Attachment #37434 for bug #64715

View | Details | Raw Unified | Return to bug 64715
Collapse All | Expand All




import org.apache.catalina.Session;
import org.apache.catalina.TomcatPrincipal;
import org.apache.catalina.Valve;
import org.apache.catalina.authenticator.jaspic.CallbackHandlerImpl;
import org.apache.catalina.authenticator.jaspic.MessageInfoImpl;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;

     * default {@link org.apache.catalina.authenticator.jaspic.CallbackHandlerImpl}
     * will be used.
     */
    protected String jaspicCallbackHandlerClass = "org.apache.catalina.authenticator.jaspic.CallbackHandlerImpl";

    /**
     * Should the auth information (remote user and auth type) be returned as response


    private volatile String jaspicAppContextID = null;
    private volatile Optional<AuthConfigProvider> jaspicProvider = null;
    private volatile CallbackHandler jaspicCallbackHandler = null;


    // ------------------------------------------------------------- Properties

                new MessageInfoImpl(request.getRequest(), response.getResponse(), authMandatory);

        try {
            CallbackHandler callbackHandler = getCallbackHandler();
            ServerAuthConfig serverAuthConfig = jaspicProvider.getServerAuthConfig(
                    "HttpServlet", jaspicAppContextID, callbackHandler);
            String authContextID = serverAuthConfig.getAuthContextID(jaspicState.messageInfo);

        return jaspicState;
    }

    private CallbackHandler getCallbackHandler() {
        CallbackHandler handler = jaspicCallbackHandler;
        if (handler == null) {
            handler = createCallbackHandler();
        }
        return handler;
    }
    
    private CallbackHandler createCallbackHandler() {
        CallbackHandler callbackHandler = null;
        Class<?> clazz = null;
        try {
            clazz = Class.forName(jaspicCallbackHandlerClass, true,
                    Thread.currentThread().getContextClassLoader());
        } catch (ClassNotFoundException e) {
            // Proceed with the retry below
                        Thread.currentThread().getContextClassLoader());
            } catch (ClassNotFoundException e) {
                // Proceed with the retry below
            }

            try {
                if (clazz == null) {
                    clazz = Class.forName(jaspicCallbackHandlerClass);
                }
                callbackHandler = (CallbackHandler)clazz.getConstructor().newInstance();
            } catch (ReflectiveOperationException e) {
                throw new SecurityException(e);
            }
        }

        try {
            if (clazz == null) {
                clazz = Class.forName(jaspicCallbackHandlerClass);
            }
            try {
                callbackHandler = (CallbackHandler) clazz.getConstructor(Context.class)
                        .newInstance();
            } catch (NoSuchMethodException e) {
                // No constructor with context parameter found - use no argument constructor
                callbackHandler = (CallbackHandler) clazz.getConstructor().newInstance();
            }
        } catch (ReflectiveOperationException e) {
            throw new SecurityException(e);
        }

        jaspicCallbackHandler = callbackHandler;
        return callbackHandler;
    }


                ServerAuthContext serverAuthContext;
                try {
                    ServerAuthConfig serverAuthConfig = provider.getServerAuthConfig("HttpServlet",
                            jaspicAppContextID, getCallbackHandler());
                    String authContextID = serverAuthConfig.getAuthContextID(messageInfo);
                    serverAuthContext = serverAuthConfig.getAuthContext(authContextID, null, null);
                    serverAuthContext.cleanSubject(messageInfo, client);





import jakarta.security.auth.message.callback.CallerPrincipalCallback;
import jakarta.security.auth.message.callback.GroupPrincipalCallback;
import jakarta.security.auth.message.callback.PasswordValidationCallback;

import org.apache.catalina.Context;
import org.apache.catalina.realm.GenericPrincipal;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;

