[jboss-cvs] JBossAS SVN: r75512 - in branches/JBPAPP_4_2_0_GA_CP: testsuite/imports/sections and 9 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Jul 8 19:17:37 EDT 2008
Author: darran.lofthouse at jboss.com
Date: 2008-07-08 19:17:37 -0400 (Tue, 08 Jul 2008)
New Revision: 75512
Added:
branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/web/programmatic/error.html
branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/web/programmatic/login.html
branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/web/programmatic/restricted/
branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/web/programmatic/restricted/restricted.html
branches/JBPAPP_4_2_0_GA_CP/tomcat/src/main/org/jboss/web/tomcat/security/ExtendedSingleSignOn.java
Removed:
branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/web/programmatic/restricted/restricted.html
Modified:
branches/JBPAPP_4_2_0_GA_CP/testsuite/build.xml
branches/JBPAPP_4_2_0_GA_CP/testsuite/imports/sections/web.xml
branches/JBPAPP_4_2_0_GA_CP/testsuite/src/main/org/jboss/test/web/servlets/ProgrammaticLoginTestServlet.java
branches/JBPAPP_4_2_0_GA_CP/testsuite/src/main/org/jboss/test/web/test/WebProgrammaticLoginTestCase.java
branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/test-configs/tomcat-sso/deploy/jboss-web.deployer/server.xml
branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/web/programmatic/WEB-INF/jboss-web.xml
branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/web/programmatic/WEB-INF/jbosstest-web.xml
branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/web/programmatic/application.xml
branches/JBPAPP_4_2_0_GA_CP/tomcat/src/main/org/jboss/web/tomcat/security/SecurityAssociationValve.java
branches/JBPAPP_4_2_0_GA_CP/tomcat/src/main/org/jboss/web/tomcat/security/login/WebAuthentication.java
branches/JBPAPP_4_2_0_GA_CP/tomcat/src/main/org/jboss/web/tomcat/service/sso/ClusteredSingleSignOn.java
Log:
[JBPAPP-851] WebAuthentication:Generate a SSOID.
Modified: branches/JBPAPP_4_2_0_GA_CP/testsuite/build.xml
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/testsuite/build.xml 2008-07-08 22:35:09 UTC (rev 75511)
+++ branches/JBPAPP_4_2_0_GA_CP/testsuite/build.xml 2008-07-08 23:17:37 UTC (rev 75512)
@@ -610,7 +610,6 @@
<include name="**/test/jmx/test/Secure*TestCase.class"/>
<include name="**/test/perf/test/SecurePerfStressTestCase.class"/>
<include name="**/test/timer/test/SecureTimerUnitTestCase.class"/>
- <include name="**/test/web/test/WebProgrammaticLoginTestCase.class"/>
</patternset>
<patternset id="security.excludes">
<exclude name="**/test/naming/test/Security*"/>
@@ -639,9 +638,11 @@
<!-- Tests needing non-clustered tomcat SSO -->
<patternset id="tc-sso.includes">
<include name="org/jboss/test/web/test/SingleSignOnUnitTestCase.class"/>
+ <include name="org/jboss/test/web/test/WebProgrammaticLoginTestCase.class"/>
</patternset>
<patternset id="tc-sso.excludes">
<exclude name="org/jboss/test/web/test/SingleSignOnUnitTestCase.class"/>
+ <exclude name="org/jboss/test/web/test/WebProgrammaticLoginTestCase.class"/>
</patternset>
<!-- Tests needing clustered tomcat SSO -->
<patternset id="tc-sso-clustered.includes">
Modified: branches/JBPAPP_4_2_0_GA_CP/testsuite/imports/sections/web.xml
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/testsuite/imports/sections/web.xml 2008-07-08 22:35:09 UTC (rev 75511)
+++ branches/JBPAPP_4_2_0_GA_CP/testsuite/imports/sections/web.xml 2008-07-08 23:17:37 UTC (rev 75512)
@@ -526,33 +526,31 @@
includes="jboss-service.xml"/>
</zip>
- <!-- JBAS-4077: Programmatic Web Login -->
- <war destfile="${build.lib}/programmaticweblogin.war"
- webxml="${build.resources}/web/programmatic/WEB-INF/jbosstest-web.xml">
- <webinf dir="${build.resources}/web/form-auth">
+ <!-- JBAS-4077: Programmatic Web Login -->
+ <war destfile="${build.lib}/programmaticweblogin.war"
+ webxml="${build.resources}/web/programmatic/WEB-INF/jbosstest-web.xml">
+ <webinf dir="${build.resources}/web/programmatic/WEB-INF">
<include name="jboss-web.xml"/>
</webinf>
<classes dir="${build.classes}">
<include name="org/jboss/test/web/servlets/Programm*Servlet.class"/>
</classes>
- </war>
- <zip destfile="${build.lib}/programmaticweblogin.ear">
- <zipfileset dir="${build.resources}/web/form-auth" prefix="META-INF">
