SEC-1320: JaasAuthenticationProvider can not find jaas realm defined inside service archive. Added flag to control refresh of configuration on startup.
This commit is contained in:
parent
fdc9c5fd08
commit
1e8ea55030
|
@ -56,7 +56,7 @@ import org.springframework.util.Assert;
|
|||
* org.springframework.security.authentication.UsernamePasswordAuthenticationToken} requests contain the correct username and
|
||||
* password.</p>
|
||||
* <p>This implementation is backed by a <a
|
||||
* href="http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/JAASRefGuide.html">JAAS</a> configuration. The
|
||||
* href="http://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/JAASRefGuide.html">JAAS</a> configuration. The
|
||||
* loginConfig property must be set to a given JAAS configuration file. This setter accepts a Spring {@link
|
||||
* org.springframework.core.io.Resource} instance. It should point to a JAAS configuration file containing an index
|
||||
* matching the {@link #setLoginContextName(java.lang.String) loginContextName} property.
|
||||
|
@ -83,9 +83,9 @@ import org.springframework.util.Assert;
|
|||
* </pre>
|
||||
* </p>
|
||||
* <p>When using JAAS login modules as the authentication source, sometimes the
|
||||
* <a href="http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/login/LoginContext.html">LoginContext</a> will
|
||||
* <a href="http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/LoginContext.html">LoginContext</a> will
|
||||
* require <i>CallbackHandler</i>s. The JaasAuthenticationProvider uses an internal
|
||||
* <a href="http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/CallbackHandler.html">CallbackHandler
|
||||
* <a href="http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/callback/CallbackHandler.html">CallbackHandler
|
||||
* </a> to wrap the {@link JaasAuthenticationCallbackHandler}s configured in the ApplicationContext.
|
||||
* When the LoginContext calls the internal CallbackHandler, control is passed to each
|
||||
* {@link JaasAuthenticationCallbackHandler} for each Callback passed.
|
||||
|
@ -140,6 +140,7 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli
|
|||
private AuthorityGranter[] authorityGranters;
|
||||
private JaasAuthenticationCallbackHandler[] callbackHandlers;
|
||||
private ApplicationEventPublisher applicationEventPublisher;
|
||||
private boolean refreshConfigurationOnStartup = true;
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
|
@ -225,7 +226,7 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli
|
|||
}
|
||||
|
||||
/**
|
||||
* Hook method for configuring Jaas
|
||||
* Hook method for configuring Jaas. If {@code
|
||||
*
|
||||
* @param loginConfig URL to Jaas login configuration
|
||||
*
|
||||
|
@ -234,9 +235,11 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli
|
|||
protected void configureJaas(Resource loginConfig) throws IOException {
|
||||
configureJaasUsingLoop();
|
||||
|
||||
if (refreshConfigurationOnStartup) {
|
||||
// Overcome issue in SEC-760
|
||||
Configuration.getConfiguration().refresh();
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Loops through the login.config.url.1,login.config.url.2 properties looking for the login configuration.
|
||||
|
@ -249,7 +252,7 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli
|
|||
boolean alreadySet = false;
|
||||
|
||||
int n = 1;
|
||||
String prefix = "login.config.url.";
|
||||
final String prefix = "login.config.url.";
|
||||
String existing = null;
|
||||
|
||||
while ((existing = Security.getProperty(prefix + n)) != null) {
|
||||
|
@ -269,41 +272,6 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the AuthorityGrannter array that was passed to the {@link
|
||||
* #setAuthorityGranters(AuthorityGranter[])} method, or null if it none were ever set.
|
||||
*
|
||||
* @return The AuthorityGranter array, or null
|
||||
*
|
||||
* @see #setAuthorityGranters(AuthorityGranter[])
|
||||
*/
|
||||
public AuthorityGranter[] getAuthorityGranters() {
|
||||
return authorityGranters;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the current JaasAuthenticationCallbackHandler array, or null if none are set.
|
||||
*
|
||||
* @return the JAASAuthenticationCallbackHandlers.
