SEC-760: Correct bug where more than one concurrent JaasAuthenticationProvider used.

This commit is contained in:
Ben Alex 2008-06-06 06:13:14 +00:00
parent b403216494
commit 358f284f42
4 changed files with 77 additions and 2 deletions

View File

@ -158,7 +158,7 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli
Assert.hasLength(loginContextName, "loginContextName must be set on " + getClass());
configureJaas(loginConfig);
Assert.notNull(Configuration.getConfiguration(),
"As per http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html "
+ "\"If a Configuration object was set via the Configuration.setConfiguration method, then that object is "
@ -246,6 +246,9 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli
*/
protected void configureJaas(Resource loginConfig) throws IOException {
configureJaasUsingLoop();
// Overcome issue in SEC-760
Configuration.getConfiguration().refresh();
}
/**
@ -375,7 +378,9 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli
* @param token The {@link UsernamePasswordAuthenticationToken} being processed
*/
protected void publishSuccessEvent(UsernamePasswordAuthenticationToken token) {
applicationEventPublisher.publishEvent(new JaasAuthenticationSuccessEvent(token));
if (applicationEventPublisher != null) {
applicationEventPublisher.publishEvent(new JaasAuthenticationSuccessEvent(token));
}
}
/**

View File

@ -0,0 +1,64 @@
package org.springframework.security.providers.jaas;
import java.net.URL;
import java.security.Security;
import javax.security.auth.login.LoginContext;
import junit.framework.Assert;
import org.junit.Test;
import org.springframework.core.io.ClassPathResource;
import org.springframework.security.Authentication;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
/**
* Tests bug reported in SEC-760.
*
* @author Ben Alex
*
*/
public class Sec760Tests {
public String resolveConfigFile(String filename) {
String resName = "/" + getClass().getPackage().getName().replace('.', '/') + filename;
return resName;
}
private void testConfigureJaasCase(JaasAuthenticationProvider p1, JaasAuthenticationProvider p2) throws Exception {
p1.setLoginConfig(new ClassPathResource(resolveConfigFile("/test1.conf")));
p1.setLoginContextName("test1");
p1.setCallbackHandlers(new JaasAuthenticationCallbackHandler[] {new TestCallbackHandler(), new JaasNameCallbackHandler(), new JaasPasswordCallbackHandler()});
p1.setAuthorityGranters(new AuthorityGranter[] {new TestAuthorityGranter()});
p1.afterPropertiesSet();
testAuthenticate(p1);
p2.setLoginConfig(new ClassPathResource(resolveConfigFile("/test2.conf")));
p2.setLoginContextName("test2");
p2.setCallbackHandlers(new JaasAuthenticationCallbackHandler[] {new TestCallbackHandler(), new JaasNameCallbackHandler(), new JaasPasswordCallbackHandler()});
p2.setAuthorityGranters(new AuthorityGranter[] {new TestAuthorityGranter()});
p2.afterPropertiesSet();
testAuthenticate(p2);
}
private void testAuthenticate(JaasAuthenticationProvider p1) {
GrantedAuthorityImpl role1 = new GrantedAuthorityImpl("ROLE_1");
GrantedAuthorityImpl role2 = new GrantedAuthorityImpl("ROLE_2");
GrantedAuthority[] defaultAuths = new GrantedAuthority[] {role1, role2,};
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password",
defaultAuths);
Authentication auth = p1.authenticate(token);
Assert.assertNotNull(auth);
}
@Test
public void testConfigureJaas() throws Exception {
testConfigureJaasCase(new JaasAuthenticationProvider(), new JaasAuthenticationProvider());
}
}

View File

@ -0,0 +1,3 @@
test1 {
org.springframework.security.providers.jaas.TestLoginModule required;
};

View File

@ -0,0 +1,3 @@
test2 {
org.springframework.security.providers.jaas.TestLoginModule required;
};