Attachment 11330 Details for Bug 28286 – Patch to allow subclassing

[patch] Patch to allow subclassing

diff (text/plain), 8.95 KB, created by Brian Stansberry on 2004-04-26 05:49:01 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Brian Stansberry

Created: 2004-04-26 05:49:01 UTC

Size: 8.95 KB

patch

obsolete

>Index: AuthenticatorBase.java
>===================================================================
>RCS file: /home/cvspublic/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v
>retrieving revision 1.17
>diff -u -w -b -r1.17 AuthenticatorBase.java
>--- AuthenticatorBase.java	27 Feb 2004 14:58:41 -0000	1.17
>+++ AuthenticatorBase.java	26 Apr 2004 04:43:07 -0000
>@@ -760,31 +760,23 @@
> 
> boolean reauthenticated = false;
> 
>- SingleSignOnEntry entry = sso.lookup(ssoId);
>- if (entry != null && entry.getCanReauthenticate()) {
>- Principal reauthPrincipal = null;
> Container parent = getContainer();
> if (parent != null) {
>- Realm realm = getContainer().getRealm();
>- String username = entry.getUsername();
>- if (realm != null && username != null) {
>- reauthPrincipal =
>- realm.authenticate(username, entry.getPassword());
>+ Realm realm = parent.getRealm();
>+ if (realm != null) {
>+ reauthenticated = sso.reauthenticate(ssoId, realm, request);
> }
> }
> 
>- if (reauthPrincipal != null) {
>+ if (reauthenticated) {
> associate(ssoId, getSession(request, true));
>- request.setAuthType(entry.getAuthType());
>- request.setUserPrincipal(reauthPrincipal);
> 
>- reauthenticated = true;
> if (log.isDebugEnabled()) {
>+ HttpServletRequest hreq = 
>+ (HttpServletRequest) request.getRequest();
> log.debug(" Reauthenticated cached principal '" +
>- entry.getPrincipal().getName() +
>- "' with auth type '" +
>- entry.getAuthType() + "'");
>- }
>+ hreq.getUserPrincipal().getName() +
>+ "' with auth type '" + hreq.getAuthType() + "'");
> }
> }
> 
>Index: SingleSignOn.java
>===================================================================
>RCS file: /home/cvspublic/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/SingleSignOn.java,v
>retrieving revision 1.12
>diff -u -w -b -r1.12 SingleSignOn.java
>--- SingleSignOn.java	27 Feb 2004 14:58:41 -0000	1.12
>+++ SingleSignOn.java	26 Apr 2004 04:43:08 -0000
>@@ -33,6 +33,7 @@
> import org.apache.catalina.LifecycleException;
> import org.apache.catalina.LifecycleListener;
> import org.apache.catalina.Logger;
>+import org.apache.catalina.Realm;
> import org.apache.catalina.Request;
> import org.apache.catalina.Response;
> import org.apache.catalina.Session;
>@@ -559,6 +560,55 @@
> 
> 
> /**
>+ * Attempts reauthentication to the given <code>Realm</code> using
>+ * the credentials associated with the single sign-on session
>+ * identified by argument <code>ssoId</code>.
>+ * 
>+ * If reauthentication is successful, the <code>Principal</code> and
>+ * authorization type associated with the SSO session will be bound
>+ * to the given <code>HttpRequest</code> object via calls to 
>+ * {@link HttpRequest#setAuthType HttpRequest.setAuthType()} and 
>+ * {@link HttpRequest#setUserPrincipal HttpRequest.setUserPrincipal()}
>+ * 
>+ *
>+ * @param ssoId identifier of SingleSignOn session with which the
>+ * caller is associated
>+ * @param realm Realm implementation against which the caller is to
>+ * be authenticated
>+ * @param request the request that needs to be authenticated
>+ * 
>+ * @return <code>true</code> if reauthentication was successful,
>+ * <code>false</code> otherwise.
>+ */
>+ protected boolean reauthenticate(String ssoId, Realm realm,
>+ HttpRequest request) {
>+
>+ if (ssoId == null || realm == null)
>+ return false;
>+
>+ boolean reauthenticated = false;
>+
>+ SingleSignOnEntry entry = lookup(ssoId);
>+ if (entry != null && entry.getCanReauthenticate()) {
>+ 
>+ String username = entry.getUsername();
>+ if (username != null) {
>+ Principal reauthPrincipal =
>+ realm.authenticate(username, entry.getPassword()); 
>+ if (reauthPrincipal != null) { 
>+ reauthenticated = true; 
