Issue #5272 WIP

Signed-off-by: Jan Bartel <[email protected]>

jetty-jaas/src/main/java/org/eclipse/jetty/jaas/spi/LdapLoginModule.java

@@ -202,12 +202,12 @@ public List<String> doFetchRoles() throws Exception
             return getUserRoles(_rootContext, getUserName(), attributes);
         }
     }
-    
+
     public class LDAPBindingUser extends User
     {   
-       DirContext _context;
-       String _userDn;
-        
+        DirContext _context;
+        String _userDn;
+
         public LDAPBindingUser(UserPrincipal user, DirContext context, String userDn)
         {
             super(user);
@@ -547,8 +547,6 @@ public boolean bindingLogin(String username, Object password) throws LoginExcept
             LDAPBindingUser userInfo = new LDAPBindingUser(new UserPrincipal(username, null), dirContext, userDn);
             setCurrentUser(new JAASUser(userInfo));
             setAuthenticated(true);
-            userInfo.fetchRoles();
-            //TO DO TO DO TO DO
             return true;
         }
         catch (javax.naming.AuthenticationException e)

jetty-jaas/src/test/java/org/eclipse/jetty/jaas/TestLoginModule.java

@@ -23,7 +23,8 @@
 
 import org.eclipse.jetty.jaas.callback.ServletRequestCallback;
 import org.eclipse.jetty.jaas.spi.AbstractLoginModule;
-import org.eclipse.jetty.jaas.spi.JAASUser;
+import org.eclipse.jetty.jaas.spi.User;
+import org.eclipse.jetty.security.UserPrincipal;
 import org.eclipse.jetty.util.ArrayUtil;
 import org.eclipse.jetty.util.security.Password;
 
@@ -35,8 +36,8 @@ public class TestLoginModule extends AbstractLoginModule
 
     @Override
     public JAASUser getUser(String username) throws Exception
-    {
-        return new JAASUser(username, new Password("aaa"));
+    {        
+        return new JAASUser(new User(new UserPrincipal(username, new Password("aaa"))));
     }
 
     @Override

jetty-jaspi/src/test/java/org/eclipse/jetty/security/jaspi/JaspiTest.java

@@ -19,16 +19,22 @@
 package org.eclipse.jetty.security.jaspi;
 
 import java.io.IOException;
+import java.util.Arrays;
 import java.util.Base64;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
+import java.util.stream.Collectors;
+
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.eclipse.jetty.security.AbstractLoginService;
 import org.eclipse.jetty.security.ConstraintMapping;
 import org.eclipse.jetty.security.ConstraintSecurityHandler;
+import org.eclipse.jetty.security.RolePrincipal;
+import org.eclipse.jetty.security.UserPrincipal;
 import org.eclipse.jetty.server.LocalConnector;
 import org.eclipse.jetty.server.Request;
 import org.eclipse.jetty.server.Server;
@@ -55,7 +61,7 @@ public class JaspiTest
     public class TestLoginService extends AbstractLoginService
     {
         protected Map<String, UserPrincipal> _users = new HashMap<>();
-        protected Map<String, String[]> _roles = new HashMap();
+        protected Map<String, List<RolePrincipal>> _roles = new HashMap<>();
 
         public TestLoginService(String name)
         {
@@ -66,21 +72,19 @@ public void putUser(String username, Credential credential, String[] roles)
         {
             UserPrincipal userPrincipal = new UserPrincipal(username, credential);
             _users.put(username, userPrincipal);
-            _roles.put(username, roles);
+            if (roles != null)
+            {
+                List<RolePrincipal> rps = Arrays.stream(roles).map(RolePrincipal::new).collect(Collectors.toList());
+                _roles.put(username, rps);
+            }
         }
 
-        /**
-         * @see org.eclipse.jetty.security.AbstractLoginService#loadRoleInfo(org.eclipse.jetty.security.AbstractLoginService.UserPrincipal)
-         */
         @Override
-        protected String[] loadRoleInfo(UserPrincipal user)
+        protected List<RolePrincipal> loadRoleInfo(UserPrincipal user)
         {
             return _roles.get(user.getName());
         }
 
-        /**
-         * @see org.eclipse.jetty.security.AbstractLoginService#loadUserInfo(java.lang.String)
-         */
         @Override
         protected UserPrincipal loadUserInfo(String username)
         {

jetty-plus/src/main/java/org/eclipse/jetty/plus/security/DataSourceLoginService.java

@@ -27,6 +27,9 @@
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Locale;
+import java.util.stream.Collectors;
+
+import javax.management.relation.RoleStatus;
 import javax.naming.InitialContext;
 import javax.naming.NameNotFoundException;
 import javax.naming.NamingException;
@@ -35,6 +38,8 @@
 import org.eclipse.jetty.plus.jndi.NamingEntryUtil;
 import org.eclipse.jetty.security.AbstractLoginService;
 import org.eclipse.jetty.security.IdentityService;
+import org.eclipse.jetty.security.RolePrincipal;
+import org.eclipse.jetty.security.UserPrincipal;
 import org.eclipse.jetty.server.Server;
 import org.eclipse.jetty.util.log.Log;
 import org.eclipse.jetty.util.log.Logger;
@@ -264,7 +269,7 @@ public UserPrincipal loadUserInfo(String username)
     }
 
