[gatein-commits] gatein SVN: r5991 - in components/sso/trunk: agent and 6 other directories.
do-not-reply at jboss.org
do-not-reply at jboss.org
Wed Mar 9 13:52:02 EST 2011
Author: sohil.shah at jboss.com
Date: 2011-03-09 13:52:02 -0500 (Wed, 09 Mar 2011)
New Revision: 5991
Added:
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/filter/InitiateLoginFilter.java
Removed:
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/GenericSSOAgent.java
Modified:
components/sso/trunk/agent/pom.xml
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/cas/CASAgent.java
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/josso/JOSSOAgent.java
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/login/SSOLoginModule.java
components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/opensso/OpenSSOAgent.java
components/sso/trunk/pom.xml
Log:
merging the sso-wci branch into trunk
Modified: components/sso/trunk/agent/pom.xml
===================================================================
--- components/sso/trunk/agent/pom.xml 2011-03-09 17:51:29 UTC (rev 5990)
+++ components/sso/trunk/agent/pom.xml 2011-03-09 18:52:02 UTC (rev 5991)
@@ -28,13 +28,13 @@
</dependency>
<dependency>
- <groupId>org.exoplatform.portal</groupId>
- <artifactId>exo.portal.component.web</artifactId>
- </dependency>
- <dependency>
<groupId>org.exoplatform.core</groupId>
<artifactId>exo.core.component.organization.api</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.gatein.wci</groupId>
+ <artifactId>wci-wci</artifactId>
+ </dependency>
<dependency>
<groupId>commons-httpclient</groupId>
Deleted: components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/GenericSSOAgent.java
===================================================================
--- components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/GenericSSOAgent.java 2011-03-09 17:51:29 UTC (rev 5990)
+++ components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/GenericSSOAgent.java 2011-03-09 18:52:02 UTC (rev 5991)
@@ -1,136 +0,0 @@
-/*
- * JBoss, a division of Red Hat
- * Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.gatein.sso.agent;
-
-import java.io.IOException;
-
-import org.apache.log4j.Logger;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.exoplatform.web.login.InitiateLoginServlet;
-
-import org.gatein.sso.agent.cas.CASAgent;
-import org.gatein.sso.agent.josso.JOSSOAgent;
-import org.gatein.sso.agent.opensso.OpenSSOAgent;
-
-/**
- * @author <a href="mailto:sshah at redhat.com">Sohil Shah</a>
- */
-public class GenericSSOAgent extends InitiateLoginServlet
-{
- private static final long serialVersionUID = 6330639010812906309L;
-
- private static Logger log = Logger.getLogger(GenericSSOAgent.class);
-
- private String ssoServerUrl;
- private String ssoCookieName;
- private boolean casRenewTicket;
- private String casServiceUrl;
-
-
- @Override
- public void init() throws ServletException
- {
- super.init();
-
- this.ssoServerUrl = this.getServletConfig().getInitParameter("ssoServerUrl");
- this.ssoCookieName = this.getServletConfig().getInitParameter("ssoCookieName");
-
- String casRenewTicketConfig = this.getServletConfig().getInitParameter("casRenewTicket");
- if(casRenewTicketConfig != null)
- {
- this.casRenewTicket = Boolean.parseBoolean(casRenewTicketConfig);
- }
-
- String casServiceUrlConfig = this.getServletConfig().getInitParameter("casServiceUrl");
- if(casServiceUrlConfig != null && casServiceUrlConfig.trim().length()>0)
- {
- casServiceUrl = casServiceUrlConfig;
- }
- }
-
- @Override
- protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException
- {
- try
- {
- this.processSSOToken(req,resp);
-
- String portalContext = req.getContextPath();
- if(req.getAttribute("abort") != null)
- {
- String ssoRedirect = portalContext + "/sso";
- resp.sendRedirect(ssoRedirect);
- return;
- }
-
- super.doGet(req, resp);
- }
- catch(Exception e)
- {
- log.error(this, e);
- throw new ServletException(e);
