View | Details | Raw Unified | Return to bug 55477
Collapse All | Expand All

(-)java/org/apache/catalina/realm/LocalStrings.properties (+6 lines)
Lines 58-63 Link Here
58
jndiRealm.exception=Exception performing authentication
58
jndiRealm.exception=Exception performing authentication
59
jndiRealm.exception.retry=Exception performing authentication. Retrying...
59
jndiRealm.exception.retry=Exception performing authentication. Retrying...
60
jndiRealm.open=Exception opening directory server connection
60
jndiRealm.open=Exception opening directory server connection
61
mappingRealm.fileNotExists=Realm mapping file {0} does not exist. No security role will be available
62
mappingRealm.invalidMapping=Invalid syntax in mapping [{0}]
63
mappingRealm.loadFailed=Could not Realm mapping file {0}
64
mappingRealm.loadOK=Loaded Realm mapping file {0}
65
mappingRealm.loadRoleMappings=Load role mappings from configuration, ignore {0}
66
mappingRealm.mapped=Mapped application security role [{0}] to realm security role [{1}]
61
memoryRealm.authenticateFailure=Username {0} NOT successfully authenticated
67
memoryRealm.authenticateFailure=Username {0} NOT successfully authenticated
62
memoryRealm.authenticateSuccess=Username {0} successfully authenticated
68
memoryRealm.authenticateSuccess=Username {0} successfully authenticated
63
memoryRealm.loadExist=Memory database file {0} cannot be read
69
memoryRealm.loadExist=Memory database file {0} cannot be read
(-)java/org/apache/catalina/realm/MappingRealm.java (+273 lines)
Line 0 Link Here
1
/*
2
 * Licensed to the Apache Software Foundation (ASF) under one or more
3
 * contributor license agreements.  See the NOTICE file distributed with
4
 * this work for additional information regarding copyright ownership.
5
 * The ASF licenses this file to You under the Apache License, Version 2.0
6
 * (the "License"); you may not use this file except in compliance with
7
 * the License.  You may obtain a copy of the License at
8
 *
9
 *      http://www.apache.org/licenses/LICENSE-2.0
10
 *
11
 * Unless required by applicable law or agreed to in writing, software
12
 * distributed under the License is distributed on an "AS IS" BASIS,
13
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
 * See the License for the specific language governing permissions and
15
 * limitations under the License.
16
 */
17
18
package org.apache.catalina.realm;
19
20
import java.security.Principal;
21
import java.util.Properties;
22
import java.io.IOException;
23
import java.io.File;
24
import java.io.FileInputStream;
25
26
import org.apache.catalina.Globals;
27
import org.apache.catalina.Wrapper;
28
import org.apache.catalina.LifecycleException;
29
import org.apache.juli.logging.Log;
30
import org.apache.juli.logging.LogFactory;
31
32
/**
33
 */
34
35
public class MappingRealm extends CombinedRealm {
36
37
    private static final Log log = LogFactory.getLog(MappingRealm.class);
38
39
  	
40
    // ----------------------------------------------------- Instance Variables
41
42
    /**
43
     * Internal security role translation
44
     */
45
    protected Properties mapping = null;
46
47
	/**
48
     * Filename to load mapping from 
49
	 * Format is <code>application-security-role=inner-realm-security-role</code>
50
     */
51
	protected String pathname = "conf/mapping.properties";
52
53
	/*
54
	 * Symbol or string used as assignment operator when using roleMappings
55
	 * Default: =
56
	 */
57
	protected String assignment = "=";
58
	
59
	/*
60
     * Symbol or string used as separator between different assignments when using roleMappings
61
     * Default: ;
62
     */
63
    protected String separator = ";";
64
    
65
    /**
66
     * String with role mappings. If this is set the properties file is ignored
67
     */
68
    protected String roleMappings = null;
69
    
70
    /**
71
     * Descriptive information about this Realm implementation.
72
     */
73
    protected static final String info =
74
        "org.apache.catalina.realm.MappingRealm/1.0";
75
76
    /**
77
     * Descriptive information about this Realm implementation.
78
     */
79
    protected static final String name = "MappingRealm";
80
		
81
    /**
82
     * Return descriptive information about this Realm implementation and
83
     * the corresponding version number, in the format
84
     * <code>&lt;description&gt;/&lt;version&gt;</code>.
85
     */
86
    @Override
87
    public String getInfo() {
88
89
        return info;
90
91
    }
92
93
	/**
94
     * Return a short name for this Realm implementation.
95
     */
96
    @Override
97
    protected String getName() {
98
99
        return (name);
100
101
    }
102
	
103
    /**
104
     * Get assignment string
105
     */
106
    public String getAssignment() {
107
        return assignment;
108
    }
109
    
110
    /**
111
     * Set assignment string
112
     */
113
    public void setAssignment(String assignment) {
114
        this.assignment=assignment;
115
    }    
116
    
