[jboss-cvs] JBossAS SVN: r70474 - in projects/security/security-negotiation/trunk: NegotiationToolkit and 12 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Mar 6 06:48:17 EST 2008
Author: darran.lofthouse at jboss.com
Date: 2008-03-06 06:48:17 -0500 (Thu, 06 Mar 2008)
New Revision: 70474
Added:
projects/security/security-negotiation/trunk/NegotiationToolkit/
projects/security/security-negotiation/trunk/NegotiationToolkit/.classpath
projects/security/security-negotiation/trunk/NegotiationToolkit/.project
projects/security/security-negotiation/trunk/NegotiationToolkit/build.xml
projects/security/security-negotiation/trunk/NegotiationToolkit/descriptors/
projects/security/security-negotiation/trunk/NegotiationToolkit/descriptors/web.xml
projects/security/security-negotiation/trunk/NegotiationToolkit/pages/
projects/security/security-negotiation/trunk/NegotiationToolkit/src/
projects/security/security-negotiation/trunk/NegotiationToolkit/src/main/
projects/security/security-negotiation/trunk/NegotiationToolkit/src/main/org/
projects/security/security-negotiation/trunk/NegotiationToolkit/src/main/org/jboss/
projects/security/security-negotiation/trunk/NegotiationToolkit/src/main/org/jboss/security/
projects/security/security-negotiation/trunk/NegotiationToolkit/src/main/org/jboss/security/negotiation/
projects/security/security-negotiation/trunk/NegotiationToolkit/src/main/org/jboss/security/negotiation/toolkit/
projects/security/security-negotiation/trunk/NegotiationToolkit/src/main/org/jboss/security/negotiation/toolkit/BasicNegotiationServlet.java
projects/security/security-negotiation/trunk/spnego-configuration/descriptors/testserver.keytab
Removed:
projects/security/security-negotiation/trunk/spnego-configuration/descriptors/darranlaptop.host.keytab
Modified:
projects/security/security-negotiation/trunk/jboss-negotiation/src/main/org/jboss/security/negotiation/MessageTrace.java
projects/security/security-negotiation/trunk/jboss-negotiation/src/main/org/jboss/security/negotiation/spnego/SPNEGOAuthenticator.java
projects/security/security-negotiation/trunk/jboss-negotiation/src/main/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java
projects/security/security-negotiation/trunk/spnego-configuration/build.xml
projects/security/security-negotiation/trunk/spnego-configuration/descriptors/jboss-service.xml
projects/security/security-negotiation/trunk/spnego-configuration/descriptors/login-config.xml
Log:
[SECURITY-143] Adding new NegotiationToolkit.
Property changes on: projects/security/security-negotiation/trunk/NegotiationToolkit
___________________________________________________________________
Name: svn:ignore
+ bin
build
Added: projects/security/security-negotiation/trunk/NegotiationToolkit/.classpath
===================================================================
--- projects/security/security-negotiation/trunk/NegotiationToolkit/.classpath (rev 0)
+++ projects/security/security-negotiation/trunk/NegotiationToolkit/.classpath 2008-03-06 11:48:17 UTC (rev 70474)
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+ <classpathentry kind="src" path="src/main"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+ <classpathentry kind="lib" path="/home/darranl/src/links/JBoss_Current/client/servlet-api.jar"/>
+ <classpathentry kind="lib" path="/home/darranl/src/links/JBoss_Current/client/log4j.jar"/>
+ <classpathentry kind="output" path="bin"/>
+</classpath>
Added: projects/security/security-negotiation/trunk/NegotiationToolkit/.project
===================================================================
--- projects/security/security-negotiation/trunk/NegotiationToolkit/.project (rev 0)
+++ projects/security/security-negotiation/trunk/NegotiationToolkit/.project 2008-03-06 11:48:17 UTC (rev 70474)
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+ <name>NegotiationToolkit</name>
+ <comment></comment>
+ <projects>
+ </projects>
+ <buildSpec>
+ <buildCommand>
+ <name>org.eclipse.jdt.core.javabuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ </buildSpec>
+ <natures>
+ <nature>org.eclipse.jdt.core.javanature</nature>
+ </natures>
+</projectDescription>
Added: projects/security/security-negotiation/trunk/NegotiationToolkit/build.xml
===================================================================
--- projects/security/security-negotiation/trunk/NegotiationToolkit/build.xml (rev 0)
+++ projects/security/security-negotiation/trunk/NegotiationToolkit/build.xml 2008-03-06 11:48:17 UTC (rev 70474)