- }
- }
-
- @Override
- protected void doPost(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException
- {
- this.doGet(req, resp);
- }
-
- private void processSSOToken(HttpServletRequest httpRequest, HttpServletResponse httpResponse) throws Exception
- {
- String ticket = httpRequest.getParameter("ticket");
- String jossoAssertion = httpRequest.getParameter("josso_assertion_id");
-
- if (ticket != null && ticket.trim().length() > 0)
- {
- CASAgent casagent = CASAgent.getInstance(this.ssoServerUrl,this.casServiceUrl);
- casagent.setRenewTicket(this.casRenewTicket);
- casagent.validateTicket(httpRequest, ticket);
- }
- else if (jossoAssertion != null && jossoAssertion.trim().length() > 0)
- {
- //the JOSSO Agent. This will need to the new client side JOSSO stack that can run on 5.1.0.GA
- JOSSOAgent.getInstance().validateTicket(httpRequest,httpResponse);
- }
- else
- {
- try
- {
- //See if an OpenSSO Token was used
- OpenSSOAgent.getInstance(this.ssoServerUrl, this.ssoCookieName).validateTicket(httpRequest);
- }
- catch(IllegalStateException ilse)
- {
- //somehow cookie failed validation, retry by starting the opensso login process again
- httpRequest.setAttribute("abort", Boolean.TRUE);
- }
- }
- }
-}
Modified: components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/cas/CASAgent.java
===================================================================
--- components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/cas/CASAgent.java 2011-03-09 17:51:29 UTC (rev 5990)
+++ components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/cas/CASAgent.java 2011-03-09 18:52:02 UTC (rev 5991)
@@ -25,13 +25,10 @@
import javax.servlet.http.HttpServletRequest;
+import org.gatein.wci.security.Credentials;
import org.jasig.cas.client.validation.Cas20ProxyTicketValidator;
import org.jasig.cas.client.validation.Assertion;
-import org.exoplatform.web.security.Credentials;
-
-import org.gatein.sso.agent.GenericSSOAgent;
-
/**
* @author <a href="mailto:sshah at redhat.com">Sohil Shah</a>
*/
@@ -44,13 +41,13 @@
private boolean renewTicket;
private String casServiceUrl;
- private CASAgent(String casServerUrl, String casServiceUrl)
+ private CASAgent(String casServerUrl,String casServiceUrl)
{
this.casServerUrl = casServerUrl;
this.casServiceUrl = casServiceUrl;
}
- public static CASAgent getInstance(String casServerUrl,String casServiceUrl)
+ public static CASAgent getInstance(String casServerUrl, String casServiceUrl)
{
if(CASAgent.singleton == null)
{
@@ -79,22 +76,24 @@
public void validateTicket(HttpServletRequest httpRequest, String ticket) throws Exception
{
Cas20ProxyTicketValidator ticketValidator = new Cas20ProxyTicketValidator(casServerUrl);
- ticketValidator.setRenew(this.renewTicket);
-
- //String serviceUrl = "http://"+ httpRequest.getServerName() +":" + httpRequest.getServerPort() +
- //httpRequest.getContextPath() +"/private/classic";
- Assertion assertion = ticketValidator.validate(ticket, this.casServiceUrl);
-
- log.debug("------------------------------------------------------------------------------------");
- log.debug("Service: "+this.casServiceUrl);
- log.debug("Principal: "+assertion.getPrincipal().getName());
- log.debug("------------------------------------------------------------------------------------");
-
-
- //Use empty password....it shouldn't be needed...this is a SSO login. The password has
- //already been presented with the SSO server. It should not be passed around for
- //better security
- Credentials credentials = new Credentials(assertion.getPrincipal().getName(), "");
- httpRequest.getSession().setAttribute(GenericSSOAgent.CREDENTIALS, credentials);
+ ticketValidator.setRenew(this.renewTicket);
+
+ //String serviceUrl = "http://"+ httpRequest.getServerName() +":" + httpRequest.getServerPort() +
+ //httpRequest.getContextPath() +"/private/classic";
+ Assertion assertion = ticketValidator.validate(ticket, this.casServiceUrl);
+
