disassociate Identity
git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@586 7e9141cc-0065-0410-87d8-b60c137991c4
This commit is contained in:
Greg Wilkins
parent
74241823dd
commit
778489d7cf
|
|
@ -3,6 +3,7 @@ jetty-7.0.0.RC2-SNAPSHOT
|
|||
+ 283375 improved extensibility of SSL connectors
|
||||
+ 283818 fixed merge of forward parameters
|
||||
+ backport jetty-8 annotation parsing to jetty-7
|
||||
+ Disassociate method on IdentityService
|
||||
|
||||
jetty-7.0.0.RC1 15 June 2009
|
||||
+ JETTY-1066 283357 400 response for bad URIs
|
||||
|
|
|
|||
|
|
@ -33,6 +33,7 @@ import org.eclipse.jetty.server.UserIdentity;
|
|||
*/
|
||||
public class DefaultIdentityService implements IdentityService
|
||||
{
|
||||
/* ------------------------------------------------------------ */
|
||||
public DefaultIdentityService()
|
||||
{
|
||||
}
|
||||
|
|
@ -42,29 +43,40 @@ public class DefaultIdentityService implements IdentityService
|
|||
* If there are roles refs present in the scope, then wrap the UserIdentity
|
||||
* with one that uses the role references in the {@link UserIdentity#isUserInRole(String)}
|
||||
*/
|
||||
public void associate(UserIdentity user)
|
||||
public Object associate(UserIdentity user)
|
||||
{
|
||||
return null;
|
||||
}
|
||||
|
||||
/* ------------------------------------------------------------ */
|
||||
public void disassociate(Object previous)
|
||||
{
|
||||
}
|
||||
|
||||
/* ------------------------------------------------------------ */
|
||||
public Object setRunAs(UserIdentity user, RunAsToken token)
|
||||
{
|
||||
return token;
|
||||
}
|
||||
|
||||
/* ------------------------------------------------------------ */
|
||||
public void unsetRunAs(Object lastToken)
|
||||
{
|
||||
}
|
||||
|
||||
|
||||
/* ------------------------------------------------------------ */
|
||||
public RunAsToken newRunAsToken(String runAsName)
|
||||
{
|
||||
return new RoleRunAsToken(runAsName);
|
||||
}
|
||||
|
||||
/* ------------------------------------------------------------ */
|
||||
public UserIdentity getSystemUserIdentity()
|
||||
{
|
||||
return null;
|
||||
}
|
||||
|
||||
/* ------------------------------------------------------------ */
|
||||
public UserIdentity newUserIdentity(final Subject subject, final Principal userPrincipal, final String[] roles)
|
||||
{
|
||||
return new DefaultUserIdentity(subject,userPrincipal,roles);
|
||||
|
|
|
|||
|
|
@ -36,9 +36,18 @@ public interface IdentityService
|
|||
* {@link SecurityHandler#handle(String, Request, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)}
|
||||
* method and then again with a null argument as that call exits.
|
||||
* @param user The current user or null for no user to associated.
|
||||
* @return an object representing the previous associated state
|
||||
*/
|
||||
void associate(UserIdentity user);
|
||||
Object associate(UserIdentity user);
|
||||
|
||||
/* ------------------------------------------------------------ */
|
||||
/**
|
||||
* Disassociate the user identity from the current thread
|
||||
* and restore previous identity.
|
||||
* @param previous The opaque object returned from a call to {@link IdentityService#associate(UserIdentity)}
|
||||
*/
|
||||
void disassociate(Object previous);
|
||||
|
||||
/* ------------------------------------------------------------ */
|
||||
/**
|
||||
* Associate a runas Token with the current user and thread.
