SLING-10193 set and remove JAAS config upon bundle activator start and stop
diff --git a/saml-handler/src/main/java/org/apache/sling/auth/saml2/Activator.java b/saml-handler/src/main/java/org/apache/sling/auth/saml2/Activator.java
index e438371..a97c94c 100644
--- a/saml-handler/src/main/java/org/apache/sling/auth/saml2/Activator.java
+++ b/saml-handler/src/main/java/org/apache/sling/auth/saml2/Activator.java
@@ -24,16 +24,29 @@
import org.opensaml.xmlsec.config.impl.JavaCryptoValidationInitializer;
import org.osgi.framework.BundleActivator;
import org.osgi.framework.BundleContext;
+import org.osgi.framework.FrameworkUtil;
+import org.osgi.framework.InvalidSyntaxException;
+import org.osgi.framework.ServiceReference;
import org.osgi.framework.wiring.BundleWiring;
+import org.osgi.service.cm.Configuration;
+import org.osgi.service.cm.ConfigurationAdmin;
+import org.osgi.service.component.annotations.Reference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import java.security.*;
+
+import java.io.IOException;
+import java.security.Provider;
+import java.security.Security;
+import java.util.Dictionary;
+import java.util.Hashtable;
public class Activator implements BundleActivator {
private static final Logger logger = LoggerFactory.getLogger(BundleActivator.class);
- public void start(BundleContext context) throws Exception {
+ private ConfigurationAdmin configAdmin;
+
+ public void start(BundleContext context) throws IOException, InvalidSyntaxException {
// Classloading
BundleWiring bundleWiring = context.getBundle().adapt(BundleWiring.class);
ClassLoader loader = bundleWiring.getClassLoader();
@@ -47,11 +60,16 @@
} finally {
thread.setContextClassLoader(loader);
}
- // TODO add the Jaas config related to SAML2 so it's one less thing to configure
+ setConfigAdmin(context);
+ if ( needsSamlJaas()){
+ configureSamlJaas();
+ }
}
- public void stop(BundleContext context) throws Exception {
- // TODO remove the Jaas config related to SAML2 so authentication in general isn't broken when bundle is deactivated
+ public void stop(BundleContext context) throws IOException, InvalidSyntaxException {
+ if (configAdmin != null){
+ removeSamlJaas();
+ }
}
public static void initializeOpenSaml() throws InitializationException{
@@ -63,4 +81,36 @@
logger.info(jceProvider.getInfo());
}
}
+
+ protected void configureSamlJaas() throws IOException {
+ Dictionary props = new Hashtable();
+ props.put("jaas.classname", "org.apache.sling.auth.saml2.sp.Saml2LoginModule");
+ props.put("jaas.controlFlag", "Sufficient");
+ props.put("jaas.realmName", "jackrabbit.oak");
+ props.put("jaas.ranking", 110);
+ configAdmin.createFactoryConfiguration("org.apache.felix.jaas.Configuration.factory", null).update(props);
+ }
+
+ protected boolean needsSamlJaas() throws IOException, InvalidSyntaxException {
+ Configuration[] configs = configAdmin.listConfigurations("(jaas.classname=org.apache.sling.auth.saml2.sp.Saml2LoginModule)");
+ if (configs == null){
+ return true;
+ }
+ return false;
+ }
+
+ protected void removeSamlJaas() throws IOException, InvalidSyntaxException {
+ Configuration[] configs = configAdmin.listConfigurations("(jaas.classname=org.apache.sling.auth.saml2.sp.Saml2LoginModule)");
+ if (configs == null){
+ return;
+ }
+ for ( Configuration config : configs){
+ config.delete();
+ }
+ }
+
+ public void setConfigAdmin(BundleContext bundleContext) {
+ ServiceReference serviceReference = bundleContext.getServiceReference(ConfigurationAdmin.class.getName());
+ this.configAdmin = (ConfigurationAdmin) bundleContext.getService(serviceReference);
+ }
}
\ No newline at end of file
diff --git a/saml-handler/src/main/java/org/apache/sling/auth/saml2/impl/AuthenticationHandlerSAML2Impl.java b/saml-handler/src/main/java/org/apache/sling/auth/saml2/impl/AuthenticationHandlerSAML2Impl.java
index 1cb12a9..fb0a11a 100644
--- a/saml-handler/src/main/java/org/apache/sling/auth/saml2/impl/AuthenticationHandlerSAML2Impl.java
+++ b/saml-handler/src/main/java/org/apache/sling/auth/saml2/impl/AuthenticationHandlerSAML2Impl.java
@@ -24,13 +24,18 @@
import net.shibboleth.utilities.java.support.xml.ParserPool;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.sling.auth.core.AuthUtil;
+import org.apache.sling.auth.core.spi.AuthenticationHandler;
+import org.apache.sling.auth.core.spi.AuthenticationInfo;
import org.apache.sling.auth.saml2.AuthenticationHandlerSAML2;
import org.apache.sling.auth.saml2.AuthenticationHandlerSAML2Config;
import org.apache.sling.auth.saml2.Helpers;
import org.apache.sling.auth.saml2.SAML2RuntimeException;
import org.apache.sling.auth.saml2.Saml2User;
import org.apache.sling.auth.saml2.Saml2UserMgtService;
-import org.apache.sling.auth.saml2.sp.*;
+import org.apache.sling.auth.saml2.sp.KeyPairCredentials;
+import org.apache.sling.auth.saml2.sp.SamlReason;