 */
public class CallbackHandlerImpl implements CallbackHandler {

    private final Log log = LogFactory.getLog(CallbackHandlerImpl.class); // must not be static

    protected static final StringManager sm = StringManager.getManager(CallbackHandlerImpl.class);

    protected final Context context;


    public  CallbackHandlerImpl(Context context) {
        this.context = context;
    }


    public static CallbackHandler getInstance() {
        return instance;
    }


    private  CallbackHandlerImpl() {
        // Hide default constructor
    }



                } else if (callback instanceof GroupPrincipalCallback) {
                    GroupPrincipalCallback gpc = (GroupPrincipalCallback) callback;
                    groups = gpc.getGroups();
                } else if (callback instanceof PasswordValidationCallback) {
                    if (context.getRealm() == null) {
                        log.warn(sm.getString("callbackHandlerImpl.realmMissing",
                                callback.getClass().getName(), context.getName()));
                    } else {
                        PasswordValidationCallback pvc = (PasswordValidationCallback) callback;
                        principal = context.getRealm().authenticate(pvc.getUsername(),
                                String.valueOf(pvc.getPassword()));
                    }
                } else {
                    // This is a singleton so need to get correct Logger for
                    // current TCCL
                    Log log = LogFactory.getLog(CallbackHandlerImpl.class);
                    log.error(sm.getString("callbackHandlerImpl.jaspicCallbackMissing",
                            callback.getClass().getName()));
                }

Lines 20-25 Link Here

(-)a/java/org/apache/catalina/authenticator/jaspic/LocalStrings.properties (+1 lines)
20	authConfigFactoryImpl.zeroLengthMessageLayer=A zero length message layer name is not valid	20	authConfigFactoryImpl.zeroLengthMessageLayer=A zero length message layer name is not valid
21		21
22	callbackHandlerImpl.jaspicCallbackMissing=Unsupported JASPIC callback of type [{0}] received which was ignored	22	callbackHandlerImpl.jaspicCallbackMissing=Unsupported JASPIC callback of type [{0}] received which was ignored
		23	callbackHandlerImpl.realmMissing=Missing realm for callback of type [{0}] in context [{1}] which was ignored
23		24
24	jaspicAuthenticator.authenticate=Authenticating request for [{0}] via JASPIC	25	jaspicAuthenticator.authenticate=Authenticating request for [{0}] via JASPIC
25		26

