439438 DataSourceLoginService does not refresh passwords when changed in database

This commit is contained in:
Jan Bartel 2014-07-17 12:54:08 +10:00
parent 12b522d796
commit 182436301b
5 changed files with 550 additions and 275 deletions

View File

@ -41,12 +41,11 @@ import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;
import org.eclipse.jetty.util.security.Password;
import org.eclipse.jetty.util.security.Credential;
/**
*
* //TODO JASPI cf JDBCLoginService
* DataSourceUserRealm
*
* Obtain user/password/role information from a database
@ -70,6 +69,7 @@ public class DataSourceLoginService extends MappedLoginService
private String _userRoleTableUserKey = "user_id";
private String _userRoleTableRoleKey = "role_id";
private int _cacheMs = 30000;
private long _lastPurge = 0;
private String _userSql;
private String _roleSql;
private boolean _createTables = false;
@ -283,6 +283,8 @@ public class DataSourceLoginService extends MappedLoginService
{
}
/* ------------------------------------------------------------ */
/** Load user's info from database.
*
@ -293,7 +295,6 @@ public class DataSourceLoginService extends MappedLoginService
{
try
{
initDb();
try (Connection connection = getConnection();
PreparedStatement statement1 = connection.prepareStatement(_userSql))
{
@ -311,10 +312,12 @@ public class DataSourceLoginService extends MappedLoginService
try (ResultSet rs2 = statement2.executeQuery())
{
while (rs2.next())
{
roles.add(rs2.getString(_roleTableRoleField));
}
}
return putUser(userName,new Password(credentials), roles.toArray(new String[roles.size()]));
}
return putUser(userName, Credential.getCredential(credentials), roles.toArray(new String[roles.size()]));
}
}
}
@ -330,6 +333,22 @@ public class DataSourceLoginService extends MappedLoginService
return null;
}
/* ------------------------------------------------------------ */
@Override
public UserIdentity login(String username, Object credentials)
{
long now = System.currentTimeMillis();
if (now - _lastPurge > _cacheMs || _cacheMs == 0)
{
_users.clear();
_lastPurge = now;
}
return super.login(username,credentials);
}
/* ------------------------------------------------------------ */
/**
* Lookup the datasource for the jndiName and formulate the
@ -347,7 +366,7 @@ public class DataSourceLoginService extends MappedLoginService
InitialContext ic = new InitialContext();
assert ic!=null;
//TODO webapp scope?
//TODO Should we try webapp scope too?
//try finding the datasource in the Server scope
if (_server != null)

View File

@ -47,6 +47,16 @@
<artifactId>jetty-security</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-plus</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-jndi</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.apache.derby</groupId>
<artifactId>derby</artifactId>