- <include name="jboss-app.xml"/>
- <include name="security-config.xml"/>
- </zipfileset>
+ <fileset dir="${build.resources}/web/programmatic">
+ <include name="restricted/*.html"/>
+ <include name="*.html"/>
+ </fileset>
+ </war>
+ <zip destfile="${build.lib}/programmaticweblogin.ear">
<zipfileset dir="${build.resources}/web/programmatic" prefix="META-INF">
<include name="application.xml"/>
</zipfileset>
- <zipfileset dir="${build.resources}/web"
- fullpath="form-auth-users.properties"
- includes="users.properties"/>
- <zipfileset dir="${build.resources}/web"
- fullpath="form-auth-roles.properties"
- includes="roles.properties"/>
- <zipfileset dir="${build.lib}" includes="programmatic*.war"/>
- <zipfileset dir="${build.resources}/web/form-auth"
- includes="jboss-service.xml"/>
+ <zipfileset dir="${build.resources}/web">
+ <include name="users.properties"/>
+ <include name="roles.properties"/>
+ </zipfileset>
+ <zipfileset dir="${build.lib}" includes="programmaticweblogin.war"/>
+ <zipfileset dir="${build.lib}" includes="sso-form-auth.war"/>
+ <zipfileset dir="${build.lib}" includes="jbosstest-web-ejbs.jar"/>
</zip>
<!-- JBAS-3162 Root Context Tests -->
Modified: branches/JBPAPP_4_2_0_GA_CP/testsuite/src/main/org/jboss/test/web/servlets/ProgrammaticLoginTestServlet.java
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/testsuite/src/main/org/jboss/test/web/servlets/ProgrammaticLoginTestServlet.java 2008-07-08 22:35:09 UTC (rev 75511)
+++ branches/JBPAPP_4_2_0_GA_CP/testsuite/src/main/org/jboss/test/web/servlets/ProgrammaticLoginTestServlet.java 2008-07-08 23:17:37 UTC (rev 75512)
@@ -47,25 +47,38 @@
protected void service(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException
{
+ String operation = request.getParameter("operation");
String username = request.getParameter("username");
String pass = request.getParameter("pass");
-
+
+ if("login".equals(operation))
+ this.login(request, username, pass);
+ else if("logout".equals(operation))
+ this.logout(request);
+ else
+ throw new ServletException("Unrecognized operation: " + operation);
+ }
+
+ private void login(HttpServletRequest request, String username, String pass)
+ throws ServletException
+ {
if(username == null || pass == null)
- throw new RuntimeException("username or password is null");
- WebAuthentication pwl = new WebAuthentication();
- pwl.login(username, pass);
-
- //Only when there is web login, does the principal be visible
- log("User Principal="+request.getUserPrincipal());
- log("isUserInRole(Authorized User)="+request.isUserInRole("AuthorizedUser"));
+ throw new RuntimeException("username or password is null");
+ WebAuthentication pwl = new WebAuthentication();
+ pwl.login(username, pass);
+
+ //Only when there is web login, does the principal become visible
+ log("User Principal=" + request.getUserPrincipal());
+ log("isUserInRole(Authorized User)=" + request.isUserInRole("AuthorizedUser"));
if(request.getUserPrincipal() == null || !request.isUserInRole("AuthorizedUser"))
throw new ServletException("User is not authenticated or the isUserInRole check failed");
-
-
+ }
+
+ private void logout(HttpServletRequest request) throws ServletException
+ {
//Log the user out
- pwl.logout();
-
+ new WebAuthentication().logout();
if(request.getUserPrincipal() != null || request.isUserInRole("AuthorizedUser"))
- throw new ServletException("User is still authenticated or pass: isUserInRole(Authorized User)");
- }
+ throw new ServletException("User is still authenticated or pass: isUserInRole(Authorized User)");
+ }
}
Modified: branches/JBPAPP_4_2_0_GA_CP/testsuite/src/main/org/jboss/test/web/test/WebProgrammaticLoginTestCase.java
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/testsuite/src/main/org/jboss/test/web/test/WebProgrammaticLoginTestCase.java 2008-07-08 22:35:09 UTC (rev 75511)
+++ branches/JBPAPP_4_2_0_GA_CP/testsuite/src/main/org/jboss/test/web/test/WebProgrammaticLoginTestCase.java 2008-07-08 23:17:37 UTC (rev 75512)
@@ -61,28 +61,39 @@
*/
public void testUnsuccessfulLogin() throws Exception
{
- String path1 = "programmaticweblogin/TestServlet";
+ String path = "war1/TestServlet";
+ // try to perform programmatic auth without supplying login information.
