📄 authenticationmanager.java
字号:
* {@link javax.security.auth.spi.LoginModule}, and returns a Set of * Principals that results from a successful login. The LoginModule is instantiated, * then its {@link javax.security.auth.spi.LoginModule#initialize(Subject, CallbackHandler, Map, Map)} * method is called. The parameters passed to <code>initialize</code> is a * dummy Subject, an empty shared-state Map, and an options Map the caller supplies. * * @param clazz * the LoginModule class to instantiate * @param handler * the callback handler to supply to the LoginModule * @param options * a Map of key/value strings for initializing the LoginModule * @return the set of Principals returned by the JAAS method {@link Subject#getPrincipals()} * @throws WikiSecurityException * if the LoginModule could not be instantiated for any reason */ protected Set<Principal> doJAASLogin(Class<? extends LoginModule> clazz, CallbackHandler handler, Map<String,String> options) throws WikiSecurityException { // Instantiate the login module LoginModule loginModule = null; try { loginModule = clazz.newInstance(); } catch (InstantiationException e) { throw new WikiSecurityException(e.getMessage()); } catch (IllegalAccessException e) { throw new WikiSecurityException(e.getMessage()); } // Initialize the LoginModule Subject subject = new Subject(); loginModule.initialize( subject, handler, EMPTY_MAP, options ); // Try to log in: boolean loginSucceeded = false; boolean commitSucceeded = false; try { loginSucceeded = loginModule.login(); if (loginSucceeded) { commitSucceeded = loginModule.commit(); } } catch (LoginException e) { // Login or commit failed! No principal for you! } // If we successfully logged in & committed, return all the principals if (loginSucceeded && commitSucceeded) { return subject.getPrincipals(); } return NO_PRINCIPALS; } /** * Looks up and obtains a configuration file inside the WEB-INF folder of a * wiki webapp. * @param engine the wiki engine * @param name the file to obtain, <em>e.g.</em>, <code>jspwiki.policy</code> * @return the URL to the file */ protected static final URL findConfigFile( WikiEngine engine, String name ) { // Try creating an absolute path first File defaultFile = null; if( engine.getRootPath() != null ) { defaultFile = new File( engine.getRootPath() + "/WEB-INF/" + name ); } if ( defaultFile != null && defaultFile.exists() ) { try { return defaultFile.toURL(); } catch ( MalformedURLException e) { // Shouldn't happen, but log it if it does log.warn( "Malformed URL: " + e.getMessage() ); } } // Ok, the absolute path didn't work; try other methods ClassLoader cl = AuthenticationManager.class.getClassLoader(); URL path = cl.getResource("/WEB-INF/"+name); if( path == null ) path = cl.getResource("/"+name); if( path == null ) path = cl.getResource(name); if( path == null && engine.getServletContext() != null ) { try { path = engine.getServletContext().getResource("/WEB-INF/"+name); } catch( MalformedURLException e ) { // This should never happen unless I screw up log.fatal("Your code is b0rked. You are a bad person."); } } return path; } /** * Returns the first Principal in a set that isn't a {@link com.ecyrd.jspwiki.auth.authorize.Role} or * {@link com.ecyrd.jspwiki.auth.GroupPrincipal}. * @param principals the principal set * @return the login principal */ protected Principal getLoginPrincipal(Set<Principal> principals) { for (Principal principal: principals ) { if ( isUserPrincipal( principal ) ) { return principal; } } return null; } // events processing ....................................................... /** * Registers a WikiEventListener with this instance. * This is a convenience method. * @param listener the event listener */ public final synchronized void addWikiEventListener( WikiEventListener listener ) { WikiEventManager.addWikiEventListener( this, listener ); } /** * Un-registers a WikiEventListener with this instance. * This is a convenience method. * @param listener the event listener */ public final synchronized void removeWikiEventListener( WikiEventListener listener ) { WikiEventManager.removeWikiEventListener( this, listener ); } /** * Fires a WikiSecurityEvent of the provided type, Principal and target Object * to all registered listeners. * * @see com.ecyrd.jspwiki.event.WikiSecurityEvent * @param type the event type to be fired * @param principal the subject of the event, which may be <code>null</code> * @param target the changed Object, which may be <code>null</code> */ protected final void fireEvent( int type, Principal principal, Object target ) { if ( WikiEventManager.isListening(this) ) { WikiEventManager.fireEvent(this,new WikiSecurityEvent(this,type,principal,target)); } } /** * Initializes the options Map supplied to the configured LoginModule every time it is invoked by * {@link #doLoginModule(Class, CallbackHandler)}. The properties and values extracted from * <code>jspwiki.properties</code> are of the form * <code>jspwiki.loginModule.options.<var>param</var> = <var>value</var>, where * <var>param</var> is the key name, and <var>value</var> is the value. * @param props the properties used to initialize JSPWiki * @throws IllegalArgumentException if any of the keys are duplicated */ private void initLoginModuleOptions(Properties props) { for ( Object key : props.keySet() ) { String propName = key.toString(); if ( propName.startsWith( PREFIX_LOGIN_MODULE_OPTIONS ) ) { // Extract the option name and value String optionKey = propName.substring( PREFIX_LOGIN_MODULE_OPTIONS.length() ).trim(); if ( optionKey.length() > 0 ) { String optionValue = props.getProperty( propName ); // Make sure the key is unique before stashing the key/value pair if ( m_loginModuleOptions.containsKey( optionKey ) ) { throw new IllegalArgumentException( "JAAS LoginModule key " + propName + " cannot be specified twice!" ); } m_loginModuleOptions.put( optionKey, optionValue ); } } } } /** * After successful login, this method is called to inject authorized role Principals into the WikiSession. * To determine which roles should be injected, the configured Authorizer * is queried for the roles it knows about by calling {@link com.ecyrd.jspwiki.auth.Authorizer#getRoles()}. * Then, each role returned by the authorizer is tested by calling {@link com.ecyrd.jspwiki.auth.Authorizer#isUserInRole(WikiSession, Principal)}. * If this check fails, and the Authorizer is of type WebAuthorizer, the role is checked again by calling * {@link com.ecyrd.jspwiki.auth.authorize.WebAuthorizer#isUserInRole(javax.servlet.http.HttpServletRequest, Principal)}). * Any roles that pass the test are injected into the Subject by firing appropriate authentication events. * @param session the user's current WikiSession * @param authorizer the WikiEngine's configured Authorizer * @param request the user's HTTP session, which may be <code>null</code> */ private final void injectAuthorizerRoles( WikiSession session, Authorizer authorizer, HttpServletRequest request ) { // Test each role the authorizer knows about for ( Principal role : authorizer.getRoles() ) { // Test the Authorizer if ( authorizer.isUserInRole( session, role ) ) { fireEvent( WikiSecurityEvent.PRINCIPAL_ADD, role, session ); if ( log.isDebugEnabled() ) { log.debug("Added authorizer role " + role.getName() + "." ); } } // If web authorizer, test the request.isInRole() method also else if ( request != null && authorizer instanceof WebAuthorizer ) { WebAuthorizer wa = (WebAuthorizer)authorizer; if ( wa.isUserInRole( request, role ) ) { fireEvent( WikiSecurityEvent.PRINCIPAL_ADD, role, session ); if ( log.isDebugEnabled() ) { log.debug("Added container role " + role.getName() + "." ); } } } } }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -