diff --git a/core/src/main/java/org/acegisecurity/providers/jaas/JaasAuthenticationProvider.java b/core/src/main/java/org/acegisecurity/providers/jaas/JaasAuthenticationProvider.java index dbf49f86f7..6ab8e0a998 100644 --- a/core/src/main/java/org/acegisecurity/providers/jaas/JaasAuthenticationProvider.java +++ b/core/src/main/java/org/acegisecurity/providers/jaas/JaasAuthenticationProvider.java @@ -1,4 +1,4 @@ -/* Copyright 2004 Acegi Technology Pty Limited +/* Copyright 2004, 2005 Acegi Technology Pty Limited * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -15,7 +15,6 @@ package net.sf.acegisecurity.providers.jaas; -import com.sun.security.auth.login.ConfigFile; import net.sf.acegisecurity.AcegiSecurityException; import net.sf.acegisecurity.Authentication; import net.sf.acegisecurity.AuthenticationException; @@ -24,38 +23,46 @@ import net.sf.acegisecurity.providers.AuthenticationProvider; import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken; import net.sf.acegisecurity.providers.jaas.event.JaasAuthenticationFailedEvent; import net.sf.acegisecurity.providers.jaas.event.JaasAuthenticationSuccessEvent; + import org.springframework.beans.BeansException; import org.springframework.beans.factory.InitializingBean; + import org.springframework.context.ApplicationContext; import org.springframework.context.ApplicationContextAware; import org.springframework.context.ApplicationContextException; + import org.springframework.core.io.Resource; +import org.springframework.util.Assert; + +import java.io.IOException; + +import java.security.Principal; +import java.security.Security; + +import java.util.Arrays; +import java.util.HashSet; +import java.util.Iterator; +import java.util.Set; + import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.UnsupportedCallbackException; import javax.security.auth.login.Configuration; import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; -import java.io.IOException; -import java.security.Principal; -import java.security.Security; -import java.util.Arrays; -import java.util.HashSet; -import java.util.Iterator; -import java.util.Set; /** * An {@link AuthenticationProvider} implementation that retrieves user details * from a JAAS login configuration. - * + * *
* This AuthenticationProvider is capable of validating {@link
* net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken}
* requests contain the correct username and password.
*
* This implementation is backed by a JAAS @@ -65,36 +72,36 @@ import java.util.Set; * configuration file containing an index matching the {@link * #setLoginContextName(java.lang.String) loginContextName} property. *
- * + * ** For example: If this JaasAuthenticationProvider were configured in a Spring * WebApplicationContext the xml to set the loginConfiguration could be as * follows... *
- * <property name="loginConfig"> - * <value>/WEB-INF/login.conf</value> - * </property> - *+<property name="loginConfig"> + <value>/WEB-INF/login.conf</value> +</property> + * - * + * *
* The loginContextName should coincide with a given index in the loginConfig * specifed. The loginConfig file used in the JUnit tests appears as the * following... *
- * JAASTest {
- * net.sf.acegisecurity.providers.jaas.TestLoginModule required;
- * };
- *
+JAASTest {
+ net.sf.acegisecurity.providers.jaas.TestLoginModule required;
+};
+
* Using the example login configuration above, the loginContextName property
* would be set as JAASTest...