@@ -0,0 +1,61 @@
+<project name="NegotiationToolkit" default="package" basedir=".">
+
+ <!-- The NegotiationToolkit is a set of utilities to test the negotiation
+ configuration in stages. -->
+
+ <available property="ant.properties.available" file="${basedir}/../ant.properties" />
+ <fail message="Cannot find ant.properties. Did you copy/edit ant.properties.example?" unless="ant.properties.available" />
+ <property file="${basedir}/../ant.properties" />
+
+ <fail message="jboss.home not set, check ant.properties" unless="jboss.home" />
+
+ <property name="jboss.configuration" value="default" />
+ <property name="jboss.server.dir" location="${jboss.home}/server/${jboss.configuration}" />
+
+ <property name="src.dir" location="${basedir}/src" />
+ <property name="descriptors.dir" location="${basedir}/descriptors" />
+ <property name="lib.dir" location="${basedir}/lib" />
+ <property name="pages.dir" location="${basedir}/pages" />
+
+ <property name="build.dir" location="${basedir}/build" />
+ <property name="build.classes.dir" location="${build.dir}/classes" />
+ <property name="build.deliverables.dir" location="${build.dir}/deliverables" />
+
+ <path id="project.classpath">
+ <fileset dir="${jboss.home}">
+ <include name="client/jbossall-client.jar" />
+ <include name="client/servlet-api.jar" />
+ <include name="client/log4j.jar" />
+ </fileset>
+ </path>
+
+ <target name="prepare">
+ <mkdir dir="${build.dir}" />
+ <mkdir dir="${build.classes.dir}" />
+ <mkdir dir="${build.deliverables.dir}" />
+ </target>
+
+ <target name="compile" depends="prepare">
+ <javac srcdir="${src.dir}" destdir="${build.classes.dir}" debug="on" deprecation="on" optimize="off">
+ <classpath refid="project.classpath" />
+ </javac>
+ </target>
+
+ <target name="package" depends="compile">
+ <war destfile="${build.deliverables.dir}/${ant.project.name}.war" webxml="${descriptors.dir}/web.xml">
+ <webinf dir="${descriptors.dir}">
+ <include name="jboss-web.xml" />
+ </webinf>
+ <classes dir="${build.classes.dir}">
+ <include name="**/*.class" />
+ </classes>
+ <fileset dir="${pages.dir}">
+ <include name="**" />
+ </fileset>
+ </war>
+ </target>
+
+ <target name="deploy" depends="package">
+ <copy file="${build.deliverables.dir}/${ant.project.name}.war" todir="${jboss.server.dir}/deploy" />
+ </target>
+</project>
\ No newline at end of file
Property changes on: projects/security/security-negotiation/trunk/NegotiationToolkit/build.xml
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Name: svn:eol-style
+ LF
Added: projects/security/security-negotiation/trunk/NegotiationToolkit/descriptors/web.xml
===================================================================
--- projects/security/security-negotiation/trunk/NegotiationToolkit/descriptors/web.xml (rev 0)
+++ projects/security/security-negotiation/trunk/NegotiationToolkit/descriptors/web.xml 2008-03-06 11:48:17 UTC (rev 70474)
@@ -0,0 +1,18 @@
+<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
+ version="2.4">
+
+ <servlet>
+ <servlet-name>BasicNegotiation</servlet-name>
+ <servlet-class>
+ org.jboss.security.negotiation.toolkit.BasicNegotiationServlet
+ </servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>BasicNegotiation</servlet-name>
+ <url-pattern>/BasicNegotiation</url-pattern>
+ </servlet-mapping>
+
+</web-app>
\ No newline at end of file
Property changes on: projects/security/security-negotiation/trunk/NegotiationToolkit/descriptors/web.xml
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Name: svn:eol-style
+ LF
Added: projects/security/security-negotiation/trunk/NegotiationToolkit/src/main/org/jboss/security/negotiation/toolkit/BasicNegotiationServlet.java
===================================================================
--- projects/security/security-negotiation/trunk/NegotiationToolkit/src/main/org/jboss/security/negotiation/toolkit/BasicNegotiationServlet.java (rev 0)
+++ projects/security/security-negotiation/trunk/NegotiationToolkit/src/main/org/jboss/security/negotiation/toolkit/BasicNegotiationServlet.java 2008-03-06 11:48:17 UTC (rev 70474)
@@ -0,0 +1,77 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ *
+ * Copyright 2007, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.negotiation.toolkit;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.log4j.Logger;
+
+/**
+ * A basic servlet to test that if prompted the client browser will return a SPNEGO
+ * header rather than an NTLM header.