+import org.apache.sling.auth.saml2.sp.SessionStorage;
+import org.apache.sling.auth.saml2.sp.VerifySignatureCredentials;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.schema.XSString;
@@ -40,10 +45,20 @@
import org.opensaml.saml.common.messaging.context.SAMLBindingContext;
import org.opensaml.saml.common.messaging.context.SAMLEndpointContext;
import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext;
+import org.opensaml.saml.common.xml.SAMLConstants;
import org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder;
import org.opensaml.saml.saml2.binding.encoding.impl.HTTPRedirectDeflateEncoder;
-import org.opensaml.saml.saml2.core.*;
-import org.opensaml.saml.common.xml.SAMLConstants;
+import org.opensaml.saml.saml2.core.Assertion;
+import org.opensaml.saml.saml2.core.Attribute;
+import org.opensaml.saml.saml2.core.AuthnRequest;
+import org.opensaml.saml.saml2.core.EncryptedAssertion;
+import org.opensaml.saml.saml2.core.Issuer;
+import org.opensaml.saml.saml2.core.NameIDPolicy;
+import org.opensaml.saml.saml2.core.NameIDType;
+import org.opensaml.saml.saml2.core.RequestAbstractType;
+import org.opensaml.saml.saml2.core.Response;
+import org.opensaml.saml.saml2.core.SubjectConfirmation;
+import org.opensaml.saml.saml2.core.SubjectConfirmationData;
import org.opensaml.saml.saml2.encryption.Decrypter;
import org.opensaml.saml.saml2.metadata.Endpoint;
import org.opensaml.saml.saml2.metadata.SingleLogoutService;
@@ -61,13 +76,16 @@
import org.osgi.framework.BundleContext;
import org.osgi.framework.FrameworkUtil;
import org.osgi.framework.wiring.BundleWiring;
-import org.apache.sling.auth.core.spi.AuthenticationHandler;
-import org.apache.sling.auth.core.spi.AuthenticationInfo;
import org.osgi.service.component.ComponentContext;
-import org.osgi.service.component.annotations.*;
+import org.osgi.service.component.annotations.Activate;
+import org.osgi.service.component.annotations.Component;
+import org.osgi.service.component.annotations.ConfigurationPolicy;
+import org.osgi.service.component.annotations.Modified;
+import org.osgi.service.component.annotations.Reference;
import org.osgi.service.metatype.annotations.Designate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+
import javax.jcr.RepositoryException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -128,7 +146,7 @@
@Activate @Modified
protected void activate(final AuthenticationHandlerSAML2Config config, ComponentContext componentContext)
- throws InvalidKeyException, NoSuchAlgorithmException, IllegalStateException, UnsupportedEncodingException {
+ throws InvalidKeyException, NoSuchAlgorithmException, IllegalStateException, IOException {
this.setConfigs(config);
final File tokenFile = getTokenFile(componentContext.getBundleContext());
initializeTokenStore(tokenFile);
diff --git a/saml-handler/src/test/java/org/apache/sling/auth/saml2/SamlHandlerIT.java b/saml-handler/src/test/java/org/apache/sling/auth/saml2/SamlHandlerIT.java
index 1a10cbd..63db979 100644
--- a/saml-handler/src/test/java/org/apache/sling/auth/saml2/SamlHandlerIT.java
+++ b/saml-handler/src/test/java/org/apache/sling/auth/saml2/SamlHandlerIT.java
@@ -190,12 +190,6 @@
factoryConfiguration("org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended")
.put("user.mapping", new String[]{"org.apache.sling.auth.saml2:Saml2UserMgtService=saml2-user-mgt"})
.asOption(),
- factoryConfiguration("org.apache.felix.jaas.Configuration.factory")
- .put("jaas.classname", "org.apache.sling.auth.saml2.sp.Saml2LoginModule")
- .put("jaas.controlFlag", "Sufficient")
- .put("jaas.realmName", "jackrabbit.oak")
- .put("jaas.ranking", 110)
- .asOption(),
newConfiguration("org.apache.sling.engine.impl.auth.SlingAuthenticator")
.put("auth.annonymous", false)
.asOption(),
diff --git a/saml-handler/src/test/java/org/apache/sling/auth/saml2/impl/OsgiSamlTest.java b/saml-handler/src/test/java/org/apache/sling/auth/saml2/impl/OsgiSamlTest.java
index 0a0d5f1..e4dc435 100644
--- a/saml-handler/src/test/java/org/apache/sling/auth/saml2/impl/OsgiSamlTest.java
+++ b/saml-handler/src/test/java/org/apache/sling/auth/saml2/impl/OsgiSamlTest.java
@@ -106,10 +106,6 @@
try {
bundleContext = MockOsgi.newBundleContext();
ResourceResolverFactory mockFactory = Mockito.mock(ResourceResolverFactory.class);
-// Saml2UserMgtService saml2UserMgtService = new Saml2UserMgtServiceImpl();
-// MockOsgi.injectServices(mockFactory, bundleContext);
-// MockOsgi.injectServices(saml2UserMgtService, bundleContext);
-// MockOsgi.activate(saml2UserMgtService, bundleContext);
osgiContext.registerService(ResourceResolverFactory.class, mockFactory);
userMgtService = osgiContext.registerService(new Saml2UserMgtServiceImpl());
samlHandler = osgiContext.registerInjectActivateService(new AuthenticationHandlerSAML2Impl());
