[jboss-cvs] Picketbox SVN: r318 - in trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi: otp and 1 other directory.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon Mar 19 06:35:14 EDT 2012
Author: tfonteyn
Date: 2012-03-19 06:35:13 -0400 (Mon, 19 Mar 2012)
New Revision: 318
Modified:
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/BaseCertLoginModule.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/CertRolesLoginModule.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/DatabaseCertLoginModule.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/DatabaseServerLoginModule.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/DisabledLoginModule.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/IdentityLoginModule.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapExtLoginModule.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapLoginModule.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapUsersLoginModule.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/MemoryUsersRolesLoginModule.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/ProxyLoginModule.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/RemoteHostTrustLoginModule.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/RoleMappingLoginModule.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/RunAsLoginModule.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/SimpleUsersLoginModule.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/UsernamePasswordLoginModule.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/UsersLoginModule.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/UsersRolesLoginModule.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/XMLLoginModule.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/otp/JBossTimeBasedOTPLoginModule.java
Log:
[SECURITY-638] login module option checks
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/BaseCertLoginModule.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/BaseCertLoginModule.java 2012-03-19 10:33:27 UTC (rev 317)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/BaseCertLoginModule.java 2012-03-19 10:35:13 UTC (rev 318)
@@ -66,6 +66,15 @@
*/
public class BaseCertLoginModule extends AbstractServerLoginModule
{
+ // see AbstractServerLoginModule
+ private static final String SECURITY_DOMAIN = "securityDomain";
+ private static final String VERIFIER = "verifier";
+
+ private static final String[] ALL_VALID_OPTIONS =
+ {
+ SECURITY_DOMAIN,VERIFIER
+ };
+
/** A principal derived from the certificate alias */
private Principal identity;
/** The client certificate */
@@ -95,11 +104,12 @@
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map<String,?> sharedState, Map<String,?> options)
{
+ addValidOptions(ALL_VALID_OPTIONS);
super.initialize(subject, callbackHandler, sharedState, options);
trace = log.isTraceEnabled();
// Get the security domain and default to "other"
- String sd = (String) options.get("securityDomain");
+ String sd = (String) options.get(SECURITY_DOMAIN);
sd = SecurityUtil.unprefixSecurityDomain(sd);
if (sd == null)
sd = "other";
@@ -138,7 +148,7 @@
log.error("Unable to find the securityDomain named: " + sd, e);
}
- String option = (String) options.get("verifier");
+ String option = (String) options.get(VERIFIER);
if( option != null )
{
try
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/CertRolesLoginModule.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/CertRolesLoginModule.java 2012-03-19 10:33:27 UTC (rev 317)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/CertRolesLoginModule.java 2012-03-19 10:35:13 UTC (rev 318)
@@ -45,6 +45,16 @@
*/
public class CertRolesLoginModule extends BaseCertLoginModule
{
+ // see AbstractServerLoginModule
+ private static final String ROLES_PROPERTIES = "rolesProperties";
+ private static final String DEFAULT_ROLES_PROPERTIES = "defaultRolesProperties";
+ private static final String ROLE_GROUP_SEPERATOR = "roleGroupSeperator";
+
+ private static final String[] ALL_VALID_OPTIONS =
+ {
+ ROLES_PROPERTIES,DEFAULT_ROLES_PROPERTIES,ROLE_GROUP_SEPERATOR
+ };
+
/** The name of the default properties resource containing user/roles */
private String defaultRolesRsrcName = "defaultRoles.properties";
/**
@@ -77,6 +87,7 @@
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map<String,?> sharedState, Map<String,?> options)
{
+ addValidOptions(ALL_VALID_OPTIONS);
super.initialize(subject, callbackHandler, sharedState, options);
trace = log.isTraceEnabled();
if( trace )
@@ -84,13 +95,13 @@
try
{
- String option = (String) options.get("rolesProperties");
+ String option = (String) options.get(ROLES_PROPERTIES);
if (option != null)
rolesRsrcName = option;
- option = (String) options.get("defaultRolesProperties");
+ option = (String) options.get(DEFAULT_ROLES_PROPERTIES);
if (option != null)
defaultRolesRsrcName = option;
- option = (String) options.get("roleGroupSeperator");
+ option = (String) options.get(ROLE_GROUP_SEPERATOR);
if( option != null )
roleGroupSeperator = option.charAt(0);
// Load the properties file that contains the list of users and passwords