View File

@ -0,0 +1,201 @@
//
// ========================================================================
// Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd.
// ------------------------------------------------------------------------
// All rights reserved. This program and the accompanying materials
// are made available under the terms of the Eclipse Public License v1.0
// and Apache License v2.0 which accompanies this distribution.
//
// The Eclipse Public License is available at
// http://www.eclipse.org/legal/epl-v10.html
//
// The Apache License v2.0 is available at
// http://www.opensource.org/licenses/apache2.0.php
//
// You may elect to redistribute this code under either of these licenses.
// ========================================================================
//
package org.eclipse.jetty;
import static org.junit.Assert.*;
import java.io.File;
import java.io.FileOutputStream;
import java.net.URI;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.Statement;
import javax.naming.NamingException;
import javax.servlet.http.HttpServletResponse;
import org.apache.derby.jdbc.EmbeddedDataSource;
import org.eclipse.jetty.client.HttpClient;
import org.eclipse.jetty.client.api.AuthenticationStore;
import org.eclipse.jetty.client.api.ContentResponse;
import org.eclipse.jetty.client.util.BasicAuthentication;
import org.eclipse.jetty.plus.security.DataSourceLoginService;
import org.eclipse.jetty.security.JDBCLoginService;
import org.eclipse.jetty.security.LoginService;
import org.eclipse.jetty.util.IO;
import org.eclipse.jetty.util.Loader;
import org.eclipse.jetty.util.thread.QueuedThreadPool;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Test;
/**
* DataSourceLoginServiceTest
*
*
*/
public class DataSourceLoginServiceTest
{
public static final String _content = "This is some protected content";
private static File _docRoot;
private static File _dbRoot;
private static HttpClient _client;
private static String __realm = "DSRealm";
private static String _baseUrl;
private static final int __cacheInterval = 200;
private static DatabaseLoginServiceTestServer _testServer;
@BeforeClass
public static void setUp() throws Exception
{
_docRoot = new File("target/test-output/docroot/");
_docRoot.mkdirs();
_docRoot.deleteOnExit();
File content = new File(_docRoot,"input.txt");
FileOutputStream out = new FileOutputStream(content);
out.write(_content.getBytes("utf-8"));
out.close();
_dbRoot = new File("target/test-output/derby");
String dbPath = _dbRoot.getAbsolutePath();
System.setProperty("derby.system.home", dbPath);
if (_dbRoot.exists())
IO.delete(_dbRoot);
_dbRoot.mkdirs();
DatabaseLoginServiceTestServer.createDB(dbPath, "src/test/resources/createdb.sql", "jdbc:derby:dstest;create=true");
_testServer = new DatabaseLoginServiceTestServer();
_testServer.setResourceBase(_docRoot.getAbsolutePath());
_testServer.setLoginService(configureLoginService());
_testServer.start();
_baseUrl = _testServer.getBaseUrl();
}
@AfterClass
public static void tearDown()
throws Exception
{
if (_testServer != null)
{
_testServer.stop();
_testServer = null;
}
}
public static DataSourceLoginService configureLoginService () throws Exception
{
DataSourceLoginService loginService = new DataSourceLoginService();
loginService.setUserTableName("users");
loginService.setUserTableKey("id");
loginService.setUserTableUserField("username");
loginService.setUserTablePasswordField("pwd");
loginService.setRoleTableName("roles");
loginService.setRoleTableKey("id");
loginService.setRoleTableRoleField("role");
loginService.setUserRoleTableName("user_roles");
loginService.setUserRoleTableRoleKey("role_id");
loginService.setUserRoleTableUserKey("user_id");
loginService.setJndiName("dstest");
loginService.setName(__realm);
loginService.setCacheMs(__cacheInterval);
if (_testServer != null)
loginService.setServer(_testServer.getServer());
//create a datasource
EmbeddedDataSource ds = new EmbeddedDataSource();
File db = new File (_dbRoot, "dstest");
ds.setDatabaseName(db.getAbsolutePath());
org.eclipse.jetty.plus.jndi.Resource binding = new org.eclipse.jetty.plus.jndi.Resource(null, "dstest",
ds);
return loginService;
}
@Test
public void testGetAndPasswordUpdate() throws Exception
{
try
{
startClient("jetty", "jetty");
ContentResponse response = _client.GET(_baseUrl + "input.txt");
assertEquals(HttpServletResponse.SC_OK,response.getStatus());
assertEquals(_content, response.getContentAsString());
stopClient();
String newpwd = String.valueOf(System.currentTimeMillis());
changePassword("jetty", newpwd);
Thread.currentThread().sleep(2*__cacheInterval); //pause to ensure cache invalidates
startClient("jetty", newpwd);
response = _client.GET(_baseUrl + "input.txt");
assertEquals(HttpServletResponse.SC_OK,response.getStatus());
assertEquals(_content, response.getContentAsString());
}
finally
{
stopClient();
}
}
protected void changePassword (String user, String newpwd) throws Exception
{
Loader.loadClass(this.getClass(), "org.apache.derby.jdbc.EmbeddedDriver").newInstance();
try (Connection connection = DriverManager.getConnection("jdbc:derby:dstest", "", ""))
{
Statement stmt = connection.createStatement();
stmt.executeUpdate("update users set pwd='"+newpwd+"' where username='"+user+"'");
}
}
protected void startClient(String user, String pwd) throws Exception
{
_client = new HttpClient();
QueuedThreadPool executor = new QueuedThreadPool();
executor.setName(executor.getName() + "-client");
_client.setExecutor(executor);
AuthenticationStore authStore = _client.getAuthenticationStore();
authStore.addAuthentication(new BasicAuthentication(URI.create(_baseUrl), __realm, user, pwd));
_client.start();
}
protected void stopClient() throws Exception
{
if (_client != null)
{
_client.stop();
_client = null;
}
}
}

