Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-12 05:13:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

login.config.url should be set to a url, not a file path

Browse Source 
The System property java.security.auth.login.config will only be used if the useSystemProperty option is enabled. This is the default.
This commit is contained in:
Ray Krueger 2005-09-26 14:14:42 +00:00
parent bc14dd62db
commit a39339674e
1 changed files with 33 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
core/src/main/java/org/acegisecurity/providers/jaas/JaasAuthenticationProvider.java
View File

@ -156,6 +156,11 @@ import javax.security.auth.login.LoginException;
* </pre> * </pre>
* </p> * </p>
* *
* A configuration note:
* The JaasAuthenticationProvider configures jaas using the system property 'java.security.auth.login.config' by default.
* If use of the java.security.auth.login.config property is not allowed by the Security property 'policy.allowSystemProperty', OR if the JaasAuthenticationProvider
* useSystemProperty option is false, then Jaas will be configured using the 'login.config.url.x' properties.
*
* @author Ray Krueger * @author Ray Krueger
* @version $Id$ * @version $Id$
*/ */
@ -174,6 +179,7 @@ public class JaasAuthenticationProvider implements AuthenticationProvider,
private String loginContextName = "ACEGI"; private String loginContextName = "ACEGI";
private AuthorityGranter[] authorityGranters; private AuthorityGranter[] authorityGranters;
private JaasAuthenticationCallbackHandler[] callbackHandlers; private JaasAuthenticationCallbackHandler[] callbackHandlers;
private boolean useSystemProperty = true;
//~ Methods ================================================================ //~ Methods ================================================================
@ -297,12 +303,16 @@ public class JaasAuthenticationProvider implements AuthenticationProvider,
boolean allowed = "true".equalsIgnoreCase(Security.getProperty( boolean allowed = "true".equalsIgnoreCase(Security.getProperty(
"policy.allowSystemProperty")); "policy.allowSystemProperty"));
if (allowed && (System.getProperty(SYSPROP) == null)) { if (useSystemProperty && allowed) {
log.debug("Setting system property [" + SYSPROP + "] to: " log.debug("Setting system property [" + SYSPROP + "] to: "
+ loginConfigStr); + loginConfigStr);
System.setProperty(SYSPROP, loginConfigStr); System.setProperty(SYSPROP, loginConfigStr);
} else { } else {
setPropertyUsingLoop(loginConfigStr); if (useSystemProperty && !allowed) {
log.warn("useSystemProperty is true, but the security property 'policy.allowSystemProperty' is false. " +
"Jaas will be configured using the login.config.url property.");
}
setPropertyUsingLoop(loginConfig.getURL().toString());
} }
Assert.notNull(Configuration.getConfiguration(), Assert.notNull(Configuration.getConfiguration(),
@ -453,6 +463,19 @@ public class JaasAuthenticationProvider implements AuthenticationProvider,
} }
} }
public boolean isUseSystemProperty() {
return useSystemProperty;
}
/**
* If true, the JaasAuthenticationProvider will configure Jaas using the system property 'java.security.auth.login.config'.
* If false, the JaasAuthenticationProvider will configure Jaas using the 'login.config.url.x' property.
* <br/><b>Default:True</b>
* @param useSystemProperty
*/
public void setUseSystemProperty(boolean useSystemProperty) {
this.useSystemProperty = useSystemProperty;
}
//~ Inner Classes ========================================================== //~ Inner Classes ==========================================================
/** /**