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/DatabaseCertLoginModule.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/DatabaseCertLoginModule.java 2012-03-19 10:33:27 UTC (rev 317)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/DatabaseCertLoginModule.java 2012-03-19 10:35:13 UTC (rev 318)
@@ -42,6 +42,16 @@
*/
public class DatabaseCertLoginModule extends BaseCertLoginModule
{
+ // see AbstractServerLoginModule
+ private static final String DS_JNDI_NAME = "dsJndiName";
+ private static final String ROLES_QUERY = "rolesQuery";
+ private static final String SUSPEND_RESUME = "suspendResume";
+
+ private static final String[] ALL_VALID_OPTIONS =
+ {
+ DS_JNDI_NAME,ROLES_QUERY,SUSPEND_RESUME
+ };
+
/** The JNDI name of the DataSource to use */
private String dsJndiName;
/** The sql query to obtain the user roles */
@@ -59,16 +69,17 @@
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map<String,?> sharedState, Map<String,?> options)
{
+ addValidOptions(ALL_VALID_OPTIONS);
super.initialize(subject, callbackHandler, sharedState, options);
- dsJndiName = (String) options.get("dsJndiName");
+ dsJndiName = (String) options.get(DS_JNDI_NAME);
if( dsJndiName == null )
dsJndiName = "java:/DefaultDS";
- Object tmp = options.get("rolesQuery");
+ Object tmp = options.get(ROLES_QUERY);
if( tmp != null )
rolesQuery = tmp.toString();
- tmp = options.get("suspendResume");
+ tmp = options.get(SUSPEND_RESUME);
if( tmp != null )
suspendResume = Boolean.valueOf(tmp.toString()).booleanValue();
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/DatabaseServerLoginModule.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/DatabaseServerLoginModule.java 2012-03-19 10:33:27 UTC (rev 317)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/DatabaseServerLoginModule.java 2012-03-19 10:35:13 UTC (rev 318)
@@ -71,6 +71,18 @@
*/
public class DatabaseServerLoginModule extends UsernamePasswordLoginModule
{
+ // see AbstractServerLoginModule
+ private static final String DS_JNDI_NAME = "dsJndiName";
+ private static final String ROLES_QUERY = "rolesQuery";
+ private static final String SUSPEND_RESUME = "suspendResume";
+ private static final String PRINCIPALS_QUERY = "principalsQuery";
+ private static final String TRANSACTION_MANAGER_JNDI_NAME = "transactionManagerJndiName";
+
+ private static final String[] ALL_VALID_OPTIONS =
+ {
+ DS_JNDI_NAME,ROLES_QUERY,SUSPEND_RESUME,PRINCIPALS_QUERY
+ };
+
/** The JNDI name of the DataSource to use */
protected String dsJndiName;
/** The sql query to obtain the user password */
@@ -98,33 +110,38 @@
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map<String,?> sharedState, Map<String,?> options)
{
+ addValidOptions(ALL_VALID_OPTIONS);
super.initialize(subject, callbackHandler, sharedState, options);
- dsJndiName = (String) options.get("dsJndiName");
+ dsJndiName = (String) options.get(DS_JNDI_NAME);
if( dsJndiName == null )
dsJndiName = "java:/DefaultDS";
- Object tmp = options.get("principalsQuery");
+ Object tmp = options.get(PRINCIPALS_QUERY);
if( tmp != null )
principalsQuery = tmp.toString();
- tmp = options.get("rolesQuery");
+ tmp = options.get(ROLES_QUERY);
if( tmp != null )
rolesQuery = tmp.toString();
- tmp = options.get("suspendResume");
+ tmp = options.get(SUSPEND_RESUME);
if( tmp != null )
suspendResume = Boolean.valueOf(tmp.toString()).booleanValue();
- if (trace)
+
+ //Get the Transaction Manager JNDI Name
+ String jname = (String) options.get(TRANSACTION_MANAGER_JNDI_NAME);
+ if(jname != null)
+ this.TX_MGR_JNDI_NAME = jname;
+
+ if (trace)
{
log.trace("DatabaseServerLoginModule, dsJndiName="+dsJndiName);
log.trace("principalsQuery="+principalsQuery);
if (rolesQuery != null)
log.trace("rolesQuery="+rolesQuery);
log.trace("suspendResume="+suspendResume);
+ if(jname != null)
+ log.trace("transactionManagerJndiName="+jname);
}
- //Get the Transaction Manager JNDI Name
- String jname = (String) options.get("transactionManagerJndiName");
- if(jname != null)
- this.TX_MGR_JNDI_NAME = jname;
-
- try
+
+ try
{
if(this.suspendResume)
tm = this.getTransactionManager();
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/DisabledLoginModule.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/DisabledLoginModule.java 2012-03-19 10:33:27 UTC (rev 317)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/DisabledLoginModule.java 2012-03-19 10:35:13 UTC (rev 318)
@@ -22,7 +22,8 @@
package org.jboss.security.auth.spi;
import java.util.Map;
-
+import java.util.HashSet;
+import java.util.Arrays;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
@@ -40,7 +41,12 @@
*/
public class DisabledLoginModule implements LoginModule
{
-
+ // see AbstractServerLoginModule
+ private static final String[] ALL_VALID_OPTIONS =
+ {
+ SecurityConstants.SECURITY_DOMAIN_OPTION
+ };
+
private static Logger log = Logger.getLogger(DisabledLoginModule.class);
protected String securityDomain;
@@ -48,7 +54,19 @@
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
Map<String, ?> options)
{
- securityDomain = (String) options.get(SecurityConstants.SECURITY_DOMAIN_OPTION);
+ /* TODO: this module should really extend AbstractServerLoginModule where the options check is integrated.
