[jboss-cvs] JBossAS SVN: r70482 - in projects/security/security-negotiation/trunk: NegotiationToolkit/src/main/org/jboss/security/negotiation/toolkit and 1 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Mar 6 08:57:06 EST 2008
Author: darran.lofthouse at jboss.com
Date: 2008-03-06 08:57:06 -0500 (Thu, 06 Mar 2008)
New Revision: 70482
Added:
projects/security/security-negotiation/trunk/jboss-negotiation/src/main/org/jboss/security/negotiation/OidNameUtil.java
Modified:
projects/security/security-negotiation/trunk/NegotiationToolkit/.classpath
projects/security/security-negotiation/trunk/NegotiationToolkit/build.xml
projects/security/security-negotiation/trunk/NegotiationToolkit/src/main/org/jboss/security/negotiation/toolkit/BasicNegotiationServlet.java
Log:
[SECURITY-143] BasicNegotiation servlet to display header details.
Modified: projects/security/security-negotiation/trunk/NegotiationToolkit/.classpath
===================================================================
--- projects/security/security-negotiation/trunk/NegotiationToolkit/.classpath 2008-03-06 13:34:52 UTC (rev 70481)
+++ projects/security/security-negotiation/trunk/NegotiationToolkit/.classpath 2008-03-06 13:57:06 UTC (rev 70482)
@@ -4,5 +4,7 @@
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
<classpathentry kind="lib" path="/home/darranl/src/links/JBoss_Current/client/servlet-api.jar"/>
<classpathentry kind="lib" path="/home/darranl/src/links/JBoss_Current/client/log4j.jar"/>
+ <classpathentry kind="var" path="M2_REPO/commons-codec/commons-codec/1.3/commons-codec-1.3.jar"/>
+ <classpathentry combineaccessrules="false" kind="src" path="/jboss-negotiation"/>
<classpathentry kind="output" path="bin"/>
</classpath>
Modified: projects/security/security-negotiation/trunk/NegotiationToolkit/build.xml
===================================================================
--- projects/security/security-negotiation/trunk/NegotiationToolkit/build.xml 2008-03-06 13:34:52 UTC (rev 70481)
+++ projects/security/security-negotiation/trunk/NegotiationToolkit/build.xml 2008-03-06 13:57:06 UTC (rev 70482)
@@ -26,7 +26,11 @@
<include name="client/jbossall-client.jar" />
<include name="client/servlet-api.jar" />
<include name="client/log4j.jar" />
+ <include name="client/commons-codec.jar" />
</fileset>
+ <fileset dir="${basedir}/../build/target">
+ <include name="*.jar" />
+ </fileset>
</path>
<target name="prepare">
Modified: projects/security/security-negotiation/trunk/NegotiationToolkit/src/main/org/jboss/security/negotiation/toolkit/BasicNegotiationServlet.java
===================================================================
--- projects/security/security-negotiation/trunk/NegotiationToolkit/src/main/org/jboss/security/negotiation/toolkit/BasicNegotiationServlet.java 2008-03-06 13:34:52 UTC (rev 70481)
+++ projects/security/security-negotiation/trunk/NegotiationToolkit/src/main/org/jboss/security/negotiation/toolkit/BasicNegotiationServlet.java 2008-03-06 13:57:06 UTC (rev 70482)
@@ -23,14 +23,24 @@
package org.jboss.security.negotiation.toolkit;
import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.List;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.codec.binary.Base64;
import org.apache.log4j.Logger;
+import org.ietf.jgss.GSSException;
+import org.ietf.jgss.Oid;
+import org.jboss.security.negotiation.OidNameUtil;
+import com.darranl.spnego.DebugHelper;
+import com.darranl.spnego.NegTokenInit;
+import com.darranl.spnego.NegTokenInitDecoder;
+
/**
* A basic servlet to test that if prompted the client browser will return a SPNEGO
* header rather than an NTLM header.
@@ -63,15 +73,119 @@
return;
}
- // TODO Auto-generated method stub
- super.doGet(req, resp);
+ /* At this stage no further negotiation will take place so the information */
+ /* can be output in the servlet response. */
+
+ PrintWriter writer = resp.getWriter();
+
+ writer.println("<html>");
+ writer.println(" <head>");
+ writer.println(" <title>Negotiation Toolkit</title>");
+ writer.println(" </head>");
+ writer.println(" <body>");
+ writer.println(" <h1>Negotiation Toolkit</h1>");
+ writer.println(" <h2>Basic Negotiation</h2>");
+
+ // Output the raw header.
+ writer.println(" <p>WWW-Authenticate - ");
+ writer.println(authHeader);
+ writer.println(" </p>");
+
+ try
+ {
+ writeHeaderDetail(authHeader, writer);
+ }
+ catch (Exception e)
+ {
+ if (e instanceof RuntimeException)
+ {
+ throw (RuntimeException) e;
+ }
+ else
+ {
+ throw new ServletException("Unable to writeHeaderDetail", e);
+ }
+ }
+
+ writer.println(" </body>");
+ writer.println("</html>");
+ writer.flush();
}
@Override
protected void doPost(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException,
IOException
{
+ // Handle POST as GET.
doGet(req, resp);
}
+ private void writeHeaderDetail(final String authHeader, final PrintWriter writer) throws IOException, GSSException
+ {
+ if (authHeader.startsWith("Negotiate ") == false)
+ {
+ writer.println("<p><b>Header WWW-Authenticate does not beging with 'Negotiate'!</b></p>");
+ return;
+ }
+
+ // Drop the 'Negotiate ' from the header.
