[jboss-cvs] Picketlink SVN: r795 - federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Mar 3 12:23:51 EST 2011
Author: anil.saldhana at jboss.com
Date: 2011-03-03 12:23:51 -0500 (Thu, 03 Mar 2011)
New Revision: 795
Modified:
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SecurityActions.java
Log:
PLFED-154: adapt to the FormAuthenticator changes that have happened due to Servlet3 spec changes
Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java
===================================================================
--- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java 2011-03-03 15:01:17 UTC (rev 794)
+++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java 2011-03-03 17:23:51 UTC (rev 795)
@@ -23,7 +23,9 @@
import java.io.IOException;
import java.io.InputStream;
+import java.lang.reflect.Method;
import java.security.GeneralSecurityException;
+import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.List;
@@ -37,10 +39,10 @@
import javax.xml.crypto.dsig.CanonicalizationMethod;
import org.apache.catalina.LifecycleException;
+import org.apache.catalina.authenticator.AuthenticatorBase;
import org.apache.catalina.authenticator.FormAuthenticator;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
-import org.apache.catalina.deploy.LoginConfig;
import org.apache.log4j.Logger;
import org.picketlink.identity.federation.api.saml.v2.metadata.MetaDataExtractor;
import org.picketlink.identity.federation.core.config.SPType;
@@ -110,6 +112,20 @@
protected String canonicalizationMethod = CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS;
+ /**
+ * Servlet3 related changes forced Tomcat to change the authenticate method
+ * signature in the FormAuthenticator. For now, we use reflection for forward
+ * compatibility. This has to be changed in future.
+ */
+ private Method theSuperRegisterMethod = null;
+
+ /**
+ * If it is determined that we are running in a Tomcat6/JBAS5 environment,
+ * there is no need to seek the super.register method that conforms to
+ * the servlet3 spec changes
+ */
+ private boolean seekSuperRegisterMethod = true;
+
public BaseFormAuthenticator()
{
super();
@@ -161,25 +177,6 @@
return request.getParameter("SAMLResponse") != null;
}
- /**
- * Authenticate the request
- * @param request
- * @param response
- * @param config
- * @return
- * @throws IOException
- * @throws {@link RuntimeException} when the response is not of type catalina response object
- */
- public boolean authenticate(Request request, HttpServletResponse response, LoginConfig config) throws IOException
- {
- if (response instanceof Response)
- {
- Response catalinaResponse = (Response) response;
- return authenticate(request, catalinaResponse, config);
- }
- throw new RuntimeException("Response was not of type catalina response");
- }
-
@Override
public void start() throws LifecycleException
{
@@ -206,6 +203,48 @@
return idpCertificate;
}
+ /**
+ * This method is a hack!!!
+ * Tomcat on account of Servlet3 changed their authenticator method signatures
+ * We utilize Java Reflection to identify the super register method on the first
+ * call and save it. Subsquent invocations utilize the saved {@link Method}
+ * @see org.apache.catalina.authenticator.AuthenticatorBase#register(org.apache.catalina.connector.Request, org.apache.catalina.connector.Response, java.security.Principal, java.lang.String, java.lang.String, java.lang.String)
+ */
+ @Override
+ protected void register(Request request, Response response, Principal principal, String arg3, String arg4,
+ String arg5)
+ {
+ //Try the JBossAS6 version
+ if (theSuperRegisterMethod == null && seekSuperRegisterMethod)
+ {
+ Class<?>[] args = new Class[]
+ {Request.class, HttpServletResponse.class, Principal.class, String.class, String.class, String.class};
+ Class<?> superClass = getAuthenticatorBaseClass();
+ theSuperRegisterMethod = SecurityActions.getMethod(superClass, "register", args);
+ }
+ try
+ {
+ if (theSuperRegisterMethod != null)
+ {
+ Object[] callArgs = new Object[]
+ {request, response, principal, arg3, arg4, arg5};
+ theSuperRegisterMethod.invoke(this, callArgs);
+ }
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+
+ //Try the older version
+ if (theSuperRegisterMethod == null)
+ {
+ seekSuperRegisterMethod = false; //Don't try to seek super register method on next invocation