+ * the code here has been intentionally kept identical
+ */
+ HashSet<String> validOptions = new HashSet<String>(Arrays.asList(ALL_VALID_OPTIONS));
+ for (Object key : options.keySet())
+ {
+ if (!validOptions.contains((String)key))
+ {
+ log.warn("Invalid or misspelled option: " + key);
+ }
+ }
+
+ securityDomain = (String) options.get(SecurityConstants.SECURITY_DOMAIN_OPTION);
}
public boolean login() throws LoginException
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/IdentityLoginModule.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/IdentityLoginModule.java 2012-03-19 10:33:27 UTC (rev 317)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/IdentityLoginModule.java 2012-03-19 10:35:13 UTC (rev 318)
@@ -50,6 +50,15 @@
*/
public class IdentityLoginModule extends AbstractServerLoginModule
{
+ // see AbstractServerLoginModule
+ private static final String PRINCIPAL = "principal";
+ private static final String ROLES = "roles";
+
+ private static final String[] ALL_VALID_OPTIONS =
+ {
+ PRINCIPAL,ROLES
+ };
+
private String principalName;
private String roleNames;
@@ -60,11 +69,12 @@
public void initialize(Subject subject, CallbackHandler handler,
Map<String,?> sharedState, Map<String,?> options)
{
+ addValidOptions(ALL_VALID_OPTIONS);
super.initialize(subject, handler, sharedState, options);
- principalName = (String) options.get("principal");
+ principalName = (String) options.get(PRINCIPAL);
if( principalName == null )
principalName = "guest";
- roleNames = (String) options.get("roles");
+ roleNames = (String) options.get(ROLES);
}
@SuppressWarnings("unchecked")
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapExtLoginModule.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapExtLoginModule.java 2012-03-19 10:33:27 UTC (rev 317)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapExtLoginModule.java 2012-03-19 10:35:13 UTC (rev 318)
@@ -145,44 +145,41 @@
@SuppressWarnings("rawtypes")
public class LdapExtLoginModule extends UsernamePasswordLoginModule
{
+ // see AbstractServerLoginModule
private static final String ROLES_CTX_DN_OPT = "rolesCtxDN";
-
private static final String ROLE_ATTRIBUTE_ID_OPT = "roleAttributeID";
-
private static final String ROLE_ATTRIBUTE_IS_DN_OPT = "roleAttributeIsDN";
-
private static final String ROLE_NAME_ATTRIBUTE_ID_OPT = "roleNameAttributeID";
-
private static final String PARSE_ROLE_NAME_FROM_DN_OPT = "parseRoleNameFromDN";
-
private static final String BIND_DN = "bindDN";
-
private static final String BIND_CREDENTIAL = "bindCredential";
-
private static final String BASE_CTX_DN = "baseCtxDN";
-
private static final String BASE_FILTER_OPT = "baseFilter";
-
private static final String ROLE_FILTER_OPT = "roleFilter";
-
private static final String ROLE_RECURSION = "roleRecursion";
-
private static final String DEFAULT_ROLE = "defaultRole";
-
private static final String SEARCH_TIME_LIMIT_OPT = "searchTimeLimit";
-
private static final String SEARCH_SCOPE_OPT = "searchScope";
-
private static final String SECURITY_DOMAIN_OPT = "jaasSecurityDomain";
-
private static final String DISTINGUISHED_NAME_ATTRIBUTE_OPT = "distinguishedNameAttribute";
-
private static final String PARSE_USERNAME = "parseUsername";
-
private static final String USERNAME_BEGIN_STRING = "usernameBeginString";
+ private static final String USERNAME_END_STRING = "usernameEndString";
+ private static final String ALLOW_EMPTY_PASSWORDS = "allowEmptyPasswords";
+ private static final String[] ALL_VALID_OPTIONS =
+ {
+ ROLES_CTX_DN_OPT,ROLE_ATTRIBUTE_ID_OPT,
+ ROLE_NAME_ATTRIBUTE_ID_OPT,PARSE_ROLE_NAME_FROM_DN_OPT,
+ BIND_DN,BIND_CREDENTIAL,BASE_CTX_DN,BASE_FILTER_OPT,
+ ROLE_FILTER_OPT,ROLE_RECURSION,DEFAULT_ROLE,
+ SEARCH_TIME_LIMIT_OPT,SEARCH_SCOPE_OPT,SECURITY_DOMAIN_OPT,
+ DISTINGUISHED_NAME_ATTRIBUTE_OPT,PARSE_USERNAME,USERNAME_BEGIN_STRING,USERNAME_END_STRING,
+ ALLOW_EMPTY_PASSWORDS,
+
+ Context.INITIAL_CONTEXT_FACTORY,Context.SECURITY_AUTHENTICATION,Context.SECURITY_PROTOCOL,
+ Context.PROVIDER_URL,Context.SECURITY_PRINCIPAL,Context.SECURITY_CREDENTIALS
+ };
- private static final String USERNAME_END_STRING = "usernameEndString";
-
protected String bindDN;
protected String bindCredential;
@@ -229,6 +226,7 @@
@SuppressWarnings("unchecked")
public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
{
+ addValidOptions(ALL_VALID_OPTIONS);
super.initialize(subject, callbackHandler, sharedState, options);
trace = log.isTraceEnabled();
}
@@ -294,7 +292,7 @@
{
// Check for an allowEmptyPasswords option
boolean allowEmptyPasswords = true;
- String flag = (String) options.get("allowEmptyPasswords");
+ String flag = (String) options.get(ALLOW_EMPTY_PASSWORDS);
if (flag != null)
allowEmptyPasswords = Boolean.valueOf(flag).booleanValue();
if (allowEmptyPasswords == false)
@@ -444,8 +442,13 @@
constraints.setTimeLimit(searchTimeLimit);
rolesSearch(ctx, constraints, username, userDN, recursion, 0);
}
- finally
+ catch(Exception e)
{
+ log.warn(e);
+ throw e;
+ }
+ finally
+ {
if (ctx != null)
ctx.close();
if (currentTCCL != null)
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapLoginModule.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapLoginModule.java 2012-03-19 10:33:27 UTC (rev 317)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapLoginModule.java 2012-03-19 10:35:13 UTC (rev 318)
