Mantis - Resin
Viewing Issue Advanced Details
995 minor always 03-17-06 08:05 04-03-06 15:11
anonymous  
ferg  
normal  
closed 3.0.18  
fixed  
none    
none 3.0.19  
0000995: Jaas authenticator isUserInRole() not implemented
in the class com.caucho.server.security.JaasAutenticator


the method isUserInRole() always returns true. We propose this instead:




    public boolean isUserInRole(HttpServletRequest request, HttpServletResponse response,
                                ServletContext application, Principal principal, String role)
                                throws ServletException {
        try {
            Class userPrincipal = Class.forName((String) _options.get("userPrincipal"));
            if (principal != null && userPrincipal != null) {
                Method method = userPrincipal.getMethod("getRoles", new Class[] {}); // java.lang.reflect.Method
                Set roles = (Set) method.invoke(principal, new Object[] {});
                for (Iterator it = roles.iterator(); it.hasNext();) {
                    Principal rolePrincipal = (Principal) it.next();
                    if (role != null && role.equals(rolePrincipal.getName())) {
                        return true;
                    }
                }
            }
        } catch (Exception e) {
            log.log(Level.WARNING, e.toString(), e);
        }
        return false;
    }

// ------------------------------
-------




Having setters and getters for each and every one of the <init-param> values in the configuration for this type of authentication (I will attach an example) is very important (and not very well documented).
For example a method getRoles() returns a Set with all roles assigned to Mainrole would look like this:



public class DBUserMainrole implements UserMainrole {
    private String _name;
    private Set roles = new HashSet();
  
    public DBUserMainrole() { }
  
    public DBUserMainrole(String name) {
        this._name = name;
    }
  
    public boolean equals(Object another) {
        if (another == null)
            return false;
      
        if (this == another)
            return true;
      
        if (another instanceof DBUserMainrole) {
            if (((DBUserMainrole) another).getName().equals(_name))
                return true;
            else
                return false;
        } else
            return false;
    }
  
    public String toString() {
        String result = "DBUserMainrole: " + _name + "( ";
        String separator = "";
        for ( Iterator it = roles.iterator(); it.hasNext(); ) {
            result += separator + ((Mainrole)it.next()).getName();
            separator = ", ";
        }
        return result + " )";
    }
  
    public int hashCode() {
        return _name.hashCode();
    }
  
    public String getName() {
        return _name;
    }
  
    public void addRole(Mainrole role){
        roles.add(role);
    }
  
    public Set getRoles(){
        return roles;
    }
}

An example of implementing it would be:

resin.conf:


                <authenticator>
                        <type>com.caucho.server.security.JaasAuthenticator</type>
                        <init>
                                <login-module>org.sapian.aaa.jaas.db.LoginModule</login-module>
                                <password-digest>none</password-digest>
                                <init-param>
                                        <debug>true</debug>
                                </init-param>
                                <init-param>
                                        <userPrincipal>org.sapian.aaa.jaas.roles.DBUserMainrole</userPrincipal>
                                </init-param>
                                <init-param>
                                        <pw_encoding_class>com.examplel.LoginModuleMD5Encoder</pw_encoding_class>
                                </init-param>
                                <init-param>
                                        <jdbcUrl>jdbc:postgresql://databaseserver:5432/databasename</jdbcUrl> [^]
                                </init-param>
                                <init-param>
                                        <jdbcDriver>org.postgresql.Driver</jdbcDriver>
                                </init-param>
                                <init-param>
                                        <db_schema>databaseuser</db_schema>
                                </init-param>
                                <init-param>
                                        <db_schema_pw>databasepass</db_schema_pw>
                                </init-param>
                                <init-param>
                                        <user_table>users</user_table>
                                </init-param>
                                <init-param>
                                        <roles_table>rolesperuser</roles_table>
                                </init-param>
                                <init-param>
                                        <username_column>username</username_column>
                                </init-param>
                                <init-param>
                                        <password_column>password</password_column>
                                </init-param>
                                <init-param>
                                        <roles_column>userrole</roles_column>
                                </init-param>
                                <init-param>
                                        <user_pk_column>userid</user_pk_column>
                                </init-param>
                                <init-param>
                                        <roles_fk_column>username</roles_fk_column>
                                </init-param>
                        </init>
                </authenticator>

Notes
(0000997)
ferg   
04-03-06 15:11   
server/1a04