JASPIC callback management moved to parent class

Patch by fjodorver git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1689078 13f79535-47bb-0310-9956-ffa450edef68
apache · Jul 3, 2015 · 43f2ef3 · 43f2ef3
1 parent d67e9e2
commit 43f2ef3
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 31 deletions.
diff --git a/java/org/apache/catalina/authenticator/jaspic/provider/modules/BasicAuthModule.java b/java/org/apache/catalina/authenticator/jaspic/provider/modules/BasicAuthModule.java
@@ -29,8 +29,6 @@
 import javax.security.auth.message.AuthStatus;
 import javax.security.auth.message.MessageInfo;
 import javax.security.auth.message.MessagePolicy;
-import javax.security.auth.message.callback.CallerPrincipalCallback;
-import javax.security.auth.message.callback.GroupPrincipalCallback;
 import javax.security.auth.message.callback.PasswordValidationCallback;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -91,14 +89,7 @@ public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject
             if (!passwordCallback.getResult()) {
                 sendUnauthorizedError(response, realmName);
             }
-
-            GenericPrincipal principal = getPrincipal(passwordCallback);
-
-            CallerPrincipalCallback principalCallback = new CallerPrincipalCallback(clientSubject,
-                    principal);
-            GroupPrincipalCallback groupCallback = new GroupPrincipalCallback(clientSubject,
-                    principal.getRoles());
-            handler.handle(new Callback[] { principalCallback, groupCallback });
+            handlePrincipalCallbacks(clientSubject, getPrincipal(passwordCallback));
             return AuthStatus.SUCCESS;
 
         } catch (Exception e) {

diff --git a/java/org/apache/catalina/authenticator/jaspic/provider/modules/DigestAuthModule.java b/java/org/apache/catalina/authenticator/jaspic/provider/modules/DigestAuthModule.java
@@ -25,15 +25,12 @@
 import java.util.Map;
 
 import javax.security.auth.Subject;
-import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.callback.UnsupportedCallbackException;
 import javax.security.auth.message.AuthException;
 import javax.security.auth.message.AuthStatus;
 import javax.security.auth.message.MessageInfo;
 import javax.security.auth.message.MessagePolicy;
-import javax.security.auth.message.callback.CallerPrincipalCallback;
-import javax.security.auth.message.callback.GroupPrincipalCallback;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -259,11 +256,7 @@ public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject
         }
 
         try {
-            CallerPrincipalCallback principalCallback = new CallerPrincipalCallback(clientSubject,
-                    principal);
-            String[] roles = realm.getRoles(principal);
-            GroupPrincipalCallback groupCallback = new GroupPrincipalCallback(clientSubject, roles);
-            handler.handle(new Callback[] { principalCallback, groupCallback });
+            handlePrincipalCallbacks(clientSubject, principal);
         } catch (IOException | UnsupportedCallbackException e) {
             throw new AuthException(e.getMessage());
         }

diff --git a/java/org/apache/catalina/authenticator/jaspic/provider/modules/FormAuthModule.java b/java/org/apache/catalina/authenticator/jaspic/provider/modules/FormAuthModule.java
@@ -25,15 +25,12 @@
 import java.util.Map;
 
 import javax.security.auth.Subject;
-import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.callback.UnsupportedCallbackException;
 import javax.security.auth.message.AuthException;
 import javax.security.auth.message.AuthStatus;
 import javax.security.auth.message.MessageInfo;
 import javax.security.auth.message.MessagePolicy;
-import javax.security.auth.message.callback.CallerPrincipalCallback;
-import javax.security.auth.message.callback.GroupPrincipalCallback;
 import javax.security.auth.message.callback.PasswordValidationCallback;
 import javax.servlet.RequestDispatcher;
 import javax.servlet.http.Cookie;
@@ -312,16 +309,6 @@ private void handleSessionExpired(Request request, HttpServletResponse response)
     }
 
 
-    private void handlePrincipalCallbacks(Subject clientSubject, Principal principal)
-            throws IOException, UnsupportedCallbackException {
-        CallerPrincipalCallback principalCallback = new CallerPrincipalCallback(clientSubject,
-                principal);
-        GroupPrincipalCallback groupCallback = new GroupPrincipalCallback(clientSubject, context
-                .getRealm().getRoles(principal));
-        handler.handle(new Callback[] { principalCallback, groupCallback });
-    }
-
-
     @Override
     public AuthStatus secureResponse(MessageInfo messageInfo, Subject serviceSubject)
             throws AuthException {

diff --git a/java/org/apache/catalina/authenticator/jaspic/provider/modules/TomcatAuthModule.java b/java/org/apache/catalina/authenticator/jaspic/provider/modules/TomcatAuthModule.java
@@ -16,13 +16,20 @@
  */
 package org.apache.catalina.authenticator.jaspic.provider.modules;
 
+import java.io.IOException;
+import java.security.Principal;
 import java.util.Map;
 import java.util.Optional;
 
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
 import javax.security.auth.message.AuthException;
 import javax.security.auth.message.MessageInfo;
 import javax.security.auth.message.MessagePolicy;
+import javax.security.auth.message.callback.CallerPrincipalCallback;
+import javax.security.auth.message.callback.GroupPrincipalCallback;
 import javax.security.auth.message.module.ServerAuthModule;
 
 import org.apache.catalina.Context;
@@ -94,4 +101,22 @@ public String getRealmName() {
     public abstract void initializeModule(MessagePolicy requestPolicy,
             MessagePolicy responsePolicy, CallbackHandler handler, Map options)
             throws AuthException;
+
+
+    /**
+     * Convert Tomcat's principal to JAAS subject using JASPIC callbacks
+     *
+     * @param clientSubject
+     * @param principal
+     * @throws IOException
+     * @throws UnsupportedCallbackException
+     */
+    protected void handlePrincipalCallbacks(Subject clientSubject, Principal principal)
+            throws IOException, UnsupportedCallbackException {
+        CallerPrincipalCallback principalCallback = new CallerPrincipalCallback(clientSubject,
+                principal);
+        String[] roles = context.getRealm().getRoles(principal);
+        GroupPrincipalCallback groupCallback = new GroupPrincipalCallback(clientSubject, roles);
+        handler.handle(new Callback[] { principalCallback, groupCallback });
+    }
 }