| Anonymous | Login | Signup for a new account | 04-17-2024 19:01 PDT |
| Main | My View | View Issues | Change Log | Docs |
| Viewing Issue Simple Details [ Jump to Notes ] | [ View Advanced ] [ Issue History ] [ Print ] | ||||||||
| ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||||
| 0000995 | [Resin] | minor | always | 03-17-06 08:05 | 04-03-06 15:11 | ||||
| Reporter | anonymous | View Status | public | ||||||
| Assigned To | ferg | ||||||||
| Priority | normal | Resolution | fixed | ||||||
| Status | closed | Product Version | 3.0.18 | ||||||
| Summary | 0000995: Jaas authenticator isUserInRole() not implemented | ||||||||
| Description |
in the class com.caucho.server.security.JaasAutenticator the method isUserInRole() always returns true. We propose this instead: public boolean isUserInRole(HttpServletRequest request, HttpServletResponse response, ServletContext application, Principal principal, String role) throws ServletException { try { Class userPrincipal = Class.forName((String) _options.get("userPrincipal")); if (principal != null && userPrincipal != null) { Method method = userPrincipal.getMethod("getRoles", new Class[] {}); // java.lang.reflect.Method Set roles = (Set) method.invoke(principal, new Object[] {}); for (Iterator it = roles.iterator(); it.hasNext();) { Principal rolePrincipal = (Principal) it.next(); if (role != null && role.equals(rolePrincipal.getName())) { return true; } } } } catch (Exception e) { log.log(Level.WARNING, e.toString(), e); } return false; } // ------------------------------ ------- Having setters and getters for each and every one of the <init-param> values in the configuration for this type of authentication (I will attach an example) is very important (and not very well documented). For example a method getRoles() returns a Set with all roles assigned to Mainrole would look like this: public class DBUserMainrole implements UserMainrole { private String _name; private Set roles = new HashSet(); public DBUserMainrole() { } public DBUserMainrole(String name) { this._name = name; } public boolean equals(Object another) { if (another == null) return false; if (this == another) return true; if (another instanceof DBUserMainrole) { if (((DBUserMainrole) another).getName().equals(_name)) return true; else return false; } else return false; } public String toString() { String result = "DBUserMainrole: " + _name + "( "; String separator = ""; for ( Iterator it = roles.iterator(); it.hasNext(); ) { result += separator + ((Mainrole)it.next()).getName(); separator = ", "; } return result + " )"; } public int hashCode() { return _name.hashCode(); } public String getName() { return _name; } public void addRole(Mainrole role){ roles.add(role); } public Set getRoles(){ return roles; } } |
||||||||
| Additional Information |
An example of implementing it would be: resin.conf: <authenticator> <type>com.caucho.server.security.JaasAuthenticator</type> <init> <login-module>org.sapian.aaa.jaas.db.LoginModule</login-module> <password-digest>none</password-digest> <init-param> <debug>true</debug> </init-param> <init-param> <userPrincipal>org.sapian.aaa.jaas.roles.DBUserMainrole</userPrincipal> </init-param> <init-param> <pw_encoding_class>com.examplel.LoginModuleMD5Encoder</pw_encoding_class> </init-param> <init-param> <jdbcUrl>jdbc:postgresql://databaseserver:5432/databasename</jdbcUrl> [^] </init-param> <init-param> <jdbcDriver>org.postgresql.Driver</jdbcDriver> </init-param> <init-param> <db_schema>databaseuser</db_schema> </init-param> <init-param> <db_schema_pw>databasepass</db_schema_pw> </init-param> <init-param> <user_table>users</user_table> </init-param> <init-param> <roles_table>rolesperuser</roles_table> </init-param> <init-param> <username_column>username</username_column> </init-param> <init-param> <password_column>password</password_column> </init-param> <init-param> <roles_column>userrole</roles_column> </init-param> <init-param> <user_pk_column>userid</user_pk_column> </init-param> <init-param> <roles_fk_column>username</roles_fk_column> </init-param> </init> </authenticator> |
||||||||
| Attached Files | |||||||||
|
|
|||||||||
 Relationships |
|
|
Notes |
|
|
(0000997) ferg 04-03-06 15:11 |
server/1a04 |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 03-17-06 08:05 | anonymous | New Issue | |
| 03-27-06 08:06 | vsaldarriaga | Issue Monitored: vsaldarriaga | |
| 04-03-06 15:11 | ferg | Note Added: 0000997 | |
| 04-03-06 15:11 | ferg | Assigned To | => ferg |
| 04-03-06 15:11 | ferg | Status | new => closed |
| 04-03-06 15:11 | ferg | Resolution | open => fixed |
| 04-03-06 15:11 | ferg | Fixed in Version | => 3.0.19 |
| Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
30 total queries executed. 26 unique queries executed. |  |
