From b4347084e72ba7d8f7f4a559d41c400dff9f15c3 Mon Sep 17 00:00:00 2001 From: Janne Valkealahti Date: Wed, 18 Mar 2015 09:59:56 +0000 Subject: [PATCH] Fix jdk8 javadoc errors - Fixes #14 - Fixing javadoc formatting - Some polish --- .../kerberos/GlobalSunJaasKerberosConfig.java | 7 ++++- .../kerberos/KerberosServiceRequestToken.java | 29 ++++++++++--------- .../SunJaasKerberosTicketValidator.java | 6 ++-- .../SpnegoAuthenticationProcessingFilter.java | 22 +++++++------- .../extensions/kerberos/test/MiniKdc.java | 24 ++++++--------- 5 files changed, 43 insertions(+), 45 deletions(-) diff --git a/spring-security-kerberos-core/src/main/java/org/springframework/security/extensions/kerberos/GlobalSunJaasKerberosConfig.java b/spring-security-kerberos-core/src/main/java/org/springframework/security/extensions/kerberos/GlobalSunJaasKerberosConfig.java index 78ce52f..e9903eb 100644 --- a/spring-security-kerberos-core/src/main/java/org/springframework/security/extensions/kerberos/GlobalSunJaasKerberosConfig.java +++ b/spring-security-kerberos-core/src/main/java/org/springframework/security/extensions/kerberos/GlobalSunJaasKerberosConfig.java @@ -31,6 +31,7 @@ public class GlobalSunJaasKerberosConfig implements BeanPostProcessor, Initializ private String krbConfLocation; + @Override public void afterPropertiesSet() throws Exception { if (debug) { System.setProperty("sun.security.krb5.debug", "true"); @@ -43,6 +44,8 @@ public class GlobalSunJaasKerberosConfig implements BeanPostProcessor, Initializ /** * Enable debug logs from the Sun Kerberos Implementation. Default is false. + * + * @param debug true if debug should be enabled */ public void setDebug(boolean debug) { this.debug = debug; @@ -51,7 +54,7 @@ public class GlobalSunJaasKerberosConfig implements BeanPostProcessor, Initializ /** * Kerberos config file location can be specified here. * - * @param krbConfLocation + * @param krbConfLocation the path to krb config file */ public void setKrbConfLocation(String krbConfLocation) { this.krbConfLocation = krbConfLocation; @@ -61,10 +64,12 @@ public class GlobalSunJaasKerberosConfig implements BeanPostProcessor, Initializ // is created before any other bean is created, because the system properties needed to be set very early // in the startup-phase, but after the BeanFactoryPostProcessing. + @Override public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException { return bean; } + @Override public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException { return bean; } diff --git a/spring-security-kerberos-core/src/main/java/org/springframework/security/extensions/kerberos/KerberosServiceRequestToken.java b/spring-security-kerberos-core/src/main/java/org/springframework/security/extensions/kerberos/KerberosServiceRequestToken.java index 1cc5f04..64575be 100644 --- a/spring-security-kerberos-core/src/main/java/org/springframework/security/extensions/kerberos/KerberosServiceRequestToken.java +++ b/spring-security-kerberos-core/src/main/java/org/springframework/security/extensions/kerberos/KerberosServiceRequestToken.java @@ -33,10 +33,10 @@ import org.springframework.security.extensions.kerberos.KerberosTicketValidator. import org.springframework.security.extensions.kerberos.web.SpnegoAuthenticationProcessingFilter; /** - * Holds the Kerberos/SPNEGO token for requesting a kerberized service and is - * also the output of KerberosServiceAuthenticationProvider.
- * Will mostly be created in SpnegoAuthenticationProcessingFilter - * and authenticated in KerberosServiceAuthenticationProvider. + *

Holds the Kerberos/SPNEGO token for requesting a kerberized service and is + * also the output of KerberosServiceAuthenticationProvider.

+ *

Will mostly be created in SpnegoAuthenticationProcessingFilter + * and authenticated in KerberosServiceAuthenticationProvider.

* * This token cannot be re-authenticated, as you will get a Kerberos Reply * error. @@ -78,7 +78,7 @@ public class KerberosServiceRequestToken extends AbstractAuthenticationToken { /** * Creates an unauthenticated instance which should then be authenticated by - * KerberosServiceAuthenticationProvider/code>. + * KerberosServiceAuthenticationProvider. * * @param token Kerberos/SPNEGO token * @see KerberosServiceAuthenticationProvider @@ -130,6 +130,7 @@ public class KerberosServiceRequestToken extends AbstractAuthenticationToken { /** * Returns the Kerberos token + * @return the token data */ public byte[] getToken() { return this.token; @@ -176,7 +177,7 @@ public class KerberosServiceRequestToken extends AbstractAuthenticationToken { * @param offset data offset * @param length data length * @return the decrypted message - * @throws PrivilegedActionException + * @throws PrivilegedActionException if jaas throws and error */ public byte[] decrypt(final byte[] data, final int offset, final int length) throws PrivilegedActionException { return Subject.doAs(getTicketValidation().subject(), new PrivilegedExceptionAction() { @@ -190,9 +191,9 @@ public class KerberosServiceRequestToken extends AbstractAuthenticationToken { /** * Unwraps an encrypted message using the gss context * - * @param data + * @param data the data * @return the decrypted message - * @throws PrivilegedActionException + * @throws PrivilegedActionException if jaas throws and error */ public byte[] decrypt(final byte[] data) throws PrivilegedActionException { return decrypt(data, 0, data.length); @@ -201,11 +202,11 @@ public class KerberosServiceRequestToken extends AbstractAuthenticationToken { /** * Wraps an message using the gss context * - * @param data - * @param offset - * @param length + * @param data the data + * @param offset data offset + * @param length data length * @return the encrypted message - * @throws PrivilegedActionException + * @throws PrivilegedActionException if jaas throws and error */ public byte[] encrypt(final byte[] data, final int offset, final int length) throws PrivilegedActionException { return Subject.doAs(getTicketValidation().subject(), new PrivilegedExceptionAction() { @@ -219,9 +220,9 @@ public class KerberosServiceRequestToken extends AbstractAuthenticationToken { /** * Wraps an message using the gss context * - * @param data + * @param data the data * @return the encrypted message - * @throws PrivilegedActionException + * @throws PrivilegedActionException if jaas throws and error */ public byte[] encrypt(final byte[] data) throws PrivilegedActionException { return encrypt(data, 0, data.length); diff --git a/spring-security-kerberos-core/src/main/java/org/springframework/security/extensions/kerberos/SunJaasKerberosTicketValidator.java b/spring-security-kerberos-core/src/main/java/org/springframework/security/extensions/kerberos/SunJaasKerberosTicketValidator.java index 59ff0cf..facb3bc 100644 --- a/spring-security-kerberos-core/src/main/java/org/springframework/security/extensions/kerberos/SunJaasKerberosTicketValidator.java +++ b/spring-security-kerberos-core/src/main/java/org/springframework/security/extensions/kerberos/SunJaasKerberosTicketValidator.java @@ -105,12 +105,12 @@ public class SunJaasKerberosTicketValidator implements KerberosTicketValidator, } /** - * The location of the keytab. You can use the normale Spring Resource + *

The location of the keytab. You can use the normale Spring Resource * prefixes like file: or classpath:, but as the * file is later on read by JAAS, we cannot guarantee that classpath * works in every environment, esp. not in Java EE application servers. You - * should use file: there.
- *
+ * should use file: there. + * * This file also needs special protection, which is another reason to * not include it in the classpath but rather use file:/etc/http.keytab * for example. diff --git a/spring-security-kerberos-core/src/main/java/org/springframework/security/extensions/kerberos/web/SpnegoAuthenticationProcessingFilter.java b/spring-security-kerberos-core/src/main/java/org/springframework/security/extensions/kerberos/web/SpnegoAuthenticationProcessingFilter.java index d6bccd9..39a25aa 100644 --- a/spring-security-kerberos-core/src/main/java/org/springframework/security/extensions/kerberos/web/SpnegoAuthenticationProcessingFilter.java +++ b/spring-security-kerberos-core/src/main/java/org/springframework/security/extensions/kerberos/web/SpnegoAuthenticationProcessingFilter.java @@ -46,9 +46,7 @@ import org.springframework.web.filter.GenericFilterBean; * and creates a {@link KerberosServiceRequestToken} out if it. It will then * call the {@link AuthenticationManager}. * - *

- * A typical Spring Security configuration might look like this: - *

+ *

A typical Spring Security configuration might look like this:

* *
  * <beans xmlns="http://www.springframework.org/schema/beans"
@@ -94,10 +92,10 @@ import org.springframework.web.filter.GenericFilterBean;
  * </beans>
  * 
* - * If you get a "GSSException: Channel binding mismatch (Mechanism + *

If you get a "GSSException: Channel binding mismatch (Mechanism * level:ChannelBinding not provided!) have a look at this bug.
- * A workaround unti this is fixed in the JVM is to change + * href="http://bugs.sun.com/view_bug.do?bug_id=6851973">bug.

