From 76c30d134896642d006b02e1ee8d4d0a12c16abf Mon Sep 17 00:00:00 2001 From: ANierbeck Date: Sun, 17 Oct 2010 00:20:28 +0200 Subject: [PATCH] Fixed issues with PAXWEB-210, setting the realm works without log entries --- .../war/internal/RegisterWebAppVisitorWC.java | 10 ++++ .../war/internal/WebAppHttpContext.java | 4 +- .../extender/war/internal/model/WebApp.java | 9 +--- .../service/jetty/internal/JettyServer.java | 4 -- .../jetty/internal/JettyServerImpl.java | 54 ++----------------- .../jetty/internal/JettyServerWrapper.java | 43 ++++++++++++++- .../jetty/internal/ServerControllerImpl.java | 17 ------ .../service/internal/HttpServiceProxy.java | 2 +- .../service/internal/HttpServiceStarted.java | 26 +++------ .../pax/web/service/spi/ServerController.java | 3 -- .../web/service/spi/model/ContextModel.java | 26 +++++++++ 11 files changed, 93 insertions(+), 105 deletions(-) diff --git a/pax-web-extender-war/src/main/java/org/ops4j/pax/web/extender/war/internal/RegisterWebAppVisitorWC.java b/pax-web-extender-war/src/main/java/org/ops4j/pax/web/extender/war/internal/RegisterWebAppVisitorWC.java index 502e14a069..79b2ef4eba 100644 --- a/pax-web-extender-war/src/main/java/org/ops4j/pax/web/extender/war/internal/RegisterWebAppVisitorWC.java +++ b/pax-web-extender-war/src/main/java/org/ops4j/pax/web/extender/war/internal/RegisterWebAppVisitorWC.java @@ -89,6 +89,8 @@ class RegisterWebAppVisitorWC @SuppressWarnings( "unchecked" ) public void visit( final WebApp webApp ) { + if (LOG.isDebugEnabled()) + LOG.debug("visiting webapp"+webApp); NullArgumentException.validateNotNull( webApp, "Web app" ); m_bundleClassLoader = new BundleClassLoader( webApp.getBundle() ); m_httpContext = new WebAppWebContainerContext( @@ -108,6 +110,13 @@ public void visit( final WebApp webApp ) { LOG.error( "Registration exception. Skipping.", ignore ); } + // set login Config PAXWEB-210 + if (webApp.getLoginConfigs() != null) { + for (WebAppLoginConfig loginConfig : webApp.getLoginConfigs()) { + visit(loginConfig); //TODO: what about more than one login config? shouldn't it be just one? + } + } + // set session timeout if( webApp.getSessionTimeout() != null ) { @@ -153,6 +162,7 @@ public void visit( final WebApp webApp ) { LOG.error( "Registration exception. Skipping.", ignore ); } + // register JSP support try { diff --git a/pax-web-extender-war/src/main/java/org/ops4j/pax/web/extender/war/internal/WebAppHttpContext.java b/pax-web-extender-war/src/main/java/org/ops4j/pax/web/extender/war/internal/WebAppHttpContext.java index 05ffc68ddb..22b73be1a5 100644 --- a/pax-web-extender-war/src/main/java/org/ops4j/pax/web/extender/war/internal/WebAppHttpContext.java +++ b/pax-web-extender-war/src/main/java/org/ops4j/pax/web/extender/war/internal/WebAppHttpContext.java @@ -61,7 +61,7 @@ class WebAppHttpContext implements HttpContext private final Map m_mimeMappings; /** - * Creates a new http context that delegates to the specified htp context but get's resources from the specified + * Creates a new http context that delegates to the specified http context but get's resources from the specified * bundle. * * @param httpContext wrapped http context @@ -74,6 +74,8 @@ class WebAppHttpContext implements HttpContext { NullArgumentException.validateNotNull( httpContext, "http context" ); NullArgumentException.validateNotNull( bundle, "Bundle" ); + if (LOG.isDebugEnabled()) + LOG.debug("Creating WebAppHttpContext for "+httpContext); m_httpContext = httpContext; m_bundle = bundle; m_mimeMappings = new HashMap(); diff --git a/pax-web-extender-war/src/main/java/org/ops4j/pax/web/extender/war/internal/model/WebApp.java b/pax-web-extender-war/src/main/java/org/ops4j/pax/web/extender/war/internal/model/WebApp.java index cc64b6f064..b9025c95fd 100644 --- a/pax-web-extender-war/src/main/java/org/ops4j/pax/web/extender/war/internal/model/WebApp.java +++ b/pax-web-extender-war/src/main/java/org/ops4j/pax/web/extender/war/internal/model/WebApp.java @@ -539,7 +539,7 @@ public void setHttpContext( HttpContext httpContext ) */ public void accept( final WebAppVisitor visitor ) { - visitor.visit( this ); + visitor.visit( this ); //First do everything else for( WebAppListener listener : m_listeners ) { visitor.visit( listener ); @@ -567,7 +567,6 @@ public void accept( final WebAppVisitor visitor ) visitor.visit( servlet ); } } - /* if ( !m_constraintsMapping.isEmpty() ) //Added for PAXWEB-210 - might be a to late for initialization { for (WebAppConstraintMapping constraintMapping : m_constraintsMapping) { @@ -575,16 +574,10 @@ public void accept( final WebAppVisitor visitor ) } } - if ( !m_loginConfig.isEmpty() ) { - for (WebAppLoginConfig loginConfig : m_loginConfig) { - visitor.visit(loginConfig); - } - } for( WebAppErrorPage errorPage : m_errorPages ) { visitor.visit( errorPage ); } - */ } static final Comparator WebAppServletComparator = new Comparator() { diff --git a/pax-web-jetty/src/main/java/org/ops4j/pax/web/service/jetty/internal/JettyServer.java b/pax-web-jetty/src/main/java/org/ops4j/pax/web/service/jetty/internal/JettyServer.java index 9790d34065..20f740ddc8 100644 --- a/pax-web-jetty/src/main/java/org/ops4j/pax/web/service/jetty/internal/JettyServer.java +++ b/pax-web-jetty/src/main/java/org/ops4j/pax/web/service/jetty/internal/JettyServer.java @@ -84,10 +84,6 @@ void configureContext( Map attributes, void addSecurityConstraintMappings(SecurityConstraintMappingModel model); - void removeLoginConfig(LoginConfigModel model); - - void addLoginConfig(LoginConfigModel model); - void removeSecurityConstraintMappings(SecurityConstraintMappingModel model); void setServerConfigDir(File serverConfigDir); diff --git a/pax-web-jetty/src/main/java/org/ops4j/pax/web/service/jetty/internal/JettyServerImpl.java b/pax-web-jetty/src/main/java/org/ops4j/pax/web/service/jetty/internal/JettyServerImpl.java index f6bb5c94d9..f2ef5a749c 100644 --- a/pax-web-jetty/src/main/java/org/ops4j/pax/web/service/jetty/internal/JettyServerImpl.java +++ b/pax-web-jetty/src/main/java/org/ops4j/pax/web/service/jetty/internal/JettyServerImpl.java @@ -29,14 +29,9 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.eclipse.jetty.http.security.Constraint; -import org.eclipse.jetty.security.Authenticator; import org.eclipse.jetty.security.ConstraintMapping; import org.eclipse.jetty.security.ConstraintSecurityHandler; import org.eclipse.jetty.security.SecurityHandler; -import org.eclipse.jetty.security.authentication.BasicAuthenticator; -import org.eclipse.jetty.security.authentication.ClientCertAuthenticator; -import org.eclipse.jetty.security.authentication.DigestAuthenticator; -import org.eclipse.jetty.security.authentication.FormAuthenticator; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.servlet.ErrorPageErrorHandler; import org.eclipse.jetty.servlet.FilterHolder; @@ -391,11 +386,9 @@ public void removeErrorPage(final ErrorPageModel model) { } } + //PAXWEB-210: create security constraints public void addSecurityConstraintMappings(final SecurityConstraintMappingModel model) { -// final ServletContextHandler context = m_server.getOrCreateContext(model); - //PAXWEB-210: is this the better way of retrieving the context? - final ServletContextHandler context = m_server.getContext(model.getContextModel() - .getHttpContext()); + final ServletContextHandler context = m_server.getOrCreateContext(model); final SecurityHandler securityHandler = context.getSecurityHandler(); if (securityHandler == null) { throw new IllegalStateException( @@ -434,51 +427,10 @@ else if ("CONFIDENTIAL".equals(dataConstraint)) } public