View File

@ -0,0 +1,241 @@
//
// ========================================================================
// Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd.
// ------------------------------------------------------------------------
// All rights reserved. This program and the accompanying materials
// are made available under the terms of the Eclipse Public License v1.0
// and Apache License v2.0 which accompanies this distribution.
//
// The Eclipse Public License is available at
// http://www.eclipse.org/legal/epl-v10.html
//
// The Apache License v2.0 is available at
// http://www.opensource.org/licenses/apache2.0.php
//
// You may elect to redistribute this code under either of these licenses.
// ========================================================================
//
package org.eclipse.jetty;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.net.URLDecoder;
import java.sql.Connection;
import java.sql.DriverManager;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import javax.servlet.ServletException;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.derby.tools.ij;
import org.eclipse.jetty.security.ConstraintMapping;
import org.eclipse.jetty.security.ConstraintSecurityHandler;
import org.eclipse.jetty.security.LoginService;
import org.eclipse.jetty.security.authentication.BasicAuthenticator;
import org.eclipse.jetty.server.Handler;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.NetworkConnector;
import org.eclipse.jetty.server.handler.AbstractHandler;
import org.eclipse.jetty.server.handler.HandlerCollection;
import org.eclipse.jetty.servlet.DefaultServlet;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.util.IO;
import org.eclipse.jetty.util.Loader;
import org.eclipse.jetty.util.security.Constraint;
/**
* DatabaseLoginServiceTestServer
*
*
*/
public class DatabaseLoginServiceTestServer
{
protected Server _server;
protected static String _protocol;
protected static String _baseUrl;
protected LoginService _loginService;
protected String _resourceBase;
protected TestHandler _handler;
protected static String _requestContent;
protected static boolean createDB(String homeDir, String fileName, String dbUrl)
{
File scriptFile = new File(fileName);
try (FileInputStream fileStream = new FileInputStream(scriptFile))
{
Loader.loadClass(fileStream.getClass(), "org.apache.derby.jdbc.EmbeddedDriver").newInstance();
Connection connection = DriverManager.getConnection(dbUrl, "", "");
OutputStream out = new ByteArrayOutputStream();
int result = ij.runScript(connection, fileStream, "UTF-8", out, "UTF-8");
return (result==0);
}
catch (Exception e)
{
return false;
}
}
public static class TestHandler extends AbstractHandler
{
private final String _resourcePath;
private String _requestContent;
public TestHandler(String repositoryPath)
{
_resourcePath = repositoryPath;
}
public void handle(String target, org.eclipse.jetty.server.Request baseRequest,
HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException
{
if (baseRequest.isHandled())
{
return;
}
OutputStream out = null;
if (baseRequest.getMethod().equals("PUT"))
{
baseRequest.setHandled(true);
File file = new File(_resourcePath, URLDecoder.decode(request.getPathInfo()));
file.getParentFile().mkdirs();
file.deleteOnExit();
out = new FileOutputStream(file);
response.setStatus(HttpServletResponse.SC_CREATED);
}
if (baseRequest.getMethod().equals("POST"))
{
baseRequest.setHandled(true);
out = new ByteArrayOutputStream();
response.setStatus(HttpServletResponse.SC_OK);
}
if (out != null)
{
try (ServletInputStream in = request.getInputStream())
{
IO.copy(in, out);
}
finally
{
out.close();
}
if (!(out instanceof FileOutputStream))
_requestContent = out.toString();
}
}
public String getRequestContent()
{
return _requestContent;
}
}
public DatabaseLoginServiceTestServer ()
{
_server = new Server(0);
}
public void setLoginService (LoginService loginService)
{
_loginService = loginService;
}
public void setResourceBase (String resourceBase)
{
_resourceBase = resourceBase;
}
public void start () throws Exception
{
configureServer();
_server.start();
int port = ((NetworkConnector)_server.getConnectors()[0]).getLocalPort();
_baseUrl = _protocol+"://localhost:"+port+ "/";
}
public void stop() throws Exception
{
_server.stop();
}
public String getBaseUrl()
{
return _baseUrl;
}
public TestHandler getTestHandler()
{
return _handler;
}
public Server getServer()
{
return _server;
}
protected void configureServer() throws Exception
{
_protocol = "http";
_server.addBean(_loginService);
ConstraintSecurityHandler security = new ConstraintSecurityHandler();
_server.setHandler(security);
Constraint constraint = new Constraint();
constraint.setName("auth");
constraint.setAuthenticate( true );
constraint.setRoles(new String[]{"user", "admin"});
ConstraintMapping mapping = new ConstraintMapping();
mapping.setPathSpec( "/*" );
mapping.setConstraint( constraint );
Set<String> knownRoles = new HashSet<>();
knownRoles.add("user");
knownRoles.add("admin");
security.setConstraintMappings(Collections.singletonList(mapping), knownRoles);
security.setAuthenticator(new BasicAuthenticator());
security.setLoginService(_loginService);
ServletContextHandler root = new ServletContextHandler();
root.setContextPath("/");
root.setResourceBase(_resourceBase);
ServletHolder servletHolder = new ServletHolder( new DefaultServlet() );
servletHolder.setInitParameter( "gzip", "true" );
root.addServlet( servletHolder, "/*" );
_handler = new TestHandler(_resourceBase);
HandlerCollection handlers = new HandlerCollection();
handlers.setHandlers(new Handler[]{_handler, root});
security.setHandler(handlers);
}
}

