remm 2005/04/01 03:36:52
Modified: catalina/src/share/org/apache/catalina/realm
GenericPrincipal.java JAASRealm.java
catalina/src/share/org/apache/catalina/connector
Request.java
Log:
- Commit my proposed changes to GenericPrincipal, and use it to remove the
role map in the JAAS realm.
- Let me know if I did it wrong ;)
Revision Changes Path
1.5 +33 -14
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/GenericPrincipal.java
Index: GenericPrincipal.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/GenericPrincipal.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- GenericPrincipal.java 27 Feb 2004 14:58:45 -0000 1.4
+++ GenericPrincipal.java 1 Apr 2005 11:36:51 -0000 1.5
@@ -65,25 +65,29 @@
*/
public GenericPrincipal(Realm realm, String name, String password,
List roles) {
-
- super();
- this.realm = realm;
- this.name = name;
- this.password = password;
- if (roles != null) {
- this.roles = new String[roles.size()];
- this.roles = (String[]) roles.toArray(this.roles);
- if (this.roles.length > 0)
- Arrays.sort(this.roles);
- }
+ this(realm, name, password, roles, null);
}
- public GenericPrincipal(String name, String password,
- List roles) {
+ /**
+ * Construct a new Principal, associated with the specified Realm, for
the
+ * specified username and password, with the specified role names
+ * (as Strings).
+ *
+ * @param realm The Realm that owns this principal
+ * @param name The username of the user represented by this Principal
+ * @param password Credentials used to authenticate this user
+ * @param roles List of roles (must be Strings) possessed by this user
+ * @param userPrincipal - the principal to be returned from the request
+ * getUserPrincipal call if not null; if null, this will be
returned
+ */
+ public GenericPrincipal(Realm realm, String name, String password,
+ List roles, Principal userPrincipal) {
super();
+ this.realm = realm;
this.name = name;
this.password = password;
+ this.userPrincipal = userPrincipal;
if (roles != null) {
this.roles = new String[roles.size()];
this.roles = (String[]) roles.toArray(this.roles);
@@ -92,6 +96,7 @@
}
}
+
// -------------------------------------------------------------
Properties
@@ -140,6 +145,20 @@
}
+ /**
+ * The authenticated Principal to be exposed to applications.
+ */
+ protected Principal userPrincipal = null;
+
+ public Principal getUserPrincipal() {
+ if (userPrincipal != null) {
+ return userPrincipal;
+ } else {
+ return this;
+ }
+ }
+
+
// --------------------------------------------------------- Public
Methods
1.12 +3 -63
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/JAASRealm.java
Index: JAASRealm.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/JAASRealm.java,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- JAASRealm.java 6 Oct 2004 16:11:34 -0000 1.11
+++ JAASRealm.java 1 Apr 2005 11:36:51 -0000 1.12
@@ -20,9 +20,7 @@
import java.security.Principal;
import java.util.ArrayList;
-import java.util.HashMap;
import java.util.Iterator;
-import java.util.Map;
import java.util.List;
import javax.security.auth.Subject;
@@ -170,12 +168,6 @@
*/
protected List userClasses = new ArrayList();
- /**
- * Map associating each user <code>Principal</code> object
- * with an array of role <code>Principal</code>s.
- * This Map is read when <code>hasRole</code> is called.
- */
- protected Map roleMap = new HashMap();
/**
* Whether to use context ClassLoader or default ClassLoader.
@@ -417,52 +409,6 @@
}
}
- /**
- * Returns <code>true</code> if the specified user
<code>Principal</code> has the specified
- * security role, within the context of this <code>Realm</code>;
otherwise return
- * <code>false</code>. This will be true when
- * an associated role <code>Principal</code> can be found whose
<code>getName</code>
- * method returns a <code>String</code> equalling the specified role.
- * @param principal <code>Principal</code> for whom the role is to be
checked
- * @param role Security role to be checked
- */
- public boolean hasRole(Principal principal, String role) {
- if (log.isDebugEnabled()) {
- log.debug(sm.getString("jaasRealm.isInRole.start",
principal.getName(), role));
- }
-
- if ((principal == null) || (role == null) ||
- (roleMap.get(principal) == null)) {
- if (log.isDebugEnabled()) {
-
log.debug(sm.getString("jaasRealm.isInRole.noPrincipalOrRole"));
- }
- return false;
- }
-
- List roles = (List)roleMap.get(principal);
- if (log.isDebugEnabled()) {
- log.debug(sm.getString("jaasRealm.isInRole.principalCached",
String.valueOf(roles.size())));
- }
-
- for (Iterator it = roles.iterator(); it.hasNext();) {
- Principal possessedRole = (Principal)it.next();
- String possessedRoleName = possessedRole.getName();
- if (log.isDebugEnabled()) {
- log.debug(sm.getString("jaasRealm.isInRole.possessesRole",
possessedRole.getName()));
- }
-
- if (possessedRoleName.equals(role)) {
- if (log.isDebugEnabled()) {
- log.debug(sm.getString("jaasRealm.isInRole.match"));
- }
- return true;
- }
- }
- if (log.isDebugEnabled()) {
- log.debug(sm.getString("jaasRealm.isInRole.noMatch"));
- }
- return false;
- }
// -------------------------------------------------------- Package
Methods
@@ -538,7 +484,7 @@
}
if (roleClasses.contains(principalClass)) {
- roles.add(principal);
+ roles.add(principal.getName());
if( log.isDebugEnabled() ) {
log.debug(sm.getString("jaasRealm.rolePrincipalAdd",
principal.getName()));
}
@@ -556,17 +502,11 @@
if (log.isDebugEnabled()) {
log.debug(sm.getString("jaasRealm.rolePrincipalFailure"));
}
- } else {
- roleMap.put(userPrincipal, roles);
- if (log.isDebugEnabled()) {
- log.debug(sm.getString("jaasRealm.rolePrincipalSuccess",
String.valueOf(roles.size())));
- log.debug(sm.getString("jaasRealm.cachePrincipal",
userPrincipal.getName(), String.valueOf(roles.size())));
- }
}
}
// Return the resulting Principal for our authenticated user
- return userPrincipal;
+ return new GenericPrincipal(this, username, null, roles,
userPrincipal);
}
/**
1.21 +7 -2
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/connector/Request.java
Index: Request.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/connector/Request.java,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- Request.java 31 Mar 2005 10:31:53 -0000 1.20
+++ Request.java 1 Apr 2005 11:36:52 -0000 1.21
@@ -62,6 +62,7 @@
import org.apache.catalina.Session;
import org.apache.catalina.Wrapper;
import org.apache.catalina.core.ApplicationFilterFactory;
+import org.apache.catalina.realm.GenericPrincipal;
import org.apache.catalina.util.Enumerator;
import org.apache.catalina.util.ParameterMap;
import org.apache.catalina.util.RequestUtil;
@@ -2127,7 +2128,11 @@
* Return the principal that has been authenticated for this Request.
*/
public Principal getUserPrincipal() {
- return (userPrincipal);
+ if (userPrincipal instanceof GenericPrincipal) {
+ return ((GenericPrincipal) userPrincipal).getUserPrincipal();
+ } else {
+ return (userPrincipal);
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
