Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-14 16:12:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-1700: Allow for case where JAAS config is not a simple file, but may be a jar resource, for example.

Browse Source
This commit is contained in:
Luke Taylor 2011-04-20 14:35:09 +01:00
parent 2888f2b86f
commit 6c97fccc91
1 changed files with 26 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationProvider.java
View File

@ -15,22 +15,6 @@
package org.springframework.security.authentication.jaas; package org.springframework.security.authentication.jaas;
import java.io.File;
import java.io.IOException;
import java.net.URL;
import java.security.Principal;
import java.security.Security;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Set;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean; import org.springframework.beans.factory.InitializingBean;
@ -49,6 +33,19 @@ import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.session.SessionDestroyedEvent; import org.springframework.security.core.session.SessionDestroyedEvent;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import java.io.File;
import java.io.IOException;
import java.net.URL;
import java.security.Principal;
import java.security.Security;
import java.util.*;
/** /**
* An {@link AuthenticationProvider} implementation that retrieves user details from a JAAS login configuration. * An {@link AuthenticationProvider} implementation that retrieves user details from a JAAS login configuration.
@ -269,14 +266,20 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli
} }
private String convertLoginConfigToUrl() throws IOException { private String convertLoginConfigToUrl() throws IOException {
String loginConfigPath = loginConfig.getFile().getAbsolutePath(); String loginConfigPath;
loginConfigPath.replace(File.separatorChar, '/');
if (!loginConfigPath.startsWith("/")) { try {
loginConfigPath = "/" + loginConfigPath; loginConfigPath = loginConfig.getFile().getAbsolutePath().replace(File.separatorChar, '/');
if (!loginConfigPath.startsWith("/")) {
loginConfigPath = "/" + loginConfigPath;
}
return new URL("file", "", loginConfigPath).toString();
} catch (IOException e) {
// SEC-1700: May be inside a jar
return loginConfig.getURL().toString();
} }
return new URL("file", "", loginConfigPath).toString();
} }
/** /**
@ -427,7 +430,7 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli
* If set, a call to {@code Configuration#refresh()} will be made by {@code #configureJaas(Resource) } * If set, a call to {@code Configuration#refresh()} will be made by {@code #configureJaas(Resource) }
* method. Defaults to {@code true}. * method. Defaults to {@code true}.
* *
* @see <a href="https://jira.springsource.org/browse/SEC-1320">SEC-1230</a> * @see <a href="https://jira.springsource.org/browse/SEC-1320">SEC-1320</a>
* *
* @param refresh set to {@code false} to disable reloading of the configuration. * @param refresh set to {@code false} to disable reloading of the configuration.
* May be useful in some environments. * May be useful in some environments.