ASF Bugzilla – Attachment 12766 Details for
Bug 28631
JAASRealm fix to permit user-specified user/group Principals
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
JAASCallbackHandler (patch cf. tomcat 5.028 release)
JAASCallbackHandler.patch (text/plain), 4.32 KB, created by
Andrew Jaquith
on 2004-09-18 16:37:18 UTC
(
hide
)
Description:
JAASCallbackHandler (patch cf. tomcat 5.028 release)
Filename:
MIME Type:
Creator:
Andrew Jaquith
Created:
2004-09-18 16:37:18 UTC
Size:
4.32 KB
patch
obsolete
>--- JAASCallbackHandler.java.old Sat Aug 28 20:14:06 2004 >+++ JAASCallbackHandler.java Fri Sep 10 01:01:14 2004 >@@ -25,25 +25,38 @@ > import javax.security.auth.callback.PasswordCallback; > import javax.security.auth.callback.UnsupportedCallbackException; > >+import org.apache.catalina.util.StringManager; >+import org.apache.commons.logging.Log; >+import org.apache.commons.logging.LogFactory; > > /** >- * <p>Implementation of the JAAS <strong>CallbackHandler</code> interface, >+ * <p>Implementation of the JAAS <code>CallbackHandler</code> interface, > * used to negotiate delivery of the username and credentials that were > * specified to our constructor. No interaction with the user is required > * (or possible).</p> >+ * <p>This <code>CallbackHandler</code> will pre-digest the supplied >+ * password, if required by the <code><Realm></code> element in >+ * <code>server.xml</code>.</p> >+ * <p>At present, <code>JAASCallbackHandler</code> knows how to handle callbacks of >+ * type <code>javax.security.auth.callback.NameCallback</code> and >+ * <code>javax.security.auth.callback.PasswordCallback</code>.</p> > * > * @author Craig R. McClanahan >+ * @author Andrew R. Jaquith > * @version $Revision: 1.3 $ $Date: 2004/02/29 12:38:47 $ > */ > > public class JAASCallbackHandler implements CallbackHandler { > >+ private static Log log = LogFactory.getLog(JAASCallbackHandler.class); > > // ------------------------------------------------------------ Constructor > > > /** > * Construct a callback handler configured with the specified values. >+ * Note that if the <code>JAASRealm</code> instance specifies digested passwords, >+ * the <code>password</code> parameter will be pre-digested here. > * > * @param realm Our associated JAASRealm instance > * @param username Username to be authenticated with >@@ -55,13 +68,25 @@ > super(); > this.realm = realm; > this.username = username; >- this.password = password; >- >+ if (realm.hasMessageDigest()) { >+ this.password = realm.digest(password); >+ if (log.isDebugEnabled()) { >+ log.debug(sm.getString("jaasCallback.digestpassword", password, this.password)); >+ } >+ } >+ else { >+ this.password = password; >+ } > } > > > // ----------------------------------------------------- Instance Variables > >+ /** >+ * The string manager for this package. >+ */ >+ protected static final StringManager sm = >+ StringManager.getManager(Constants.Package); > > /** > * The password to be authenticated with. >@@ -85,11 +110,11 @@ > > > /** >- * Retrieve the information requested in the provided Callbacks. This >- * implementation only recognizes <code>NameCallback</code> and >+ * Retrieve the information requested in the provided <code>Callbacks</code>. >+ * This implementation only recognizes <code>NameCallback</code> and > * <code>PasswordCallback</code> instances. > * >- * @param callbacks The set of callbacks to be processed >+ * @param callbacks The set of <code>Callback</code>s to be processed > * > * @exception IOException if an input/output error occurs > * @exception UnsupportedCallbackException if the login method requests >@@ -101,16 +126,19 @@ > for (int i = 0; i < callbacks.length; i++) { > > if (callbacks[i] instanceof NameCallback) { >- if (realm.getDebug() >= 3) >- realm.log("Returning username " + username); >+ if (log.isDebugEnabled()) { >+ log.debug(sm.getString("jaasCallback.username", username)); >+ } > ((NameCallback) callbacks[i]).setName(username); > } else if (callbacks[i] instanceof PasswordCallback) { >- if (realm.getDebug() >= 3) >- realm.log("Returning password " + password); >+ if (log.isDebugEnabled()) { >+ log.debug(sm.getString("jaasCallback.password", password)); >+ } > final char[] passwordcontents; > if (password != null) { > passwordcontents = password.toCharArray(); >- } else { >+ } >+ else { > passwordcontents = new char[0]; > } > ((PasswordCallback) callbacks[i]).setPassword
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 28631
:
11354
|
11355
|
11356
|
12761
|
12762
|
12763
|
12764
|
12765
| 12766 |
12767