@@ -26,6 +26,7 @@
import java.util.Arrays;
import java.util.Iterator;
import java.util.Properties;
+import java.util.Map;
import java.util.Map.Entry;
import javax.management.ObjectName;
@@ -38,6 +39,8 @@
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
import javax.security.auth.login.LoginException;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
import org.jboss.security.SimpleGroup;
import org.jboss.security.vault.SecurityVaultUtil;
@@ -167,34 +170,44 @@
@SuppressWarnings("rawtypes")
public class LdapLoginModule extends UsernamePasswordLoginModule
{
+ // see AbstractServerLoginModule
private static final String PRINCIPAL_DN_PREFIX_OPT = "principalDNPrefix";
-
private static final String PRINCIPAL_DN_SUFFIX_OPT = "principalDNSuffix";
-
private static final String ROLES_CTX_DN_OPT = "rolesCtxDN";
-
private static final String USER_ROLES_CTX_DN_ATTRIBUTE_ID_OPT = "userRolesCtxDNAttributeName";
-
private static final String UID_ATTRIBUTE_ID_OPT = "uidAttributeID";
-
private static final String ROLE_ATTRIBUTE_ID_OPT = "roleAttributeID";
-
private static final String MATCH_ON_USER_DN_OPT = "matchOnUserDN";
-
private static final String ROLE_ATTRIBUTE_IS_DN_OPT = "roleAttributeIsDN";
-
private static final String ROLE_NAME_ATTRIBUTE_ID_OPT = "roleNameAttributeID";
-
private static final String SEARCH_TIME_LIMIT_OPT = "searchTimeLimit";
-
private static final String SEARCH_SCOPE_OPT = "searchScope";
-
private static final String SECURITY_DOMAIN_OPT = "jaasSecurityDomain";
-
+ private static final String ALLOW_EMPTY_PASSWORDS = "allowEmptyPasswords";
+
+ private static final String[] ALL_VALID_OPTIONS =
+ {
+ PRINCIPAL_DN_PREFIX_OPT,PRINCIPAL_DN_SUFFIX_OPT,ROLES_CTX_DN_OPT,USER_ROLES_CTX_DN_ATTRIBUTE_ID_OPT,
+ UID_ATTRIBUTE_ID_OPT,ROLE_ATTRIBUTE_ID_OPT,MATCH_ON_USER_DN_OPT,
+ ROLE_ATTRIBUTE_IS_DN_OPT,ROLE_NAME_ATTRIBUTE_ID_OPT,
+ SEARCH_TIME_LIMIT_OPT,SEARCH_SCOPE_OPT,SECURITY_DOMAIN_OPT,ALLOW_EMPTY_PASSWORDS,
+
+ Context.INITIAL_CONTEXT_FACTORY,Context.SECURITY_AUTHENTICATION,Context.SECURITY_PROTOCOL,
+ Context.PROVIDER_URL,Context.SECURITY_PRINCIPAL,Context.SECURITY_CREDENTIALS
+ };
+
public LdapLoginModule()
{
}
+ @Override
+ public void initialize(Subject subject, CallbackHandler callbackHandler,
+ Map<String,?> sharedState, Map<String,?> options)
+ {
+ addValidOptions(ALL_VALID_OPTIONS);
+ super.initialize(subject, callbackHandler, sharedState, options);
+ }
+
private transient SimpleGroup userRoles = new SimpleGroup("Roles");
/** Overridden to return an empty password string as typically one cannot
@@ -237,7 +250,7 @@
{
// Check for an allowEmptyPasswords option
boolean allowEmptyPasswords = true;
- String flag = (String) options.get("allowEmptyPasswords");
+ String flag = (String) options.get(ALLOW_EMPTY_PASSWORDS);
if (flag != null)
allowEmptyPasswords = Boolean.valueOf(flag).booleanValue();
if (allowEmptyPasswords == false)
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapUsersLoginModule.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapUsersLoginModule.java 2012-03-19 10:33:27 UTC (rev 317)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapUsersLoginModule.java 2012-03-19 10:35:13 UTC (rev 318)
@@ -51,28 +51,29 @@
*/
public class LdapUsersLoginModule extends UsernamePasswordLoginModule
{
+ // see AbstractServerLoginModule
private static final String BIND_DN = "bindDN";
-
private static final String BIND_CREDENTIAL = "bindCredential";
-
private static final String BASE_CTX_DN = "baseCtxDN";
-
private static final String BASE_FILTER_OPT = "baseFilter";
-
private static final String SEARCH_TIME_LIMIT_OPT = "searchTimeLimit";
-
private static final String SEARCH_SCOPE_OPT = "searchScope";
-
private static final String DISTINGUISHED_NAME_ATTRIBUTE_OPT = "distinguishedNameAttribute";
-
private static final String PARSE_USERNAME = "parseUsername";
-
private static final String USERNAME_BEGIN_STRING = "usernameBeginString";
-
private static final String USERNAME_END_STRING = "usernameEndString";
+ private static final String ALLOW_EMPTY_PASSWORDS = "allowEmptyPasswords";
+ private static final String[] ALL_VALID_OPTIONS =
+ {
+ BIND_DN,BIND_CREDENTIAL,BASE_CTX_DN,BASE_FILTER_OPT,
+ SEARCH_TIME_LIMIT_OPT,SEARCH_SCOPE_OPT,
+ DISTINGUISHED_NAME_ATTRIBUTE_OPT,
+ PARSE_USERNAME,USERNAME_BEGIN_STRING,USERNAME_END_STRING,ALLOW_EMPTY_PASSWORDS,
+
+ Context.INITIAL_CONTEXT_FACTORY,Context.SECURITY_AUTHENTICATION,Context.SECURITY_PROTOCOL,
+ Context.PROVIDER_URL,Context.SECURITY_PRINCIPAL,Context.SECURITY_CREDENTIALS
+ };
- private static final String ALLOW_EMPTY_PASSWORDS = "allowEmptyPasswords";
-
protected String bindDN;
protected String bindCredential;
@@ -134,6 +135,7 @@
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
Map<String, ?> options)
{
+ addValidOptions(ALL_VALID_OPTIONS);
super.initialize(subject, callbackHandler, sharedState, options);
trace = log.isTraceEnabled();
bindDN = (String) options.get(BIND_DN);
@@ -232,8 +234,13 @@
// Validate the user by binding against the userDN
bindDNAuthentication(ctx, username, credential, baseDN, baseFilter);
}
- finally
+ catch(Exception e)
{
+ log.warn(e);
+ throw e;
+ }
+ finally
+ {
if (ctx != null)
ctx.close();
if (currentTCCL != null)