+ log.debug("------------------------------------------------------------------------------------");
+ log.debug("Service: "+this.casServiceUrl);
+ log.debug("Principal: "+assertion.getPrincipal().getName());
+ log.debug("------------------------------------------------------------------------------------");
+
+
+ //Use empty password....it shouldn't be needed...this is a SSO login. The password has
+ //already been presented with the SSO server. It should not be passed around for
+ //better security
+ String principal = assertion.getPrincipal().getName();
+ Credentials credentials = new Credentials(principal, "");
+ httpRequest.getSession().setAttribute(Credentials.CREDENTIALS, credentials);
+ httpRequest.getSession().setAttribute("username", principal);
}
}
Added: components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/filter/InitiateLoginFilter.java
===================================================================
--- components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/filter/InitiateLoginFilter.java (rev 0)
+++ components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/filter/InitiateLoginFilter.java 2011-03-09 18:52:02 UTC (rev 5991)
@@ -0,0 +1,110 @@
+/**
+ *
+ */
+package org.gatein.sso.agent.filter;
+
+import java.io.IOException;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.gatein.sso.agent.cas.CASAgent;
+import org.gatein.sso.agent.josso.JOSSOAgent;
+import org.gatein.sso.agent.opensso.OpenSSOAgent;
+
+/**
+ * @author soshah
+ *
+ */
+public class InitiateLoginFilter implements Filter
+{
+ private String ssoServerUrl;
+ private String ssoCookieName;
+ private boolean casRenewTicket;
+ private String casServiceUrl;
+
+ public void init(FilterConfig filterConfig) throws ServletException
+ {
+ this.ssoServerUrl = filterConfig.getInitParameter("ssoServerUrl");
+ this.ssoCookieName = filterConfig.getInitParameter("ssoCookieName");
+
+ String casRenewTicketConfig = filterConfig.getInitParameter("casRenewTicket");
+ if(casRenewTicketConfig != null)
+ {
+ this.casRenewTicket = Boolean.parseBoolean(casRenewTicketConfig);
+ }
+
+ String casServiceUrlConfig = filterConfig.getInitParameter("casServiceUrl");
+ if(casServiceUrlConfig != null && casServiceUrlConfig.trim().length()>0)
+ {
+ casServiceUrl = casServiceUrlConfig;
+ }
+ }
+
+ public void doFilter(ServletRequest request, ServletResponse response,
+ FilterChain chain) throws IOException, ServletException
+ {
+ try
+ {
+ HttpServletRequest req = (HttpServletRequest)request;
+ HttpServletResponse resp = (HttpServletResponse)response;
+
+ this.processSSOToken(req,resp);
+
+ String portalContext = req.getContextPath();
+ if(req.getAttribute("abort") != null)
+ {
+ String ssoRedirect = portalContext + "/sso";
+ resp.sendRedirect(ssoRedirect);
+ return;
+ }
+
+ chain.doFilter(request, response);
+ }
+ catch(Exception e)
+ {
+ throw new ServletException(e);
+ }
+ }
+
+ public void destroy()
+ {
+ }
+
+ private void processSSOToken(HttpServletRequest httpRequest, HttpServletResponse httpResponse) throws Exception
+ {
+ String ticket = httpRequest.getParameter("ticket");
+ String jossoAssertion = httpRequest.getParameter("josso_assertion_id");
+
+ if (ticket != null && ticket.trim().length() > 0)
+ {
+ CASAgent casagent = CASAgent.getInstance(this.ssoServerUrl, this.casServiceUrl);
+ casagent.setRenewTicket(this.casRenewTicket);
+ casagent.validateTicket(httpRequest, ticket);
+ }
+ else if (jossoAssertion != null && jossoAssertion.trim().length() > 0)
+ {
+ //the JOSSO Agent. This will need to the new client side JOSSO stack that can run on 5.1.0.GA
+ JOSSOAgent.getInstance().validateTicket(httpRequest,httpResponse);
+ }
+ else
+ {
+ try
+ {
+ //See if an OpenSSO Token was used
+ OpenSSOAgent.getInstance(this.ssoServerUrl, this.ssoCookieName).validateTicket(httpRequest);
+ }
+ catch(IllegalStateException ilse)
+ {
+ //somehow cookie failed validation, retry by starting the opensso login process again
