ASF Bugzilla – Attachment 30788 Details for
Bug 55477
Add a solution to map an realm name to a security role
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Edition with inline configuration for the role mapping
MappingRealm.v2.patch (text/plain), 9.30 KB, created by
Stefan Mayr
on 2013-08-31 10:42:10 UTC
(
hide
)
Description:
Edition with inline configuration for the role mapping
Filename:
MIME Type:
Creator:
Stefan Mayr
Created:
2013-08-31 10:42:10 UTC
Size:
9.30 KB
patch
obsolete
>Index: java/org/apache/catalina/realm/LocalStrings.properties >=================================================================== >--- java/org/apache/catalina/realm/LocalStrings.properties (Revision 1519167) >+++ java/org/apache/catalina/realm/LocalStrings.properties (Arbeitskopie) >@@ -58,6 +58,12 @@ > jndiRealm.exception=Exception performing authentication > jndiRealm.exception.retry=Exception performing authentication. Retrying... > jndiRealm.open=Exception opening directory server connection >+mappingRealm.fileNotExists=Realm mapping file {0} does not exist. No security role will be available >+mappingRealm.invalidMapping=Invalid syntax in mapping [{0}] >+mappingRealm.loadFailed=Could not Realm mapping file {0} >+mappingRealm.loadOK=Loaded Realm mapping file {0} >+mappingRealm.loadRoleMappings=Load role mappings from configuration, ignore {0} >+mappingRealm.mapped=Mapped application security role [{0}] to realm security role [{1}] > memoryRealm.authenticateFailure=Username {0} NOT successfully authenticated > memoryRealm.authenticateSuccess=Username {0} successfully authenticated > memoryRealm.loadExist=Memory database file {0} cannot be read >Index: java/org/apache/catalina/realm/MappingRealm.java >=================================================================== >--- java/org/apache/catalina/realm/MappingRealm.java (Revision 0) >+++ java/org/apache/catalina/realm/MappingRealm.java (Arbeitskopie) >@@ -0,0 +1,273 @@ >+/* >+ * Licensed to the Apache Software Foundation (ASF) under one or more >+ * contributor license agreements. See the NOTICE file distributed with >+ * this work for additional information regarding copyright ownership. >+ * The ASF licenses this file to You under the Apache License, Version 2.0 >+ * (the "License"); you may not use this file except in compliance with >+ * the License. You may obtain a copy of the License at >+ * >+ * http://www.apache.org/licenses/LICENSE-2.0 >+ * >+ * Unless required by applicable law or agreed to in writing, software >+ * distributed under the License is distributed on an "AS IS" BASIS, >+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. >+ * See the License for the specific language governing permissions and >+ * limitations under the License. >+ */ >+ >+package org.apache.catalina.realm; >+ >+import java.security.Principal; >+import java.util.Properties; >+import java.io.IOException; >+import java.io.File; >+import java.io.FileInputStream; >+ >+import org.apache.catalina.Globals; >+import org.apache.catalina.Wrapper; >+import org.apache.catalina.LifecycleException; >+import org.apache.juli.logging.Log; >+import org.apache.juli.logging.LogFactory; >+ >+/** >+ */ >+ >+public class MappingRealm extends CombinedRealm { >+ >+ private static final Log log = LogFactory.getLog(MappingRealm.class); >+ >+ >+ // ----------------------------------------------------- Instance Variables >+ >+ /** >+ * Internal security role translation >+ */ >+ protected Properties mapping = null; >+ >+ /** >+ * Filename to load mapping from >+ * Format is <code>application-security-role=inner-realm-security-role</code> >+ */ >+ protected String pathname = "conf/mapping.properties"; >+ >+ /* >+ * Symbol or string used as assignment operator when using roleMappings >+ * Default: = >+ */ >+ protected String assignment = "="; >+ >+ /* >+ * Symbol or string used as separator between different assignments when using roleMappings >+ * Default: ; >+ */ >+ protected String separator = ";"; >+ >+ /** >+ * String with role mappings. If this is set the properties file is ignored >+ */ >+ protected String roleMappings = null; >+ >+ /** >+ * Descriptive information about this Realm implementation. >+ */ >+ protected static final String info = >+ "org.apache.catalina.realm.MappingRealm/1.0"; >+ >+ /** >+ * Descriptive information about this Realm implementation. >+ */ >+ protected static final String name = "MappingRealm"; >+ >+ /** >+ * Return descriptive information about this Realm implementation and >+ * the corresponding version number, in the format >+ * <code><description>/<version></code>. >+ */ >+ @Override >+ public String getInfo() { >+ >+ return info; >+ >+ } >+ >+ /** >+ * Return a short name for this Realm implementation. >+ */ >+ @Override >+ protected String getName() { >+ >+ return (name); >+ >+ } >+ >+ /** >+ * Get assignment string >+ */ >+ public String getAssignment() { >+ return assignment; >+ } >+ >+ /** >+ * Set assignment string >+ */ >+ public void setAssignment(String assignment) { >+ this.assignment=assignment; >+ } >+ >+ /** >+ * Get separator string >+ */ >+ public String getSeparator() { >+ return separator; >+ } >+ >+ /** >+ * Set separator string >+ */ >+ public void setSeparator(String separator) { >+ this.separator=separator; >+ } >+ >+ /** >+ * Get mapping rule string >+ */ >+ public String getRoleMappings() { >+ return roleMappings; >+ } >+ >+ /** >+ * Set separator string >+ */ >+ public void setRoleMappings(String roleMappings) { >+ this.roleMappings=roleMappings; >+ } >+ >+ /** >+ * Get pathname of mapping properties files >+ */ >+ public String getPathname() { >+ return pathname; >+ } >+ >+ /** >+ * Set pathname for properties file to load >+ */ >+ public void setPathname(String pathname) { >+ this.pathname = pathname; >+ } >+ >+ // ---------------------------------------------------------- Realm Methods >+ >+ /** >+ * Return <code>true</code> if the specified Principal has the specified >+ * security role, within the context of this Realm; otherwise return >+ * <code>false</code>. This method can be overridden by Realm >+ * implementations, but the default is adequate when an instance of >+ * <code>GenericPrincipal</code> is used to represent authenticated >+ * Principals from this Realm. >+ * >+ * @param principal Principal for whom the role is to be checked >+ * @param role Security role to be checked >+ */ >+ @Override >+ public boolean hasRole(Wrapper wrapper, Principal principal, String role) { >+ >+ // Copied from GenericPrincipal >+ if("*".equals(role)) { // Special 2.4 role meaning everyone >+ return true; >+ } >+ if (role == null) { >+ return (false); >+ } >+ >+ String mappedRole = mapping.getProperty(role); >+ >+ if((mappedRole != null) && super.hasRole(wrapper, principal, mappedRole)) { >+ if (log.isDebugEnabled()) { >+ log.debug(sm.getString("mappingRealm.mapped", role, mappedRole)); >+ } >+ return true; >+ } else { >+ return false; >+ } >+ } >+ >+ >+ // ------------------------------------------------------ Lifecycle Methods >+ >+ >+ /** >+ * Prepare for the beginning of active use of the public methods of this >+ * component and implement the requirements of >+ * {@link org.apache.catalina.util.LifecycleBase#startInternal()}. >+ * >+ * @exception LifecycleException if this component detects a fatal error >+ * that prevents this component from being used >+ */ >+ @Override >+ protected void startInternal() throws LifecycleException { >+ >+ mapping = new Properties(); >+ >+ if (roleMappings != null) { >+ log.info(sm.getString("mappingRealm.loadRoleMappings",pathname)); >+ for (String entry : roleMappings.split(separator)) { >+ String[] kv = entry.split(assignment, 2); >+ if (kv.length == 2) { >+ mapping.setProperty(kv[0], kv[1]); >+ } else { >+ log.error(sm.getString("mappingRealm.invalidMapping",entry)); >+ } >+ } >+ } else { >+ File file = new File(pathname); >+ if (!file.isAbsolute()) { >+ file = new File(System.getProperty(Globals.CATALINA_BASE_PROP), >+ pathname); >+ } >+ if (file.exists()) { >+ FileInputStream fis = null; >+ try { >+ fis = new FileInputStream(file); >+ mapping.load(fis); >+ log.info(sm.getString("mappingRealm.loadOK", pathname)); >+ } catch (IOException ioe) { >+ log.error(sm.getString("mappingRealm.loadFailed", pathname)); >+ } finally { >+ if (fis != null) { >+ try { >+ fis.close(); >+ } catch (IOException ioe) { >+ // Ignore >+ } >+ } >+ } >+ } else { >+ log.error(sm.getString("mappingRealm.fileNotExists", pathname)); >+ } >+ } >+ >+ super.startInternal(); >+ } >+ >+ >+ /** >+ * Gracefully terminate the active use of the public methods of this >+ * component and implement the requirements of >+ * {@link org.apache.catalina.util.LifecycleBase#stopInternal()}. >+ * >+ * @exception LifecycleException if this component detects a fatal error >+ * that needs to be reported >+ */ >+ @Override >+ protected void stopInternal() throws LifecycleException { >+ >+ // Perform normal superclass finalization >+ super.stopInternal(); >+ >+ // Release mappings >+ mapping = null; >+ roleMappings = null; >+ } >+} >+
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=30788">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 55477
:
30759
|
30788
|
30805