Mantis - Resin
|
|||||
Viewing Issue Advanced Details | |||||
|
|||||
ID: | Category: | Severity: | Reproducibility: | Date Submitted: | Last Update: |
995 | minor | always | 03-17-06 08:05 | 04-03-06 15:11 | |
|
|||||
Reporter: | anonymous | Platform: | |||
Assigned To: | ferg | OS: | |||
Priority: | normal | OS Version: | |||
Status: | closed | Product Version: | 3.0.18 | ||
Product Build: | Resolution: | fixed | |||
Projection: | none | ||||
ETA: | none | Fixed in Version: | 3.0.19 | ||
|
|||||
Summary: | 0000995: Jaas authenticator isUserInRole() not implemented | ||||
Description: |
in the class com.caucho.server.security.JaasAutenticator the method isUserInRole() always returns true. We propose this instead: public boolean isUserInRole(HttpServletRequest request, HttpServletResponse response, ServletContext application, Principal principal, String role) throws ServletException { try { Class userPrincipal = Class.forName((String) _options.get("userPrincipal")); if (principal != null && userPrincipal != null) { Method method = userPrincipal.getMethod("getRoles", new Class[] {}); // java.lang.reflect.Method Set roles = (Set) method.invoke(principal, new Object[] {}); for (Iterator it = roles.iterator(); it.hasNext();) { Principal rolePrincipal = (Principal) it.next(); if (role != null && role.equals(rolePrincipal.getName())) { return true; } } } } catch (Exception e) { log.log(Level.WARNING, e.toString(), e); } return false; } // ------------------------------ ------- Having setters and getters for each and every one of the <init-param> values in the configuration for this type of authentication (I will attach an example) is very important (and not very well documented). For example a method getRoles() returns a Set with all roles assigned to Mainrole would look like this: public class DBUserMainrole implements UserMainrole { private String _name; private Set roles = new HashSet(); public DBUserMainrole() { } public DBUserMainrole(String name) { this._name = name; } public boolean equals(Object another) { if (another == null) return false; if (this == another) return true; if (another instanceof DBUserMainrole) { if (((DBUserMainrole) another).getName().equals(_name)) return true; else return false; } else return false; } public String toString() { String result = "DBUserMainrole: " + _name + "( "; String separator = ""; for ( Iterator it = roles.iterator(); it.hasNext(); ) { result += separator + ((Mainrole)it.next()).getName(); separator = ", "; } return result + " )"; } public int hashCode() { return _name.hashCode(); } public String getName() { return _name; } public void addRole(Mainrole role){ roles.add(role); } public Set getRoles(){ return roles; } } |
||||
Steps To Reproduce: | |||||
Additional Information: |
An example of implementing it would be: resin.conf: <authenticator> <type>com.caucho.server.security.JaasAuthenticator</type> <init> <login-module>org.sapian.aaa.jaas.db.LoginModule</login-module> <password-digest>none</password-digest> <init-param> <debug>true</debug> </init-param> <init-param> <userPrincipal>org.sapian.aaa.jaas.roles.DBUserMainrole</userPrincipal> </init-param> <init-param> <pw_encoding_class>com.examplel.LoginModuleMD5Encoder</pw_encoding_class> </init-param> <init-param> <jdbcUrl>jdbc:postgresql://databaseserver:5432/databasename</jdbcUrl> [^] </init-param> <init-param> <jdbcDriver>org.postgresql.Driver</jdbcDriver> </init-param> <init-param> <db_schema>databaseuser</db_schema> </init-param> <init-param> <db_schema_pw>databasepass</db_schema_pw> </init-param> <init-param> <user_table>users</user_table> </init-param> <init-param> <roles_table>rolesperuser</roles_table> </init-param> <init-param> <username_column>username</username_column> </init-param> <init-param> <password_column>password</password_column> </init-param> <init-param> <roles_column>userrole</roles_column> </init-param> <init-param> <user_pk_column>userid</user_pk_column> </init-param> <init-param> <roles_fk_column>username</roles_fk_column> </init-param> </init> </authenticator> |
||||
Relationships | |||||
Attached Files: |
Notes | |||||
|
|||||
|
|