implementation for #1481

Add a new base class UserStore

Signed-off-by: olivier lamy <olamy@webtide.com>
This commit is contained in:
olivier lamy 2017-04-20 12:36:48 +10:00
parent 6bb8f793a3
commit a2f89f2bf9
4 changed files with 113 additions and 56 deletions

View File

@ -18,12 +18,19 @@
package org.eclipse.jetty.security;
import org.eclipse.jetty.util.PathWatcher;
import org.eclipse.jetty.util.PathWatcher.PathWatchEvent;
import org.eclipse.jetty.util.StringUtil;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;
import org.eclipse.jetty.util.resource.PathResource;
import org.eclipse.jetty.util.resource.Resource;
import org.eclipse.jetty.util.security.Credential;
import java.io.File;
import java.io.IOException;
import java.nio.file.Path;
import java.security.Principal;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
@ -31,20 +38,6 @@ import java.util.Map;
import java.util.Properties;
import java.util.Set;
import javax.security.auth.Subject;
import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.util.PathWatcher;
import org.eclipse.jetty.util.PathWatcher.PathWatchEvent;
import org.eclipse.jetty.util.StringUtil;
import org.eclipse.jetty.util.component.AbstractLifeCycle;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;
import org.eclipse.jetty.util.resource.PathResource;
import org.eclipse.jetty.util.resource.Resource;
import org.eclipse.jetty.util.security.Credential;
/**
* PropertyUserStore
* <p>
@ -59,7 +52,7 @@ import org.eclipse.jetty.util.security.Credential;
*
* If DIGEST Authentication is used, the password must be in a recoverable format, either plain text or OBF:.
*/
public class PropertyUserStore extends AbstractLifeCycle implements PathWatcher.Listener
public class PropertyUserStore extends UserStore implements PathWatcher.Listener
{
private static final Logger LOG = Log.getLogger(PropertyUserStore.class);
@ -69,10 +62,7 @@ public class PropertyUserStore extends AbstractLifeCycle implements PathWatcher.
protected PathWatcher pathWatcher;
protected boolean hotReload = false; // default is not to reload
protected IdentityService _identityService = new DefaultIdentityService();
protected boolean _firstLoad = true; // true if first load, false from that point on
protected final List<String> _knownUsers = new ArrayList<String>();
protected final Map<String, UserIdentity> _knownUserIdentities = new HashMap<String, UserIdentity>();
protected List<UserListener> _listeners;
/**
@ -146,12 +136,6 @@ public class PropertyUserStore extends AbstractLifeCycle implements PathWatcher.
_configPath = configPath;
}
/* ------------------------------------------------------------ */
public UserIdentity getUserIdentity(String userName)
{
return _knownUserIdentities.get(userName);
}
/* ------------------------------------------------------------ */
/**
* @return the resource associated with the configured properties file, creating it if necessary
@ -199,8 +183,8 @@ public class PropertyUserStore extends AbstractLifeCycle implements PathWatcher.
StringBuilder s = new StringBuilder();
s.append(this.getClass().getName());
s.append("[");
s.append("users.count=").append(this._knownUsers.size());
s.append("identityService=").append(this._identityService);
s.append("users.count=").append(this.getKnownUserIdentities().size());
s.append("identityService=").append(this.getIdentityService());
s.append("]");
return s.toString();
}
@ -220,7 +204,7 @@ public class PropertyUserStore extends AbstractLifeCycle implements PathWatcher.
if (getConfigResource().exists())
properties.load(getConfigResource().getInputStream());
Set<String> known = new HashSet<String>();
Set<String> known = new HashSet<>();
for (Map.Entry<Object, Object> entry : properties.entrySet())
{
@ -243,27 +227,12 @@ public class PropertyUserStore extends AbstractLifeCycle implements PathWatcher.
}
known.add(username);
Credential credential = Credential.getCredential(credentials);
Principal userPrincipal = new AbstractLoginService.UserPrincipal(username,credential);
Subject subject = new Subject();
subject.getPrincipals().add(userPrincipal);
subject.getPrivateCredentials().add(credential);
if (roles != null)
{
for (String role : roleArray)
{
subject.getPrincipals().add(new AbstractLoginService.RolePrincipal(role));
}
}
subject.setReadOnly();
_knownUserIdentities.put(username,_identityService.newUserIdentity(subject,userPrincipal,roleArray));
addUser( username, credential, roleArray );
notifyUpdate(username,credential,roleArray);
}
}
final List<String> _knownUsers = new ArrayList<String>();
synchronized (_knownUsers)
{
/*
@ -277,7 +246,7 @@ public class PropertyUserStore extends AbstractLifeCycle implements PathWatcher.
String user = users.next();
if (!known.contains(user))
{
_knownUserIdentities.remove(user);
removeUser( user );
notifyRemove(user);
}
}