Return to bug 64715

Lines 51-57 Link Here

(-)a/java/org/apache/catalina/authenticator/AuthenticatorBase.java (-23 / +34 lines)
51	import org.apache.catalina.Session;	51	import org.apache.catalina.Session;
52	import org.apache.catalina.TomcatPrincipal;	52	import org.apache.catalina.TomcatPrincipal;
53	import org.apache.catalina.Valve;	53	import org.apache.catalina.Valve;
54	import org.apache.catalina.authenticator.jaspic.CallbackHandlerImpl;
55	import org.apache.catalina.authenticator.jaspic.MessageInfoImpl;	54	import org.apache.catalina.authenticator.jaspic.MessageInfoImpl;
56	import org.apache.catalina.connector.Request;	55	import org.apache.catalina.connector.Request;
57	import org.apache.catalina.connector.Response;	56	import org.apache.catalina.connector.Response;
Lines 220-226 Link Here
220	* default {@link org.apache.catalina.authenticator.jaspic.CallbackHandlerImpl}	219	* default {@link org.apache.catalina.authenticator.jaspic.CallbackHandlerImpl}
221	* will be used.	220	* will be used.
222	*/	221	*/
223	protected String jaspicCallbackHandlerClass = null;	222	protected String jaspicCallbackHandlerClass = "org.apache.catalina.authenticator.jaspic.CallbackHandlerImpl";
224		223
225	/**	224	/**
226	* Should the auth information (remote user and auth type) be returned as response	225	* Should the auth information (remote user and auth type) be returned as response
Lines 247-252 Link Here
247		246
248	private volatile String jaspicAppContextID = null;	247	private volatile String jaspicAppContextID = null;
249	private volatile Optional<AuthConfigProvider> jaspicProvider = null;	248	private volatile Optional<AuthConfigProvider> jaspicProvider = null;
		249	private volatile CallbackHandler jaspicCallbackHandler = null;
250		250
251		251
252	// ------------------------------------------------------------- Properties	252	// ------------------------------------------------------------- Properties
Lines 773-779 Link Here
773	new MessageInfoImpl(request.getRequest(), response.getResponse(), authMandatory);	773	new MessageInfoImpl(request.getRequest(), response.getResponse(), authMandatory);
774		774
775	try {	775	try {
776	CallbackHandler callbackHandler = createCallbackHandler();	776	CallbackHandler callbackHandler = getCallbackHandler();
777	ServerAuthConfig serverAuthConfig = jaspicProvider.getServerAuthConfig(	777	ServerAuthConfig serverAuthConfig = jaspicProvider.getServerAuthConfig(
778	"HttpServlet", jaspicAppContextID, callbackHandler);	778	"HttpServlet", jaspicAppContextID, callbackHandler);
779	String authContextID = serverAuthConfig.getAuthContextID(jaspicState.messageInfo);	779	String authContextID = serverAuthConfig.getAuthContextID(jaspicState.messageInfo);
Lines 787-815 Link Here
787	return jaspicState;	787	return jaspicState;
788	}	788	}
789		789
		790	private CallbackHandler getCallbackHandler() {
		791	CallbackHandler handler = jaspicCallbackHandler;
		792	if (handler == null) {
		793	handler = createCallbackHandler();
		794	}
		795	return handler;
		796	}
		797
790	private CallbackHandler createCallbackHandler() {	798	private CallbackHandler createCallbackHandler() {
791	CallbackHandler callbackHandler = null;	799	CallbackHandler callbackHandler = null;
792	if (jaspicCallbackHandlerClass == null) {	800	Class<?> clazz = null;
793	callbackHandler = CallbackHandlerImpl.getInstance();	801	try {
794	} else {	802	clazz = Class.forName(jaspicCallbackHandlerClass, true,
795	Class<?> clazz = null;	803	Thread.currentThread().getContextClassLoader());
796	try {	804	} catch (ClassNotFoundException e) {
797	clazz = Class.forName(jaspicCallbackHandlerClass, true,	805	// Proceed with the retry below
798	Thread.currentThread().getContextClassLoader());
799	} catch (ClassNotFoundException e) {
800	// Proceed with the retry below
801	}
802
803	try {
804	if (clazz == null) {
805	clazz = Class.forName(jaspicCallbackHandlerClass);
806	}
807	callbackHandler = (CallbackHandler)clazz.getConstructor().newInstance();
808	} catch (ReflectiveOperationException e) {
809	throw new SecurityException(e);
810	}
811	}	806	}
812		807
		808	try {
		809	if (clazz == null) {
		810	clazz = Class.forName(jaspicCallbackHandlerClass);
		811	}
		812	try {
		813	callbackHandler = (CallbackHandler) clazz.getConstructor(Context.class)
		814	.newInstance();
		815	} catch (NoSuchMethodException e) {
		816	// No constructor with context parameter found - use no argument constructor
		817	callbackHandler = (CallbackHandler) clazz.getConstructor().newInstance();
		818	}
		819	} catch (ReflectiveOperationException e) {
		820	throw new SecurityException(e);
		821	}
		822
		823	jaspicCallbackHandler = callbackHandler;
813	return callbackHandler;	824	return callbackHandler;
814	}	825	}
815		826
Lines 1284-1290 Link Here
1284	ServerAuthContext serverAuthContext;	1295	ServerAuthContext serverAuthContext;
1285	try {	1296	try {
1286	ServerAuthConfig serverAuthConfig = provider.getServerAuthConfig("HttpServlet",	1297	ServerAuthConfig serverAuthConfig = provider.getServerAuthConfig("HttpServlet",
1287	jaspicAppContextID, CallbackHandlerImpl.getInstance());	1298	jaspicAppContextID, getCallbackHandler());
1288	String authContextID = serverAuthConfig.getAuthContextID(messageInfo);	1299	String authContextID = serverAuthConfig.getAuthContextID(messageInfo);
1289	serverAuthContext = serverAuthConfig.getAuthContext(authContextID, null, null);	1300	serverAuthContext = serverAuthConfig.getAuthContext(authContextID, null, null);
1290	serverAuthContext.cleanSubject(messageInfo, client);	1301	serverAuthContext.cleanSubject(messageInfo, client);