+ super.register(request, response, principal, arg3, arg4, arg5);
+ return;
+ }
+ }
+
//Mock test purpose
public void testStart() throws LifecycleException
{
@@ -410,4 +449,15 @@
chainConfigOptions.put(GeneralConstants.CANONICALIZATION_METHOD, canonicalizationMethod);
chainConfigOptions.put(GeneralConstants.ROLE_VALIDATOR_IGNORE, "false"); //No validator as tomcat realm does validn
}
+
+ private Class<?> getAuthenticatorBaseClass()
+ {
+ Class<?> myClass = getClass();
+ do
+ {
+ myClass = myClass.getSuperclass();
+ }
+ while (myClass != AuthenticatorBase.class);
+ return myClass;
+ }
}
\ No newline at end of file
Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java
===================================================================
--- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2011-03-03 15:01:17 UTC (rev 794)
+++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2011-03-03 17:23:51 UTC (rev 795)
@@ -30,6 +30,7 @@
import java.util.Set;
import javax.servlet.RequestDispatcher;
+import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.Session;
import org.apache.catalina.authenticator.Constants;
@@ -95,6 +96,25 @@
jbossEnv = detector.isJboss();
}
+ /**
+ * Authenticate the request
+ * @param request
+ * @param response
+ * @param config
+ * @return
+ * @throws IOException
+ * @throws {@link RuntimeException} when the response is not of type catalina response object
+ */
+ public boolean authenticate(Request request, HttpServletResponse response, LoginConfig config) throws IOException
+ {
+ if (response instanceof Response)
+ {
+ Response catalinaResponse = (Response) response;
+ return authenticate(request, catalinaResponse, config);
+ }
+ throw new RuntimeException("Response was not of type catalina response");
+ }
+
@Override
public boolean authenticate(Request request, Response response, LoginConfig loginConfig) throws IOException
{
Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
===================================================================
--- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2011-03-03 15:01:17 UTC (rev 794)
+++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2011-03-03 17:23:51 UTC (rev 795)
@@ -33,6 +33,7 @@
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.Session;
import org.apache.catalina.authenticator.Constants;
@@ -91,6 +92,25 @@
jbossEnv = detector.isJboss();
}
+ /**
+ * Authenticate the request
+ * @param request
+ * @param response
+ * @param config
+ * @return
+ * @throws IOException
+ * @throws {@link RuntimeException} when the response is not of type catalina response object
+ */
+ public boolean authenticate(Request request, HttpServletResponse response, LoginConfig config) throws IOException
+ {
+ if (response instanceof Response)
+ {
+ Response catalinaResponse = (Response) response;
+ return authenticate(request, catalinaResponse, config);
+ }
+ throw new RuntimeException("Response was not of type catalina response");
+ }
+
@Override
public boolean authenticate(Request request, Response response, LoginConfig loginConfig) throws IOException
{
Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SecurityActions.java
===================================================================
--- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SecurityActions.java 2011-03-03 15:01:17 UTC (rev 794)
+++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SecurityActions.java 2011-03-03 17:23:51 UTC (rev 795)
@@ -21,6 +21,7 @@
*/
package org.picketlink.identity.federation.bindings.tomcat.sp;
+import java.lang.reflect.Method;
import java.security.AccessController;
import java.security.PrivilegedAction;
@@ -45,4 +46,30 @@
}
});
}
+
+ /**
+ * Use reflection to get the {@link Method} on a {@link Class} with the
+ * given parameter types
+ * @param clazz
+ * @param methodName
+ * @param parameterTypes
+ * @return
+ */
+ static Method getMethod(final Class<?> clazz, final String methodName, final Class<?>[] parameterTypes)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Method>()
+ {
+ public Method run()
+ {
+ try
+ {
+ return clazz.getDeclaredMethod(methodName, parameterTypes);
+ }
+ catch (Exception e)
+ {
+ return null;
+ }
+ }
+ });
+ }
}
More information about the jboss-cvs-commits
mailing list