|
||||
*
|
||||
* @see #setCallbackHandlers(JaasAuthenticationCallbackHandler[])
|
||||
*/
|
||||
public JaasAuthenticationCallbackHandler[] getCallbackHandlers() {
|
||||
return callbackHandlers;
|
||||
}
|
||||
|
||||
public Resource getLoginConfig() {
|
||||
return loginConfig;
|
||||
}
|
||||
|
||||
public String getLoginContextName() {
|
||||
return loginContextName;
|
||||
}
|
||||
|
||||
public LoginExceptionResolver getLoginExceptionResolver() {
|
||||
return loginExceptionResolver;
|
||||
}
|
||||
|
||||
/**
|
||||
* Handles the logout by getting the SecurityContext for the session that was destroyed. <b>MUST NOT use
|
||||
* SecurityContextHolder as we are logging out a session that is not related to the current user.</b>
|
||||
|
@ -367,6 +335,18 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the AuthorityGrannter array that was passed to the {@link
|
||||
* #setAuthorityGranters(AuthorityGranter[])} method, or null if it none were ever set.
|
||||
*
|
||||
* @return The AuthorityGranter array, or null
|
||||
*
|
||||
* @see #setAuthorityGranters(AuthorityGranter[])
|
||||
*/
|
||||
AuthorityGranter[] getAuthorityGranters() {
|
||||
return authorityGranters;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the AuthorityGranters that should be consulted for role names to be granted to the Authentication.
|
||||
*
|
||||
|
@ -378,6 +358,17 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli
|
|||
this.authorityGranters = authorityGranters;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the current JaasAuthenticationCallbackHandler array, or null if none are set.
|
||||
*
|
||||
* @return the JAASAuthenticationCallbackHandlers.
|
||||
*
|
||||
* @see #setCallbackHandlers(JaasAuthenticationCallbackHandler[])
|
||||
*/
|
||||
JaasAuthenticationCallbackHandler[] getCallbackHandlers() {
|
||||
return callbackHandlers;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the JAASAuthentcationCallbackHandler array to handle callback objects generated by the
|
||||
* LoginContext.login method.
|
||||
|
@ -388,19 +379,25 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli
|
|||
this.callbackHandlers = callbackHandlers;
|
||||
}
|
||||
|
||||
public Resource getLoginConfig() {
|
||||
return loginConfig;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the JAAS login configuration file.
|
||||
*
|
||||
* @param loginConfig <a
|
||||
* href="http://www.springframework.org/docs/api/org/springframework/core/io/Resource.html">Spring
|
||||
* Resource</a>
|
||||
* @param loginConfig
|
||||
*
|
||||
* @see <a href="http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/JAASRefGuide.html">JAAS Reference</a>
|
||||
* @see <a href="http://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/JAASRefGuide.html">JAAS Reference</a>
|
||||
*/
|
||||
public void setLoginConfig(Resource loginConfig) {
|
||||
this.loginConfig = loginConfig;
|
||||
}
|
||||
|
||||
String getLoginContextName() {
|
||||
return loginContextName;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the loginContextName, this name is used as the index to the configuration specified in the
|
||||
* loginConfig property.
|
||||
|
@ -411,10 +408,27 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli
|
|||
this.loginContextName = loginContextName;
|
||||
}
|
||||
|
||||
LoginExceptionResolver getLoginExceptionResolver() {
|
||||
return loginExceptionResolver;
|
||||
}
|
||||
|
||||
public void setLoginExceptionResolver(LoginExceptionResolver loginExceptionResolver) {
|
||||
this.loginExceptionResolver = loginExceptionResolver;
|
||||
}
|
||||
|
||||
/**
|
||||
* If set, a call to {@code Configuration#refresh()} will be made by {@code #configureJaas(Resource) }
|
||||
* method. Defaults to {@literal true}.
|
||||
*
|
||||
* @see <a href="https://jira.springsource.org/browse/SEC-1320">SEC-1230</a>
|
||||
*
|
||||
* @param refreshConfigurationOnStartup set to {@literal false} to disable reloading of the configuration.
|
||||
* May be useful in some environments.
|
||||
*/
|
||||
public void setRefreshConfigurationOnStartup(boolean refresh) {
|
||||
this.refreshConfigurationOnStartup = refresh;
|
||||
}
|
||||
|
||||
public boolean supports(Class<? extends Object> aClass) {
|
||||
return UsernamePasswordAuthenticationToken.class.isAssignableFrom(aClass);
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue