Skip to content

O
Openfire
Commit 5e3f4161 authored by Dave Cridland's avatar Dave Cridland
Browse files
Options

Merge pull request #237 from dwd/proxy-auth 

Add Proxy Authorization to DefaultAuthorizationPolicy
parents 900f73ce 7d4fb62e
Show whitespace changes
Inline Side-by-side
Showing with 15 additions and 9 deletions
src/java/org/jivesoftware/openfire/auth/DefaultAuthorizationPolicy.java
View file @ 5e3f4161
...@@ -23,6 +23,7 @@ package org.jivesoftware.openfire.auth; ...@@ -23,6 +23,7 @@ package org.jivesoftware.openfire.auth;
import java.util.StringTokenizer; import java.util.StringTokenizer;
import java.util.Vector; import java.util.Vector;
import org.jivesoftware.openfire.admin.AdminManager;
import org.jivesoftware.util.JiveGlobals; import org.jivesoftware.util.JiveGlobals;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
...@@ -62,9 +63,11 @@ public class DefaultAuthorizationPolicy implements AuthorizationPolicy { ...@@ -62,9 +63,11 @@ public class DefaultAuthorizationPolicy implements AuthorizationPolicy {
private static final Logger Log = LoggerFactory.getLogger(DefaultAuthorizationPolicy.class); private static final Logger Log = LoggerFactory.getLogger(DefaultAuthorizationPolicy.class);
private Vector<String> approvedRealms; private Vector<String> approvedRealms;
private boolean proxyAuth;
public DefaultAuthorizationPolicy() { public DefaultAuthorizationPolicy() {
approvedRealms = new Vector<String>(); approvedRealms = new Vector<String>();
proxyAuth = false;
String realmList = JiveGlobals.getProperty("sasl.approvedRealms"); String realmList = JiveGlobals.getProperty("sasl.approvedRealms");
if(realmList != null) { if(realmList != null) {
...@@ -73,6 +76,7 @@ public class DefaultAuthorizationPolicy implements AuthorizationPolicy { ...@@ -73,6 +76,7 @@ public class DefaultAuthorizationPolicy implements AuthorizationPolicy {
approvedRealms.add(st.nextToken()); approvedRealms.add(st.nextToken());
} }
} }
proxyAuth = JiveGlobals.getBooleanProperty("sasl.proxyAuth", false);
} }
/** /**
...@@ -100,6 +104,7 @@ public class DefaultAuthorizationPolicy implements AuthorizationPolicy { ...@@ -100,6 +104,7 @@ public class DefaultAuthorizationPolicy implements AuthorizationPolicy {
authenRealm = authenID.substring((authenID.lastIndexOf("@")+1)); authenRealm = authenID.substring((authenID.lastIndexOf("@")+1));
} }
if (!proxyAuth || !AdminManager.getInstance().isUserAdmin(authenUser, true)) {
if(!userUser.equals(authenUser)) { if(!userUser.equals(authenUser)) {
//for this policy the user portion of both must match, so lets short circut here if we can //for this policy the user portion of both must match, so lets short circut here if we can
if(JiveGlobals.getBooleanProperty("xmpp.auth.ignorecase",true)) { if(JiveGlobals.getBooleanProperty("xmpp.auth.ignorecase",true)) {
...@@ -114,6 +119,7 @@ public class DefaultAuthorizationPolicy implements AuthorizationPolicy { ...@@ -114,6 +119,7 @@ public class DefaultAuthorizationPolicy implements AuthorizationPolicy {
return false; return false;
} }
} }
}
Log.debug("DefaultAuthorizationPolicy: Checking authenID realm"); Log.debug("DefaultAuthorizationPolicy: Checking authenID realm");
// Next up, check if the authenID realm is acceptable. // Next up, check if the authenID realm is acceptable.
if(authenRealm != null) { if(authenRealm != null) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023