View File

@ -21,27 +21,13 @@ package org.eclipse.jetty;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.URI;
import java.net.URLDecoder;
import java.sql.Connection;
import java.sql.DriverManager;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import javax.servlet.ServletException;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.derby.tools.ij;
import org.eclipse.jetty.client.HttpClient;
import org.eclipse.jetty.client.api.AuthenticationStore;
import org.eclipse.jetty.client.api.ContentResponse;
@ -50,23 +36,9 @@ import org.eclipse.jetty.client.util.BasicAuthentication;
import org.eclipse.jetty.client.util.BytesContentProvider;
import org.eclipse.jetty.http.HttpMethod;
import org.eclipse.jetty.http.HttpStatus;
import org.eclipse.jetty.io.EofException;
import org.eclipse.jetty.security.ConstraintMapping;
import org.eclipse.jetty.security.ConstraintSecurityHandler;
import org.eclipse.jetty.security.JDBCLoginService;
import org.eclipse.jetty.security.LoginService;
import org.eclipse.jetty.security.authentication.BasicAuthenticator;
import org.eclipse.jetty.server.Handler;
import org.eclipse.jetty.server.NetworkConnector;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.handler.AbstractHandler;
import org.eclipse.jetty.server.handler.HandlerCollection;
import org.eclipse.jetty.servlet.DefaultServlet;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.util.IO;
import org.eclipse.jetty.util.Loader;
import org.eclipse.jetty.util.security.Constraint;
import org.eclipse.jetty.util.thread.QueuedThreadPool;
import org.junit.AfterClass;
import org.junit.BeforeClass;
@ -90,90 +62,16 @@ public class JdbcLoginServiceTest
"et cursus magna. Donec orci enim, molestie a lobortis eu, imperdiet vitae neque.";
private static File _docRoot;
private static Server _server;
private static HttpClient _client;
private static String __realm = "JdbcRealm";
private static String _protocol;
private static String _baseUrl;
private static String _requestContent;
private static DatabaseLoginServiceTestServer _testServer;
protected static boolean createDB(String homeDir, String fileName, String dbUrl)
{
FileInputStream fileStream = null;
try
{
File scriptFile = new File(fileName);
fileStream = new FileInputStream(scriptFile);
Loader.loadClass(fileStream.getClass(), "org.apache.derby.jdbc.EmbeddedDriver").newInstance();
Connection connection = DriverManager.getConnection(dbUrl, "", "");
OutputStream out = new ByteArrayOutputStream();
int result = ij.runScript(connection, fileStream, "UTF-8", out, "UTF-8");
return (result==0);
}
catch (Exception e)
{
return false;
}
finally {
if (fileStream!=null)
{
try
{
fileStream.close();
}
catch (IOException e) {}
}
}
}
protected static void configureServer(Server server)
throws Exception
{
setProtocol("http");
LoginService loginService = new JDBCLoginService(__realm, "./src/test/resources/jdbcrealm.properties");
server.addBean(loginService);
ConstraintSecurityHandler security = new ConstraintSecurityHandler();
server.setHandler(security);
Constraint constraint = new Constraint();
constraint.setName("auth");
constraint.setAuthenticate( true );
constraint.setRoles(new String[]{"user", "admin"});
ConstraintMapping mapping = new ConstraintMapping();
mapping.setPathSpec( "/*" );
mapping.setConstraint( constraint );
Set<String> knownRoles = new HashSet<>();
knownRoles.add("user");
knownRoles.add("admin");
security.setConstraintMappings(Collections.singletonList(mapping), knownRoles);
security.setAuthenticator(new BasicAuthenticator());
security.setLoginService(loginService);
ServletContextHandler root = new ServletContextHandler();
root.setContextPath("/");
root.setResourceBase(getBasePath());
ServletHolder servletHolder = new ServletHolder( new DefaultServlet() );
servletHolder.setInitParameter( "gzip", "true" );
root.addServlet( servletHolder, "/*" );
Handler handler = new TestHandler(getBasePath());
HandlerCollection handlers = new HandlerCollection();
handlers.setHandlers(new Handler[]{handler, root});
security.setHandler(handlers);
}
@BeforeClass
public static void setUp()
throws Exception
public static void setUp() throws Exception
{
_docRoot = new File("target/test-output/docroot/");
_docRoot.mkdirs();
@ -187,30 +85,28 @@ public class JdbcLoginServiceTest