+ httpRequest.setAttribute("abort", Boolean.TRUE);
+ }
+ }
+ }
+}
Modified: components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/josso/JOSSOAgent.java
===================================================================
--- components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/josso/JOSSOAgent.java 2011-03-09 17:51:29 UTC (rev 5990)
+++ components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/josso/JOSSOAgent.java 2011-03-09 18:52:02 UTC (rev 5991)
@@ -26,8 +26,7 @@
import org.apache.log4j.Logger;
-import org.exoplatform.web.security.Credentials;
-import org.gatein.sso.agent.GenericSSOAgent;
+import org.gatein.wci.security.Credentials;
import org.josso.agent.Lookup;
import org.josso.agent.SSOAgentRequest;
@@ -101,7 +100,8 @@
log.debug("-----------------------------------------------------------");
Credentials credentials = new Credentials(principal, "");
- httpRequest.getSession().setAttribute(GenericSSOAgent.CREDENTIALS, credentials);
+ httpRequest.getSession().setAttribute(Credentials.CREDENTIALS, credentials);
+ httpRequest.getSession().setAttribute("username", principal);
}
}
Modified: components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/login/SSOLoginModule.java
===================================================================
--- components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/login/SSOLoginModule.java 2011-03-09 17:51:29 UTC (rev 5990)
+++ components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/login/SSOLoginModule.java 2011-03-09 18:52:02 UTC (rev 5991)
@@ -21,35 +21,49 @@
*/
package org.gatein.sso.agent.login;
+import java.lang.reflect.Method;
+
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.LoginException;
+import javax.servlet.http.HttpServletRequest;
-import org.exoplatform.container.ExoContainer;
import org.exoplatform.services.log.ExoLogger;
import org.exoplatform.services.log.Log;
import org.exoplatform.services.security.Authenticator;
import org.exoplatform.services.security.Identity;
import org.exoplatform.services.security.UsernameCredential;
import org.exoplatform.services.security.jaas.AbstractLoginModule;
-import org.exoplatform.web.security.Credentials;
-import org.exoplatform.web.security.security.CookieTokenService;
-import org.exoplatform.web.security.security.TransientTokenService;
/**
* @author <a href="mailto:sshah at redhat.com">Sohil Shah</a>
*/
public final class SSOLoginModule extends AbstractLoginModule
{
- private static final Log LOG = ExoLogger.getLogger(SSOLoginModule.class
+ private static final Log log = ExoLogger.getLogger(SSOLoginModule.class
.getName());
+
+ /** JACC get context method. */
+ private static Method getContextMethod;
- protected Log getLogger()
- {
- return LOG;
- }
-
+ static
+ {
+ try
+ {
+ Class<?> policyContextClass = Thread.currentThread().getContextClassLoader().loadClass("javax.security.jacc.PolicyContext");
+ getContextMethod = policyContextClass.getDeclaredMethod("getContext", String.class);
+ }
+ catch (ClassNotFoundException ignore)
+ {
+ log.debug("JACC not found ignoring it", ignore);
+ }
+ catch (Exception e)
+ {
+ log.error("Could not obtain JACC get context method", e);
+ }
+ }
+
public boolean login() throws LoginException
{
try
@@ -61,33 +75,37 @@
String password = new String(((PasswordCallback) callbacks[1])
.getPassword());
-
- ExoContainer container = getContainer();
- Object o = ((TransientTokenService) container
- .getComponentInstanceOfType(TransientTokenService.class))
- .validateToken(password, true);
- if (o == null)
- o = ((CookieTokenService) container
- .getComponentInstanceOfType(CookieTokenService.class))
- .validateToken(password, false);
- String username = null;
- if (o instanceof Credentials)
- {
- Credentials wc = (Credentials)o;
- username = wc.getUsername();
- }
-
+ //
+ // For clustered config check credentials stored and propagated in session. This won't work in tomcat because