>+ // Bind the authorization credentials to the request
>+ request.setAuthType(entry.getAuthType());
>+ request.setUserPrincipal(reauthPrincipal);
>+ }
>+ }
>+ }
>+
>+ return reauthenticated;
>+ }
>+
>+
>+ /**
> * Register the specified Principal as being associated with the specified
> * value for the single sign on identifier.
> *
>@@ -585,6 +635,47 @@
> 
> 
> /**
>+ * Updates any <code>SingleSignOnEntry</code> found under key
>+ * <code>ssoId</code> with the given authentication data.
>+ * 
>+ * The purpose of this method is to allow an SSO entry that was
>+ * established without a username/password combination (i.e. established
>+ * following DIGEST or CLIENT-CERT authentication) to be updated with
>+ * a username and password if one becomes available through a subsequent
>+ * BASIC or FORM authentication. The SSO entry will then be usable for
>+ * reauthentication.
>+ * 
>+ * NOTE: Only updates the SSO entry if a call to
>+ * <code>SingleSignOnEntry.getCanReauthenticate()</code> returns
>+ * <code>false</code>; otherwise, it is assumed that the SSO entry already
>+ * has sufficient information to allow reauthentication and that no update
>+ * is needed.
>+ *
>+ * @param ssoId identifier of Single sign to be updated
>+ * @param principal the <code>Principal</code> returned by the latest
>+ * call to <code>Realm.authenticate</code>.
>+ * @param authType the type of authenticator used (BASIC, CLIENT-CERT,
>+ * DIGEST or FORM)
>+ * @param username the username (if any) used for the authentication
>+ * @param password the password (if any) used for the authentication
>+ */
>+ protected void update(String ssoId, Principal principal, String authType,
>+ String username, String password) {
>+
>+ SingleSignOnEntry sso = lookup(ssoId);
>+ if (sso != null && !sso.getCanReauthenticate()) {
>+ if (debug >= 1)
>+ log("Update sso id " + ssoId + " to auth type " + authType);
>+
>+ synchronized(sso) {
>+ sso.updateCredentials(principal, authType, username, password);
>+ }
>+
>+ }
>+ }
>+
>+
>+ /**
> * Log a message on the Logger associated with our Container (if any).
> *
> * @param message Message to be logged
>@@ -633,6 +724,7 @@
> 
> }
> 
>+ 
> //---------------------------------------------- Package-Protected Methods
> 
> 
>@@ -669,45 +761,4 @@
> }
> }
> 
>-
>- /**
>- * Updates any <code>SingleSignOnEntry</code> found under key
>- * <code>ssoId</code> with the given authentication data.
>- * 
>- * The purpose of this method is to allow an SSO entry that was
>- * established without a username/password combination (i.e. established
>- * following DIGEST or CLIENT-CERT authentication) to be updated with
>- * a username and password if one becomes available through a subsequent
>- * BASIC or FORM authentication. The SSO entry will then be usable for
>- * reauthentication.
>- * 
>- * NOTE: Only updates the SSO entry if a call to
>- * <code>SingleSignOnEntry.getCanReauthenticate()</code> returns
>- * <code>false</code>; otherwise, it is assumed that the SSO entry already
>- * has sufficient information to allow reauthentication and that no update
>- * is needed.
>- *
>- * @param ssoId identifier of Single sign to be updated
>- * @param principal the <code>Principal</code> returned by the latest
>- * call to <code>Realm.authenticate</code>.
>- * @param authType the type of authenticator used (BASIC, CLIENT-CERT,
>- * DIGEST or FORM)
>- * @param username the username (if any) used for the authentication
>- * @param password the password (if any) used for the authentication
>- */
>- void update(String ssoId, Principal principal, String authType,
>- String username, String password) {
>-
>- SingleSignOnEntry sso = lookup(ssoId);
>- if (sso != null && !sso.getCanReauthenticate()) {
>- if (debug >= 1)
>- log("Update sso id " + ssoId + " to auth type " + authType);
>-
>- synchronized(sso) {
>- sso.updateCredentials(principal, authType, username, password);
>- }
>-
>- }
>- }
>-
> }

Actions: View | Diff

Attachments on bug 28286: 11188 | 11330 | 11566