File dbRoot = new File("target/test-output/derby");
String dbPath = dbRoot.getAbsolutePath();
System.setProperty("derby.system.home", dbPath);
if (!dbRoot.exists())
{
if (dbRoot.exists())
IO.delete(dbRoot);
dbRoot.mkdirs();
createDB(dbPath, "src/test/resources/createdb.sql", "jdbc:derby:jdbcrealm;create=true");
}
_server = new Server(0);
configureServer(_server);
_server.start();
int port = ((NetworkConnector)_server.getConnectors()[0]).getLocalPort();
_baseUrl = _protocol+"://localhost:"+port+ "/";
DatabaseLoginServiceTestServer.createDB(dbPath, "src/test/resources/createdb.sql", "jdbc:derby:jdbcrealm;create=true");
LoginService loginService = new JDBCLoginService(__realm, "./src/test/resources/jdbcrealm.properties");
_testServer = new DatabaseLoginServiceTestServer();
_testServer.setResourceBase(_docRoot.getAbsolutePath());
_testServer.setLoginService(loginService);
_testServer.start();
_baseUrl = _testServer.getBaseUrl();
}
@AfterClass
public static void tearDown()
throws Exception
{
if (_server != null)
if (_testServer != null)
{
_server.stop();
_server = null;
_testServer.stop();
_testServer = null;
}
}
@ -221,7 +117,7 @@ public class JdbcLoginServiceTest
{
startClient();
Request request = _client.newRequest(getBaseUrl() + "output.txt");
Request request = _client.newRequest(_baseUrl + "output.txt");
request.method(HttpMethod.PUT);
request.content(new BytesContentProvider(_content.getBytes()));
ContentResponse response = request.send();
@ -244,7 +140,7 @@ public class JdbcLoginServiceTest
{
startClient();
ContentResponse response = _client.GET(getBaseUrl() + "input.txt");
ContentResponse response = _client.GET(_baseUrl + "input.txt");
assertEquals(HttpServletResponse.SC_OK,response.getStatus());
assertEquals(_content, response.getContentAsString());
}
@ -262,7 +158,7 @@ public class JdbcLoginServiceTest
{
startClient();
Request request = _client.newRequest(getBaseUrl() + "input.txt");
Request request = _client.newRequest(_baseUrl + "input.txt");
request.method(HttpMethod.HEAD);
ContentResponse response = request.send();
int responseStatus = response.getStatus();
@ -281,12 +177,12 @@ public class JdbcLoginServiceTest
{
startClient();
Request request = _client.newRequest(getBaseUrl() + "test");
Request request = _client.newRequest(_baseUrl + "test");
request.method(HttpMethod.POST);
request.content(new BytesContentProvider(_content.getBytes()));
ContentResponse response = request.send();
assertEquals(HttpStatus.OK_200,response.getStatus());
assertEquals(_content,_requestContent);
assertEquals(_content,_testServer.getTestHandler().getRequestContent());
}
finally
{
@ -316,15 +212,7 @@ public class JdbcLoginServiceTest
}
}
protected static String getBasePath()
{
return _docRoot.getAbsolutePath();
}
protected String getBaseUrl()
{
return _baseUrl;
}
protected HttpClient getClient()
{
@ -337,88 +225,4 @@ public class JdbcLoginServiceTest
return _content;
}
protected static void setProtocol(String protocol)
{
_protocol = protocol;
}
public static void copyStream(InputStream in, OutputStream out)
{
try
{
byte[] buffer=new byte[1024];
int len;
while ((len=in.read(buffer))>=0)
{
out.write(buffer,0,len);
}
}
catch (EofException e)
{
System.err.println(e);
}
catch (IOException e)
{
e.printStackTrace();
}
}
protected static class TestHandler extends AbstractHandler {
private final String resourcePath;
public TestHandler(String repositoryPath) {
this.resourcePath = repositoryPath;
}
public void handle(String target, org.eclipse.jetty.server.Request baseRequest,
HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException
{
if (baseRequest.isHandled())
{
return;
}
OutputStream out = null;
if (baseRequest.getMethod().equals("PUT"))
{
baseRequest.setHandled(true);
File file = new File(resourcePath, URLDecoder.decode(request.getPathInfo()));
file.getParentFile().mkdirs();
file.deleteOnExit();
out = new FileOutputStream(file);
response.setStatus(HttpServletResponse.SC_CREATED);
}
if (baseRequest.getMethod().equals("POST"))
{
baseRequest.setHandled(true);
out = new ByteArrayOutputStream();
response.setStatus(HttpServletResponse.SC_OK);
}
if (out != null)
{
try (ServletInputStream in = request.getInputStream())
{
copyStream(in, out);
}
finally
{
out.close();
}
if (!(out instanceof FileOutputStream))
_requestContent = out.toString();
}
}
}
}