HttpMethod indexGet = null;
try
{
- indexGet = new GetMethod(baseURLNoAuth+path1);
+ indexGet = new GetMethod(baseURLNoAuth + path + "?operation=login");
int responseCode = httpConn.executeMethod(indexGet);
assertTrue("Get Error("+responseCode+")",
responseCode == HttpURLConnection.HTTP_INTERNAL_ERROR);
+ // assert access to the restricted area of the first application is denied.
+ SSOBaseCase.checkAccessDenied(this.httpConn, this.baseURLNoAuth +
+ "war1/restricted/restricted.html");
+ // assert access to the second application is not granted, as no successful login
+ // was performed (and therefore no ssoid has been set).
+ SSOBaseCase.checkAccessDenied(this.httpConn, this.baseURLNoAuth + "war2/index.html");
}
finally
{
if(indexGet != null)
indexGet.releaseConnection();
}
-
- path1 = path1 + "?username=dummy&pass=dummy";
+ // try to perform programmatic auth with no valid username/password.
+ path = path + "?operation=login&username=dummy&pass=dummy";
try
{
- indexGet = new GetMethod(baseURLNoAuth+path1);
+ indexGet = new GetMethod(baseURLNoAuth + path);
int responseCode = httpConn.executeMethod(indexGet);
assertTrue("Get Error("+responseCode+")",
responseCode == HttpURLConnection.HTTP_INTERNAL_ERROR);
+ // assert access to the restricted applications remains denied.
+ SSOBaseCase.checkAccessDenied(this.httpConn, this.baseURLNoAuth +
+ "war1/restricted/restricted.html");
+ SSOBaseCase.checkAccessDenied(this.httpConn, this.baseURLNoAuth + "war2/index.html");
}
finally
{
@@ -97,18 +108,36 @@
*/
public void testSuccessfulLogin() throws Exception
{
- String path1 = "programmaticweblogin/TestServlet?username=jduke&pass=theduke";
+ String path = "war1/TestServlet?operation=login&username=jduke&pass=theduke";
HttpMethod indexGet = null;
+ HttpMethod indexGet2 = null;
try
{
- indexGet = new GetMethod(baseURLNoAuth+path1);
+ indexGet = new GetMethod(baseURLNoAuth + path);
int responseCode = httpConn.executeMethod(indexGet);
assertTrue("Get OK("+responseCode+")", responseCode == HttpURLConnection.HTTP_OK);
+ // assert access to the restricted are of the first application is now allowed.
+ SSOBaseCase.checkAccessAllowed(this.httpConn, this.baseURLNoAuth +
+ "war1/restricted/restricted.html");
+ // assert the sso cookie has been created.
+ SSOBaseCase.processSSOCookie(this.httpConn.getState(), this.baseURLNoAuth, this.baseURLNoAuth);
+ // assert access to the second application is allowed
+ SSOBaseCase.checkAccessAllowed(this.httpConn, this.baseURLNoAuth + "war2/index.html");
+
+ // perform a programmatic logout and assert access is not allowed anymore.
+ indexGet2 = new GetMethod(baseURLNoAuth + "war1/TestServlet?operation=logout");
+ responseCode = httpConn.executeMethod(indexGet2);
+ assertTrue("Get OK("+responseCode+")", responseCode == HttpURLConnection.HTTP_OK);
+ SSOBaseCase.checkAccessDenied(this.httpConn, this.baseURLNoAuth +
+ "war1/restricted/restricted.html");
+ SSOBaseCase.checkAccessDenied(this.httpConn, this.baseURLNoAuth + "war2/index.html");
}
finally
{
if(indexGet != null)
indexGet.releaseConnection();
+ if(indexGet2 != null)
+ indexGet2.releaseConnection();
}
}
Modified: branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/test-configs/tomcat-sso/deploy/jboss-web.deployer/server.xml
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/test-configs/tomcat-sso/deploy/jboss-web.deployer/server.xml 2008-07-08 22:35:09 UTC (rev 75511)
+++ branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/test-configs/tomcat-sso/deploy/jboss-web.deployer/server.xml 2008-07-08 23:17:37 UTC (rev 75512)
@@ -114,7 +114,7 @@
to span more than one hostname.
