From eacd75bbfdb4dc58eea5053f80c7c9177211db28 Mon Sep 17 00:00:00 2001 From: Greg Wilkins Date: Thu, 27 Sep 2012 10:13:23 +1000 Subject: [PATCH 1/3] 390161 jetty-9 do not share DeferredAuthentication --- .../jetty/security/SecurityHandler.java | 3 - .../authentication/BasicAuthenticator.java | 6 +- .../ClientCertAuthenticator.java | 8 +-- .../DeferredAuthentication.java | 70 +++++-------------- .../authentication/DigestAuthenticator.java | 6 +- .../authentication/FormAuthenticator.java | 17 +++-- .../authentication/LoginAuthenticator.java | 1 - .../authentication/SpnegoAuthenticator.java | 4 +- 8 files changed, 40 insertions(+), 75 deletions(-) diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java b/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java index d2009310d51..95bcbde8949 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java @@ -525,8 +525,6 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti else if (authentication instanceof Authentication.Deferred) { DeferredAuthentication deferred= (DeferredAuthentication)authentication; - deferred.setIdentityService(_identityService); - deferred.setLoginService(_loginService); baseRequest.setAuthentication(authentication); try @@ -536,7 +534,6 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti finally { previousIdentity = deferred.getPreviousAssociation(); - deferred.setIdentityService(null); } if (authenticator!=null) diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/BasicAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/BasicAuthenticator.java index ec0bda78da8..ec2fb04b0d7 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/BasicAuthenticator.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/BasicAuthenticator.java @@ -67,8 +67,8 @@ public class BasicAuthenticator extends LoginAuthenticator try { if (!mandatory) - return _deferred; - + return new DeferredAuthentication(this); + if (credentials != null) { int space=credentials.indexOf(' '); @@ -96,7 +96,7 @@ public class BasicAuthenticator extends LoginAuthenticator } } - if (_deferred.isDeferred(response)) + if (DeferredAuthentication.isDeferred(response)) return Authentication.UNAUTHENTICATED; response.setHeader(HttpHeaders.WWW_AUTHENTICATE, "basic realm=\"" + _loginService.getName() + '"'); diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/ClientCertAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/ClientCertAuthenticator.java index 5a509448923..a4bef236a3e 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/ClientCertAuthenticator.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/ClientCertAuthenticator.java @@ -88,8 +88,8 @@ public class ClientCertAuthenticator extends LoginAuthenticator public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException { if (!mandatory) - return _deferred; - + return new DeferredAuthentication(this); + HttpServletRequest request = (HttpServletRequest)req; HttpServletResponse response = (HttpServletResponse)res; X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate"); @@ -129,8 +129,8 @@ public class ClientCertAuthenticator extends LoginAuthenticator } } } - - if (!_deferred.isDeferred(response)) + + if (!DeferredAuthentication.isDeferred(response)) { response.sendError(HttpServletResponse.SC_FORBIDDEN); return Authentication.SEND_FAILURE; diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DeferredAuthentication.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DeferredAuthentication.java index c4f72f8f7e9..158058c94fd 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DeferredAuthentication.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DeferredAuthentication.java @@ -43,22 +43,9 @@ import org.eclipse.jetty.util.log.Logger; public class DeferredAuthentication implements Authentication.Deferred { private static final Logger LOG = Log.getLogger(DeferredAuthentication.class); - - protected final Authenticator _authenticator; - - private LoginService _loginService; - private IdentityService _identityService; + protected final LoginAuthenticator _authenticator; private Object _previousAssociation; - - /* ------------------------------------------------------------ */ - public DeferredAuthentication(Authenticator authenticator) - { - if (authenticator == null) - throw new NullPointerException("No Authenticator"); - this._authenticator = authenticator; - } - /* ------------------------------------------------------------ */ public DeferredAuthentication(LoginAuthenticator authenticator) { @@ -66,36 +53,6 @@ public class DeferredAuthentication implements Authentication.Deferred throw new NullPointerException("No Authenticator"); this._authenticator = authenticator; } - - /* ------------------------------------------------------------ */ - /** Get the identityService. - * @return the identityService - */ - public