Merge remote-tracking branch 'origin/master' into jetty-8

Conflicts:
	jetty-annotations/src/main/java/org/eclipse/jetty/annotations/AnnotationParser.java

jetty-jaspi/src/main/java/org/eclipse/jetty/security/jaspi/JaspiAuthenticator.java

@@ -37,6 +37,7 @@ import org.eclipse.jetty.security.IdentityService;
 import org.eclipse.jetty.security.ServerAuthException;
 import org.eclipse.jetty.security.UserAuthentication;
 import org.eclipse.jetty.security.authentication.DeferredAuthentication;
+import org.eclipse.jetty.security.authentication.LoginAuthenticator;
 import org.eclipse.jetty.server.Authentication;
 import org.eclipse.jetty.server.UserIdentity;
 import org.eclipse.jetty.server.Authentication.User;
@@ -44,7 +45,7 @@ import org.eclipse.jetty.server.Authentication.User;
 /**
  * @version $Rev: 4793 $ $Date: 2009-03-19 00:00:01 +0100 (Thu, 19 Mar 2009) $
  */
-public class JaspiAuthenticator implements Authenticator
+public class JaspiAuthenticator extends LoginAuthenticator
 {
     private final ServerAuthConfig _authConfig;
 
@@ -58,7 +59,7 @@ public class JaspiAuthenticator implements Authenticator
 
     private final IdentityService _identityService;
 
-    private final DeferredAuthentication _deferred;
+ 
 
     public JaspiAuthenticator(ServerAuthConfig authConfig, Map authProperties, ServletCallbackHandler callbackHandler, Subject serviceSubject,
                               boolean allowLazyAuthentication, IdentityService identityService)
@@ -72,11 +73,11 @@ public class JaspiAuthenticator implements Authenticator
         this._serviceSubject = serviceSubject;
         this._allowLazyAuthentication = allowLazyAuthentication;
         this._identityService = identityService;
-        this._deferred = new DeferredAuthentication(this);
     }
 
     public void setConfiguration(AuthConfiguration configuration)
     {
+        super.setConfiguration(configuration);
     }
 
     public String getAuthMethod()
@@ -93,7 +94,7 @@ public class JaspiAuthenticator implements Authenticator
         
         //if its not mandatory to authenticate, and the authenticator returned UNAUTHENTICATED, we treat it as authentication deferred
         if (_allowLazyAuthentication && !info.isAuthMandatory() && a == Authentication.UNAUTHENTICATED)
-            a =_deferred;
+            a = new DeferredAuthentication(this);
         return a;
     }
 

jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java

@@ -525,8 +525,6 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
                 else if (authentication instanceof Authentication.Deferred)
                 {
                     DeferredAuthentication deferred= (DeferredAuthentication)authentication;
-                    deferred.setIdentityService(_identityService);
-                    deferred.setLoginService(_loginService);
                     baseRequest.setAuthentication(authentication);
 
                     try
@@ -536,7 +534,6 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
                     finally
                     {
                         previousIdentity = deferred.getPreviousAssociation();
-                        deferred.setIdentityService(null);
                     }
 
                     if (authenticator!=null)

jetty-security/src/main/java/org/eclipse/jetty/security/authentication/BasicAuthenticator.java

@@ -67,7 +67,7 @@ public class BasicAuthenticator extends LoginAuthenticator
         try
         {
             if (!mandatory)
-                return _deferred;
+                return new DeferredAuthentication(this);
 
             if (credentials != null)
             {                 
@@ -96,7 +96,7 @@ public class BasicAuthenticator extends LoginAuthenticator
                 }
             }
 
-            if (_deferred.isDeferred(response))
+            if (DeferredAuthentication.isDeferred(response))
                 return Authentication.UNAUTHENTICATED;
             
             response.setHeader(HttpHeaders.WWW_AUTHENTICATE, "basic realm=\"" + _loginService.getName() + '"');

jetty-security/src/main/java/org/eclipse/jetty/security/authentication/ClientCertAuthenticator.java

@@ -88,7 +88,7 @@ public class ClientCertAuthenticator extends LoginAuthenticator
     public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException
     {
         if (!mandatory)
-            return _deferred;
+            return new DeferredAuthentication(this);
 
         HttpServletRequest request = (HttpServletRequest)req;
         HttpServletResponse response = (HttpServletResponse)res;
@@ -130,7 +130,7 @@ public class ClientCertAuthenticator extends LoginAuthenticator
                 }
             }
 
-            if (!_deferred.isDeferred(response))
+            if (!DeferredAuthentication.isDeferred(response))
             {
                 response.sendError(HttpServletResponse.SC_FORBIDDEN);
                 return Authentication.SEND_FAILURE;

jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DeferredAuthentication.java

@@ -45,22 +45,9 @@ import org.eclipse.jetty.util.log.Logger;
 public class DeferredAuthentication implements Authentication.Deferred
 {
     private static final Logger LOG = Log.getLogger(DeferredAuthentication.class);
-
+    protected final LoginAuthenticator _authenticator;
-    protected final Authenticator _authenticator;
-
-    private LoginService _loginService;
-    private IdentityService _identityService;
     private Object _previousAssociation;
 
-
-    /* ------------------------------------------------------------ */
-    public DeferredAuthentication(Authenticator authenticator)
-    {
-        if (authenticator == null)
-            throw new NullPointerException("No Authenticator");
-        this._authenticator = authenticator;
-    }
-    
     /* ------------------------------------------------------------ */
     public DeferredAuthentication(LoginAuthenticator authenticator)
     {
@@ -69,36 +56,6 @@ public class DeferredAuthentication implements Authentication.Deferred
         this._authenticator = authenticator;
     }
 