View File

@ -0,0 +1,76 @@
//
// ========================================================================
// Copyright (c) 1995-2017 Mort Bay Consulting Pty. Ltd.
// ------------------------------------------------------------------------
// All rights reserved. This program and the accompanying materials
// are made available under the terms of the Eclipse Public License v1.0
// and Apache License v2.0 which accompanies this distribution.
//
// The Eclipse Public License is available at
// http://www.eclipse.org/legal/epl-v10.html
//
// The Apache License v2.0 is available at
// http://www.opensource.org/licenses/apache2.0.php
//
// You may elect to redistribute this code under either of these licenses.
// ========================================================================
//
package org.eclipse.jetty.security;
import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.util.component.AbstractLifeCycle;
import org.eclipse.jetty.util.security.Credential;
import javax.security.auth.Subject;
import java.security.Principal;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
/**
* Base class to store User
*/
public class UserStore extends AbstractLifeCycle
{
private IdentityService _identityService = new DefaultIdentityService();
private final Map<String, UserIdentity> _knownUserIdentities = new ConcurrentHashMap<>();
protected void addUser( String username, Credential credential, String[] roles)
{
Principal userPrincipal = new AbstractLoginService.UserPrincipal( username, credential);
Subject subject = new Subject();
subject.getPrincipals().add(userPrincipal);
subject.getPrivateCredentials().add(credential);
if (roles != null)
{
for (String role : roles)
{
subject.getPrincipals().add(new AbstractLoginService.RolePrincipal(role));
}
}
subject.setReadOnly();
_knownUserIdentities.put(username,_identityService.newUserIdentity(subject,userPrincipal,roles));
}
protected void removeUser(String username)
{
_knownUserIdentities.remove(username);
}
public UserIdentity getUserIdentity(String userName)
{
return _knownUserIdentities.get(userName);
}
public IdentityService getIdentityService()
{
return _identityService;
}
protected Map<String, UserIdentity> getKnownUserIdentities()
{
return _knownUserIdentities;
}
}

View File

@ -19,9 +19,14 @@
package org.eclipse.jetty.security;
import java.security.Principal;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.util.security.Credential;
/**
@ -31,9 +36,8 @@ import org.eclipse.jetty.util.security.Credential;
*/
public class TestLoginService extends AbstractLoginService
{
protected Map<String, UserPrincipal> _users = new HashMap<>();
protected Map<String, String[]> _roles = new HashMap<>();
UserStore userStore = new UserStore();
public TestLoginService(String name)
@ -43,9 +47,7 @@ public class TestLoginService extends AbstractLoginService
public void putUser (String username, Credential credential, String[] roles)
{
UserPrincipal userPrincipal = new UserPrincipal(username,credential);
_users.put(username, userPrincipal);
_roles.put(username, roles);
userStore.addUser( username, credential, roles );
}
/**
@ -54,7 +56,16 @@ public class TestLoginService extends AbstractLoginService
@Override
protected String[] loadRoleInfo(UserPrincipal user)
{
return _roles.get(user.getName());
UserIdentity userIdentity = userStore.getUserIdentity( user.getName() );
Set<RolePrincipal> roles = userIdentity.getSubject().getPrincipals( RolePrincipal.class);
if (roles == null)
return null;
List<String> list = new ArrayList<>();
for (RolePrincipal r:roles)
list.add(r.getName());
return list.toArray(new String[roles.size()]);
}
/**
@ -63,7 +74,8 @@ public class TestLoginService extends AbstractLoginService
@Override
protected UserPrincipal loadUserInfo(String username)
{
return _users.get(username);
UserIdentity userIdentity = userStore.getUserIdentity( username );
return userIdentity == null ? null : (UserPrincipal) userIdentity.getUserPrincipal();
}
}

View File

@ -581,7 +581,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<version>2.19.1</version>
<version>2.20</version>
<configuration>
<argLine>@{argLine} -Dfile.encoding=UTF-8 -Duser.language=en -Duser.region=US -showversion -Xmx1g -Xms1g -XX:+PrintGCDetails</argLine>
<failIfNoTests>false</failIfNoTests>