com/dtd/application_1_3.dtd">
+
+<application>
+ <display-name>Programmatic Web Login</display-name>
+
+ <module>
+ <web>
+ <web-uri>programmaticweblogin.war</web-uri>
+ <context-root>programmaticweblogin</context-root>
+ </web>
+ </module>
+
+</application>
Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java 2007-09-25 16:50:01 UTC (rev 65600)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossWebRealm.java 2007-09-25 17:41:22 UTC (rev 65601)
@@ -78,6 +78,7 @@
* using the JBossSX security framework. It relies on the JNDI ENC namespace
* setup by the AbstractWebContainer. In particular, it uses the java:comp/env/security
* subcontext to access the security manager interfaces for authentication.
+ * @author Scott.Stark at jboss.org
* @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
* @since Jul 10, 2006
* @version $Revision$
@@ -509,7 +510,18 @@
{
String servletName = (String) activeRequest.get();
if(servletName == null)
- throw new IllegalStateException("servletName is null");
+ {
+ //WebProgrammaticAuthentication does not go through hasResourcePermission
+ //and hence the activeRequest thread local may not be set
+ Request req = (Request)SecurityAssociationValve.activeRequest.get();
+ Wrapper servlet = req.getWrapper();
+ if (servlet != null)
+ {
+ servletName = getServletName(servlet);
+ }
+ }
+ if(servletName == null)
+ throw new IllegalStateException("servletName is null");
WebMetaData metaData = (WebMetaData) SecurityAssociationValve.activeWebMetaData.get();
String roleName = role;
Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/security/SecurityAssociationValve.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/security/SecurityAssociationValve.java 2007-09-25 16:50:01 UTC (rev 65600)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/security/SecurityAssociationValve.java 2007-09-25 17:41:22 UTC (rev 65601)
@@ -56,6 +56,8 @@
public static ThreadLocal userPrincipal = new ThreadLocal();
/** Maintain the active WebMetaData for request security checks */
public static ThreadLocal activeWebMetaData = new ThreadLocal();
+ /** Maintain the Catalina Request for programmatic web login */
+ public static ThreadLocal activeRequest = new ThreadLocal();
/** The web app metadata */
private WebMetaData metaData;
@@ -99,6 +101,8 @@
log.trace("Begin invoke, caller"+caller);
// Set the active meta data
activeWebMetaData.set(metaData);
+ //Set the active request
+ activeRequest.set(request);
try
{
@@ -213,6 +217,7 @@
log.trace("End invoke, caller"+caller);
activeWebMetaData.set(null);
userPrincipal.set(null);
+ activeRequest.set(null);
}
}
Added: trunk/tomcat/src/main/org/jboss/web/tomcat/security/login/WebAuthentication.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/security/login/WebAuthentication.java (rev 0)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/security/login/WebAuthentication.java 2007-09-25 17:41:22 UTC (rev 65601)
@@ -0,0 +1,174 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.web.tomcat.security.login;
+
+import java.security.Principal;
+import java.security.cert.X509Certificate;
+
+import javax.naming.NamingException;
+
+import org.apache.catalina.Session;
+import org.apache.catalina.authenticator.Constants;
+import org.apache.catalina.connector.Request;
+import org.jboss.web.tomcat.security.SecurityAssociationValve;
+
+//$Id$
+
+/**
+ * JBAS-4077: Programmatic Web Login
+ * @author Anil.Saldhana at redhat.com
+ * @since Mar 12, 2007
+ * @version $Revision$
+ */
+public class WebAuthentication
+{
+ private static final String AUTH_TYPE = "PROGRAMMATIC_WEB_LOGIN";
+ public WebAuthentication()
+ {
+ }
+
+ /**
+ * Login an user via the CLIENT-CERT method
+ * @param certs X509 certificates
+ * @return Authenticated User Principal
+ */
+ public boolean login(X509Certificate[] certs)
+ {
+ //Get the active request
+ Request request = (Request) SecurityAssociationValve.activeRequest.get();
+ if(request == null)
+ throw new IllegalStateException("request is null");
+ Principal p = request.getContext().getRealm().authenticate(certs);
+ if(p != null)
+ {
+ register(request,p, null, null);
+ }
+ return p!= null;
+ }
+
+ /**
+ * Login an user via the BASIC, FORM, DIGEST methods
+ * @param username
+ * @param credential
+ * @return
+ * @throws NamingException
+ */
+ public boolean login(String username, Object credential)
+ {
+ //Get the active request
+ Request request = (Request) SecurityAssociationValve.activeRequest.get();
+ if(request == null)
+ throw new IllegalStateException("request is null");
+
+ Principal p = null;
+ if(credential instanceof String)
+ {
+ p = request.getContext().getRealm().authenticate(username, (String)credential);
+ }
+ else if (credential instanceof byte[])
+ {
+ p = request.getContext().getRealm().authenticate(username, (byte[])credential);
+ }
+ if(p != null)
+ {
+ register(request,p, username, credential);
+ }
+ return p != null;
+ }
+
+ /**
+ * Log the user out
+ *
+ */
+ public void logout()
+ {
+ //Get the active request
+ Request request = (Request) SecurityAssociationValve.activeRequest.get();
+ if(request == null)
+ throw new IllegalStateException("request is null");
+ unregister(request);
+ }
+
+ /**
+ * Register the principal with the request, session etc just the way AuthenticatorBase does
+ * @param request Catalina Request
+ * @param principal User Principal generated via authentication
+ * @param username username passed by the user (null for client-cert)
+ * @param credential Password (null for client-cert and digest)
+ */
+ protected void register(Request request, Principal principal, String username, Object password)
+ {
+ request.setAuthType(AUTH_TYPE);
+ request.setUserPrincipal(principal);
+
+ //Cache the authentication principal in the session
+ Session session = request.getSessionInternal(false);
+ if(session != null)
+ {
+ session.setAuthType(AUTH_TYPE);
+ session.setPrincipal(principal);
+ if (username != null)
+ session.setNote(Constants.SESS_USERNAME_NOTE, username);
+ else
+ session.removeNote(Constants.SESS_USERNAME_NOTE);
+ if (password != null)
+ session.setNote(Constants.SESS_PASSWORD_NOTE, getPasswordAsString(password));
+ else
+ session.removeNote(Constants.SESS_PASSWORD_NOTE);
+ }
+ }
+
+ /**
+ * Log the user out
+ * @param request
+ */
+ protected void unregister(Request request)
+ {
+ request.setAuthType(null);
+ request.setUserPrincipal(null);
+
+ //Cache the authentication principal in the session
+ Session session = request.getSessionInternal(false);
+ if(session != null)
+ {
+ session.setAuthType(null);
+ session.setPrincipal(null);
+ session.removeNote(Constants.SESS_USERNAME_NOTE);
+ session.removeNote(Constants.SESS_PASSWORD_NOTE);
+ }
+ }
+
+ private String getPasswordAsString(Object cred)
+ {
+ String p = null;
+
+ if(cred instanceof String)
+ {
+ p = (String)cred;
+ }
+ else if(cred instanceof byte[])
+ {
+ p = new String((byte[])cred);
+ }
+ return p;
+ }
+}
More information about the jboss-cvs-commits
mailing list