Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

login.config.url should be set to a url, not a file path 

The System property java.security.auth.login.config will only be used if the useSystemProperty option is enabled. This is the default.
This commit is contained in:
Ray Krueger 2005-09-26 14:14:42 +00:00
parent bc14dd62db
commit a39339674e
1 changed files with 33 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
core/src/main/java/org/acegisecurity/providers/jaas/JaasAuthenticationProvider.java
View File

@ -58,13 +58,13 @@ import javax.security.auth.login.LoginException;
/** /**
* An {@link AuthenticationProvider} implementation that retrieves user details * An {@link AuthenticationProvider} implementation that retrieves user details
* from a JAAS login configuration. * from a JAAS login configuration.
* *
* <p> * <p>
* This <code>AuthenticationProvider</code> is capable of validating {@link * This <code>AuthenticationProvider</code> is capable of validating {@link
* net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken} * net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken}
* requests contain the correct username and password. * requests contain the correct username and password.
* </p> * </p>
* *
* <p> * <p>
* This implementation is backed by a <a * This implementation is backed by a <a
* href="http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/JAASRefGuide.html">JAAS</a> * href="http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/JAASRefGuide.html">JAAS</a>
@ -74,7 +74,7 @@ import javax.security.auth.login.LoginException;
* configuration file containing an index matching the {@link * configuration file containing an index matching the {@link
* #setLoginContextName(java.lang.String) loginContextName} property. * #setLoginContextName(java.lang.String) loginContextName} property.
* </p> * </p>
* *
* <p> * <p>
* For example: If this JaasAuthenticationProvider were configured in a Spring * For example: If this JaasAuthenticationProvider were configured in a Spring
* WebApplicationContext the xml to set the loginConfiguration could be as * WebApplicationContext the xml to set the loginConfiguration could be as
@ -85,7 +85,7 @@ import javax.security.auth.login.LoginException;
* &lt;/property&gt; * &lt;/property&gt;
* </pre> * </pre>
* </p> * </p>
* *
* <p> * <p>
* The loginContextName should coincide with a given index in the loginConfig * The loginContextName should coincide with a given index in the loginConfig
* specifed. The loginConfig file used in the JUnit tests appears as the * specifed. The loginConfig file used in the JUnit tests appears as the
@ -103,7 +103,7 @@ import javax.security.auth.login.LoginException;
* &lt;/property&gt; * &lt;/property&gt;
* </pre> * </pre>
* </p> * </p>
* *
* <p> * <p>
* When using JAAS login modules as the authentication source, sometimes the <a * When using JAAS login modules as the authentication source, sometimes the <a
* href="http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/login/LoginContext.html">LoginContext</a> * href="http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/login/LoginContext.html">LoginContext</a>
@ -115,7 +115,7 @@ import javax.security.auth.login.LoginException;
* CallbackHandler, control is passed to each {@link * CallbackHandler, control is passed to each {@link
* JaasAuthenticationCallbackHandler} for each Callback passed. * JaasAuthenticationCallbackHandler} for each Callback passed.
* </p> * </p>
* *
* <p> * <p>
* {{@link JaasAuthenticationCallbackHandler}s are passed to the * {{@link JaasAuthenticationCallbackHandler}s are passed to the
* JaasAuthenticationProvider through the {@link * JaasAuthenticationProvider through the {@link
@ -131,7 +131,7 @@ import javax.security.auth.login.LoginException;
* &lt;/property&gt; * &lt;/property&gt;
* </pre> * </pre>
* </p> * </p>
* *
* <p> * <p>
* After calling LoginContext.login(), the JaasAuthenticationProvider will * After calling LoginContext.login(), the JaasAuthenticationProvider will
* retrieve the returned Principals from the Subject * retrieve the returned Principals from the Subject
@ -143,7 +143,7 @@ import javax.security.auth.login.LoginException;
* method. The returned role will be applied to the Authorization object as a * method. The returned role will be applied to the Authorization object as a
* {@link GrantedAuthority}. * {@link GrantedAuthority}.
* </p> * </p>
* *
* <p> * <p>
* AuthorityGranters are configured in spring xml as follows... * AuthorityGranters are configured in spring xml as follows...
* <pre> * <pre>
@ -156,6 +156,11 @@ import javax.security.auth.login.LoginException;
* </pre> * </pre>
* </p> * </p>
* *
* A configuration note:
* The JaasAuthenticationProvider configures jaas using the system property 'java.security.auth.login.config' by default.
* If use of the java.security.auth.login.config property is not allowed by the Security property 'policy.allowSystemProperty', OR if the JaasAuthenticationProvider
* useSystemProperty option is false, then Jaas will be configured using the 'login.config.url.x' properties.
*
* @author Ray Krueger * @author Ray Krueger
* @version $Id$ * @version $Id$
*/ */
@ -174,6 +179,7 @@ public class JaasAuthenticationProvider implements AuthenticationProvider,
private String loginContextName = "ACEGI"; private String loginContextName = "ACEGI";
private AuthorityGranter[] authorityGranters; private AuthorityGranter[] authorityGranters;
private JaasAuthenticationCallbackHandler[] callbackHandlers; private JaasAuthenticationCallbackHandler[] callbackHandlers;
private boolean useSystemProperty = true;
//~ Methods ================================================================ //~ Methods ================================================================
@ -297,12 +303,16 @@ public class JaasAuthenticationProvider implements AuthenticationProvider,
boolean allowed = "true".equalsIgnoreCase(Security.getProperty( boolean allowed = "true".equalsIgnoreCase(Security.getProperty(
"policy.allowSystemProperty")); "policy.allowSystemProperty"));
if (allowed && (System.getProperty(SYSPROP) == null)) { if (useSystemProperty && allowed) {
log.debug("Setting system property [" + SYSPROP + "] to: " log.debug("Setting system property [" + SYSPROP + "] to: "
+ loginConfigStr); + loginConfigStr);
System.setProperty(SYSPROP, loginConfigStr); System.setProperty(SYSPROP, loginConfigStr);
} else { } else {
setPropertyUsingLoop(loginConfigStr); if (useSystemProperty && !allowed) {
log.warn("useSystemProperty is true, but the security property 'policy.allowSystemProperty' is false. " +
"Jaas will be configured using the login.config.url property.");
}
setPropertyUsingLoop(loginConfig.getURL().toString());
} }
Assert.notNull(Configuration.getConfiguration(), Assert.notNull(Configuration.getConfiguration(),
@ -453,6 +463,19 @@ public class JaasAuthenticationProvider implements AuthenticationProvider,
} }
} }
public boolean isUseSystemProperty() {
return useSystemProperty;
}
/**
* If true, the JaasAuthenticationProvider will configure Jaas using the system property 'java.security.auth.login.config'.
* If false, the JaasAuthenticationProvider will configure Jaas using the 'login.config.url.x' property.
* <br/><b>Default:True</b>
* @param useSystemProperty
*/
public void setUseSystemProperty(boolean useSystemProperty) {
this.useSystemProperty = useSystemProperty;
}
//~ Inner Classes ========================================================== //~ Inner Classes ==========================================================
/** /**