SEC-760: Correct bug where more than one concurrent JaasAuthenticationProvider used.
This commit is contained in:
parent
b403216494
commit
358f284f42
|
@ -158,7 +158,7 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli
|
|||
Assert.hasLength(loginContextName, "loginContextName must be set on " + getClass());
|
||||
|
||||
configureJaas(loginConfig);
|
||||
|
||||
|
||||
Assert.notNull(Configuration.getConfiguration(),
|
||||
"As per http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html "
|
||||
+ "\"If a Configuration object was set via the Configuration.setConfiguration method, then that object is "
|
||||
|
@ -246,6 +246,9 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli
|
|||
*/
|
||||
protected void configureJaas(Resource loginConfig) throws IOException {
|
||||
configureJaasUsingLoop();
|
||||
|
||||
// Overcome issue in SEC-760
|
||||
Configuration.getConfiguration().refresh();
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -375,7 +378,9 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli
|
|||
* @param token The {@link UsernamePasswordAuthenticationToken} being processed
|
||||
*/
|
||||
protected void publishSuccessEvent(UsernamePasswordAuthenticationToken token) {
|
||||
applicationEventPublisher.publishEvent(new JaasAuthenticationSuccessEvent(token));
|
||||
if (applicationEventPublisher != null) {
|
||||
applicationEventPublisher.publishEvent(new JaasAuthenticationSuccessEvent(token));
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -0,0 +1,64 @@
|
|||
package org.springframework.security.providers.jaas;
|
||||
|
||||
import java.net.URL;
|
||||
import java.security.Security;
|
||||
|
||||
import javax.security.auth.login.LoginContext;
|
||||
|
||||
import junit.framework.Assert;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.springframework.core.io.ClassPathResource;
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.GrantedAuthority;
|
||||
import org.springframework.security.GrantedAuthorityImpl;
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
|
||||
/**
|
||||
* Tests bug reported in SEC-760.
|
||||
*
|
||||
* @author Ben Alex
|
||||
*
|
||||
*/
|
||||
public class Sec760Tests {
|
||||
|
||||
public String resolveConfigFile(String filename) {
|
||||
String resName = "/" + getClass().getPackage().getName().replace('.', '/') + filename;
|
||||
return resName;
|
||||
}
|
||||
|
||||
private void testConfigureJaasCase(JaasAuthenticationProvider p1, JaasAuthenticationProvider p2) throws Exception {
|
||||
p1.setLoginConfig(new ClassPathResource(resolveConfigFile("/test1.conf")));
|
||||
p1.setLoginContextName("test1");
|
||||
p1.setCallbackHandlers(new JaasAuthenticationCallbackHandler[] {new TestCallbackHandler(), new JaasNameCallbackHandler(), new JaasPasswordCallbackHandler()});
|
||||
p1.setAuthorityGranters(new AuthorityGranter[] {new TestAuthorityGranter()});
|
||||
p1.afterPropertiesSet();
|
||||
testAuthenticate(p1);
|
||||
|
||||
p2.setLoginConfig(new ClassPathResource(resolveConfigFile("/test2.conf")));
|
||||
p2.setLoginContextName("test2");
|
||||
p2.setCallbackHandlers(new JaasAuthenticationCallbackHandler[] {new TestCallbackHandler(), new JaasNameCallbackHandler(), new JaasPasswordCallbackHandler()});
|
||||
p2.setAuthorityGranters(new AuthorityGranter[] {new TestAuthorityGranter()});
|
||||
p2.afterPropertiesSet();
|
||||
testAuthenticate(p2);
|
||||
}
|
||||
|
||||
private void testAuthenticate(JaasAuthenticationProvider p1) {
|
||||
GrantedAuthorityImpl role1 = new GrantedAuthorityImpl("ROLE_1");
|
||||
GrantedAuthorityImpl role2 = new GrantedAuthorityImpl("ROLE_2");
|
||||
|
||||
GrantedAuthority[] defaultAuths = new GrantedAuthority[] {role1, role2,};
|
||||
|
||||
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password",
|
||||
defaultAuths);
|
||||
|
||||
Authentication auth = p1.authenticate(token);
|
||||
Assert.assertNotNull(auth);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testConfigureJaas() throws Exception {
|
||||
testConfigureJaasCase(new JaasAuthenticationProvider(), new JaasAuthenticationProvider());
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,3 @@
|
|||
test1 {
|
||||
org.springframework.security.providers.jaas.TestLoginModule required;
|
||||
};
|
|
@ -0,0 +1,3 @@
|
|||
test2 {
|
||||
org.springframework.security.providers.jaas.TestLoginModule required;
|
||||
};
|
Loading…
Reference in New Issue