Mercurial > hg > jdk9-shenandoah > jdk
changeset 11730:e571b36aa08c
8047789: auth.login.LoginContext needs to be updated to work with modules
Reviewed-by: mullan, mchung, alanb
| author | weijun |
|---|---|
| date | Fri, 10 Apr 2015 09:15:34 +0800 |
| parents | 2653dc8b7c27 |
| children | 84c5527f742b |
| files | src/java.base/share/classes/javax/security/auth/login/LoginContext.java src/java.base/share/classes/javax/security/auth/spi/LoginModule.java test/javax/security/auth/spi/FirstLoginModule.java test/javax/security/auth/spi/Loader.java test/javax/security/auth/spi/META-INF/services/javax.security.auth.spi.LoginModule test/javax/security/auth/spi/SecondLoginModule.java test/javax/security/auth/spi/sl.conf |
| diffstat | 7 files changed, 244 insertions(+), 86 deletions(-) [+] |
line wrap: on
line diff
--- a/src/java.base/share/classes/javax/security/auth/login/LoginContext.java Thu Apr 09 17:36:47 2015 -0700 +++ b/src/java.base/share/classes/javax/security/auth/login/LoginContext.java Fri Apr 10 09:15:34 2015 +0800 @@ -25,18 +25,18 @@ package javax.security.auth.login; -import java.lang.reflect.Constructor; -import java.lang.reflect.Method; -import java.lang.reflect.InvocationTargetException; -import java.util.LinkedList; +import java.security.AccessController; +import java.security.PrivilegedAction; import java.util.Map; import java.util.HashMap; import java.text.MessageFormat; import javax.security.auth.Subject; import javax.security.auth.AuthPermission; import javax.security.auth.callback.*; -import java.security.AccessController; +import javax.security.auth.spi.LoginModule; import java.security.AccessControlContext; +import java.util.ServiceLoader; + import sun.security.util.PendingException; import sun.security.util.ResourcesMgr; @@ -192,7 +192,6 @@ */ public class LoginContext { - private static final String INIT_METHOD = "initialize"; private static final String LOGIN_METHOD = "login"; private static final String COMMIT_METHOD = "commit"; private static final String ABORT_METHOD = "abort"; @@ -210,7 +209,6 @@ private AccessControlContext creatorAcc = null; // customized config only private ModuleInfo[] moduleStack; private ClassLoader contextClassLoader = null; - private static final Class<?>[] PARAMS = { }; // state saved in the event a user-specified asynchronous exception // was specified and thrown @@ -678,64 +676,64 @@ for (int i = moduleIndex; i < moduleStack.length; i++, moduleIndex++) { try { - int mIndex = 0; - Method[] methods = null; + if (moduleStack[i].module == null) { - if (moduleStack[i].module != null) { - methods = moduleStack[i].module.getClass().getMethods(); - } else { - - // instantiate the LoginModule + // locate and instantiate the LoginModule // - // Allow any object to be a LoginModule as long as it - // conforms to the interface. - Class<?> c = Class.forName( - moduleStack[i].entry.getLoginModuleName(), - true, - contextClassLoader); - - Constructor<?> constructor = c.getConstructor(PARAMS); - Object[] args = { }; - moduleStack[i].module = constructor.newInstance(args); - - // call the LoginModule's initialize method - methods = moduleStack[i].module.getClass().getMethods(); - for (mIndex = 0; mIndex < methods.length; mIndex++) { - if (methods[mIndex].getName().equals(INIT_METHOD)) { + String name = moduleStack[i].entry.getLoginModuleName(); + ServiceLoader<LoginModule> sc = AccessController.doPrivileged( + (PrivilegedAction<ServiceLoader<LoginModule>>) + () -> ServiceLoader.load( + LoginModule.class, contextClassLoader)); + for (LoginModule m: sc) { + if (m.getClass().getName().equals(name)) { + moduleStack[i].module = m; + if (debug != null) { + debug.println(name + " loaded as a service"); + } break; } } - Object[] initArgs = {subject, - callbackHandler, - state, - moduleStack[i].entry.getOptions() }; + if (moduleStack[i].module == null) { + try { + moduleStack[i].module = (LoginModule) Class.forName( + name, false, contextClassLoader).newInstance(); + if (debug != null) { + debug.println(name + " loaded via reflection"); + } + } catch (ClassNotFoundException e) { + throw new LoginException("No LoginModule found for " + + name); + } + } + // invoke the LoginModule initialize method - // - // Throws ArrayIndexOutOfBoundsException if no such - // method defined. May improve to use LoginException in - // the future. - methods[mIndex].invoke(moduleStack[i].module, initArgs); + moduleStack[i].module.initialize(subject, + callbackHandler, + state, + moduleStack[i].entry.getOptions()); } // find the requested method in the LoginModule - for (mIndex = 0; mIndex < methods.length; mIndex++) { - if (methods[mIndex].getName().equals(methodName)) { + boolean status; + switch (methodName) { + case LOGIN_METHOD: + status = moduleStack[i].module.login(); + break; + case COMMIT_METHOD: + status = moduleStack[i].module.commit(); break; - } + case LOGOUT_METHOD: + status = moduleStack[i].module.logout(); + break; + case ABORT_METHOD: + status = moduleStack[i].module.abort(); + break; + default: + throw new AssertionError("Unknown method " + methodName); } - // set up the arguments to be passed to the LoginModule method - Object[] args = { }; - - // invoke the LoginModule method - // - // Throws ArrayIndexOutOfBoundsException if no such - // method defined. May improve to use LoginException in - // the future. - boolean status = ((Boolean)methods[mIndex].invoke - (moduleStack[i].module, args)).booleanValue(); - if (status == true) { // if SUFFICIENT, return if no prior REQUIRED errors @@ -760,31 +758,12 @@ if (debug != null) debug.println(methodName + " ignored"); } - - } catch (NoSuchMethodException nsme) { - MessageFormat form = new MessageFormat(ResourcesMgr.getString - ("unable.to.instantiate.LoginModule.module.because.it.does.not.provide.a.no.argument.constructor")); - Object[] source = {moduleStack[i].entry.getLoginModuleName()}; - throwException(null, new LoginException(form.format(source))); - } catch (InstantiationException ie) { - throwException(null, new LoginException(ResourcesMgr.getString - ("unable.to.instantiate.LoginModule.") + - ie.getMessage())); - } catch (ClassNotFoundException cnfe) { - throwException(null, new LoginException(ResourcesMgr.getString - ("unable.to.find.LoginModule.class.") + - cnfe.getMessage())); - } catch (IllegalAccessException iae) { - throwException(null, new LoginException(ResourcesMgr.getString - ("unable.to.access.LoginModule.") + - iae.getMessage())); - } catch (InvocationTargetException ite) { + } catch (Exception ite) { // failure cases - LoginException le; - if (ite.getCause() instanceof PendingException && + if (ite instanceof PendingException && methodName.equals(LOGIN_METHOD)) { // XXX @@ -808,13 +787,13 @@ // the only time that is not true is in this case - // do not call throwException here. - throw (PendingException)ite.getCause(); + throw (PendingException)ite; - } else if (ite.getCause() instanceof LoginException) { + } else if (ite instanceof LoginException) { - le = (LoginException)ite.getCause(); + le = (LoginException)ite; - } else if (ite.getCause() instanceof SecurityException) { + } else if (ite instanceof SecurityException) { // do not want privacy leak // (e.g., sensitive file path in exception msg) @@ -826,14 +805,14 @@ ("original security exception with detail msg " + "replaced by new exception with empty detail msg"); debug.println("original security exception: " + - ite.getCause().toString()); + ite.toString()); } } else { // capture an unexpected LoginModule exception java.io.StringWriter sw = new java.io.StringWriter(); - ite.getCause().printStackTrace - (new java.io.PrintWriter(sw)); + ite.printStackTrace + (new java.io.PrintWriter(sw)); sw.flush(); le = new LoginException(sw.toString()); } @@ -938,9 +917,9 @@ */ private static class ModuleInfo { AppConfigurationEntry entry; - Object module; + LoginModule module; - ModuleInfo(AppConfigurationEntry newEntry, Object newModule) { + ModuleInfo(AppConfigurationEntry newEntry, LoginModule newModule) { this.entry = newEntry; this.module = newModule; }