+ String requestHeader = authHeader.substring(10);
+ byte[] reqToken = Base64.decodeBase64(requestHeader.getBytes());
+
+ if (reqToken[0] == 0x60)
+ {
+ NegTokenInit negTokenInit = NegTokenInitDecoder.decode(reqToken);
+ writer.println("<h3>NegTokenInit</h3>");
+
+ writer.print("<b>Message Oid - </b>");
+ writer.print(OidNameUtil.getName(negTokenInit.getMessageOid()));
+ writer.println("<br>");
+
+ List mechTypes = negTokenInit.getMechTypes();
+ writer.print("<b>Mech Types -</b>");
+ for (Object current : mechTypes)
+ {
+ writer.print(" {");
+ writer.print(OidNameUtil.getName((Oid) current));
+ writer.print("}");
+ }
+ writer.println("<br>");
+
+ writer.print("<b>Req Flags -</b>");
+ byte[] reqFlags = negTokenInit.getReqFlags();
+ if (reqFlags != null && reqFlags.length > 0)
+ {
+ writer.print(DebugHelper.convertToHex(reqFlags));
+ }
+ writer.println("<br>");
+
+ writer.print("<b>Mech Token -</b>");
+ byte[] mechToken = negTokenInit.getMechToken();
+ if (mechToken != null && mechToken.length > 0)
+ {
+ writer.print(new String(Base64.encodeBase64(mechToken)));
+ }
+ writer.println("<br>");
+
+ writer.print("<b>Mech List Mic -</b>");
+ byte[] mechTokenMic = negTokenInit.getMechListMIC();
+ if (mechTokenMic != null && mechTokenMic.length > 0)
+ {
+ writer.print(new String(Base64.encodeBase64(mechTokenMic)));
+ }
+ writer.println("<br>");
+ }
+ else if (reqToken[0] == (byte) 0xa1)
+ {
+ writer.println("<p><b>Unexpected NegTokenTarg, first token should be NegTokenInit!</b></p>");
+ return;
+ }
+ else
+ {
+ writer.println("<p><b>Unsupported negotiation mechanism, possibly NTLM!</b></p>");
+ return;
+ }
+
+ }
+
}
Added: projects/security/security-negotiation/trunk/jboss-negotiation/src/main/org/jboss/security/negotiation/OidNameUtil.java
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation/src/main/org/jboss/security/negotiation/OidNameUtil.java (rev 0)
+++ projects/security/security-negotiation/trunk/jboss-negotiation/src/main/org/jboss/security/negotiation/OidNameUtil.java 2008-03-06 13:57:06 UTC (rev 70482)
@@ -0,0 +1,90 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ *
+ * Copyright 2007, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.negotiation;
+
+import org.ietf.jgss.GSSException;
+import org.ietf.jgss.Oid;
+
+/**
+ * Utility to convert Oid to a meaningful name.
+ *
+ * @author darran.lofthouse at jboss.com
+ * @version $Revision$
+ */
+public class OidNameUtil
+{
+
+ private static final Oid KERBEROS_V5;
+
+ private static final Oid KERBEROS_V5_LEGACY;
+
+ private static final Oid NTLM;
+
+ private static final Oid SPNEGO;
+
+ static
+ {
+ try
+ {
+ KERBEROS_V5 = new Oid("1.2.840.113554.1.2.2");
+ KERBEROS_V5_LEGACY = new Oid("1.2.840.48018.1.2.2");
+ SPNEGO = new Oid("1.3.6.1.5.5.2");
+ NTLM = new Oid("1.3.6.1.4.1.311.2.2.10");
+ }
+ catch (GSSException e)
+ {
+ throw new RuntimeException("Unable to initialise Oid", e);
+ }
+ }
+
+ /**
+ * Return the name of the passed in Oid, if this is not available
+ * return the identifier.
+ *
+ * @param oid
+ * @return
+ */
+ public static String getName(final Oid oid)
+ {
+ if (KERBEROS_V5.equals(oid))
+ {
+ return "Kerberos V5";
+ }
+ else if (KERBEROS_V5_LEGACY.equals(oid))
+ {
+ return "Kerberos V5 Legacy";
+ }
+ else if (NTLM.equals(oid))
+ {
+ return "NTLM";
+ }
+ else if (SPNEGO.equals(oid))
+ {
+ return "SPNEGO";
+ }
+ else
+ {
+ return String.valueOf(oid);
+ }
+ }
+}
Property changes on: projects/security/security-negotiation/trunk/jboss-negotiation/src/main/org/jboss/security/negotiation/OidNameUtil.java
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Name: svn:eol-style
+ LF
More information about the jboss-cvs-commits
mailing list