* - * <property name="loginContextName"> - * <value>JAASTest</value> - * </property> - *+<property name="loginContextName"> + <value>JAASTest</value> +</property> + * - * + * *
* When using JAAS login modules as the authentication source, sometimes the LoginContext @@ -106,23 +113,23 @@ import java.util.Set; * CallbackHandler, control is passed to each {@link * JaasAuthenticationCallbackHandler} for each Callback passed. *
- * + * ** {{@link JaasAuthenticationCallbackHandler}s are passed to the * JaasAuthenticationProvider through the {@link * #setCallbackHandlers(net.sf.acegisecurity.providers.jaas.JaasAuthenticationCallbackHandler[]) * callbackHandlers} property. } *
- * <property name="callbackHandlers">
- * <list>
- * <bean class="net.sf.acegisecurity.providers.jaas.TestCallbackHandler"/>
- * <bean class="{@link JaasNameCallbackHandler net.sf.acegisecurity.providers.jaas.JaasNameCallbackHandler}"/>
- * <bean class="{@link JaasPasswordCallbackHandler net.sf.acegisecurity.providers.jaas.JaasPasswordCallbackHandler}"/>
- * </list>
- * </property>
- *
+ <property name="callbackHandlers">
+ <list>
+ <bean class="net.sf.acegisecurity.providers.jaas.TestCallbackHandler"/>
+ <bean class="{@link JaasNameCallbackHandler net.sf.acegisecurity.providers.jaas.JaasNameCallbackHandler}"/>
+ <bean class="{@link JaasPasswordCallbackHandler net.sf.acegisecurity.providers.jaas.JaasPasswordCallbackHandler}"/>
+ </list>
+ </property>
+
*
- *
+ *
* * After calling LoginContext.login(), the JaasAuthenticationProvider will * retrieve the returned Principals from the Subject @@ -134,38 +141,38 @@ import java.util.Set; * method. The returned role will be applied to the Authorization object as a * {@link GrantedAuthority}. *
- * + * ** AuthorityGranters are configured in spring xml as follows... *
- * <property name="authorityGranters"> - * <list> - * <bean class="net.sf.acegisecurity.providers.jaas.TestAuthorityGranter"/> - * </list> - * </property> - * - *+<property name="authorityGranters"> + <list> + <bean class="net.sf.acegisecurity.providers.jaas.TestAuthorityGranter"/> + </list> +</property> + + * * * @author Ray Krueger * @version $Id$ */ public class JaasAuthenticationProvider implements AuthenticationProvider, - InitializingBean, ApplicationContextAware { + InitializingBean, ApplicationContextAware { //~ Instance fields ======================================================== private ApplicationContext context; private LoginExceptionResolver loginExceptionResolver = new DefaultLoginExceptionResolver(); private Resource loginConfig; + private final String SYSPROP = "java.security.auth.login.config"; private String loginContextName = "ACEGI"; private AuthorityGranter[] authorityGranters; private JaasAuthenticationCallbackHandler[] callbackHandlers; - private final String SYSPROP = "java.security.auth.login.config"; //~ Methods ================================================================ public void setApplicationContext(ApplicationContext applicationContext) - throws BeansException { + throws BeansException { this.context = applicationContext; } @@ -174,6 +181,7 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, * granted to the Authentication. * * @param authorityGranters AuthorityGranter array + * * @see JaasAuthenticationProvider */ public void setAuthorityGranters(AuthorityGranter[] authorityGranters) { @@ -186,6 +194,7 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, * were ever set. * * @return The AuthorityGranter array, or null + * * @see #setAuthorityGranters(net.sf.acegisecurity.providers.jaas.AuthorityGranter[]) */ public AuthorityGranter[] getAuthorityGranters() { @@ -198,7 +207,8 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, * * @param callbackHandlers Array of JAASAuthenticationCallbackHandlers */ - public void setCallbackHandlers(JaasAuthenticationCallbackHandler[] callbackHandlers) { + public void setCallbackHandlers( + JaasAuthenticationCallbackHandler[] callbackHandlers) { this.callbackHandlers = callbackHandlers; } @@ -207,6 +217,7 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, * none are set. * * @return the JAASAuthenticationCallbackHandlers. + * * @see #setCallbackHandlers(net.sf.acegisecurity.providers.jaas.JaasAuthenticationCallbackHandler[]) */ public JaasAuthenticationCallbackHandler[] getCallbackHandlers() { @@ -217,8 +228,9 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, * Set the JAAS login configuration file. * * @param loginConfig