Issue #3815 Ensure user not in roles for PropertyFileLoginModule (#3826)

Signed-off-by: Jan Bartel <janb@webtide.com>
This commit is contained in:
Jan Bartel 2019-07-01 15:46:14 +02:00 committed by GitHub
parent e26179e8e9
commit cf4e7412d4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 61 additions and 9 deletions

View File

@ -18,15 +18,16 @@
package org.eclipse.jetty.jaas.spi;
import java.security.Principal;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.stream.Collectors;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import org.eclipse.jetty.security.AbstractLoginService;
import org.eclipse.jetty.security.PropertyUserStore;
import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.util.log.Log;
@ -116,14 +117,11 @@ public class PropertyFileLoginModule extends AbstractLoginModule
//TODO in future versions change the impl of PropertyUserStore so its not
//storing Subjects etc, just UserInfo
Set<Principal> principals = userIdentity.getSubject().getPrincipals();
Set<AbstractLoginService.RolePrincipal> principals = userIdentity.getSubject().getPrincipals(AbstractLoginService.RolePrincipal.class);
List<String> roles = new ArrayList<String>();
for (Principal principal : principals)
{
roles.add(principal.getName());
}
List<String> roles = principals.stream()
.map(AbstractLoginService.RolePrincipal::getName)
.collect(Collectors.toList());
Credential credential = (Credential)userIdentity.getSubject().getPrivateCredentials().iterator().next();
LOG.debug("Found: " + userName + " in PropertyUserStore " + _filename);

View File

@ -0,0 +1,53 @@
//
// ========================================================================
// Copyright (c) 1995-2019 Mort Bay Consulting Pty. Ltd.
// ------------------------------------------------------------------------
// All rights reserved. This program and the accompanying materials
// are made available under the terms of the Eclipse Public License v1.0
// and Apache License v2.0 which accompanies this distribution.
//
// The Eclipse Public License is available at
// http://www.eclipse.org/legal/epl-v10.html
//
// The Apache License v2.0 is available at
// http://www.opensource.org/licenses/apache2.0.php
//
// You may elect to redistribute this code under either of these licenses.
// ========================================================================
//
package org.eclipse.jetty.jaas.spi;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.contains;
import static org.hamcrest.Matchers.containsInAnyOrder;
import static org.hamcrest.Matchers.not;
import static org.junit.jupiter.api.Assertions.assertEquals;
import java.io.File;
import java.util.HashMap;
import javax.security.auth.Subject;
import org.eclipse.jetty.jaas.callback.DefaultCallbackHandler;
import org.eclipse.jetty.toolchain.test.MavenTestingUtils;
import org.junit.jupiter.api.Test;
public class PropertyFileLoginModuleTest
{
@Test
public void testRoles()
throws Exception
{
File file = MavenTestingUtils.getTestResourceFile("login.properties");
PropertyFileLoginModule module = new PropertyFileLoginModule();
Subject subject = new Subject();
HashMap<String, String> options = new HashMap<>();
options.put("file", file.getCanonicalPath());
module.initialize(subject, new DefaultCallbackHandler(), new HashMap<String, String>(), options);
UserInfo fred = module.getUserInfo("fred");
assertEquals("fred", fred.getUserName());
assertThat(fred.getRoleNames(), containsInAnyOrder("role1", "role2", "role3"));
assertThat(fred.getRoleNames(), not(contains("fred")));
}
}

View File

@ -0,0 +1 @@
fred=pwd,role1,role2,role3