[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Pki-devel] [PATCH] 278 Storing authentication info in session.



The authenticator configuration has been modified to store the authentication info in the session so it can be used by other servlets. An update script has been added to update the configuration in existing instances.

The SSLAuthenticatorWithFalback was modified to propagate the configuration to the actual authenticator handling the request.

--
Endi S. Dewata
From ad3053afe99b40ff7368490997bb606b2b4f181e Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata redhat com>
Date: Mon, 22 Jul 2013 08:50:03 -0400
Subject: [PATCH] Storing authentication info in session.

The authenticator configuration has been modified to store the authentication
info in the session so it can be used by the servlets. An upgrade script has
been added to update the configuration in existing instances.

The SSLAuthenticatorWithFalback was modified to propagate the configuration
to the actual authenticator handling the request.
---
 base/ca/shared/webapps/ca/META-INF/context.xml     |  4 +-
 .../cms/tomcat/SSLAuthenticatorWithFallback.java   |  5 ++
 base/kra/shared/webapps/kra/META-INF/context.xml   |  4 +-
 base/ocsp/shared/webapps/ocsp/META-INF/context.xml |  4 +-
 base/server/upgrade/10.0.3/.gitignore              |  4 --
 .../upgrade/10.0.3/01-EnableSessionInAuthenticator | 69 ++++++++++++++++++++++
 base/tks/shared/webapps/tks/META-INF/context.xml   |  4 +-
 base/tps/shared/webapps/tps/META-INF/context.xml   |  4 +-
 8 files changed, 89 insertions(+), 9 deletions(-)
 delete mode 100644 base/server/upgrade/10.0.3/.gitignore
 create mode 100755 base/server/upgrade/10.0.3/01-EnableSessionInAuthenticator

diff --git a/base/ca/shared/webapps/ca/META-INF/context.xml b/base/ca/shared/webapps/ca/META-INF/context.xml
index 032fd14c9aa5aaec910464c31d06b907dd0df212..e838503a64e5442e114cf4e18f616fdffe39b647 100644
--- a/base/ca/shared/webapps/ca/META-INF/context.xml
+++ b/base/ca/shared/webapps/ca/META-INF/context.xml
@@ -28,7 +28,9 @@
         secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/>
 
     <Valve className="com.netscape.cms.tomcat.SSLAuthenticatorWithFallback"
-        secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/>
+        alwaysUseSession="true"
+        secureRandomProvider="Mozilla-JSS"
+        secureRandomAlgorithm="pkcs11prng"/>
 
     <Realm className="com.netscape.cms.tomcat.ProxyRealm" />
 
diff --git a/base/common/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java b/base/common/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java
index d1b3dc3f27e2f218a31cf2a519973879e635419c..20bf85d221bac3f5dbd1cac73aa9b8252a1cc6e8 100644
--- a/base/common/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java
+++ b/base/common/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java
@@ -140,8 +140,13 @@ public class SSLAuthenticatorWithFallback extends AuthenticatorBase {
     @Override
     protected void initInternal() throws LifecycleException {
         log("Initializing authenticators");
+
         super.initInternal();
+
+        sslAuthenticator.setAlwaysUseSession(alwaysUseSession);
         sslAuthenticator.init();
+
+        fallbackAuthenticator.setAlwaysUseSession(alwaysUseSession);
         fallbackAuthenticator.init();
     }
 
diff --git a/base/kra/shared/webapps/kra/META-INF/context.xml b/base/kra/shared/webapps/kra/META-INF/context.xml
index 032fd14c9aa5aaec910464c31d06b907dd0df212..e838503a64e5442e114cf4e18f616fdffe39b647 100644
--- a/base/kra/shared/webapps/kra/META-INF/context.xml
+++ b/base/kra/shared/webapps/kra/META-INF/context.xml
@@ -28,7 +28,9 @@
         secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/>
 
     <Valve className="com.netscape.cms.tomcat.SSLAuthenticatorWithFallback"
-        secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/>
+        alwaysUseSession="true"
+        secureRandomProvider="Mozilla-JSS"
+        secureRandomAlgorithm="pkcs11prng"/>
 
     <Realm className="com.netscape.cms.tomcat.ProxyRealm" />
 
diff --git a/base/ocsp/shared/webapps/ocsp/META-INF/context.xml b/base/ocsp/shared/webapps/ocsp/META-INF/context.xml
index 032fd14c9aa5aaec910464c31d06b907dd0df212..e838503a64e5442e114cf4e18f616fdffe39b647 100644
--- a/base/ocsp/shared/webapps/ocsp/META-INF/context.xml
+++ b/base/ocsp/shared/webapps/ocsp/META-INF/context.xml
@@ -28,7 +28,9 @@
         secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/>
 