+ // of lack of JACC PolicyContext so the code must be a bit defensive
+ String username = null;
+ if (getContextMethod != null && password.startsWith("wci-ticket"))
+ {
+ HttpServletRequest request;
+ try
+ {
+ request = (HttpServletRequest)getContextMethod.invoke(null, "javax.servlet.http.HttpServletRequest");
+ username = (String)request.getSession().getAttribute("username");
+ }
+ catch(Throwable e)
+ {
+ log.error(this,e);
+ log.error("LoginModule error. Turn off session credentials checking with proper configuration option of " +
+ "LoginModule set to false");
+ }
+ }
+
if (username == null)
{
- //SSO token could not be validated...hence a user id cannot be found
- LOG.error("---------------------------------------------------------");
- LOG.error("SSOLogin Failed. Credential Not Found!!");
- LOG.error("---------------------------------------------------------");
- return false;
+ //SSO token could not be validated...hence a user id cannot be found
+ log.error("---------------------------------------------------------");
+ log.error("SSOLogin Failed. Credential Not Found!!");
+ log.error("---------------------------------------------------------");
+ return false;
}
-
+ //Perform authentication by setting up the proper Application State
Authenticator authenticator = (Authenticator) getContainer()
.getComponentInstanceOfType(Authenticator.class);
@@ -125,4 +143,10 @@
{
return true;
}
-}
+
+ @Override
+ protected Log getLogger()
+ {
+ return log;
+ }
+}
\ No newline at end of file
Modified: components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/opensso/OpenSSOAgent.java
===================================================================
--- components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/opensso/OpenSSOAgent.java 2011-03-09 17:51:29 UTC (rev 5990)
+++ components/sso/trunk/agent/src/main/java/org/gatein/sso/agent/opensso/OpenSSOAgent.java 2011-03-09 18:52:02 UTC (rev 5991)
@@ -31,9 +31,9 @@
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.methods.PostMethod;
-import org.exoplatform.web.security.Credentials;
-import org.gatein.sso.agent.GenericSSOAgent;
+import org.gatein.wci.security.Credentials;
+
/**
* @author <a href="mailto:sshah at redhat.com">Sohil Shah</a>
*/
@@ -70,6 +70,11 @@
{
String token = null;
Cookie[] cookies = httpRequest.getCookies();
+ if(cookies == null)
+ {
+ return;
+ }
+
for(Cookie cookie: cookies)
{
if(cookie.getName().equals(this.cookieName))
@@ -78,6 +83,11 @@
break;
}
}
+
+ if(token == null)
+ {
+ throw new IllegalStateException("No SSO Tokens Found");
+ }
if(token != null)
{
@@ -92,7 +102,8 @@
if(subject != null)
{
Credentials credentials = new Credentials(subject, "");
- httpRequest.getSession().setAttribute(GenericSSOAgent.CREDENTIALS, credentials);
+ httpRequest.getSession().setAttribute(Credentials.CREDENTIALS, credentials);
+ httpRequest.getSession().setAttribute("username", subject);
}
}
}
Modified: components/sso/trunk/pom.xml
===================================================================
--- components/sso/trunk/pom.xml 2011-03-09 17:51:29 UTC (rev 5990)
+++ components/sso/trunk/pom.xml 2011-03-09 18:52:02 UTC (rev 5991)
@@ -70,7 +70,7 @@
<!-- exo -->
<org.exoplatform.core.version>2.3.5-GA</org.exoplatform.core.version>
<org.exoplatform.ws.version>2.1.5-GA</org.exoplatform.ws.version>
- <org.exoplatform.portal.version>3.1.0-GA</org.exoplatform.portal.version>
+ <org.gatein.wci.version>2.1.0-Alpha01-SNAPSHOT</org.gatein.wci.version>
<!-- JAX-RS jsr-311 -->
<version.javax.ws.rs>1.0</version.javax.ws.rs>
@@ -190,9 +190,9 @@
<version>${org.exoplatform.core.version}</version>
</dependency>
<dependency>
- <groupId>org.exoplatform.portal</groupId>
- <artifactId>exo.portal.component.web</artifactId>
- <version>${org.exoplatform.portal.version}</version>
+ <groupId>org.gatein.wci</groupId>
+ <artifactId>wci-wci</artifactId>
+ <version>${org.gatein.wci.version}</version>
</dependency>
More information about the gatein-commits
mailing list