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/MemoryUsersRolesLoginModule.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/MemoryUsersRolesLoginModule.java 2012-03-19 10:33:27 UTC (rev 317)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/MemoryUsersRolesLoginModule.java 2012-03-19 10:35:13 UTC (rev 318)
@@ -39,6 +39,15 @@
*/
public class MemoryUsersRolesLoginModule extends UsersRolesLoginModule
{
+ // see AbstractServerLoginModule
+ private static final String USERS = "users";
+ private static final String ROLES = "roles";
+
+ private static final String[] ALL_VALID_OPTIONS =
+ {
+ USERS,ROLES
+ };
+
private Properties users;
private Properties roles;
@@ -55,8 +64,9 @@
Map<String,?> sharedState, Map<String,?> options)
{
// First extract the users/roles Properties from the options
- this.users = (Properties) options.get("users");
- this.roles = (Properties) options.get("roles");
+ this.users = (Properties) options.get(USERS);
+ this.roles = (Properties) options.get(ROLES);
+ addValidOptions(ALL_VALID_OPTIONS);
// Now initialize the superclass which will invoke createUsers/createRoles
super.initialize(subject, callbackHandler, sharedState, options);
}
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/ProxyLoginModule.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/ProxyLoginModule.java 2012-03-19 10:33:27 UTC (rev 317)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/ProxyLoginModule.java 2012-03-19 10:35:13 UTC (rev 318)
@@ -22,6 +22,8 @@
package org.jboss.security.auth.spi;
import java.util.Map;
+import java.util.HashSet;
+import java.util.Arrays;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
@@ -29,6 +31,7 @@
import javax.security.auth.spi.LoginModule;
import org.jboss.security.ErrorCodes;
+import org.jboss.logging.Logger;
/** A proxy LoginModule that loads a delegate LoginModule using
the current thread context class loader. The purpose of this
@@ -44,7 +47,16 @@
*/
public class ProxyLoginModule implements LoginModule
{
- private String moduleName;
+ // see AbstractServerLoginModule
+ private static final String MODULE_NAME = "moduleName";
+
+ private static final String[] ALL_VALID_OPTIONS =
+ {
+ MODULE_NAME
+ };
+
+ protected Logger log;
+ private String moduleName;
private LoginModule delegate;
public ProxyLoginModule()
@@ -64,7 +76,21 @@
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map<String,?> sharedState, Map<String,?> options)
{
- moduleName = (String) options.get("moduleName");
+ log = Logger.getLogger(getClass());
+
+ /* TODO: this module should really extend AbstractServerLoginModule where the options check is integrated.
+ * the code here has been intentionally kept identical
+ */
+ HashSet<String> validOptions = new HashSet<String>(Arrays.asList(ALL_VALID_OPTIONS));
+ for (Object key : options.keySet())
+ {
+ if (!validOptions.contains((String)key))
+ {
+ log.warn("Invalid or misspelled option: " + key);
+ }
+ }
+
+ moduleName = (String) options.get(MODULE_NAME);
if( moduleName == null )
{
System.out.println("Required moduleName option not given");
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/RemoteHostTrustLoginModule.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/RemoteHostTrustLoginModule.java 2012-03-19 10:33:27 UTC (rev 317)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/RemoteHostTrustLoginModule.java 2012-03-19 10:35:13 UTC (rev 318)
@@ -51,9 +51,14 @@
@SuppressWarnings("rawtypes")
public class RemoteHostTrustLoginModule extends UsernamePasswordLoginModule
{
+ // see AbstractServerLoginModule
private final static String OPTION_TRUSTED_HOSTS = "trustedHosts";
private final static String OPTION_ROLES = "roles";
-
+ private static final String[] ALL_VALID_OPTIONS =
+ {
+ OPTION_TRUSTED_HOSTS,OPTION_ROLES
+ };
+
List<String> trustedHosts;
private String roleNames;
@@ -68,6 +73,7 @@
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map sharedState, Map options)
{
+ addValidOptions(ALL_VALID_OPTIONS);
super.initialize(subject, callbackHandler, sharedState, options);
boolean trace = log.isTraceEnabled();
String tmp = (String)options.get(OPTION_TRUSTED_HOSTS);
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/RoleMappingLoginModule.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/RoleMappingLoginModule.java 2012-03-19 10:33:27 UTC (rev 317)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/RoleMappingLoginModule.java 2012-03-19 10:35:13 UTC (rev 318)
@@ -25,7 +25,10 @@
import java.security.acl.Group;
import java.util.Enumeration;
import java.util.Iterator;
+import java.util.Map;
import java.util.Properties;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
@@ -49,7 +52,16 @@
* @version $Revision$
*/
public class RoleMappingLoginModule extends AbstractServerLoginModule
-{
+{
+ // see AbstractServerLoginModule
+ private static final String REPLACE_ROLE_OPT = "replaceRole";
+ private static final String ROLES_PROPERTIES = "rolesProperties";
+
+ private static final String[] ALL_VALID_OPTIONS =
+ {
+ REPLACE_ROLE_OPT,ROLES_PROPERTIES
+ };
+
private static Logger log = Logger.getLogger(RoleMappingLoginModule.class);
private boolean trace = log.isTraceEnabled();
@@ -58,6 +70,13 @@
*/
protected boolean REPLACE_ROLE = false;
+ public void initialize(Subject subject, CallbackHandler callbackHandler,