     @Override
-    public String[] loadRoleInfo(UserPrincipal user)
+    public List<RolePrincipal> loadRoleInfo(UserPrincipal user)
     {
         DBUserPrincipal dbuser = (DBUserPrincipal)user;
 
@@ -284,7 +289,7 @@ public String[] loadRoleInfo(UserPrincipal user)
                         roles.add(rs2.getString(_roleTableRoleField));
                     }
 
-                    return roles.toArray(new String[roles.size()]);
+                    return roles.stream().map(RolePrincipal::new).collect(Collectors.toList());
                 }
             }
         }

jetty-security/src/main/java/org/eclipse/jetty/security/AbstractLoginService.java

@@ -30,6 +30,9 @@
 
 /**
  * AbstractLoginService
+ * 
+ * Base class for LoginServices that allows subclasses to provide the user authentication and authorization information,
+ * but provides common behaviour such as handling authentication. 
  */
 public abstract class AbstractLoginService extends ContainerLifeCycle implements LoginService
 {
@@ -48,9 +51,6 @@ protected AbstractLoginService()
         addBean(_identityService);
     }
 
-    /**
-     * @see org.eclipse.jetty.security.LoginService#getName()
-     */
     @Override
     public String getName()
     {
@@ -89,9 +89,6 @@ public String toString()
         return String.format("%s@%x[%s]", this.getClass().getSimpleName(), hashCode(), _name);
     }
 
-    /**
-     * @see org.eclipse.jetty.security.LoginService#login(java.lang.String, java.lang.Object, javax.servlet.ServletRequest)
-     */
     @Override
     public UserIdentity login(String username, Object credentials, ServletRequest request)
     {
@@ -123,9 +120,6 @@ public UserIdentity login(String username, Object credentials, ServletRequest re
         return null;
     }
 
-    /**
-     * @see org.eclipse.jetty.security.LoginService#validate(org.eclipse.jetty.server.UserIdentity)
-     */
     @Override
     public boolean validate(UserIdentity user)
     {
@@ -145,18 +139,12 @@ public boolean validate(UserIdentity user)
         throw new IllegalStateException("UserPrincipal not known"); //can't validate
     }
 
-    /**
-     * @see org.eclipse.jetty.security.LoginService#getIdentityService()
-     */
     @Override
     public IdentityService getIdentityService()
     {
         return _identityService;
     }
 
-    /**
-     * @see org.eclipse.jetty.security.LoginService#logout(org.eclipse.jetty.server.UserIdentity)
-     */
     @Override
     public void logout(UserIdentity user)
     {

jetty-security/src/main/java/org/eclipse/jetty/security/HashLoginService.java

@@ -25,12 +25,8 @@
 import org.eclipse.jetty.util.resource.Resource;
 
 /**
- * Properties User Realm.
- * <p>
- * An implementation of UserRealm that stores users and roles in-memory in HashMaps.
- * <p>
- * Typically these maps are populated by calling the load() method or passing a properties resource to the constructor. The format of the properties file is:
- *
+ * An implementation of a LoginService that stores users and roles in-memory in HashMaps.
+ * The source of the users and roles information is a properties file formatted like so:
  * <pre>
  *  username: password [,rolename ...]
  * </pre>
@@ -76,7 +72,7 @@ public Resource getConfigResource()
     }
 
     /**
-     * Load realm users from properties file.
+     * Load users from properties file.
      * <p>
      * The property file maps usernames to password specs followed by an optional comma separated list of role names.
      * </p>
@@ -136,9 +132,6 @@ protected UserPrincipal loadUserInfo(String userName)
         return _userStore.getUserPrincipal(userName);
     }
 
-    /**
-     * @see org.eclipse.jetty.util.component.AbstractLifeCycle#doStart()
-     */
     @Override
     protected void doStart() throws Exception
     {
@@ -166,7 +159,6 @@ UserStore getUserStore()
     }
 
     /**
-     * To facilitate testing.
      *
      * @return true if a UserStore has been created from a config, false if a UserStore was provided.
      */

jetty-security/src/main/java/org/eclipse/jetty/security/User.java

@@ -1,3 +1,21 @@
+//
+//  ========================================================================
+//  Copyright (c) 1995-2020 Mort Bay Consulting Pty Ltd and others.
+//  ------------------------------------------------------------------------
+//  All rights reserved. This program and the accompanying materials
+//  are made available under the terms of the Eclipse Public License v1.0
+//  and Apache License v2.0 which accompanies this distribution.
+//
+//      The Eclipse Public License is available at
+//      http://www.eclipse.org/legal/epl-v10.html
+//
+//      The Apache License v2.0 is available at
+//      http://www.opensource.org/licenses/apache2.0.php
+//
+//  You may elect to redistribute this code under either of these licenses.
+//  ========================================================================
+//
+
 package org.eclipse.jetty.security;
 
 import java.util.Arrays;
@@ -31,4 +49,4 @@ protected List<RolePrincipal> getRolePrincipals()
     {
         return _rolePrincipals;
     }
-}
+}