+ *

A workaround unti this is fixed in the JVM is to change

* HKEY_LOCAL_MACHINE\System * \CurrentControlSet\Control\LSA\SuppressExtendedProtection to 0x02 * @@ -186,9 +184,9 @@ public class SpnegoAuthenticationProcessingFilter extends GenericFilterBean { } /** - * This handler is called after a successful authentication. One can add - * additional authentication behavior by setting this.
- * Default is null, which means nothing additional happens + *

This handler is called after a successful authentication. One can add + * additional authentication behavior by setting this.

+ *

Default is null, which means nothing additional happens

* * @param successHandler the authentication success handler */ @@ -197,12 +195,12 @@ public class SpnegoAuthenticationProcessingFilter extends GenericFilterBean { } /** - * This handler is called after a failure authentication. In most cases you + *

This handler is called after a failure authentication. In most cases you * only get Kerberos/SPNEGO failures with a wrong server or network * configurations and not during runtime. If the client encounters an error, * he will just stop the communication with server and therefore this - * handler will not be called in this case.
- * Default is null, which means that the Filter returns the HTTP 500 code + * handler will not be called in this case.

+ *

Default is null, which means that the Filter returns the HTTP 500 code

* * @param failureHandler the authentication failure handler */ diff --git a/spring-security-kerberos-test/src/main/java/org/springframework/security/extensions/kerberos/test/MiniKdc.java b/spring-security-kerberos-test/src/main/java/org/springframework/security/extensions/kerberos/test/MiniKdc.java index 41a0cb1..79a6ee3 100644 --- a/spring-security-kerberos-test/src/main/java/org/springframework/security/extensions/kerberos/test/MiniKdc.java +++ b/spring-security-kerberos-test/src/main/java/org/springframework/security/extensions/kerberos/test/MiniKdc.java @@ -74,22 +74,20 @@ import java.util.Set; import java.util.UUID; /** - * Mini KDC based on Apache Directory Server that can be embedded in testcases - * or used from command line as a standalone KDC. - *

+ *

Mini KDC based on Apache Directory Server that can be embedded in testcases + * or used from command line as a standalone KDC.

* From within testcases: - *

- * MiniKdc sets 2 System properties when started and un-sets them when stopped: + *

MiniKdc sets 2 System properties when started and un-sets them when stopped:

*
    *
  • java.security.krb5.conf: set to the MiniKDC real/host/port
  • *
  • sun.security.krb5.debug: set to the debug value provided in the * configuration
  • *
- * Because of this, multiple MiniKdc instances cannot be started in parallel. + *

Because of this, multiple MiniKdc instances cannot be started in parallel. * For example, running testcases in parallel that start a KDC each. To * accomplish this a single MiniKdc should be used for all testcases running in - * parallel. - *

+ * parallel.

+ * * MiniKdc default configuration values are: *
    *
  • org.name=EXAMPLE (used to create the REALM)
  • @@ -103,7 +101,6 @@ import java.util.UUID; *
  • debug=false
  • *
* The generated krb5.conf forces TCP connections. - *

* * @author Original Hadoop MiniKdc Authors * @author Janne Valkealahti @@ -208,10 +205,9 @@ public class MiniKdc { } /** - * Convenience method that returns MiniKdc default configuration. - *

- * The returned configuration is a copy, it can be customized before using - * it to create a MiniKdc. + *

Convenience method that returns MiniKdc default configuration.

+ *

The returned configuration is a copy, it can be customized before using + * it to create a MiniKdc.

* * @return a MiniKdc default configuration. */ @@ -466,8 +462,6 @@ public class MiniKdc { /** * Stops the MiniKdc - * - * @throws Exception */ public synchronized void stop() { if (kdc != null) {