--- a/src/java.base/share/classes/javax/security/auth/spi/LoginModule.java Thu Apr 09 17:36:47 2015 -0700 +++ b/src/java.base/share/classes/javax/security/auth/spi/LoginModule.java Fri Apr 10 09:15:34 2015 +0800 @@ -32,10 +32,9 @@ import java.util.Map; /** - * <p> {@code LoginModule} describes the interface - * implemented by authentication technology providers. LoginModules - * are plugged in under applications to provide a particular type of - * authentication. + * <p> Service-provider interface for authentication technology providers. + * LoginModules are plugged in under applications to provide a particular + * type of authentication. * * <p> While applications write to the {@code LoginContext} API, * authentication technology providers implement the
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/javax/security/auth/spi/FirstLoginModule.java Fri Apr 10 09:15:34 2015 +0800 @@ -0,0 +1,57 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import javax.security.auth.Subject; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.login.LoginException; +import javax.security.auth.spi.LoginModule; +import java.util.Map; + +public class FirstLoginModule implements LoginModule { + + @Override + public void initialize(Subject subject, CallbackHandler callbackHandler, + Map<String, ?> sharedState, Map<String, ?> options) { + // Nothing + } + + @Override + public boolean login() throws LoginException { + return true; + } + + @Override + public boolean commit() throws LoginException { + return true; + } + + @Override + public boolean abort() throws LoginException { + return true; + } + + @Override + public boolean logout() throws LoginException { + return true; + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/javax/security/auth/spi/Loader.java Fri Apr 10 09:15:34 2015 +0800 @@ -0,0 +1,56 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import javax.security.auth.login.LoginContext; +import java.io.File; + +/* + * @test + * @bug 8047789 + * @summary auth.login.LoginContext needs to be updated to work with modules + * @build FirstLoginModule SecondLoginModule + * @run main/othervm Loader + */ +public class Loader { + + public static void main(String[] args) throws Exception { + + System.setProperty("java.security.auth.login.config", + new File(System.getProperty("test.src"), "sl.conf").toString()); + LoginContext lc = new LoginContext("me"); + + if (SecondLoginModule.isLoaded) { + throw new Exception(); + } + + lc.login(); + + // Although only FirstLoginModule is specified in the JAAS login + // config file, LoginContext will first create all LoginModule + // implementations that are registered as services, which include + // SecondLoginModule. + if (!SecondLoginModule.isLoaded) { + throw new Exception(); + } + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/javax/security/auth/spi/META-INF/services/javax.security.auth.spi.LoginModule Fri Apr 10 09:15:34 2015 +0800 @@ -0,0 +1,1 @@ +SecondLoginModule
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/javax/security/auth/spi/SecondLoginModule.java Fri Apr 10 09:15:34 2015 +0800 @@ -0,0 +1,63 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import javax.security.auth.Subject; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.login.LoginException; +import javax.security.auth.spi.LoginModule; +import java.util.Map; + +public class SecondLoginModule implements LoginModule { + + public static boolean isLoaded; + + public SecondLoginModule() { + isLoaded = true; + } + + @Override + public void initialize(Subject subject, CallbackHandler callbackHandler, + Map<String, ?> sharedState, Map<String, ?> options) { + // Nothing + } + + @Override + public boolean login() throws LoginException { + return true; + } + + @Override + public boolean commit() throws LoginException { + return true; + } + + @Override + public boolean abort() throws LoginException { + return true; + } + + @Override + public boolean logout() throws LoginException { + return true; + } +}