-->
<!-- -->
- <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
+ <Valve className="org.jboss.web.tomcat.security.ExtendedSingleSignOn" />
<!-- -->
<!-- Uncomment to enable single sign-on across web apps
Modified: branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/web/programmatic/WEB-INF/jboss-web.xml
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/web/programmatic/WEB-INF/jboss-web.xml 2008-07-08 22:35:09 UTC (rev 75511)
+++ branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/web/programmatic/WEB-INF/jboss-web.xml 2008-07-08 23:17:37 UTC (rev 75512)
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE jboss-web
+ PUBLIC "-//JBoss//DTD Web Application 2.4//EN"
+ "http://www.jboss.org/j2ee/dtds/jboss-web_4_0.dtd">
+
+<jboss-web>
+ <security-domain>java:/jaas/jbosstest-web</security-domain>
+</jboss-web>
Modified: branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/web/programmatic/WEB-INF/jbosstest-web.xml
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/web/programmatic/WEB-INF/jbosstest-web.xml 2008-07-08 22:35:09 UTC (rev 75511)
+++ branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/web/programmatic/WEB-INF/jbosstest-web.xml 2008-07-08 23:17:37 UTC (rev 75512)
@@ -20,9 +20,24 @@
<url-pattern>/TestServlet</url-pattern>
</servlet-mapping>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Restricted</web-resource-name>
+ <description>Restricted Area</description>
+ <url-pattern>/restricted/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <description>Only authenticated users can access secure content</description>
+ <role-name>AuthorizedUser</role-name>
+ </auth-constraint>
+ </security-constraint>
+
<login-config>
- <auth-method>BASIC</auth-method>
- <realm-name>JBossTest Servlets</realm-name>
+ <auth-method>FORM</auth-method>
+ <form-login-config>
+ <form-login-page>/login.html</form-login-page>
+ <form-error-page>/error.html</form-error-page>
+ </form-login-config>
</login-config>
<security-role>
Modified: branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/web/programmatic/application.xml
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/web/programmatic/application.xml 2008-07-08 22:35:09 UTC (rev 75511)
+++ branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/web/programmatic/application.xml 2008-07-08 23:17:37 UTC (rev 75512)
@@ -6,10 +6,20 @@
<application>
<display-name>Programmatic Web Login</display-name>
- <module>
- <web>
- <web-uri>programmaticweblogin.war</web-uri>
- </web>
- </module>
+ <module>
+ <web>
+ <web-uri>programmaticweblogin.war</web-uri>
+ <context-root>/war1</context-root>
+ </web>
+ </module>
+ <module>
+ <web>
+ <web-uri>sso-form-auth.war</web-uri>
+ <context-root>/war2</context-root>
+ </web>
+ </module>
+ <module>
+ <ejb>jbosstest-web-ejbs.jar</ejb>
+ </module>
</application>
Copied: branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/web/programmatic/error.html (from rev 67516, branches/Branch_4_2/testsuite/src/resources/web/programmatic/error.html)
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/web/programmatic/error.html (rev 0)
+++ branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/web/programmatic/error.html 2008-07-08 23:17:37 UTC (rev 75512)
@@ -0,0 +1,11 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+ <title>Error Page For Examples</title>
+</head>
+
+ <body bgcolor="white">
+ Invalid username and/or password, please try again
+ </body>
+</html>
+
Copied: branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/web/programmatic/login.html (from rev 67516, branches/Branch_4_2/testsuite/src/resources/web/programmatic/login.html)
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/web/programmatic/login.html (rev 0)
+++ branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/web/programmatic/login.html 2008-07-08 23:17:37 UTC (rev 75512)
@@ -0,0 +1,26 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+ <title>Login Page for Examples</title>
+</head>
+
+ <body bgcolor="white">
+ <form method="POST" action="j_security_check">
+ <table border="0" cellspacing="5">
+ <tr>
+ <th align="right">Username:</th>
+ <td align="left"><input type="text" name="j_username"></td>
+ </tr>
+ <tr>