+ *
+ * Clients that return an NTLM header do not trust the server sufficiently so the KDC
+ * configuration will need to be checked.
+ *
+ * @author darran.lofthouse at jboss.com
+ * @version $Revision$
+ */
+public class BasicNegotiationServlet extends HttpServlet
+{
+
+ private static final long serialVersionUID = 7269693410644316525L;
+
+ private static final Logger log = Logger.getLogger(BasicNegotiationServlet.class);
+
+ @Override
+ protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException,
+ IOException
+ {
+ String authHeader = req.getHeader("Authorization");
+ log.info("Authorization '" + authHeader + "'");
+ if (authHeader == null)
+ {
+ log.info("No Authorization Header, sending 401");
+ resp.setHeader("WWW-Authenticate", "Negotiate");
+ resp.sendError(401);
+
+ return;
+ }
+
+ // TODO Auto-generated method stub
+ super.doGet(req, resp);
+ }
+
+ @Override
+ protected void doPost(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException,
+ IOException
+ {
+ doGet(req, resp);
+ }
+
+}
Property changes on: projects/security/security-negotiation/trunk/NegotiationToolkit/src/main/org/jboss/security/negotiation/toolkit/BasicNegotiationServlet.java
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Name: svn:eol-style
+ LF
Modified: projects/security/security-negotiation/trunk/jboss-negotiation/src/main/org/jboss/security/negotiation/MessageTrace.java
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation/src/main/org/jboss/security/negotiation/MessageTrace.java 2008-03-06 11:47:15 UTC (rev 70473)
+++ projects/security/security-negotiation/trunk/jboss-negotiation/src/main/org/jboss/security/negotiation/MessageTrace.java 2008-03-06 11:48:17 UTC (rev 70474)
@@ -22,7 +22,7 @@
*/
package org.jboss.security.negotiation;
-import org.apache.log4j.Logger;
+import org.jboss.logging.Logger;
import com.darranl.spnego.DebugHelper;
Modified: projects/security/security-negotiation/trunk/jboss-negotiation/src/main/org/jboss/security/negotiation/spnego/SPNEGOAuthenticator.java
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation/src/main/org/jboss/security/negotiation/spnego/SPNEGOAuthenticator.java 2008-03-06 11:47:15 UTC (rev 70473)
+++ projects/security/security-negotiation/trunk/jboss-negotiation/src/main/org/jboss/security/negotiation/spnego/SPNEGOAuthenticator.java 2008-03-06 11:48:17 UTC (rev 70474)
@@ -63,6 +63,7 @@
return true;
}
+ log.info("Header - " + request.getHeader("Authorization"));
String authHeader = request.getHeader("Authorization");
if (authHeader == null)
{
Modified: projects/security/security-negotiation/trunk/jboss-negotiation/src/main/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation/src/main/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java 2008-03-06 11:47:15 UTC (rev 70473)
+++ projects/security/security-negotiation/trunk/jboss-negotiation/src/main/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java 2008-03-06 11:48:17 UTC (rev 70474)
@@ -89,6 +89,7 @@
super.initialize(subject, callbackHandler, sharedState, options);
// Which security domain to authenticate the server.
serverSecurityDomain = (String) options.get("serverSecurityDomain");
+ log.debug("serverSecurityDomain=" + serverSecurityDomain);
}
@Override
@@ -98,6 +99,7 @@
{
// TODO - Does this login module need to do anything with the identity?
