Line 0
Link Here
|
|
|
1 |
/* |
2 |
* Licensed to the Apache Software Foundation (ASF) under one or more |
3 |
* contributor license agreements. See the NOTICE file distributed with |
4 |
* this work for additional information regarding copyright ownership. |
5 |
* The ASF licenses this file to You under the Apache License, Version 2.0 |
6 |
* (the "License"); you may not use this file except in compliance with |
7 |
* the License. You may obtain a copy of the License at |
8 |
* |
9 |
* http://www.apache.org/licenses/LICENSE-2.0 |
10 |
* |
11 |
* Unless required by applicable law or agreed to in writing, software |
12 |
* distributed under the License is distributed on an "AS IS" BASIS, |
13 |
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
14 |
* See the License for the specific language governing permissions and |
15 |
* limitations under the License. |
16 |
*/ |
17 |
|
18 |
package org.apache.catalina.realm; |
19 |
|
20 |
import java.security.Principal; |
21 |
import java.util.Properties; |
22 |
import java.io.IOException; |
23 |
import java.io.File; |
24 |
import java.io.FileInputStream; |
25 |
|
26 |
import org.apache.catalina.Globals; |
27 |
import org.apache.catalina.Wrapper; |
28 |
import org.apache.catalina.LifecycleException; |
29 |
import org.apache.juli.logging.Log; |
30 |
import org.apache.juli.logging.LogFactory; |
31 |
|
32 |
/** |
33 |
*/ |
34 |
|
35 |
public class MappingRealm extends CombinedRealm { |
36 |
|
37 |
private static final Log log = LogFactory.getLog(MappingRealm.class); |
38 |
|
39 |
|
40 |
// ----------------------------------------------------- Instance Variables |
41 |
|
42 |
/** |
43 |
* Internal security role translation |
44 |
*/ |
45 |
protected Properties mapping = null; |
46 |
|
47 |
/** |
48 |
* Filename to load mapping from |
49 |
* Format is <code>application-security-role=inner-realm-security-role</code> |
50 |
*/ |
51 |
protected String pathname = "conf/mapping.properties"; |
52 |
|
53 |
/* |
54 |
* Symbol or string used as assignment operator when using roleMappings |
55 |
* Default: = |
56 |
*/ |
57 |
protected String assignment = "="; |
58 |
|
59 |
/* |
60 |
* Symbol or string used as separator between different assignments when using roleMappings |
61 |
* Default: ; |
62 |
*/ |
63 |
protected String separator = ";"; |
64 |
|
65 |
/** |
66 |
* String with role mappings. If this is set the properties file is ignored |
67 |
*/ |
68 |
protected String roleMappings = null; |
69 |
|
70 |
/** |
71 |
* Descriptive information about this Realm implementation. |
72 |
*/ |
73 |
protected static final String info = |
74 |
"org.apache.catalina.realm.MappingRealm/1.0"; |
75 |
|
76 |
/** |
77 |
* Descriptive information about this Realm implementation. |
78 |
*/ |
79 |
protected static final String name = "MappingRealm"; |
80 |
|
81 |
/** |
82 |
* Return descriptive information about this Realm implementation and |
83 |
* the corresponding version number, in the format |
84 |
* <code><description>/<version></code>. |
85 |
*/ |
86 |
@Override |
87 |
public String getInfo() { |
88 |
|
89 |
return info; |
90 |
|
91 |
} |
92 |
|
93 |
/** |
94 |
* Return a short name for this Realm implementation. |
95 |
*/ |
96 |
@Override |
97 |
protected String getName() { |
98 |
|
99 |
return (name); |
100 |
|
101 |
} |
102 |
|
103 |
/** |
104 |
* Get assignment string |
105 |
*/ |
106 |
public String getAssignment() { |
107 |
return assignment; |
108 |
} |
109 |
|
110 |
/** |
111 |
* Set assignment string |
112 |
*/ |
113 |
public void setAssignment(String assignment) { |
114 |
this.assignment=assignment; |
115 |
} |
116 |
|
117 |
/** |
118 |
* Get separator string |
119 |
*/ |
120 |
public String getSeparator() { |
121 |
return separator; |
122 |
} |
123 |
|
124 |
/** |
125 |
* Set separator string |
126 |
*/ |
127 |
public void setSeparator(String separator) { |
128 |
this.separator=separator; |
129 |
} |
130 |
|
131 |
/** |
132 |
* Get mapping rule string |
133 |
*/ |
134 |
public String getRoleMappings() { |
135 |
return roleMappings; |
136 |
} |
137 |
|
138 |
/** |
139 |
* Set separator string |
140 |
*/ |
141 |
public void setRoleMappings(String roleMappings) { |
142 |
this.roleMappings=roleMappings; |