+ <th align="right">Password:</th>
+ <td align="left"><input type="password" name="j_password"></td>
+ </tr>
+ <tr>
+ <td align="right"><input type="submit" value="Log In"></td>
+ <td align="left"><input type="reset"></td>
+ </tr>
+ </table>
+ </form>
+ </body>
+</html>
+
Copied: branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/web/programmatic/restricted (from rev 67516, branches/Branch_4_2/testsuite/src/resources/web/programmatic/restricted)
Deleted: branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/web/programmatic/restricted/restricted.html
===================================================================
--- branches/Branch_4_2/testsuite/src/resources/web/programmatic/restricted/restricted.html 2007-11-27 22:15:09 UTC (rev 67516)
+++ branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/web/programmatic/restricted/restricted.html 2008-07-08 23:17:37 UTC (rev 75512)
@@ -1,10 +0,0 @@
-<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
-<html>
-<head>
- <title>Programmatic Login Secure Page</title>
-</head>
-
-<body>
-<h1>Programmatic Login Secure Page</h1>
-</body>
-</html>
Copied: branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/web/programmatic/restricted/restricted.html (from rev 67516, branches/Branch_4_2/testsuite/src/resources/web/programmatic/restricted/restricted.html)
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/web/programmatic/restricted/restricted.html (rev 0)
+++ branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/web/programmatic/restricted/restricted.html 2008-07-08 23:17:37 UTC (rev 75512)
@@ -0,0 +1,10 @@
+<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
+<html>
+<head>
+ <title>Programmatic Login Secure Page</title>
+</head>
+
+<body>
+<h1>Programmatic Login Secure Page</h1>
+</body>
+</html>
Copied: branches/JBPAPP_4_2_0_GA_CP/tomcat/src/main/org/jboss/web/tomcat/security/ExtendedSingleSignOn.java (from rev 66612, branches/Branch_4_2/tomcat/src/main/org/jboss/web/tomcat/security/ExtendedSingleSignOn.java)
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/tomcat/src/main/org/jboss/web/tomcat/security/ExtendedSingleSignOn.java (rev 0)
+++ branches/JBPAPP_4_2_0_GA_CP/tomcat/src/main/org/jboss/web/tomcat/security/ExtendedSingleSignOn.java 2008-07-08 23:17:37 UTC (rev 75512)
@@ -0,0 +1,80 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.web.tomcat.security;
+
+import java.security.Principal;
+
+import org.apache.catalina.Session;
+import org.apache.catalina.authenticator.SingleSignOn;
+
+/**
+ * <p>
+ * An extension of the <code>SingleSignOn</code> valve that exposes some protected methods of
+ * the superclass as <code>public</code>, allowing the <code>WebAuthentication</code> class
+ * to delegate single sign-on behaviour to this valve.
+ * </p>
+ *
+ * @author sguilhen at redhat.com
+ */
+public class ExtendedSingleSignOn extends SingleSignOn
+{
+
+ /*
+ * (non-Javadoc)
+ * @see org.apache.catalina.authenticator.SingleSignOn#associate(java.lang.String, org.apache.catalina.Session)
+ */
+ @Override
+ public void associate(String ssoId, Session session)
+ {
+ super.associate(ssoId, session);
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see org.apache.catalina.authenticator.SingleSignOn#register(java.lang.String, java.security.Principal, java.lang.String, java.lang.String, java.lang.String)
+ */
+ @Override
+ public void register(String ssoId, Principal principal, String authType, String username, String password)
+ {
+ super.register(ssoId, principal, authType, username, password);
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see org.apache.catalina.authenticator.SingleSignOn#deregister(java.lang.String)
+ */
+ @Override
+ public void deregister(String ssoId)
+ {
+ super.deregister(ssoId);
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see org.apache.catalina.authenticator.SingleSignOn#update(java.lang.String, java.security.Principal, java.lang.String, java.lang.String, java.lang.String)
+ */
+ @Override
+ public void update(String ssoId, Principal principal, String authType, String username, String password)
+ {
+ super.update(ssoId, principal, authType, username, password);
+ }
+}
