SEC-1320: JaasAuthenticationProvider can not find jaas realm defined inside service archive. Added flag to control refresh of configuration on startup.

This commit is contained in:
Luke Taylor 2009-12-13 16:19:53 +00:00
parent fdc9c5fd08
commit 1e8ea55030
1 changed files with 60 additions and 46 deletions

View File

@ -56,7 +56,7 @@ import org.springframework.util.Assert;
* org.springframework.security.authentication.UsernamePasswordAuthenticationToken} requests contain the correct username and
* password.</p>
* <p>This implementation is backed by a <a
* href="http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/JAASRefGuide.html">JAAS</a> configuration. The
* href="http://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/JAASRefGuide.html">JAAS</a> configuration. The
* loginConfig property must be set to a given JAAS configuration file. This setter accepts a Spring {@link
* org.springframework.core.io.Resource} instance. It should point to a JAAS configuration file containing an index
* matching the {@link #setLoginContextName(java.lang.String) loginContextName} property.
@ -83,9 +83,9 @@ import org.springframework.util.Assert;
* </pre>
* </p>
* <p>When using JAAS login modules as the authentication source, sometimes the
* <a href="http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/login/LoginContext.html">LoginContext</a> will
* <a href="http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/LoginContext.html">LoginContext</a> will
* require <i>CallbackHandler</i>s. The JaasAuthenticationProvider uses an internal
* <a href="http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/CallbackHandler.html">CallbackHandler
* <a href="http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/callback/CallbackHandler.html">CallbackHandler
* </a> to wrap the {@link JaasAuthenticationCallbackHandler}s configured in the ApplicationContext.
* When the LoginContext calls the internal CallbackHandler, control is passed to each
* {@link JaasAuthenticationCallbackHandler} for each Callback passed.
@ -140,6 +140,7 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli
private AuthorityGranter[] authorityGranters;
private JaasAuthenticationCallbackHandler[] callbackHandlers;
private ApplicationEventPublisher applicationEventPublisher;
private boolean refreshConfigurationOnStartup = true;
//~ Methods ========================================================================================================
@ -225,7 +226,7 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli
}
/**
* Hook method for configuring Jaas
* Hook method for configuring Jaas. If {@code
*
* @param loginConfig URL to Jaas login configuration
*
@ -234,9 +235,11 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli
protected void configureJaas(Resource loginConfig) throws IOException {
configureJaasUsingLoop();
if (refreshConfigurationOnStartup) {
// Overcome issue in SEC-760
Configuration.getConfiguration().refresh();
}
}
/**
* Loops through the login.config.url.1,login.config.url.2 properties looking for the login configuration.
@ -249,7 +252,7 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli
boolean alreadySet = false;
int n = 1;
String prefix = "login.config.url.";
final String prefix = "login.config.url.";
String existing = null;
while ((existing = Security.getProperty(prefix + n)) != null) {
@ -269,41 +272,6 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli
}
}
/**
* Returns the AuthorityGrannter array that was passed to the {@link
* #setAuthorityGranters(AuthorityGranter[])} method, or null if it none were ever set.
*
* @return The AuthorityGranter array, or null
*
* @see #setAuthorityGranters(AuthorityGranter[])
*/
public AuthorityGranter[] getAuthorityGranters() {
return authorityGranters;
}
/**
* Returns the current JaasAuthenticationCallbackHandler array, or null if none are set.
*
* @return the JAASAuthenticationCallbackHandlers.
*
* @see #setCallbackHandlers(JaasAuthenticationCallbackHandler[])
*/
public JaasAuthenticationCallbackHandler[] getCallbackHandlers() {
return callbackHandlers;
}
public Resource getLoginConfig() {
return loginConfig;
}
public String getLoginContextName() {
return loginContextName;
}
public LoginExceptionResolver getLoginExceptionResolver() {
return loginExceptionResolver;
}
/**
* Handles the logout by getting the SecurityContext for the session that was destroyed. <b>MUST NOT use
* SecurityContextHolder as we are logging out a session that is not related to the current user.</b>
@ -367,6 +335,18 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli
}
}
/**
* Returns the AuthorityGrannter array that was passed to the {@link
* #setAuthorityGranters(AuthorityGranter[])} method, or null if it none were ever set.
*
* @return The AuthorityGranter array, or null
*
* @see #setAuthorityGranters(AuthorityGranter[])
*/
AuthorityGranter[] getAuthorityGranters() {
return authorityGranters;
}
/**
* Set the AuthorityGranters that should be consulted for role names to be granted to the Authentication.
*
@ -378,6 +358,17 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli
this.authorityGranters = authorityGranters;
}
/**
* Returns the current JaasAuthenticationCallbackHandler array, or null if none are set.
*
* @return the JAASAuthenticationCallbackHandlers.
*
* @see #setCallbackHandlers(JaasAuthenticationCallbackHandler[])
*/
JaasAuthenticationCallbackHandler[] getCallbackHandlers() {
return callbackHandlers;
}
/**
* Set the JAASAuthentcationCallbackHandler array to handle callback objects generated by the
* LoginContext.login method.
@ -388,19 +379,25 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli
this.callbackHandlers = callbackHandlers;
}
public Resource getLoginConfig() {
return loginConfig;
}
/**
* Set the JAAS login configuration file.
*
* @param loginConfig <a
* href="http://www.springframework.org/docs/api/org/springframework/core/io/Resource.html">Spring
* Resource</a>
* @param loginConfig
*
* @see <a href="http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/JAASRefGuide.html">JAAS Reference</a>
* @see <a href="http://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/JAASRefGuide.html">JAAS Reference</a>
*/
public void setLoginConfig(Resource loginConfig) {
this.loginConfig = loginConfig;
}
String getLoginContextName() {
return loginContextName;
}
/**
* Set the loginContextName, this name is used as the index to the configuration specified in the
* loginConfig property.
@ -411,10 +408,27 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli
this.loginContextName = loginContextName;
}
LoginExceptionResolver getLoginExceptionResolver() {
return loginExceptionResolver;
}
public void setLoginExceptionResolver(LoginExceptionResolver loginExceptionResolver) {
this.loginExceptionResolver = loginExceptionResolver;
}
/**
* If set, a call to {@code Configuration#refresh()} will be made by {@code #configureJaas(Resource) }
* method. Defaults to {@literal true}.
*
* @see <a href="https://jira.springsource.org/browse/SEC-1320">SEC-1230</a>
*
* @param refreshConfigurationOnStartup set to {@literal false} to disable reloading of the configuration.
* May be useful in some environments.
*/
public void setRefreshConfigurationOnStartup(boolean refresh) {
this.refreshConfigurationOnStartup = refresh;
}
public boolean supports(Class<? extends Object> aClass) {
return UsernamePasswordAuthenticationToken.class.isAssignableFrom(aClass);
}