143 |
} |
144 |
|
145 |
/** |
146 |
* Get pathname of mapping properties files |
147 |
*/ |
148 |
public String getPathname() { |
149 |
return pathname; |
150 |
} |
151 |
|
152 |
/** |
153 |
* Set pathname for properties file to load |
154 |
*/ |
155 |
public void setPathname(String pathname) { |
156 |
this.pathname = pathname; |
157 |
} |
158 |
|
159 |
// ---------------------------------------------------------- Realm Methods |
160 |
|
161 |
/** |
162 |
* Return <code>true</code> if the specified Principal has the specified |
163 |
* security role, within the context of this Realm; otherwise return |
164 |
* <code>false</code>. This method can be overridden by Realm |
165 |
* implementations, but the default is adequate when an instance of |
166 |
* <code>GenericPrincipal</code> is used to represent authenticated |
167 |
* Principals from this Realm. |
168 |
* |
169 |
* @param principal Principal for whom the role is to be checked |
170 |
* @param role Security role to be checked |
171 |
*/ |
172 |
@Override |
173 |
public boolean hasRole(Wrapper wrapper, Principal principal, String role) { |
174 |
|
175 |
// Copied from GenericPrincipal |
176 |
if("*".equals(role)) { // Special 2.4 role meaning everyone |
177 |
return true; |
178 |
} |
179 |
if (role == null) { |
180 |
return (false); |
181 |
} |
182 |
|
183 |
String mappedRole = mapping.getProperty(role); |
184 |
|
185 |
if((mappedRole != null) && super.hasRole(wrapper, principal, mappedRole)) { |
186 |
if (log.isDebugEnabled()) { |
187 |
log.debug(sm.getString("mappingRealm.mapped", role, mappedRole)); |
188 |
} |
189 |
return true; |
190 |
} else { |
191 |
return false; |
192 |
} |
193 |
} |
194 |
|
195 |
|
196 |
// ------------------------------------------------------ Lifecycle Methods |
197 |
|
198 |
|
199 |
/** |
200 |
* Prepare for the beginning of active use of the public methods of this |
201 |
* component and implement the requirements of |
202 |
* {@link org.apache.catalina.util.LifecycleBase#startInternal()}. |
203 |
* |
204 |
* @exception LifecycleException if this component detects a fatal error |
205 |
* that prevents this component from being used |
206 |
*/ |
207 |
@Override |
208 |
protected void startInternal() throws LifecycleException { |
209 |
|
210 |
mapping = new Properties(); |
211 |
|
212 |
if (roleMappings != null) { |
213 |
log.info(sm.getString("mappingRealm.loadRoleMappings",pathname)); |
214 |
for (String entry : roleMappings.split(separator)) { |
215 |
String[] kv = entry.split(assignment, 2); |
216 |
if (kv.length == 2) { |
217 |
mapping.setProperty(kv[0], kv[1]); |
218 |
} else { |
219 |
log.error(sm.getString("mappingRealm.invalidMapping",entry)); |
220 |
} |
221 |
} |
222 |
} else { |
223 |
File file = new File(pathname); |
224 |
if (!file.isAbsolute()) { |
225 |
file = new File(System.getProperty(Globals.CATALINA_BASE_PROP), |
226 |
pathname); |
227 |
} |
228 |
if (file.exists()) { |
229 |
FileInputStream fis = null; |
230 |
try { |
231 |
fis = new FileInputStream(file); |
232 |
mapping.load(fis); |
233 |
log.info(sm.getString("mappingRealm.loadOK", pathname)); |
234 |
} catch (IOException ioe) { |
235 |
log.error(sm.getString("mappingRealm.loadFailed", pathname)); |
236 |
} finally { |
237 |
if (fis != null) { |
238 |
try { |
239 |
fis.close(); |
240 |
} catch (IOException ioe) { |
241 |
// Ignore |
242 |
} |
243 |
} |
244 |
} |
245 |
} else { |
246 |
log.error(sm.getString("mappingRealm.fileNotExists", pathname)); |
247 |
} |
248 |
} |
249 |
|
250 |
super.startInternal(); |
251 |
} |
252 |
|
253 |
|
254 |
/** |
255 |
* Gracefully terminate the active use of the public methods of this |
256 |
* component and implement the requirements of |
257 |
* {@link org.apache.catalina.util.LifecycleBase#stopInternal()}. |
258 |
* |
259 |
* @exception LifecycleException if this component detects a fatal error |
260 |
* that needs to be reported |
261 |
*/ |
262 |
@Override |
263 |
protected void stopInternal() throws LifecycleException { |
264 |
|
265 |
// Perform normal superclass finalization |
266 |
super.stopInternal(); |
267 |
|
268 |
// Release mappings |
269 |
mapping = null; |
270 |
roleMappings = null; |
271 |
} |
272 |
} |
273 |
|