Modified: branches/JBPAPP_4_2_0_GA_CP/tomcat/src/main/org/jboss/web/tomcat/security/SecurityAssociationValve.java
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/tomcat/src/main/org/jboss/web/tomcat/security/SecurityAssociationValve.java 2008-07-08 22:35:09 UTC (rev 75511)
+++ branches/JBPAPP_4_2_0_GA_CP/tomcat/src/main/org/jboss/web/tomcat/security/SecurityAssociationValve.java 2008-07-08 23:17:37 UTC (rev 75512)
@@ -58,7 +58,9 @@
public static ThreadLocal activeWebMetaData = new ThreadLocal();
/** Maintain the Catalina Request for programmatic web login */
public static ThreadLocal activeRequest = new ThreadLocal();
-
+ /** Maintain the Catalina Response for programmatic web login */
+ public static ThreadLocal activeResponse = new ThreadLocal();
+
/** The web app metadata */
private WebMetaData metaData;
/** The name in the session under which the Subject is stored */
@@ -102,8 +104,9 @@
log.trace("Begin invoke, caller"+caller);
// Set the active meta data
activeWebMetaData.set(metaData);
- //Set the active request
+ //Set the active request and response
activeRequest.set(request);
+ activeResponse.set(response);
try
{
try
@@ -213,6 +216,7 @@
activeWebMetaData.set(null);
userPrincipal.set(null);
activeRequest.set(null);
+ activeResponse.set(null);
}
}
Modified: branches/JBPAPP_4_2_0_GA_CP/tomcat/src/main/org/jboss/web/tomcat/security/login/WebAuthentication.java
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/tomcat/src/main/org/jboss/web/tomcat/security/login/WebAuthentication.java 2008-07-08 22:35:09 UTC (rev 75511)
+++ branches/JBPAPP_4_2_0_GA_CP/tomcat/src/main/org/jboss/web/tomcat/security/login/WebAuthentication.java 2008-07-08 23:17:37 UTC (rev 75512)
@@ -20,15 +20,22 @@
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
package org.jboss.web.tomcat.security.login;
-
+
import java.security.Principal;
import java.security.cert.X509Certificate;
+import java.util.UUID;
import javax.naming.NamingException;
+import javax.servlet.http.Cookie;
+import org.apache.catalina.Container;
+import org.apache.catalina.Pipeline;
import org.apache.catalina.Session;
+import org.apache.catalina.Valve;
import org.apache.catalina.authenticator.Constants;
import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.jboss.web.tomcat.security.ExtendedSingleSignOn;
import org.jboss.web.tomcat.security.SecurityAssociationValve;
//$Id$
@@ -40,12 +47,13 @@
* @version $Revision$
*/
public class WebAuthentication
-{
+{
private static final String AUTH_TYPE = "PROGRAMMATIC_WEB_LOGIN";
+
public WebAuthentication()
- {
+ {
}
-
+
/**
* Login an user via the CLIENT-CERT method
* @param certs X509 certificates
@@ -55,16 +63,16 @@
{
//Get the active request
Request request = (Request) SecurityAssociationValve.activeRequest.get();
- if(request == null)
+ if (request == null)
throw new IllegalStateException("request is null");
Principal p = request.getContext().getRealm().authenticate(certs);
- if(p != null)
+ if (p != null)
{
- register(request,p, null, null);
+ register(request, p, null, null);
}
- return p!= null;
+ return p != null;
}
-
+
/**
* Login an user via the BASIC, FORM, DIGEST methods
* @param username
@@ -72,29 +80,29 @@
* @return
* @throws NamingException
*/
- public boolean login(String username, Object credential)
- {
+ public boolean login(String username, Object credential)
+ {
//Get the active request
Request request = (Request) SecurityAssociationValve.activeRequest.get();
- if(request == null)
+ if (request == null)
throw new IllegalStateException("request is null");
-
+
Principal p = null;
- if(credential instanceof String)
+ if (credential instanceof String)
{
- p = request.getContext().getRealm().authenticate(username, (String)credential);
- }
+ p = request.getContext().getRealm().authenticate(username, (String) credential);
+ }
else if (credential instanceof byte[])
{
- p = request.getContext().getRealm().authenticate(username, (byte[])credential);
- }
- if(p != null)
+ p = request.getContext().getRealm().authenticate(username, (byte[]) credential);
+ }
+ if (p != null)
{
- register(request,p, username, credential);
+ register(request, p, username, credential);
}
return p != null;
- }
-
+ }
+
/**
* Log the user out
*
@@ -103,11 +111,11 @@
{
//Get the active request