+ Map<String,?> sharedState, Map<String,?> options)
+ {
+ addValidOptions(ALL_VALID_OPTIONS);
+ super.initialize(subject, callbackHandler, sharedState, options);
+ }
+
/**
* @see LoginModule#login()
*/
@@ -91,12 +110,12 @@
*/
protected Group[] getRoleSets() throws LoginException
{
- String rep = (String)options.get("replaceRole");
+ String rep = (String)options.get(REPLACE_ROLE_OPT);
if("true".equalsIgnoreCase(rep))
this.REPLACE_ROLE = true;
//Get the properties file name from the options
- String propFileName = (String)options.get("rolesProperties");
+ String propFileName = (String)options.get(ROLES_PROPERTIES);
if(propFileName == null)
throw new IllegalStateException(ErrorCodes.NULL_VALUE + "rolesProperties option needs to be provided");
// Replace any system property references like ${x}
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/RunAsLoginModule.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/RunAsLoginModule.java 2012-03-19 10:33:27 UTC (rev 317)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/RunAsLoginModule.java 2012-03-19 10:35:13 UTC (rev 318)
@@ -21,12 +21,15 @@
*/
package org.jboss.security.auth.spi;
+import java.util.Arrays;
+import java.util.HashSet;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.spi.LoginModule;
+import org.jboss.logging.Logger;
import org.jboss.security.RunAsIdentity;
import org.jboss.security.SecurityContextAssociation;
@@ -39,6 +42,16 @@
*/
public class RunAsLoginModule implements LoginModule
{
+ // see AbstractServerLoginModule
+ private static final String ROLE_NAME = "roleName";
+ private static final String PRINCIPLE_NAME = "principalName";
+
+ private static final String[] ALL_VALID_OPTIONS =
+ {
+ ROLE_NAME,PRINCIPLE_NAME
+ };
+
+ private static Logger log;
private String roleName;
private String principalName;
private boolean pushedRole;
@@ -49,11 +62,25 @@
public void initialize(Subject subject, CallbackHandler handler,
Map<String,?> sharedState, Map<String,?> options)
{
- roleName = (String) options.get("roleName");
+ log = Logger.getLogger(getClass());
+
+ /* TODO: this module should really extend AbstractServerLoginModule where the options check is integrated.
+ * the code here has been intentionally kept identical
+ */
+ HashSet<String> validOptions = new HashSet<String>(Arrays.asList(ALL_VALID_OPTIONS));
+ for (Object key : options.keySet())
+ {
+ if (!validOptions.contains((String)key))
+ {
+ log.warn("Invalid or misspelled option: " + key);
+ }
+ }
+
+ roleName = (String) options.get(ROLE_NAME);
if( roleName == null )
roleName = "nobody";
- principalName = (String) options.get("principalName");
+ principalName = (String) options.get(PRINCIPLE_NAME);
if( principalName == null )
principalName = "nobody";
}
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/SimpleUsersLoginModule.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/SimpleUsersLoginModule.java 2012-03-19 10:33:27 UTC (rev 317)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/SimpleUsersLoginModule.java 2012-03-19 10:35:13 UTC (rev 318)
@@ -83,5 +83,15 @@
{
return !invalidProperties.contains(key);
}
-
+
+ /**
+ * This login module cannot participate in the checking of valid options
+ * in AbstractServerLoginModule.
+ * Hence this override to prevent false alarms
+ */
+ @Override
+ protected void checkOptions()
+ {
+ // do nothing
+ }
}
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/UsernamePasswordLoginModule.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/UsernamePasswordLoginModule.java 2012-03-19 10:33:27 UTC (rev 317)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/UsernamePasswordLoginModule.java 2012-03-19 10:35:13 UTC (rev 318)
@@ -62,6 +62,28 @@
*/
public abstract class UsernamePasswordLoginModule extends AbstractServerLoginModule
{
+ // see AbstractServerLoginModule
+ private static final String HASH_ALGORITHM = "hashAlgorithm";
+ private static final String HASH_ENCODING = "hashEncoding";
+ private static final String HASH_CHARSET = "hashCharset";
+ private static final String HASH_STORE_PASSWORD = "hashStorePassword";
+ private static final String HASH_USER_PASSWORD = "hashUserPassword";
+ private static final String DIGEST_CALLBACK = "digestCallback";
+ private static final String STORE_DIGEST_CALLBACK = "storeDigestCallback";
+ private static final String IGNORE_PASSWORD_CASE = "ignorePasswordCase";
+ private static final String LEGACY_CREATE_PASSWORD_HASH = "legacyCreatePasswordHash";
+ private static final String THROW_VALIDATE_ERROR = "throwValidateError";
+ private static final String INPUT_VALIDATOR = "inputValidator";
+
+ private static final String[] ALL_VALID_OPTIONS =
+ {
+ HASH_ALGORITHM,HASH_ENCODING,HASH_CHARSET,
+ HASH_STORE_PASSWORD,HASH_USER_PASSWORD,
+ DIGEST_CALLBACK,STORE_DIGEST_CALLBACK,
+ IGNORE_PASSWORD_CASE,LEGACY_CREATE_PASSWORD_HASH,
+ THROW_VALIDATE_ERROR,INPUT_VALIDATOR
+ };
+
/** The login identity */
private Principal identity;
/** The proof of login identity */
@@ -119,42 +141,43 @@
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map<String,?> sharedState, Map<String,?> options)
{
+ addValidOptions(ALL_VALID_OPTIONS);
super.initialize(subject, callbackHandler, sharedState, options);
// Check to see if password hashing has been enabled.
// If an algorithm is set, check for a format and charset.