Lines 29-35 Link Here

(-)a/java/org/apache/catalina/authenticator/jaspic/CallbackHandlerImpl.java (-17 / +17 lines)
29		29
30	import jakarta.security.auth.message.callback.CallerPrincipalCallback;	30	import jakarta.security.auth.message.callback.CallerPrincipalCallback;
31	import jakarta.security.auth.message.callback.GroupPrincipalCallback;	31	import jakarta.security.auth.message.callback.GroupPrincipalCallback;
		32	import jakarta.security.auth.message.callback.PasswordValidationCallback;
32		33
		34	import org.apache.catalina.Context;
33	import org.apache.catalina.realm.GenericPrincipal;	35	import org.apache.catalina.realm.GenericPrincipal;
34	import org.apache.juli.logging.Log;	36	import org.apache.juli.logging.Log;
35	import org.apache.juli.logging.LogFactory;	37	import org.apache.juli.logging.LogFactory;
Lines 40-62 Link Here
40	*/	42	*/
41	public class CallbackHandlerImpl implements CallbackHandler {	43	public class CallbackHandlerImpl implements CallbackHandler {
42		44
43	private static final StringManager sm = StringManager.getManager(CallbackHandlerImpl.class);	45	private final Log log = LogFactory.getLog(CallbackHandlerImpl.class); // must not be static
44		46
45	private static CallbackHandler instance;	47	protected static final StringManager sm = StringManager.getManager(CallbackHandlerImpl.class);
		48
		49	protected final Context context;
46		50
47		51
48	static {	52	public CallbackHandlerImpl(Context context) {
49	instance = new CallbackHandlerImpl();	53	this.context = context;
50	}
51
52
53	public static CallbackHandler getInstance() {
54	return instance;
55	}
56
57
58	private CallbackHandlerImpl() {
59	// Hide default constructor
60	}	54	}
61		55
62		56
Lines 81-90 Link Here
81	} else if (callback instanceof GroupPrincipalCallback) {	75	} else if (callback instanceof GroupPrincipalCallback) {
82	GroupPrincipalCallback gpc = (GroupPrincipalCallback) callback;	76	GroupPrincipalCallback gpc = (GroupPrincipalCallback) callback;
83	groups = gpc.getGroups();	77	groups = gpc.getGroups();
		78	} else if (callback instanceof PasswordValidationCallback) {
		79	if (context.getRealm() == null) {
		80	log.warn(sm.getString("callbackHandlerImpl.realmMissing",
		81	callback.getClass().getName(), context.getName()));
		82	} else {
		83	PasswordValidationCallback pvc = (PasswordValidationCallback) callback;
		84	principal = context.getRealm().authenticate(pvc.getUsername(),
		85	String.valueOf(pvc.getPassword()));
		86	}
84	} else {	87	} else {
85	// This is a singleton so need to get correct Logger for
86	// current TCCL
87	Log log = LogFactory.getLog(CallbackHandlerImpl.class);
88	log.error(sm.getString("callbackHandlerImpl.jaspicCallbackMissing",	88	log.error(sm.getString("callbackHandlerImpl.jaspicCallbackMissing",
89	callback.getClass().getName()));	89	callback.getClass().getName()));
90	}	90	}