117
    /**
118
     * Get separator string
119
     */
120
    public String getSeparator() {
121
        return separator;
122
    }
123
124
    /**
125
     * Set separator string
126
     */
127
    public void setSeparator(String separator) {
128
        this.separator=separator;
129
    }
130
    
131
    /**
132
     * Get mapping rule string
133
     */
134
    public String getRoleMappings() {
135
        return roleMappings;
136
    }
137
138
    /**
139
     * Set separator string
140
     */
141
    public void setRoleMappings(String roleMappings) {
142
        this.roleMappings=roleMappings;
143
    }
144
    
145
	/**
146
     * Get pathname of mapping properties files
147
     */
148
    public String getPathname() {
149
        return pathname;
150
    }
151
152
    /**
153
     * Set pathname for properties file to load
154
     */
155
    public void setPathname(String pathname) {
156
        this.pathname = pathname;
157
    }
158
	
159
    // ---------------------------------------------------------- Realm Methods
160
161
    /**
162
     * Return <code>true</code> if the specified Principal has the specified
163
     * security role, within the context of this Realm; otherwise return
164
     * <code>false</code>.  This method can be overridden by Realm
165
     * implementations, but the default is adequate when an instance of
166
     * <code>GenericPrincipal</code> is used to represent authenticated
167
     * Principals from this Realm.
168
     *
169
     * @param principal Principal for whom the role is to be checked
170
     * @param role Security role to be checked
171
     */
172
	 @Override
173
	public boolean hasRole(Wrapper wrapper, Principal principal, String role) {
174
	
175
		// Copied from GenericPrincipal
176
		if("*".equals(role)) { // Special 2.4 role meaning everyone
177
            return true;
178
		}
179
        if (role == null) {
180
            return (false);
181
		}
182
		
183
		String mappedRole = mapping.getProperty(role);
184
		
185
		if((mappedRole != null) && super.hasRole(wrapper, principal, mappedRole)) {
186
			if (log.isDebugEnabled()) {
187
                log.debug(sm.getString("mappingRealm.mapped", role, mappedRole));
188
            }
189
			return true;
190
		} else {
191
			return false;
192
		} 
193
    }
194
	
195
	
196
	// ------------------------------------------------------ Lifecycle Methods
197
198
199
    /**
200
     * Prepare for the beginning of active use of the public methods of this
201
     * component and implement the requirements of
202
     * {@link org.apache.catalina.util.LifecycleBase#startInternal()}.
203
     *
204
     * @exception LifecycleException if this component detects a fatal error
205
     *  that prevents this component from being used
206
     */
207
    @Override
208
    protected void startInternal() throws LifecycleException {
209
210
		mapping = new Properties();
211
212
		if (roleMappings != null) {
213
	        log.info(sm.getString("mappingRealm.loadRoleMappings",pathname));
214
		    for (String entry : roleMappings.split(separator)) {
215
		        String[] kv = entry.split(assignment, 2);
216
		        if (kv.length == 2) {
217
		            mapping.setProperty(kv[0], kv[1]);
218
		        } else {
219
		            log.error(sm.getString("mappingRealm.invalidMapping",entry));
220
		        }
221
		    }
222
		} else {
223
    		File file = new File(pathname);
224
            if (!file.isAbsolute()) {
225
                file = new File(System.getProperty(Globals.CATALINA_BASE_PROP),
226
                                pathname);
227
            }
228
            if (file.exists()) {
229
    			FileInputStream fis = null;
230
    			try {
231
    				fis =  new FileInputStream(file);
232
    				mapping.load(fis);
233
    				log.info(sm.getString("mappingRealm.loadOK", pathname));
234
    			} catch (IOException ioe) {
235
    				log.error(sm.getString("mappingRealm.loadFailed", pathname));
236
    			} finally {
237
    				 if (fis != null) {
238
    					try {
239
    						fis.close();
240
    					} catch (IOException ioe) {
241
    						// Ignore
242
    					}
243
    				}
244
    			}
245
    		} else {
246
    			log.error(sm.getString("mappingRealm.fileNotExists", pathname));
247
            }
248
		}
249
		
250
        super.startInternal();
251
    }
252
253
254
    /**
255
     * Gracefully terminate the active use of the public methods of this
256
     * component and implement the requirements of
257
     * {@link org.apache.catalina.util.LifecycleBase#stopInternal()}.
258
     *
259
     * @exception LifecycleException if this component detects a fatal error
260
     *  that needs to be reported
261
     */
262
    @Override
263
    protected void stopInternal() throws LifecycleException {
264
265
        // Perform normal superclass finalization
266
        super.stopInternal();
267
268
		// Release mappings
269
        mapping = null;
270
        roleMappings = null;
271
    }
272
}
273

Return to bug 55477