- hashAlgorithm = (String) options.get("hashAlgorithm");
+ hashAlgorithm = (String) options.get(HASH_ALGORITHM);
if( hashAlgorithm != null )
{
- hashEncoding = (String) options.get("hashEncoding");
+ hashEncoding = (String) options.get(HASH_ENCODING);
if( hashEncoding == null )
hashEncoding = Util.BASE64_ENCODING;
- hashCharset = (String) options.get("hashCharset");
+ hashCharset = (String) options.get(HASH_CHARSET);
if( log.isTraceEnabled() )
{
log.trace("Password hashing activated: algorithm = " + hashAlgorithm
+ ", encoding = " + hashEncoding
+ ", charset = " + (hashCharset == null ? "{default}" : hashCharset)
- + ", callback = " + options.get("digestCallback")
- + ", storeCallback = " + options.get("storeDigestCallback")
+ + ", callback = " + options.get(DIGEST_CALLBACK)
+ + ", storeCallback = " + options.get(STORE_DIGEST_CALLBACK)
);
}
}
- String flag = (String) options.get("ignorePasswordCase");
+ String flag = (String) options.get(IGNORE_PASSWORD_CASE);
ignorePasswordCase = Boolean.valueOf(flag).booleanValue();
- flag = (String) options.get("hashStorePassword");
+ flag = (String) options.get(HASH_STORE_PASSWORD);
hashStorePassword = Boolean.valueOf(flag).booleanValue();
- flag = (String) options.get("hashUserPassword");
+ flag = (String) options.get(HASH_USER_PASSWORD);
if( flag != null )
hashUserPassword = Boolean.valueOf(flag).booleanValue();
- flag = (String) options.get("legacyCreatePasswordHash");
+ flag = (String) options.get(LEGACY_CREATE_PASSWORD_HASH);
if( flag != null )
legacyCreatePasswordHash = Boolean.valueOf(flag).booleanValue();
- flag = (String) options.get("throwValidateError");
+ flag = (String) options.get(THROW_VALIDATE_ERROR);
if(flag != null)
this.throwValidateError = Boolean.valueOf(flag).booleanValue();
// instantiate the input validator class.
- flag = (String) options.get("inputValidator");
+ flag = (String) options.get(INPUT_VALIDATOR);
if(flag != null)
{
try
@@ -244,7 +267,7 @@
// Hash the user entered password if password hashing is in use
if( hashAlgorithm != null && hashUserPassword == true )
- password = createPasswordHash(username, password, "digestCallback");
+ password = createPasswordHash(username, password, DIGEST_CALLBACK);
// Validate the password supplied by the subclass
String expectedPassword = getUsersPassword();
//Check if the password is vaultified
@@ -263,7 +286,7 @@
}
// Allow the storeDigestCallback to hash the expected password
if( hashAlgorithm != null && hashStorePassword == true )
- expectedPassword = createPasswordHash(username, expectedPassword, "storeDigestCallback");
+ expectedPassword = createPasswordHash(username, expectedPassword, STORE_DIGEST_CALLBACK);
if( validatePassword(password, expectedPassword) == false )
{
Throwable ex = getValidateError();
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/UsersLoginModule.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/UsersLoginModule.java 2012-03-19 10:33:27 UTC (rev 317)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/UsersLoginModule.java 2012-03-19 10:35:13 UTC (rev 318)
@@ -56,7 +56,15 @@
*/
public class UsersLoginModule extends UsernamePasswordLoginModule
{
- /** The name of the properties resource containing user/passwords */
+ // see AbstractServerLoginModule
+ private static final String USER_PROPERTIES = "usersProperties";
+
+ private static final String[] ALL_VALID_OPTIONS =
+ {
+ USER_PROPERTIES
+ };
+
+ /** The name of the properties resource containing user/passwords */
private String usersRsrcName = "users.properties";
/** The users.properties values */
private Properties users;
@@ -70,11 +78,12 @@
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map<String,?> sharedState, Map<String,?> options)
{
+ addValidOptions(ALL_VALID_OPTIONS);
super.initialize(subject, callbackHandler, sharedState, options);
try
{
// Check for usersProperties & rolesProperties
- String option = (String) options.get("usersProperties");
+ String option = (String) options.get(USER_PROPERTIES);
if (option != null)
usersRsrcName = option;
@@ -154,7 +163,7 @@
}
else
{
- throw new IOException(ErrorCodes.NULL_VALUE + "Properties file " + propertiesName + " not avilable");
+ throw new IOException(ErrorCodes.NULL_VALUE + "Properties file " + propertiesName + " not available");
}
return bundle;
}
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/UsersRolesLoginModule.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/UsersRolesLoginModule.java 2012-03-19 10:33:27 UTC (rev 317)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/UsersRolesLoginModule.java 2012-03-19 10:35:13 UTC (rev 318)
@@ -67,7 +67,21 @@
*/
public class UsersRolesLoginModule extends UsernamePasswordLoginModule
{
- /** The name of the default properties resource containing user/passwords */
+ // see AbstractServerLoginModule
+ private static final String USER_PROPERTIES = "usersProperties";
+ private static final String DEFAULT_USER_PROPERTIES = "defaultUsersProperties";
+ private static final String ROLES_PROPERTIES = "rolesProperties";
+ private static final String DEFAULT_ROLES_PROPERTIES = "defaultRolesProperties";
+ private static final String ROLE_GROUP_SEPERATOR = "roleGroupSeperator";
+
+ private static final String[] ALL_VALID_OPTIONS =
+ {
+ USER_PROPERTIES,DEFAULT_USER_PROPERTIES,
+ ROLES_PROPERTIES, DEFAULT_ROLES_PROPERTIES,
+ ROLE_GROUP_SEPERATOR
+ };
+
+ /** The name of the default properties resource containing user/passwords */
private String defaultUsersRsrcName = "defaultUsers.properties";
/** The name of the default properties resource containing user/roles */