// Especially as this module does not do any role mapping.
+ log.debug("super.login()==true");
return true;
}
Modified: projects/security/security-negotiation/trunk/spnego-configuration/build.xml
===================================================================
--- projects/security/security-negotiation/trunk/spnego-configuration/build.xml 2008-03-06 11:47:15 UTC (rev 70473)
+++ projects/security/security-negotiation/trunk/spnego-configuration/build.xml 2008-03-06 11:48:17 UTC (rev 70474)
@@ -44,7 +44,7 @@
<metainf dir="${descriptors.dir}">
<include name="jboss-service.xml"/>
<include name="login-config.xml"/>
- <include name="kerberos_darranl_com.keytab"/>
+ <include name="*.keytab"/>
<include name="*.properties" />
</metainf>
<fileset dir="${build.classes.dir}">
Deleted: projects/security/security-negotiation/trunk/spnego-configuration/descriptors/darranlaptop.host.keytab
===================================================================
(Binary files differ)
Modified: projects/security/security-negotiation/trunk/spnego-configuration/descriptors/jboss-service.xml
===================================================================
--- projects/security/security-negotiation/trunk/spnego-configuration/descriptors/jboss-service.xml 2008-03-06 11:47:15 UTC (rev 70473)
+++ projects/security/security-negotiation/trunk/spnego-configuration/descriptors/jboss-service.xml 2008-03-06 11:48:17 UTC (rev 70474)
@@ -10,8 +10,8 @@
name="jboss.support:service=SystemProperties">
<attribute name="Properties">
- java.security.krb5.kdc=dev44.qa.atl.jboss.com
- java.security.krb5.realm=DEV44.QA.ATL.JBOSS.COM
+ java.security.krb5.kdc=vm11.gsslab.rdu.redhat.com
+ java.security.krb5.realm=GSSLAB.RDU.REDHAT.COM
</attribute>
</mbean>
Modified: projects/security/security-negotiation/trunk/spnego-configuration/descriptors/login-config.xml
===================================================================
--- projects/security/security-negotiation/trunk/spnego-configuration/descriptors/login-config.xml 2008-03-06 11:47:15 UTC (rev 70473)
+++ projects/security/security-negotiation/trunk/spnego-configuration/descriptors/login-config.xml 2008-03-06 11:48:17 UTC (rev 70474)
@@ -33,10 +33,11 @@
<login-module code="com.sun.security.auth.module.Krb5LoginModule"
flag="required">
<module-option name="storeKey">true</module-option>
- <module-option name="useKeyTab">true</module-option>
- <module-option name="keyTab">/home/darranl/src/kerberos/LoginConfiguration_Dev44/descriptors/darranlaptop.host.keytab</module-option>
- <module-option name="principal">darranlaptop at DEV44.QA.ATL.JBOSS.COM</module-option>
+ <module-option name="useKeyTab">true</module-option>
+ <module-option name="principal">HTTP/testserver.gsslab.rdu.redhat.com at GSSLAB.RDU.REDHAT.COM</module-option>
+ <module-option name="keyTab">/home/darranl/src/security-negotiation/spnego-configuration/descriptors/testserver.keytab</module-option>
<module-option name="doNotPrompt">true</module-option>
+ <module-option name="debug">true</module-option>
</login-module>
</authentication>
</application-policy>
Added: projects/security/security-negotiation/trunk/spnego-configuration/descriptors/testserver.keytab
===================================================================
(Binary files differ)
Property changes on: projects/security/security-negotiation/trunk/spnego-configuration/descriptors/testserver.keytab
___________________________________________________________________
Name: svn:executable
+ *
Name: svn:mime-type
+ application/octet-stream
More information about the jboss-cvs-commits
mailing list