-    /* ------------------------------------------------------------ */
-    /** Get the identityService.
-     * @return the identityService
-     */
-    public IdentityService getIdentityService()
-    {
-        return _identityService;
-    }
-
-    /* ------------------------------------------------------------ */
-    /** Set the identityService.
-     * @param identityService the identityService to set
-     */
-    public void setIdentityService(IdentityService identityService)
-    {
-        _identityService = identityService;
-    }
-
-    /* ------------------------------------------------------------ */
-    public LoginService getLoginService()
-    {
-        return _loginService;
-    }
-
-    /* ------------------------------------------------------------ */
-    public void setLoginService(LoginService loginService)
-    {
-        _loginService = loginService;
-    }
-
     /* ------------------------------------------------------------ */
     /**
      * @see org.eclipse.jetty.server.Authentication.Deferred#authenticate(ServletRequest)
@@ -111,8 +68,11 @@ public class DeferredAuthentication implements Authentication.Deferred
             
             if (authentication!=null && (authentication instanceof Authentication.User) && !(authentication instanceof Authentication.ResponseSent))
             {
-                if (_identityService!=null)
+                LoginService login_service= _authenticator.getLoginService();
-                    _previousAssociation=_identityService.associate(((Authentication.User)authentication).getUserIdentity());
+                IdentityService identity_service=login_service.getIdentityService();
+                
+                if (identity_service!=null)
+                    _previousAssociation=identity_service.associate(((Authentication.User)authentication).getUserIdentity());
                 return authentication;
             }
         }
@@ -131,9 +91,12 @@ public class DeferredAuthentication implements Authentication.Deferred
     {
         try
         {
+            LoginService login_service= _authenticator.getLoginService();
+            IdentityService identity_service=login_service.getIdentityService();
+            
             Authentication authentication = _authenticator.validateRequest(request,response,true);
-            if (authentication instanceof Authentication.User && _identityService!=null)
+            if (authentication instanceof Authentication.User && identity_service!=null)
-                _previousAssociation=_identityService.associate(((Authentication.User)authentication).getUserIdentity());
+                _previousAssociation=identity_service.associate(((Authentication.User)authentication).getUserIdentity());
             return authentication;
         }
         catch (ServerAuthException e)
@@ -149,14 +112,17 @@ public class DeferredAuthentication implements Authentication.Deferred
      */
     public Authentication login(String username, String password)
     {
-        if (_loginService!=null)
+        LoginService login_service= _authenticator.getLoginService();
+        IdentityService identity_service=login_service.getIdentityService();
+        
+        if (login_service!=null)
         {
-            UserIdentity user = _loginService.login(username,password);
+            UserIdentity user = login_service.login(username,password);
             if (user!=null)
             {
                 UserAuthentication authentication = new UserAuthentication("API",user);
-                if (_identityService!=null)
+                if (identity_service!=null)
-                    _previousAssociation=_identityService.associate(user);
+                    _previousAssociation=identity_service.associate(user);
                 return authentication;
             }
         }

jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java

@@ -121,7 +121,7 @@ public class DigestAuthenticator extends LoginAuthenticator
     public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException
     {
         if (!mandatory)
-            return _deferred;
+            return new DeferredAuthentication(this);
 
         HttpServletRequest request = (HttpServletRequest)req;
         HttpServletResponse response = (HttpServletResponse)res;
@@ -197,7 +197,7 @@ public class DigestAuthenticator extends LoginAuthenticator
 
             }
 
-            if (!_deferred.isDeferred(response))
+            if (!DeferredAuthentication.isDeferred(response))
             {
                 String domain = request.getContextPath();
                 if (domain == null) 

jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java

@@ -191,10 +191,10 @@ public class FormAuthenticator extends LoginAuthenticator
 
         mandatory|=isJSecurityCheck(uri);
         if (!mandatory)
-            return _deferred;
+            return new DeferredAuthentication(this);
 
         if (isLoginOrErrorPage(URIUtil.addPaths(request.getServletPath(),request.getPathInfo())) &&!DeferredAuthentication.isDeferred(response))
-            return _deferred;
+            return new DeferredAuthentication(this);
 
         HttpSession session = request.getSession(true);
             
@@ -300,8 +300,11 @@ public class FormAuthenticator extends LoginAuthenticator
             }
 
             // if we can't send challenge
-            if (_deferred.isDeferred(response))
+            if (DeferredAuthentication.isDeferred(response))
+            {
+                LOG.debug("auth deferred {}",session.getId());
                 return Authentication.UNAUTHENTICATED;
+            }
 
             // remember the current URI
             synchronized (session)

jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java

@@ -29,7 +29,6 @@ import org.eclipse.jetty.server.session.AbstractSessionManager;
 
 public abstract class LoginAuthenticator implements Authenticator
 {
-    protected final DeferredAuthentication _deferred=new DeferredAuthentication(this);
     protected LoginService _loginService;
     protected IdentityService _identityService;
     private boolean _renewSession;

jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SpnegoAuthenticator.java

@@ -69,7 +69,7 @@ public class SpnegoAuthenticator extends LoginAuthenticator
 
         if (!mandatory)
         {
-        	return _deferred;
+            return new DeferredAuthentication(this);
         }
         
         // check to see if we have authorization headers required to continue
@@ -77,7 +77,7 @@ public class SpnegoAuthenticator extends LoginAuthenticator
         {
             try
             {
-            	 if (_deferred.isDeferred(res))
+            	 if (DeferredAuthentication.isDeferred(res))
             	 {
                      return Authentication.UNAUTHENTICATED;
             	 }