private String defaultRolesRsrcName = "defaultRoles.properties";
@@ -107,23 +121,24 @@
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map<String,?> sharedState, Map<String,?> options)
{
+ addValidOptions(ALL_VALID_OPTIONS);
super.initialize(subject, callbackHandler, sharedState, options);
try
{
// Check for usersProperties & rolesProperties
- String option = (String) options.get("usersProperties");
+ String option = (String) options.get(USER_PROPERTIES);
if (option != null)
usersRsrcName = StringPropertyReplacer.replaceProperties(option);
- option = (String) options.get("defaultUsersProperties");
+ option = (String) options.get(DEFAULT_USER_PROPERTIES);
if (option != null)
defaultUsersRsrcName = StringPropertyReplacer.replaceProperties(option);
- option = (String) options.get("rolesProperties");
+ option = (String) options.get(ROLES_PROPERTIES);
if (option != null)
rolesRsrcName = StringPropertyReplacer.replaceProperties(option);
- option = (String) options.get("defaultRolesProperties");
+ option = (String) options.get(DEFAULT_ROLES_PROPERTIES);
if (option != null)
defaultRolesRsrcName = StringPropertyReplacer.replaceProperties(option);
- option = (String) options.get("roleGroupSeperator");
+ option = (String) options.get(ROLE_GROUP_SEPERATOR);
if( option != null )
roleGroupSeperator = option.charAt(0);
// Load the properties file that contains the list of users and passwords
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/XMLLoginModule.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/XMLLoginModule.java 2012-03-19 10:33:27 UTC (rev 317)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/XMLLoginModule.java 2012-03-19 10:35:13 UTC (rev 318)
@@ -69,6 +69,14 @@
*/
public class XMLLoginModule extends UsernamePasswordLoginModule
{
+ // see AbstractServerLoginModule
+ private static final String USER_INFO = "userInfo";
+
+ private static final String[] ALL_VALID_OPTIONS =
+ {
+ USER_INFO
+ };
+
/** The name of the properties resource containing user/passwords */
private Users users;
@@ -80,10 +88,11 @@
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map<String,?> sharedState, Map<String,?> options)
{
+ addValidOptions(ALL_VALID_OPTIONS);
super.initialize(subject, callbackHandler, sharedState, options);
try
{
- users = (Users) options.get("userInfo");
+ users = (Users) options.get(USER_INFO);
}
catch (Exception e)
{
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/otp/JBossTimeBasedOTPLoginModule.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/otp/JBossTimeBasedOTPLoginModule.java 2012-03-19 10:33:27 UTC (rev 317)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/otp/JBossTimeBasedOTPLoginModule.java 2012-03-19 10:35:13 UTC (rev 318)
@@ -25,7 +25,9 @@
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.acl.Group;
+import java.util.Arrays;
import java.util.HashMap;
+import java.util.HashSet;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
@@ -108,6 +110,18 @@
*/
public class JBossTimeBasedOTPLoginModule implements LoginModule
{
+ // see AbstractServerLoginModule
+ private static final String PASSWORD_STACKING = "password-stacking";
+ private static final String USE_FIRST_PASSWORD = "useFirstPass";
+ private static final String NUM_OF_DIGITS_OPT = "numOfDigits";
+ private static final String ALGORITHM = "algorithm";
+ private static final String ADDITIONAL_ROLES = "additionalRoles";
+
+ private static final String[] ALL_VALID_OPTIONS =
+ {
+ PASSWORD_STACKING,USE_FIRST_PASSWORD,NUM_OF_DIGITS_OPT,ALGORITHM,ADDITIONAL_ROLES
+ };
+
private static Logger log = Logger.getLogger( JBossTimeBasedOTPLoginModule.class );
private boolean trace = log.isTraceEnabled();
@@ -131,7 +145,19 @@
public void initialize( Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
Map<String, ?> options )
- {
+ {
+ /* TODO: this module should really extend AbstractServerLoginModule where the options check is integrated.
+ * the code here has been intentionally kept identical
+ */
+ HashSet<String> validOptions = new HashSet<String>(Arrays.asList(ALL_VALID_OPTIONS));
+ for (Object key : options.keySet())
+ {
+ if (!validOptions.contains((String)key))
+ {
+ log.warn("Invalid or misspelled option: " + key);
+ }
+ }
+
this.subject = subject;
this.callbackHandler = callbackHandler;
this.lmSharedState.putAll( sharedState );
@@ -141,17 +167,17 @@
password_stacking sets useFirstPass as this module has no way to
validate any shared password.
*/
- String passwordStacking = (String) options.get("password-stacking");
- if( passwordStacking != null && passwordStacking.equalsIgnoreCase("useFirstPass") )
+ String passwordStacking = (String) options.get(PASSWORD_STACKING);
+ if( passwordStacking != null && passwordStacking.equalsIgnoreCase(USE_FIRST_PASSWORD) )
useFirstPass = true;
//Option for number of digits
- String numDigitString = (String) options.get( "numOfDigits" );
+ String numDigitString = (String) options.get(NUM_OF_DIGITS_OPT);
if( numDigitString != null && numDigitString.length() > 0 )
NUMBER_OF_DIGITS = Integer.parseInt( numDigitString );
//Algorithm
- String algorithmStr = (String) options.get( "algorithm" );
+ String algorithmStr = (String) options.get(ALGORITHM);
if( algorithmStr != null && algorithmStr != "" )
{
if( algorithmStr.equalsIgnoreCase( TimeBasedOTP.HMAC_SHA256) )
@@ -160,7 +186,7 @@
algorithm = TimeBasedOTP.HMAC_SHA512;
}
- additionalRoles = (String) options.get( "additionalRoles" );
+ additionalRoles = (String) options.get(ADDITIONAL_ROLES);
}
/**
More information about the jboss-cvs-commits
mailing list