|
||||
|
|
|
|||
|
|
@ -408,6 +408,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
|
|||
boolean isAuthMandatory = isAuthMandatory(baseRequest, base_response, constraintInfo);
|
||||
|
||||
// check authentication
|
||||
Object previousIdentity = null;
|
||||
try
|
||||
{
|
||||
final Authenticator authenticator = _authenticator;
|
||||
|
|
@ -429,7 +430,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
|
|||
{
|
||||
Authentication.User userAuth = (Authentication.User)authentication;
|
||||
baseRequest.setAuthentication(authentication);
|
||||
_identityService.associate(userAuth.getUserIdentity());
|
||||
previousIdentity = _identityService.associate(userAuth.getUserIdentity());
|
||||
|
||||
if (isAuthMandatory)
|
||||
{
|
||||
|
|
@ -457,6 +458,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
|
|||
}
|
||||
finally
|
||||
{
|
||||
previousIdentity = lazy.getPreviousAssociation();
|
||||
lazy.setIdentityService(null);
|
||||
}
|
||||
Authentication auth=baseRequest.getAuthentication();
|
||||
|
|
@ -467,10 +469,12 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
|
|||
}
|
||||
else
|
||||
authenticator.secureResponse(request, response, isAuthMandatory, null);
|
||||
//TODO fish previousIdentity out of something.
|
||||
}
|
||||
else
|
||||
{
|
||||
baseRequest.setAuthentication(authentication);
|
||||
previousIdentity = _identityService.associate(null);
|
||||
handler.handle(pathInContext, baseRequest, request, response);
|
||||
authenticator.secureResponse(request, response, isAuthMandatory, null);
|
||||
}
|
||||
|
|
@ -483,7 +487,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
|
|||
}
|
||||
finally
|
||||
{
|
||||
_identityService.associate(null);
|
||||
_identityService.disassociate(previousIdentity);
|
||||
}
|
||||
}
|
||||
else
|
||||
|
|
|
|||
|
|
@ -73,8 +73,8 @@ public class DeferredAuthenticator extends DelegateAuthenticator
|
|||
protected final ServletRequest _request;
|
||||
protected final ServletResponse _response;
|
||||
|
||||
private Authentication _delegate;
|
||||
private IdentityService _identityService;
|
||||
private Object _previousAssociation;
|
||||
|
||||
public DeferredAuthentication(Authenticator authenticator, ServletRequest request, ServletResponse response)
|
||||
{
|
||||
|
|
@ -116,7 +116,7 @@ public class DeferredAuthenticator extends DelegateAuthenticator
|
|||
if (authentication!=null && (authentication instanceof Authentication.User) && !(authentication instanceof Authentication.ResponseSent))
|
||||
{
|
||||
if (_identityService!=null)
|
||||
_identityService.associate(((Authentication.User)authentication).getUserIdentity());
|
||||
_previousAssociation=_identityService.associate(((Authentication.User)authentication).getUserIdentity());
|
||||
return authentication;
|
||||
}
|
||||
}
|
||||
|
|
@ -137,7 +137,7 @@ public class DeferredAuthenticator extends DelegateAuthenticator
|
|||
{
|
||||
Authentication authentication = _authenticator.validateRequest(_request,response,true);
|
||||
if (authentication instanceof Authentication.User && _identityService!=null)
|
||||
_identityService.associate(((Authentication.User)authentication).getUserIdentity());
|
||||
_previousAssociation=_identityService.associate(((Authentication.User)authentication).getUserIdentity());
|
||||
return authentication;
|
||||
}
|
||||
catch (ServerAuthException e)
|
||||
|
|
@ -156,7 +156,13 @@ public class DeferredAuthenticator extends DelegateAuthenticator
|
|||
return null; // TODO implement
|
||||
}
|
||||
|
||||
/* ------------------------------------------------------------ */
|
||||
public Object getPreviousAssociation()
|
||||
{
|
||||
return _previousAssociation;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/* ------------------------------------------------------------ */
|
||||
/* ------------------------------------------------------------ */
|
||||
|
|
|
|||
Loading…
Reference in New Issue