IdentityService getIdentityService() - { - return _identityService; - } - - /* ------------------------------------------------------------ */ - /** Set the identityService. - * @param identityService the identityService to set - */ - public void setIdentityService(IdentityService identityService) - { - _identityService = identityService; - } - - /* ------------------------------------------------------------ */ - public LoginService getLoginService() - { - return _loginService; - } - - /* ------------------------------------------------------------ */ - public void setLoginService(LoginService loginService) - { - _loginService = loginService; - } /* ------------------------------------------------------------ */ /** @@ -109,8 +66,11 @@ public class DeferredAuthentication implements Authentication.Deferred if (authentication!=null && (authentication instanceof Authentication.User) && !(authentication instanceof Authentication.ResponseSent)) { - if (_identityService!=null) - _previousAssociation=_identityService.associate(((Authentication.User)authentication).getUserIdentity()); + LoginService login_service= _authenticator.getLoginService(); + IdentityService identity_service=login_service.getIdentityService(); + + if (identity_service!=null) + _previousAssociation=identity_service.associate(((Authentication.User)authentication).getUserIdentity()); return authentication; } } @@ -129,9 +89,12 @@ public class DeferredAuthentication implements Authentication.Deferred { try { + LoginService login_service= _authenticator.getLoginService(); + IdentityService identity_service=login_service.getIdentityService(); + Authentication authentication = _authenticator.validateRequest(request,response,true); - if (authentication instanceof Authentication.User && _identityService!=null) - _previousAssociation=_identityService.associate(((Authentication.User)authentication).getUserIdentity()); + if (authentication instanceof Authentication.User && identity_service!=null) + _previousAssociation=identity_service.associate(((Authentication.User)authentication).getUserIdentity()); return authentication; } catch (ServerAuthException e) @@ -147,14 +110,17 @@ public class DeferredAuthentication implements Authentication.Deferred */ public Authentication login(String username, String password) { - if (_loginService!=null) + LoginService login_service= _authenticator.getLoginService(); + IdentityService identity_service=login_service.getIdentityService(); + + if (login_service!=null) { - UserIdentity user = _loginService.login(username,password); + UserIdentity user = login_service.login(username,password); if (user!=null) { UserAuthentication authentication = new UserAuthentication("API",user); - if (_identityService!=null) - _previousAssociation=_identityService.associate(user); + if (identity_service!=null) + _previousAssociation=identity_service.associate(user); return authentication; } } diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java index b95f9253a27..c42c26c8719 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java @@ -121,8 +121,8 @@ public class DigestAuthenticator extends LoginAuthenticator public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException { if (!mandatory) - return _deferred; - + return new DeferredAuthentication(this); + HttpServletRequest request = (HttpServletRequest)req; HttpServletResponse response = (HttpServletResponse)res; String credentials = request.getHeader(HttpHeaders.AUTHORIZATION); @@ -197,7 +197,7 @@ public class DigestAuthenticator extends LoginAuthenticator } - if (!_deferred.isDeferred(response)) + if (!DeferredAuthentication.isDeferred(response)) { String domain = request.getContextPath(); if (domain == null) diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java index ccb00a200d6..829a9d595b0 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java @@ -191,11 +191,11 @@ public class FormAuthenticator extends LoginAuthenticator mandatory|=isJSecurityCheck(uri); if (!mandatory) - return _deferred; - + return new DeferredAuthentication(this); + if (isLoginOrErrorPage(URIUtil.addPaths(request.getServletPath(),request.getPathInfo())) &&!DeferredAuthentication.isDeferred(response)) - return _deferred; - + return new DeferredAuthentication(this); + HttpSession session = request.getSession(true); try @@ -300,9 +300,12 @@ public class FormAuthenticator extends LoginAuthenticator } // if we can't send challenge - if (_deferred.isDeferred(response)) - return Authentication.UNAUTHENTICATED; - + if (DeferredAuthentication.isDeferred(response)) + { + LOG.debug("auth deferred {}",session.getId()); + return Authentication.UNAUTHENTICATED; + } + // remember the current URI synchronized (session) { diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java index f7e30647a9a..17e86574b6c 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java @@ -29,7 +29,6 @@ import org.eclipse.jetty.server.session.AbstractSessionManager; public abstract class LoginAuthenticator implements Authenticator { - protected final DeferredAuthentication _deferred=new DeferredAuthentication(this); protected LoginService _loginService; protected IdentityService _identityService; private boolean _renewSession; diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SpnegoAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SpnegoAuthenticator.java index 4bce3993d68..ca5563f4e50 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SpnegoAuthenticator.