void removeSecurityConstraintMappings(final SecurityConstraintMappingModel model) { - // TODO + // TODO PAXWEB 210 needs to be removed also } - public void addLoginConfig(final LoginConfigModel model) { -// final ServletContextHandler context = m_server.getOrCreateContext(model); - //PAXWEB-210: is this the better way of retrieving the context? - final ServletContextHandler context = m_server.getContext(model.getContextModel() - .getHttpContext()); - final SecurityHandler securityHandler = context.getSecurityHandler(); - - String m = model.getAuthMethod(); - - Authenticator authenticator = null; - if (Constraint.__FORM_AUTH.equals(m)) - authenticator = new FormAuthenticator(); - else if (Constraint.__BASIC_AUTH.equals(m)) - authenticator = new BasicAuthenticator(); - else if (Constraint.__DIGEST_AUTH.equals(m)) - authenticator = new DigestAuthenticator(); - else if (Constraint.__CERT_AUTH.equals(m)) - authenticator = new ClientCertAuthenticator(); - else if (Constraint.__CERT_AUTH2.equals(m)) - authenticator = new ClientCertAuthenticator(); - else - LOG.warn("UNKNOWN AUTH METHOD: " + m); - - securityHandler.setAuthenticator(authenticator); - - securityHandler.setRealmName(model.getRealmName()); - - } - public void removeLoginConfig(final LoginConfigModel model) { -// final ServletContextHandler context = m_server.getOrCreateContext(model); - //PAXWEB-210: is this the better way of retrieving the context? - final ServletContextHandler context = m_server.getContext(model.getContextModel() - .getHttpContext()); - final SecurityHandler securityHandler = context.getSecurityHandler(); - if (securityHandler == null) { - throw new IllegalStateException( - "Internal error: Cannot find the security handler. Please report."); - } - securityHandler.setAuthenticator(null); - securityHandler.setRealmName(null); - } @Override public String toString() { diff --git a/pax-web-jetty/src/main/java/org/ops4j/pax/web/service/jetty/internal/JettyServerWrapper.java b/pax-web-jetty/src/main/java/org/ops4j/pax/web/service/jetty/internal/JettyServerWrapper.java index 955cc5a376..e18d43c5a1 100644 --- a/pax-web-jetty/src/main/java/org/ops4j/pax/web/service/jetty/internal/JettyServerWrapper.java +++ b/pax-web-jetty/src/main/java/org/ops4j/pax/web/service/jetty/internal/JettyServerWrapper.java @@ -23,6 +23,13 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.eclipse.jetty.http.security.Constraint; +import org.eclipse.jetty.security.Authenticator; +import org.eclipse.jetty.security.SecurityHandler; +import org.eclipse.jetty.security.authentication.BasicAuthenticator; +import org.eclipse.jetty.security.authentication.ClientCertAuthenticator; +import org.eclipse.jetty.security.authentication.DigestAuthenticator; +import org.eclipse.jetty.security.authentication.FormAuthenticator; import org.eclipse.jetty.server.Handler; import org.eclipse.jetty.server.HandlerContainer; import org.eclipse.jetty.server.Server; @@ -103,7 +110,7 @@ void removeContext( final HttpContext httpContext ) } private ServletContextHandler addContext( final Model model ) - { + { ServletContextHandler context = new HttpServiceContext( (HandlerContainer) getHandler(), model.getContextModel().getContextParams(), getContextAttributes( BundleUtils.getBundleContext( model.getContextModel().getBundle() @@ -134,8 +141,15 @@ private ServletContextHandler addContext( final Model model ) workerName = m_sessionWorkerName; } configureSessionManager( context, sessionTimeout, sessionCookie, sessionUrl, workerName ); + + //PAXWEB-210 + //configure Authentication and realm - has to be configured before it is started + String realmName = model.getContextModel().getRealmName(); + String authMethod = model.getContextModel().getAuthMethod(); + if (realmName != null && authMethod != null) + configureSecurity(context, realmName, authMethod); + LOG.debug( "Added servlet context: " + context ); - //PAXWEB-210 configureSecurity??? - lets do this shortly before it gets started if( isStarted() ) { try @@ -164,6 +178,31 @@ private ServletContextHandler addContext( final Model model ) return context; } + //TODO: add javadoc + private void configureSecurity(ServletContextHandler context, + String realmName, String authMethod) { + final SecurityHandler securityHandler = context.getSecurityHandler(); + + Authenticator authenticator = null; + if (Constraint.__FORM_AUTH.equals(authMethod)) + authenticator = new FormAuthenticator(); + else if (Constraint.__BASIC_AUTH.equals(authMethod)) + authenticator = new BasicAuthenticator(); + else if (Constraint.__DIGEST_AUTH.equals(authMethod)) + authenticator = new DigestAuthenticator(); + else if (Constraint.__CERT_AUTH.equals(authMethod)) + authenticator = new ClientCertAuthenticator(); + else if (Constraint.__CERT_AUTH2.equals(authMethod)) + authenticator = new ClientCertAuthenticator(); + else + LOG.warn("UNKNOWN AUTH METHOD: " + authMethod); + + securityHandler.setAuthenticator(authenticator); + + securityHandler.setRealmName(realmName); + + } + /** * Returns a list of servlet context attributes out of configured properties and attribues containing the bundle * context associated with the bundle that created the model (web element). diff --git a/pax-web-jetty/src/main/java/org/ops4j/pax/web/service/jetty/internal/ServerControllerImpl.java b/pax-web-jetty/src/main/java/org/ops4j/pax/web/service/jetty/internal/ServerControllerImpl.java index 26b62fde23..2a6fc0f6d5 100644 --- a/pax-web-jetty/src/main/java/org/ops4j/pax/web/service/jetty/internal/ServerControllerImpl.java +++ b/pax-web-jetty/src/main/java/org/ops4j/pax/web/service/jetty/internal/ServerControllerImpl.java @@ -157,13 +157,6 @@ public void removeErrorPage( final ErrorPageModel model ) m_state.removeErrorPage( model ); } - public void removeLoginConfig(LoginConfigModel model) { - m_state.removeLoginConfig(model); - } - - public void addLoginConfig(LoginConfigModel model) { - m_state.addLoginConfig(model); - } public void addSecurityConstraintMapping(SecurityConstraintMappingModel model) { m_state.addSecurityConstraintMapping(model); @@ -219,9 +212,6 @@ private interface State void addSecurityConstraintMapping(SecurityConstraintMappingModel model); - void addLoginConfig(LoginConfigModel model); - - void removeLoginConfig(LoginConfigModel model); void removeSecurityConstraintMappings(SecurityConstraintMappingModel model); @@ -316,13 +306,6 @@ public void removeErrorPage( ErrorPageModel model ) m_jettyServer.removeErrorPage( model ); } - public void addLoginConfig(LoginConfigModel model) { - m_jettyServer.addLoginConfig(model); - } - - public void removeLoginConfig(LoginConfigModel model) { - m_jettyServer.removeLoginConfig(model); - } public void removeSecurityConstraintMappings(SecurityConstraintMappingModel model) { m_jettyServer.removeSecurityConstraintMappings(model); diff --git a/pax-web-runtime/src/main/java/org/ops4j/pax/web/service/internal/HttpServiceProxy.java b/pax-web-runtime/src/main/java/org/ops4j/pax/web/service/internal/HttpServiceProxy.java index 15fb5fef22..3e4e08a6e4 100644 --- a/pax-web-runtime/src/main/java/org/ops4j/pax/web/service/internal/HttpServiceProxy.java +++ b/pax-web-runtime/src/main/java/org/ops4j/pax/web/service/internal/HttpServiceProxy.java @@ -74,7 +74,7 @@ public void unregister( final String alias ) public HttpContext createDefaultHttpContext() { - LOG.debug( "Creating adefault context" ); + LOG.debug( "Creating a default context" ); return m_delegate.createDefaultHttpContext(); } diff --git a/pax-web-runtime/src/main/java/org/ops4j/pax/web/service/internal/HttpServiceStarted.java b/pax-web-runtime/src/main/java/org/ops4j/pax/web/service/internal/HttpServiceStarted.java index 54ab68a6a1..4ff0834d0d 100644 --- a/pax-web-runtime/src/main/java/org/ops4j/pax/web/service/internal/HttpServiceStarted.java +++ b/pax-web-runtime/src/main/java/org/ops4j/pax/web/service/internal/HttpServiceStarted.java @@ -514,12 +514,15 @@ public void unregisterWelcomeFiles(final HttpContext httpContext) { public void registerLoginConfig(String authMethod, String realmName, HttpContext httpContext) { + NullArgumentException.validateNotNull(httpContext, "Http context"); + if (!m_serviceModel.canBeConfigured()) { + throw new IllegalStateException( + "Http context already used. Session timeout can be set only before first usage"); + } final ContextModel contextModel = getOrCreateContext(httpContext); - LOG.debug("Using context [" + contextModel + "]"); - LoginConfigModel loginConfig = new LoginConfigModel(contextModel, - authMethod, realmName); - m_serviceModel.addLoginModel(loginConfig); - m_serverController.addLoginConfig(loginConfig); + contextModel.setAuthMethod(authMethod); + contextModel.setRealmName(realmName); + m_serviceModel.addContextModel(contextModel); } public void unregisterLoginConfig() { @@ -544,19 +547,6 @@ public void registerConstraintMapping(String constraintName, m_serverController.addSecurityConstraintMapping(secConstraintMapModel); } - // public void registerSecurityConstraint(String constraintName, - // String constraint, boolean authenticate, List roles, HttpContext - // httpContext) { - // final ContextModel contextModel = getOrCreateContext( httpContext ); - // LOG.debug( "Using context [" + contextModel + "]" ); - // - // SecurityModel secModel = new SecurityModel(contextModel, constraintName, - // constraint, authenticate, roles); - // - // m_serviceModel.addSecurityModel(secModel); - // m_serverController.addSecurity(secModel); - // } - private ContextModel getOrCreateContext(final HttpContext httpContext) { HttpContext context = httpContext; if (context == null) { diff --git a/pax-web-spi/src/main/java/org/ops4j/pax/web/service/spi/ServerController.java b/pax-web-spi/src/main/java/org/ops4j/pax/web/service/spi/ServerController.java index 3e21de0cbb..c8bbd3aa8b 100644 --- a/pax-web-spi/src/main/java/org/ops4j/pax/web/service/spi/ServerController.java +++ b/pax-web-spi/src/main/java/org/ops4j/pax/web/service/spi/ServerController.java @@ -64,9 +64,6 @@ public interface ServerController void removeErrorPage( ErrorPageModel model ); - void addLoginConfig ( LoginConfigModel loginConfig ); - - void removeLoginConfig ( LoginConfigModel loginConfig ); Integer getHttpPort(); diff --git a/pax-web-spi/src/main/java/org/ops4j/pax/web/service/spi/model/ContextModel.java b/pax-web-spi/src/main/java/org/ops4j/pax/web/service/spi/model/ContextModel.java index c24c60b538..8aa55d23bd 100644 --- a/pax-web-spi/src/main/java/org/ops4j/pax/web/service/spi/model/ContextModel.java +++ b/pax-web-spi/src/main/java/org/ops4j/pax/web/service/spi/model/ContextModel.java @@ -75,6 +75,10 @@ public class ContextModel extends Identity * Bundle that used the http context to register an web element. */ private final Bundle m_bundle; + + //TODO: javadoc + private String realmName; + private String authMethod; public ContextModel( final HttpContext httpContext, final Bundle bundle, @@ -305,4 +309,26 @@ public String toString() .toString(); } + public void setRealmName(String realmName) { + this.realmName = realmName; + } + + public void setAuthMethod(String authMethod) { + this.authMethod = authMethod; + } + + /** + * @return the realmName + */ + public String getRealmName() { + return realmName; + } + + /** + * @return the authMethod + */ + public String getAuthMethod() { + return authMethod; + } + }