     <Valve className="com.netscape.cms.tomcat.SSLAuthenticatorWithFallback"
-        secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/>
+        alwaysUseSession="true"
+        secureRandomProvider="Mozilla-JSS"
+        secureRandomAlgorithm="pkcs11prng"/>
 
     <Realm className="com.netscape.cms.tomcat.ProxyRealm" />
 
diff --git a/base/server/upgrade/10.0.3/.gitignore b/base/server/upgrade/10.0.3/.gitignore
deleted file mode 100644
index 5e7d2734cfc60289debf74293817c0a8f572ff32..0000000000000000000000000000000000000000
--- a/base/server/upgrade/10.0.3/.gitignore
+++ /dev/null
@@ -1,4 +0,0 @@
-# Ignore everything in this directory
-*
-# Except this file
-!.gitignore
diff --git a/base/server/upgrade/10.0.3/01-EnableSessionInAuthenticator b/base/server/upgrade/10.0.3/01-EnableSessionInAuthenticator
new file mode 100755
index 0000000000000000000000000000000000000000..7aee78089c0c7fb75bd135c17b21e97ebb25a831
--- /dev/null
+++ b/base/server/upgrade/10.0.3/01-EnableSessionInAuthenticator
@@ -0,0 +1,69 @@
+#!/usr/bin/python
+# Authors:
+#     Endi S. Dewata <edewata redhat com>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2013 Red Hat, Inc.
+# All rights reserved.
+#
+
+import os
+from lxml import etree
+
+import pki.server.upgrade
+
+
+class EnableSessionInAuthenticator(pki.server.upgrade.PKIServerUpgradeScriptlet):
+
+    def __init__(self):
+
+        self.message = 'Enable session in authenticator'
+
+        self.parser = etree.XMLParser(remove_blank_text=True)
+
+    def upgrade_subsystem(self, instance, subsystem):
+
+        context_xml = os.path.join(
+            instance.base_dir, 'webapps', subsystem.name, 'META-INF', 'context.xml')
+        self.backup(context_xml)
+
+        document = etree.parse(context_xml, self.parser)
+
+        self.enable_session(document)
+
+        with open(context_xml, 'w') as f:
+            f.write(etree.tostring(document, pretty_print=True))
+
+    def enable_session(self, document):
+
+        context = document.getroot()
+        valves = context.findall('Valve')
+        authenticator = None
+
+        # Find existing authenticator
+        for valve in valves:
+            className = valve.get('className')
+            if className != 'com.netscape.cms.tomcat.SSLAuthenticatorWithFallback':
+                continue
+
+            # Found existing authenticator
+            authenticator = valve
+            break
+
+        if authenticator is None:
+            raise Exception('Missing SSLAuthenticatorWithFallback')
+
+        # Update authenticator's attributes
+        authenticator.set('alwaysUseSession', 'true')
diff --git a/base/tks/shared/webapps/tks/META-INF/context.xml b/base/tks/shared/webapps/tks/META-INF/context.xml
index 032fd14c9aa5aaec910464c31d06b907dd0df212..e838503a64e5442e114cf4e18f616fdffe39b647 100644
--- a/base/tks/shared/webapps/tks/META-INF/context.xml
+++ b/base/tks/shared/webapps/tks/META-INF/context.xml
@@ -28,7 +28,9 @@
         secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/>
 
     <Valve className="com.netscape.cms.tomcat.SSLAuthenticatorWithFallback"
-        secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/>
+        alwaysUseSession="true"
+        secureRandomProvider="Mozilla-JSS"
+        secureRandomAlgorithm="pkcs11prng"/>
 
     <Realm className="com.netscape.cms.tomcat.ProxyRealm" />
 
diff --git a/base/tps/shared/webapps/tps/META-INF/context.xml b/base/tps/shared/webapps/tps/META-INF/context.xml
index 032fd14c9aa5aaec910464c31d06b907dd0df212..e838503a64e5442e114cf4e18f616fdffe39b647 100644
--- a/base/tps/shared/webapps/tps/META-INF/context.xml
+++ b/base/tps/shared/webapps/tps/META-INF/context.xml
@@ -28,7 +28,9 @@
         secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/>
 
     <Valve className="com.netscape.cms.tomcat.SSLAuthenticatorWithFallback"
-        secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/>
+        alwaysUseSession="true"
+        secureRandomProvider="Mozilla-JSS"
+        secureRandomAlgorithm="pkcs11prng"/>
 
     <Realm className="com.netscape.cms.tomcat.ProxyRealm" />
 
-- 
1.8.1.4


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]