Mantis Bugtracker
  

Viewing Issue Advanced Details Jump to Notes ] View Simple ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0000995 [Resin] minor always 03-17-06 08:05 04-03-06 15:11
Reporter anonymous View Status public  
Assigned To ferg
Priority normal Resolution fixed Platform
Status closed   OS
Projection none   OS Version
ETA none Fixed in Version 3.0.19 Product Version 3.0.18
  Product Build
Summary 0000995: Jaas authenticator isUserInRole() not implemented
Description in the class com.caucho.server.security.JaasAutenticator


the method isUserInRole() always returns true. We propose this instead:




    public boolean isUserInRole(HttpServletRequest request, HttpServletResponse response,
                                ServletContext application, Principal principal, String role)
                                throws ServletException {
        try {
            Class userPrincipal = Class.forName((String) _options.get("userPrincipal"));
            if (principal != null && userPrincipal != null) {
                Method method = userPrincipal.getMethod("getRoles", new Class[] {}); // java.lang.reflect.Method
                Set roles = (Set) method.invoke(principal, new Object[] {});
                for (Iterator it = roles.iterator(); it.hasNext();) {
                    Principal rolePrincipal = (Principal) it.next();
                    if (role != null && role.equals(rolePrincipal.getName())) {
                        return true;
                    }
                }
            }
        } catch (Exception e) {
            log.log(Level.WARNING, e.toString(), e);
        }
        return false;
    }

// ------------------------------
-------




Having setters and getters for each and every one of the <init-param> values in the configuration for this type of authentication (I will attach an example) is very important (and not very well documented).
For example a method getRoles() returns a Set with all roles assigned to Mainrole would look like this:



public class DBUserMainrole implements UserMainrole {
    private String _name;
    private Set roles = new HashSet();
  
    public DBUserMainrole() { }
  
    public DBUserMainrole(String name) {
        this._name = name;
    }
  
    public boolean equals(Object another) {
        if (another == null)
            return false;
      
        if (this == another)
            return true;
      
        if (another instanceof DBUserMainrole) {
            if (((DBUserMainrole) another).getName().equals(_name))
                return true;
            else
                return false;
        } else
            return false;
    }
  
    public String toString() {
        String result = "DBUserMainrole: " + _name + "( ";
        String separator = "";
        for ( Iterator it = roles.iterator(); it.hasNext(); ) {
            result += separator + ((Mainrole)it.next()).getName();
            separator = ", ";
        }
        return result + " )";
    }
  
    public int hashCode() {
        return _name.hashCode();
    }
  
    public String getName() {
        return _name;
    }
  
    public void addRole(Mainrole role){
        roles.add(role);
    }
  
    public Set getRoles(){
        return roles;
    }
}

Steps To Reproduce
Additional Information An example of implementing it would be:

resin.conf:


                <authenticator>
                        <type>com.caucho.server.security.JaasAuthenticator</type>
                        <init>
                                <login-module>org.sapian.aaa.jaas.db.LoginModule</login-module>
                                <password-digest>none</password-digest>
                                <init-param>
                                        <debug>true</debug>
                                </init-param>
                                <init-param>
                                        <userPrincipal>org.sapian.aaa.jaas.roles.DBUserMainrole</userPrincipal>
                                </init-param>
                                <init-param>
                                        <pw_encoding_class>com.examplel.LoginModuleMD5Encoder</pw_encoding_class>
                                </init-param>
                                <init-param>
                                        <jdbcUrl>jdbc:postgresql://databaseserver:5432/databasename</jdbcUrl> [^]
                                </init-param>
                                <init-param>
                                        <jdbcDriver>org.postgresql.Driver</jdbcDriver>
                                </init-param>
                                <init-param>
                                        <db_schema>databaseuser</db_schema>
                                </init-param>
                                <init-param>
                                        <db_schema_pw>databasepass</db_schema_pw>
                                </init-param>
                                <init-param>
                                        <user_table>users</user_table>
                                </init-param>
                                <init-param>
                                        <roles_table>rolesperuser</roles_table>
                                </init-param>
                                <init-param>
                                        <username_column>username</username_column>
                                </init-param>
                                <init-param>
                                        <password_column>password</password_column>
                                </init-param>
                                <init-param>
                                        <roles_column>userrole</roles_column>
                                </init-param>
                                <init-param>
                                        <user_pk_column>userid</user_pk_column>
                                </init-param>
                                <init-param>
                                        <roles_fk_column>username</roles_fk_column>
                                </init-param>
                        </init>
                </authenticator>
Attached Files

- Relationships

- Notes
(0000997)
ferg
04-03-06 15:11

server/1a04
 

- Issue History
Date Modified Username Field Change
03-17-06 08:05 anonymous New Issue
03-27-06 08:06 vsaldarriaga Issue Monitored: vsaldarriaga
04-03-06 15:11 ferg Note Added: 0000997
04-03-06 15:11 ferg Assigned To  => ferg
04-03-06 15:11 ferg Status new => closed
04-03-06 15:11 ferg Resolution open => fixed
04-03-06 15:11 ferg Fixed in Version  => 3.0.19


Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
30 total queries executed.
26 unique queries executed.
Powered by Mantis Bugtracker