Request request = (Request) SecurityAssociationValve.activeRequest.get();
- if(request == null)
+ if (request == null)
throw new IllegalStateException("request is null");
unregister(request);
}
-
+
/**
* Register the principal with the request, session etc just the way AuthenticatorBase does
* @param request Catalina Request
@@ -118,25 +126,72 @@
protected void register(Request request, Principal principal, String username, Object password)
{
request.setAuthType(AUTH_TYPE);
- request.setUserPrincipal(principal);
-
+ request.setUserPrincipal(principal);
+
//Cache the authentication principal in the session
Session session = request.getSessionInternal(false);
- if(session != null)
+ if (session != null)
{
session.setAuthType(AUTH_TYPE);
session.setPrincipal(principal);
if (username != null)
- session.setNote(Constants.SESS_USERNAME_NOTE, username);
+ session.setNote(Constants.SESS_USERNAME_NOTE, username);
else
- session.removeNote(Constants.SESS_USERNAME_NOTE);
+ session.removeNote(Constants.SESS_USERNAME_NOTE);
if (password != null)
- session.setNote(Constants.SESS_PASSWORD_NOTE, getPasswordAsString(password));
+ session.setNote(Constants.SESS_PASSWORD_NOTE, getPasswordAsString(password));
else
- session.removeNote(Constants.SESS_PASSWORD_NOTE);
+ session.removeNote(Constants.SESS_PASSWORD_NOTE);
}
+
+ // JBAS-4424: Programmatic web authentication with SSO
+ ExtendedSingleSignOn sso = this.getSingleSignOn(request);
+ if (sso == null)
+ return;
+
+ // Only create a new SSO entry if the SSO did not already set a note
+ // for an existing entry (as it would do with subsequent requests
+ // for DIGEST and SSL authenticated contexts)
+ String ssoId = (String) request.getNote(Constants.REQ_SSOID_NOTE);
+ if (ssoId == null)
+ {
+ // Construct a cookie to be returned to the client
+ ssoId = generateSessionId();
+ Cookie cookie = new Cookie(Constants.SINGLE_SIGN_ON_COOKIE, ssoId);
+ cookie.setMaxAge(-1);
+ cookie.setPath("/");
+ cookie.setSecure(request.isSecure());
+
+ String ssoDomain = sso.getCookieDomain();
+ if (ssoDomain != null)
+ {
+ cookie.setDomain(ssoDomain);
+ }
+
+ Response response = (Response) SecurityAssociationValve.activeResponse.get();
+ response.addCookie(cookie);
+
+ // Register this principal with our SSO valve
+ sso.register(ssoId, principal, AUTH_TYPE, username, this.getPasswordAsString(password));
+ request.setNote(Constants.REQ_SSOID_NOTE, ssoId);
+
+ }
+ else
+ {
+ // Update the SSO session with the latest authentication data
+ sso.update(ssoId, principal, AUTH_TYPE, username, this.getPasswordAsString(password));
+ }
+
+ // Always associate a session with a new SSO reqistration.
+ // SSO entries are only removed from the SSO registry map when
+ // associated sessions are destroyed; if a new SSO entry is created
+ // above for this request and the user never revisits the context, the
+ // SSO entry will never be cleared if we don't associate the session
+ if (session == null)
+ session = request.getSessionInternal(true);
+ sso.associate(ssoId, session);
}
-
+
/**
* Log the user out
* @param request
@@ -144,31 +199,88 @@
protected void unregister(Request request)
{
request.setAuthType(null);
- request.setUserPrincipal(null);
-
+ request.setUserPrincipal(null);
+
//Cache the authentication principal in the session
Session session = request.getSessionInternal(false);
- if(session != null)
+ if (session != null)
{
session.setAuthType(null);
session.setPrincipal(null);
session.removeNote(Constants.SESS_USERNAME_NOTE);
session.removeNote(Constants.SESS_PASSWORD_NOTE);
}
+ //Deregister the SSOID
+ ExtendedSingleSignOn sso = this.getSingleSignOn(request);
+ if(sso != null) {
+ String ssoId = (String) request.getNote(Constants.REQ_SSOID_NOTE);
+ sso.deregister(ssoId);
+ }
}
-
+
private String getPasswordAsString(Object cred)
{
String p = null;
-
- if(cred instanceof String)
+
+ if (cred instanceof String)
{
- p = (String)cred;
+ p = (String) cred;
}
- else if(cred instanceof byte[])
+ else if (cred instanceof byte[])
{
- p = new String((byte[])cred);
+ p = new String((byte[]) cred);
}
return p;
}
+
+ /**
+ * <p>
+ * Generate and return a new session identifier for the cookie that identifies an SSO principal.
