Index: topia-security/src/java/org/codelutin/topia/security/jaas/TopiaConfiguration.java diff -u topia-security/src/java/org/codelutin/topia/security/jaas/TopiaConfiguration.java:1.2 topia-security/src/java/org/codelutin/topia/security/jaas/TopiaConfiguration.java:1.3 --- topia-security/src/java/org/codelutin/topia/security/jaas/TopiaConfiguration.java:1.2 Mon Sep 25 13:24:40 2006 +++ topia-security/src/java/org/codelutin/topia/security/jaas/TopiaConfiguration.java Thu Oct 5 07:49:44 2006 @@ -24,9 +24,9 @@ * Created: 20 févr. 2006 * * @author Arnaud Thimel - * @version $Revision: 1.2 $ + * @version $Revision: 1.3 $ * - * Mise a jour: $Date: 2006/09/25 13:24:40 $ + * Mise a jour: $Date: 2006/10/05 07:49:44 $ * par : $Author: ruchaud $ */ @@ -41,7 +41,7 @@ import javax.security.auth.login.AppConfigurationEntry; import javax.security.auth.login.Configuration; -import org.codelutin.topia.security.TopiaSecurityManager; +import org.codelutin.topia.security.TopiaSecurityManagerImpl; /** * Classe permettant de passer des paramètres entre le LoginModule et le @@ -61,7 +61,7 @@ * @param securityManagerPropertiesName * le nom du fichier de propriétés */ - public TopiaConfiguration(String name, TopiaSecurityManager securityManager) { + public TopiaConfiguration(String name, TopiaSecurityManagerImpl securityManager) { super(); appConfEntries = new HashMap(); addEntry(name, securityManager); @@ -76,7 +76,7 @@ * @param securityHelper * le nom du fichier de propriétés */ - private void addEntry(String name, TopiaSecurityManager securityManager) { + private void addEntry(String name, TopiaSecurityManagerImpl securityManager) { AppConfigurationEntry[] confEntries = getAppConfigurationEntry(name); if (confEntries != null) { int i = 0; @@ -117,7 +117,7 @@ * le SecurityHelper * @return l'entry créée */ - private AppConfigurationEntry createEntry(TopiaSecurityManager securityManager) { + private AppConfigurationEntry createEntry(TopiaSecurityManagerImpl securityManager) { return createEntry(securityManager, null); } @@ -130,7 +130,7 @@ * l'objet contenant les options précédentes * @return l'entry créée */ - private AppConfigurationEntry createEntry(TopiaSecurityManager securityManager, Map options) { + private AppConfigurationEntry createEntry(TopiaSecurityManagerImpl securityManager, Map options) { if (options == null) options = new HashMap(); options.put(SECURITY_MANAGER_KEY, securityManager); Index: topia-security/src/java/org/codelutin/topia/security/jaas/TopiaLoginModule.java diff -u topia-security/src/java/org/codelutin/topia/security/jaas/TopiaLoginModule.java:1.6 topia-security/src/java/org/codelutin/topia/security/jaas/TopiaLoginModule.java:1.7 --- topia-security/src/java/org/codelutin/topia/security/jaas/TopiaLoginModule.java:1.6 Mon Sep 25 13:24:40 2006 +++ topia-security/src/java/org/codelutin/topia/security/jaas/TopiaLoginModule.java Thu Oct 5 07:49:44 2006 @@ -24,9 +24,9 @@ * Created: 15 févr. 2006 * * @author Arnaud Thimel -* @version $Revision: 1.6 $ +* @version $Revision: 1.7 $ * -* Mise a jour: $Date: 2006/09/25 13:24:40 $ +* Mise a jour: $Date: 2006/10/05 07:49:44 $ * par : $Author: ruchaud $ */ @@ -51,7 +51,6 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.codelutin.topia.TopiaException; -import org.codelutin.topia.security.TopiaSecurityManager; import org.codelutin.topia.security.TopiaSecurityManagerImpl; import org.codelutin.topia.security.entities.user.TopiaGroup; import org.codelutin.topia.security.entities.user.TopiaUser; @@ -68,7 +67,7 @@ private Subject subject; private CallbackHandler callbackHandler; private Set principals; - private TopiaSecurityManager securityManager; + private TopiaSecurityManagerImpl securityManager; /* (non-Javadoc) * @see javax.security.auth.spi.LoginModule#initialize( @@ -82,7 +81,7 @@ this.subject = subject; this.callbackHandler = callbackHandler; this.principals = null; - this.securityManager = (TopiaSecurityManager)options.get(SECURITY_MANAGER_KEY); + this.securityManager = (TopiaSecurityManagerImpl)options.get(SECURITY_MANAGER_KEY); } /* (non-Javadoc) @@ -123,37 +122,43 @@ pc.clearPassword(); //Vérification du login/pass et récupération des Principal - TopiaUserDAO topiaUserDAO = ((TopiaSecurityManagerImpl)securityManager).getTopiaUserDAO(); - TopiaUser user = null; try { - user = topiaUserDAO.findByLogin(login); + TopiaUserDAO topiaUserDAO = securityManager.getTopiaUserDAO(); + TopiaUser user = topiaUserDAO.findByLogin(login); + + if(user != null && user.checkPassword(password)) { + // Récupération des principals + principals = new HashSet(); + + String topiaIdUser = user.getTopiaId(); + principals.add(new TopiaPrincipal(topiaIdUser)); + securityManager.putPermissionsCache(topiaIdUser); + securityManager.removeEntitiesLoadingCache(topiaIdUser); + + Collection groups = user.getTopiaGroup(); + if(groups != null) { + for(TopiaGroup group : groups) { + String topiaIdGroup = group.getTopiaId(); + principals.add(new TopiaPrincipal(topiaIdGroup)); + securityManager.putPermissionsCache(topiaIdGroup); + securityManager.removeEntitiesLoadingCache(topiaIdGroup); + } + } + } else { + // Echec d'authentification + principals = null; + throw new LoginException("Erreur lors de l'authentification " + login); + } } catch (TopiaException te) { // Echec de récupération de l'utilisateur if (log.isWarnEnabled()) { log.warn("Erreur lors de l'authentification", te); } - LoginException le = new LoginException( - "Erreur lors de l'authentification"); + LoginException le = new LoginException("Erreur lors de l'authentification"); le.initCause(te); throw le; } - - if(user != null && user.checkPassword(password)) { - // Récupération des principals - principals = new HashSet(); - principals.add(new org.codelutin.topia.security.jaas.TopiaPrincipal(user.getTopiaId())); - Collection groups = user.getTopiaGroup(); - if(groups != null) { - for(TopiaGroup group : groups) { - principals.add(new org.codelutin.topia.security.jaas.TopiaPrincipal(group.getTopiaId())); - } - } - } else { - // Echec d'authentification - principals = null; - throw new LoginException("Erreur lors de l'authentification " + login); - } - + return true; } Index: topia-security/src/java/org/codelutin/topia/security/jaas/TopiaPolicy.java diff -u topia-security/src/java/org/codelutin/topia/security/jaas/TopiaPolicy.java:1.7 topia-security/src/java/org/codelutin/topia/security/jaas/TopiaPolicy.java:1.8 --- topia-security/src/java/org/codelutin/topia/security/jaas/TopiaPolicy.java:1.7 Mon Sep 25 13:24:40 2006 +++ topia-security/src/java/org/codelutin/topia/security/jaas/TopiaPolicy.java Thu Oct 5 07:49:44 2006 @@ -24,30 +24,29 @@ * Created: 17 févr. 2006 * * @author Arnaud Thimel - * @version $Revision: 1.7 $ + * @version $Revision: 1.8 $ * - * Mise a jour: $Date: 2006/09/25 13:24:40 $ + * Mise a jour: $Date: 2006/10/05 07:49:44 $ * par : $Author: ruchaud $ */ package org.codelutin.topia.security.jaas; +import java.security.AccessController; import java.security.CodeSource; import java.security.Permission; import java.security.PermissionCollection; import java.security.Policy; +import java.security.Principal; import java.security.ProtectionDomain; -import java.util.Collection; -import java.util.HashMap; -import java.util.Map; +import java.util.Set; + +import javax.security.auth.Subject; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.codelutin.topia.TopiaException; -import org.codelutin.topia.security.TopiaSecurityManager; import org.codelutin.topia.security.TopiaSecurityManagerImpl; -import org.codelutin.topia.security.entities.authorization.TopiaAuthorization; -import org.codelutin.topia.security.entities.authorization.TopiaAuthorizationDAO; /** * Implantation d'un policy avec une prise en compte des permissions à la volée. @@ -57,16 +56,13 @@ private Log log = LogFactory.getLog(TopiaPolicy.class); - private TopiaSecurityManager securityManager; + private TopiaSecurityManagerImpl securityManagerImpl; protected Policy parentPolicy; - private Map permissionsCache; - - public TopiaPolicy(TopiaSecurityManager securityManager) { + public TopiaPolicy(TopiaSecurityManagerImpl securityManagerImpl) { super(); - this.securityManager = securityManager; - this.permissionsCache = new HashMap(); + this.securityManagerImpl = securityManagerImpl; } /** @@ -101,25 +97,30 @@ @Override public PermissionCollection getPermissions(ProtectionDomain domain) { PermissionCollection pc = parentPolicy.getPermissions(domain); - TopiaAuthorizationDAO authorizationDAO = ((TopiaSecurityManagerImpl)securityManager).getTopiaAuthorizationDAO(); - if (authorizationDAO != null) { - try { - Collection authorizations = authorizationDAO.findAll(); - Map newPermissionsCache = new HashMap(); - for (TopiaAuthorization authorization : authorizations) { - TopiaPermission topiaPermission = permissionsCache.get(authorization); - if(topiaPermission == null) { - topiaPermission = new TopiaPermission(authorization); + + /* Vérification dans le cache */ + Subject subject = Subject.getSubject(AccessController.getContext()); + if (subject != null) { + for (Principal principal : subject.getPrincipals()) { + String principalName = principal.getName(); + Set permissions = securityManagerImpl.getPermissionsCache(principalName); + if(permissions != null) { + for (Permission permission : permissions) { + pc.add(permission); + } + } else { + try { + securityManagerImpl.putPermissionsCache(principalName); + } catch (TopiaException e) { + log.error("Récupération des TopiaPermission impossible", e); } - newPermissionsCache.put(authorization, topiaPermission); - pc.add(topiaPermission); + } - permissionsCache.clear(); - permissionsCache = newPermissionsCache; - } catch (TopiaException te) { - log.error("Récupération des TopiaPermission impossible", te); } + } else { + log.error("Récupération des TopiaPermission impossible"); } + return pc; }