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SpnegoAuthenticator.java @@ -69,7 +69,7 @@ public class SpnegoAuthenticator extends LoginAuthenticator if (!mandatory) { - return _deferred; + return new DeferredAuthentication(this); } // check to see if we have authorization headers required to continue @@ -77,7 +77,7 @@ public class SpnegoAuthenticator extends LoginAuthenticator { try { - if (_deferred.isDeferred(res)) + if (DeferredAuthentication.isDeferred(res)) { return Authentication.UNAUTHENTICATED; } From 0ab5773963f51e785e7beb1631e1c8e8ac05e8a2 Mon Sep 17 00:00:00 2001 From: Jan Bartel Date: Fri, 28 Sep 2012 00:26:22 +1000 Subject: [PATCH 2/3] 390560 The method AnnotationParser.getAnnotationHandlers(String) always returns a empty collection. --- .../java/org/eclipse/jetty/annotations/AnnotationParser.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jetty-annotations/src/main/java/org/eclipse/jetty/annotations/AnnotationParser.java b/jetty-annotations/src/main/java/org/eclipse/jetty/annotations/AnnotationParser.java index c3b65ac156c..781cac429f4 100644 --- a/jetty-annotations/src/main/java/org/eclipse/jetty/annotations/AnnotationParser.java +++ b/jetty-annotations/src/main/java/org/eclipse/jetty/annotations/AnnotationParser.java @@ -426,7 +426,7 @@ public class AnnotationParser List handlers = _annotationHandlers.get(annotationName); if (handlers == null) return Collections.emptyList(); - return new ArrayList(); + return new ArrayList(handlers); } public List getAnnotationHandlers() From f3e151467d5d93d86619cebfb60bbf73f4f933e9 Mon Sep 17 00:00:00 2001 From: Jan Bartel Date: Fri, 28 Sep 2012 18:34:00 +1000 Subject: [PATCH 3/3] 390161 Apply DeferredAuthentication fix to jaspi --- .../eclipse/jetty/security/jaspi/JaspiAuthenticator.java | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/jetty-jaspi/src/main/java/org/eclipse/jetty/security/jaspi/JaspiAuthenticator.java b/jetty-jaspi/src/main/java/org/eclipse/jetty/security/jaspi/JaspiAuthenticator.java index c69e1904166..c93bafa7705 100644 --- a/jetty-jaspi/src/main/java/org/eclipse/jetty/security/jaspi/JaspiAuthenticator.java +++ b/jetty-jaspi/src/main/java/org/eclipse/jetty/security/jaspi/JaspiAuthenticator.java @@ -37,6 +37,7 @@ import org.eclipse.jetty.security.IdentityService; import org.eclipse.jetty.security.ServerAuthException; import org.eclipse.jetty.security.UserAuthentication; import org.eclipse.jetty.security.authentication.DeferredAuthentication; +import org.eclipse.jetty.security.authentication.LoginAuthenticator; import org.eclipse.jetty.server.Authentication; import org.eclipse.jetty.server.UserIdentity; import org.eclipse.jetty.server.Authentication.User; @@ -44,7 +45,7 @@ import org.eclipse.jetty.server.Authentication.User; /** * @version $Rev: 4793 $ $Date: 2009-03-19 00:00:01 +0100 (Thu, 19 Mar 2009) $ */ -public class JaspiAuthenticator implements Authenticator +public class JaspiAuthenticator extends LoginAuthenticator { private final ServerAuthConfig _authConfig; @@ -58,7 +59,7 @@ public class JaspiAuthenticator implements Authenticator private final IdentityService _identityService; - private final DeferredAuthentication _deferred; + public JaspiAuthenticator(ServerAuthConfig authConfig, Map authProperties, ServletCallbackHandler callbackHandler, Subject serviceSubject, boolean allowLazyAuthentication, IdentityService identityService) @@ -72,11 +73,11 @@ public class JaspiAuthenticator implements Authenticator this._serviceSubject = serviceSubject; this._allowLazyAuthentication = allowLazyAuthentication; this._identityService = identityService; - this._deferred = new DeferredAuthentication(this); } public void setConfiguration(AuthConfiguration configuration) { + super.setConfiguration(configuration); } public String getAuthMethod() @@ -93,7 +94,7 @@ public class JaspiAuthenticator implements Authenticator //if its not mandatory to authenticate, and the authenticator returned UNAUTHENTICATED, we treat it as authentication deferred if (_allowLazyAuthentication && !info.isAuthMandatory() && a == Authentication.UNAUTHENTICATED) - a =_deferred; + a = new DeferredAuthentication(this); return a; }