+ * </p>
+ *
+ * @return a <code>String</code> representing the generated identifier.
+ */
+ private String generateSessionId()
+ {
+ UUID uid = UUID.randomUUID();
+ String higherBits = Long.toHexString(uid.getMostSignificantBits());
+ String lowerBits = Long.toHexString(uid.getLeastSignificantBits());
+
+ return (higherBits + lowerBits).toUpperCase();
+ }
+
+ /**
+ * <p>
+ * Obtain a reference to the <code>ExtendedSingleSignOn</code> valve, if one was configured.
+ * </p>
+ *
+ * @param request the <code>Request</code> object used to look up the SSO valve.
+ * @return a reference to the <code>ExtendedSingleSignOn</code> valve, or <code>null</code> if that valve
+ * has not been configured.
+ */
+ private ExtendedSingleSignOn getSingleSignOn(Request request)
+ {
+ ExtendedSingleSignOn sso = null;
+ Container parent = request.getContext().getParent();
+ while ((sso == null) && (parent != null))
+ {
+ if (!(parent instanceof Pipeline))
+ {
+ parent = parent.getParent();
+ continue;
+ }
+ Valve valves[] = ((Pipeline) parent).getValves();
+ for (int i = 0; i < valves.length; i++)
+ {
+ if (valves[i] instanceof ExtendedSingleSignOn)
+ {
+ sso = (ExtendedSingleSignOn) valves[i];
+ break;
+ }
+ }
+ if (sso == null)
+ parent = parent.getParent();
+ }
+ return sso;
+ }
}
Modified: branches/JBPAPP_4_2_0_GA_CP/tomcat/src/main/org/jboss/web/tomcat/service/sso/ClusteredSingleSignOn.java
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/tomcat/src/main/org/jboss/web/tomcat/service/sso/ClusteredSingleSignOn.java 2008-07-08 22:35:09 UTC (rev 75511)
+++ branches/JBPAPP_4_2_0_GA_CP/tomcat/src/main/org/jboss/web/tomcat/service/sso/ClusteredSingleSignOn.java 2008-07-08 23:17:37 UTC (rev 75512)
@@ -40,6 +40,7 @@
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.session.ManagerBase;
+import org.jboss.web.tomcat.security.ExtendedSingleSignOn;
import org.jboss.web.tomcat.service.JBossWeb;
import org.jboss.web.tomcat.service.session.JBossManager;
@@ -67,7 +68,7 @@
* @version $Revision: 57329 $ $Date: 2006-10-02 00:35:46 +0200 (lun., 02 oct. 2006) $
*/
public class ClusteredSingleSignOn
- extends org.apache.catalina.authenticator.SingleSignOn
+ extends ExtendedSingleSignOn
implements LifecycleListener
{
/** By default we process expired SSOs no more often than once per minute */
@@ -690,7 +691,7 @@
* @param ssoId Single sign on identifier
* @param session Session to be associated
*/
- protected void associate(String ssoId, Session session)
+ public void associate(String ssoId, Session session)
{
if (getContainer().getLogger().isDebugEnabled())
getContainer().getLogger().debug("Associate sso id " + ssoId + " with session " + session);
@@ -796,7 +797,7 @@
*
* @param ssoId Single sign on identifier to deregister
*/
- protected void deregister(String ssoId)
+ public void deregister(String ssoId)
{
if (getContainer().getLogger().isDebugEnabled())
getContainer().getLogger().debug("Deregistering sso id '" + ssoId + "'");
@@ -947,7 +948,7 @@
* @param username Username used to authenticate this user
* @param password Password used to authenticate this user
*/
- protected void register(String ssoId, Principal principal, String authType,
+ public void register(String ssoId, Principal principal, String authType,
String username, String password)
{
registerLocal(ssoId, principal, authType, username, password);
@@ -1030,7 +1031,7 @@
* @param username the username (if any) used for the authentication
* @param password the password (if any) used for the authentication
*/
- protected void update(String ssoId, Principal principal, String authType,
+ public void update(String ssoId, Principal principal, String authType,
String username, String password)
{
boolean needToBroadcast = updateLocal(ssoId, principal, authType,
@@ -1310,4 +1311,4 @@
return valid;
}
-}
\ No newline at end of file
+}
More information about the jboss-cvs-commits
mailing list