Spring - * Resource + * href="http://www.springframework.org/docs/api/org/springframework/core/io/Resource.html">Spring + * Resource + * * @see JAAS * Reference @@ -245,7 +257,8 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, return loginContextName; } - public void setLoginExceptionResolver(LoginExceptionResolver loginExceptionResolver) { + public void setLoginExceptionResolver( + LoginExceptionResolver loginExceptionResolver) { this.loginExceptionResolver = loginExceptionResolver; } @@ -256,16 +269,18 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, public void afterPropertiesSet() throws Exception { if (loginConfig == null) { throw new ApplicationContextException("loginConfig must be set on " - + getClass()); + + getClass()); } if ((loginContextName == null) || "".equals(loginContextName)) { - throw new ApplicationContextException("loginContextName must be set on " + getClass()); + throw new ApplicationContextException( + "loginContextName must be set on " + getClass()); } String loginConfigStr = loginConfig.getURL().toString(); - boolean allowed = "true".equalsIgnoreCase(Security.getProperty("policy.allowSystemProperty")); + boolean allowed = "true".equalsIgnoreCase(Security.getProperty( + "policy.allowSystemProperty")); if (allowed) { System.setProperty(SYSPROP, loginConfigStr); @@ -273,7 +288,8 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, setPropertyUsingLoop(loginConfigStr); } - Configuration.setConfiguration(new ConfigFile()); + Assert.notNull(Configuration.getConfiguration(), + "As per http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html \"If a Configuration object was set via the Configuration.setConfiguration method, then that object is returned. Otherwise, a default Configuration object is returned\". Your JRE returned null to Configuration.getConfiguration()."); } /** @@ -281,16 +297,18 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, * and credential * * @param auth The Authentication object to be authenticated. + * * @return The authenticated Authentication object, with it's * grantedAuthorities set. + * * @throws AuthenticationException This implementation does not handle - * 'locked' or 'disabled' accounts. This method only throws a - * AuthenticationServiceException, with the message of the - * LoginException that will be thrown, should the - * loginContext.login() method fail. + * 'locked' or 'disabled' accounts. This method only throws a + * AuthenticationServiceException, with the message of the + * LoginException that will be thrown, should the + * loginContext.login() method fail. */ public Authentication authenticate(Authentication auth) - throws AuthenticationException { + throws AuthenticationException { if (auth instanceof UsernamePasswordAuthenticationToken) { UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) auth; @@ -313,7 +331,7 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Set principals = lc.getSubject().getPrincipals(); for (Iterator iterator = principals.iterator(); - iterator.hasNext();) { + iterator.hasNext();) { Principal principal = (Principal) iterator.next(); for (int i = 0; i < authorityGranters.length; i++) { @@ -329,7 +347,8 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, } //Convert the authorities set back to an array and apply it to the token. - token.setAuthorities((GrantedAuthority[]) authorities.toArray(new GrantedAuthority[authorities.size()])); + token.setAuthorities((GrantedAuthority[]) authorities.toArray( + new GrantedAuthority[authorities.size()])); //Publish the success event context.publishEvent(new JaasAuthenticationSuccessEvent(token)); @@ -338,7 +357,7 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, return token; } catch (LoginException loginException) { AcegiSecurityException ase = loginExceptionResolver - .resolveException(loginException); + .resolveException(loginException); context.publishEvent(new JaasAuthenticationFailedEvent(auth, ase)); throw ase; @@ -387,7 +406,7 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, } public void handle(Callback[] callbacks) - throws IOException, UnsupportedCallbackException { + throws IOException, UnsupportedCallbackException { for (int i = 0; i < callbackHandlers.length; i++) { JaasAuthenticationCallbackHandler handler = callbackHandlers[i]; diff --git a/doc/xdocs/changes.xml b/doc/xdocs/changes.xml index c5cc15925a..666fede2a7 100644 --- a/doc/xdocs/changes.xml +++ b/doc/xdocs/changes.xml @@ -47,6 +47,7 @@