Index: tomcat/src/main/org/jboss/web/tomcat/security/authenticators/CustomNonLoginAuthenticator.java
===================================================================
--- tomcat/src/main/org/jboss/web/tomcat/security/authenticators/CustomNonLoginAuthenticator.java (revision 0)
+++ tomcat/src/main/org/jboss/web/tomcat/security/authenticators/CustomNonLoginAuthenticator.java (revision 0)
@@ -0,0 +1,116 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.jboss.web.tomcat.security.authenticators;
+
+import java.io.IOException;
+import java.security.Principal;
+
+import org.apache.catalina.authenticator.AuthenticatorBase;
+import org.apache.catalina.authenticator.Constants;
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.apache.catalina.deploy.LoginConfig;
+import org.jboss.logging.Logger;
+
+/**
+ * An Authenticator and Valve implementation that checks
+ * only security constraints not involving user authentication.
+ *
+ * @author Craig R. McClanahan
+ * @version $Revision$ $Date$
+ */
+
+public class CustomNonLoginAuthenticator extends AuthenticatorBase {
+
+ private static Logger log = Logger.getLogger(CustomNonLoginAuthenticator.class);
+
+ // ----------------------------------------------------- Instance Variables
+
+
+ /**
+ * Descriptive information about this implementation.
+ */
+ private static final String info =
+ "org.apache.catalina.authenticator.CustomNonLoginAuthenticator/1.0";
+
+
+ // ------------------------------------------------------------- Properties
+
+
+ /**
+ * Return descriptive information about this Valve implementation.
+ */
+ public String getInfo() {
+
+ return (info);
+
+ }
+
+
+ // --------------------------------------------------------- Public Methods
+
+
+ /**
+ * Authenticate the user making this request, based on the specified
+ * login configuration. Return true
if any specified
+ * constraint has been satisfied, or false
if we have
+ * created a response challenge already.
+ *
+ * @param request Request we are processing
+ * @param response Response we are creating
+ * @param config Login configuration describing how authentication
+ * should be performed
+ *
+ * @exception IOException if an input/output error occurs
+ */
+ public boolean authenticate(Request request,
+ Response response,
+ LoginConfig config)
+ throws IOException {
+
+ // Have we already authenticated someone?
+ Principal principal = request.getUserPrincipal();
+ String ssoId = (String) request.getNote(Constants.REQ_SSOID_NOTE);
+ if (principal != null) {
+ System.out.println("Already authenticated");
+ log.debug("Already authenticated '" + principal.getName() + "'");
+ // Associate the session with any existing SSO session
+ if (ssoId != null)
+ associate(ssoId, request.getSessionInternal(true));
+ return (true);
+ }
+
+ // Is there an SSO session against which we can try to reauthenticate?
+ if (ssoId != null) {
+ log.debug("SSO Id " + ssoId + " set; attempting reauthentication");
+
+ System.out.println("SSO Id " + ssoId + " set; attempting reauthentication");
+
+ // Try to reauthenticate using data cached by SSO. If this fails,
+ // either the original SSO logon was of DIGEST or SSL (which
+ // we can't reauthenticate ourselves because there is no
+ // cached username and password), or the realm denied
+ // the user's reauthentication for some reason.
+ // In either case we have to prompt the user for a logon */
+ if (reauthenticateFromSSO(ssoId, request))
+ return true;
+ }
+
+ return (true);
+ }
+}
\ No newline at end of file
Index: testsuite/imports/sections/web.xml
===================================================================
--- testsuite/imports/sections/web.xml (revision 114411)
+++ testsuite/imports/sections/web.xml (working copy)
@@ -440,6 +440,48 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
@@ -460,6 +502,10 @@
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
0 )
fail("get of "+indexURI+" redirected to login page");
}
+
+ public static void executeWebAuthLogin(HttpClient httpConn, String warURL) throws HttpException, IOException {
+
+ String path = "/TestServlet?operation=login&username=jduke&pass=theduke";
+ HttpMethod indexGet = null;
+ indexGet = new GetMethod(warURL + path);
+
+ int responseCode = httpConn.executeMethod(indexGet);
+ assertTrue("Get OK(" + responseCode + ")", responseCode == HttpURLConnection.HTTP_OK);
+
+ SSOBaseCase.checkAccessAllowed(httpConn, warURL +
+ "restricted/restricted.html");
+ }
+ public static void checkAccessDeniedWebAuth(HttpClient httpConn, String url) throws IOException, HttpException
+ {
+ GetMethod indexGet = new GetMethod(url);
+ int responseCode = httpConn.executeMethod(indexGet);
+ String body = indexGet.getResponseBodyAsString();
+ assertTrue("Access Denied", responseCode == HttpURLConnection.HTTP_FORBIDDEN);
+ }
+
public static void checkAccessDenied(HttpClient httpConn, String url) throws IOException, HttpException
{
GetMethod indexGet = new GetMethod(url);
Index: testsuite/src/resources/web/programmatic/WEB-INF/jbosstest-webauth.xml
===================================================================
--- testsuite/src/resources/web/programmatic/WEB-INF/jbosstest-webauth.xml (revision 0)
+++ testsuite/src/resources/web/programmatic/WEB-INF/jbosstest-webauth.xml (revision 0)
@@ -0,0 +1,44 @@
+
+
+
+
+ Programmatic Web Login Tests
+
+
+
+ TestServlet
+ org.jboss.test.web.servlets.ProgrammaticLoginTestServlet
+
+
+
+
+ TestServlet
+ /TestServlet
+
+
+
+
+ Restricted
+ Restricted Area
+ /restricted/*
+
+
+ Only authenticated users can access secure content
+ AuthorizedUser
+
+
+
+
+ NONE
+
+
+
+ An AuthorizedUser is one with a valid username and password
+ AuthorizedUser
+
+
+
Index: testsuite/src/resources/web/programmatic/WEB-INF/context.xml
===================================================================
--- testsuite/src/resources/web/programmatic/WEB-INF/context.xml (revision 0)
+++ testsuite/src/resources/web/programmatic/WEB-INF/context.xml (revision 0)
@@ -0,0 +1,5 @@
+
+
+
+
+
Index: testsuite/src/resources/web/sso/clustered-application.xml
===================================================================
--- testsuite/src/resources/web/sso/clustered-application.xml (revision 114411)
+++ testsuite/src/resources/web/sso/clustered-application.xml (working copy)
@@ -35,14 +35,26 @@
sso-form-auth5.war
/war5
-
-
-
- sso-with-no-auth.war
- /war6
-
+
+ sso-with-no-auth.war
+ /war6
+
+
+
jbosstest-web-ejbs.jar
+
+
+ sso-web-auth1.war
+ /webwar1
+
+
+
+
+ sso-web-auth2.war
+ /webwar2
+
+