[jboss-cvs] JBossAS SVN: r83021 - branches/Branch_5_0/server/src/main/org/jboss/naming.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Sun Jan 18 00:59:47 EST 2009
Author: acoliver at jboss.org
Date: 2009-01-18 00:59:46 -0500 (Sun, 18 Jan 2009)
New Revision: 83021
Modified:
branches/Branch_5_0/server/src/main/org/jboss/naming/HttpNamingContextFactory.java
Log:
https://jira.jboss.org/jira/browse/JBAS-6392 - Make HttpNamingContextFactory support jndi
SECURITY_PRINCIPAL style logins like /security/src/main/org/jboss/security/jndi/LoginInitialContextFactory
Modified: branches/Branch_5_0/server/src/main/org/jboss/naming/HttpNamingContextFactory.java
===================================================================
--- branches/Branch_5_0/server/src/main/org/jboss/naming/HttpNamingContextFactory.java 2009-01-18 05:34:52 UTC (rev 83020)
+++ branches/Branch_5_0/server/src/main/org/jboss/naming/HttpNamingContextFactory.java 2009-01-18 05:59:46 UTC (rev 83021)
@@ -26,8 +26,10 @@
import java.io.ObjectInputStream;
import java.net.HttpURLConnection;
import java.net.URL;
+import java.security.Principal;
import java.util.Hashtable;
import java.lang.reflect.InvocationTargetException;
+import javax.naming.AuthenticationException;
import javax.naming.Context;
import javax.naming.Name;
import javax.naming.NamingException;
@@ -35,14 +37,22 @@
import javax.naming.RefAddr;
import javax.naming.spi.InitialContextFactory;
import javax.naming.spi.ObjectFactory;
-
+import javax.security.auth.login.AppConfigurationEntry;
+import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;
+import javax.security.auth.login.Configuration;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
import org.jboss.invocation.InvocationException;
import org.jboss.invocation.MarshalledValue;
import org.jboss.invocation.http.interfaces.Util;
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.auth.callback.UsernamePasswordHandler;
import org.jboss.logging.Logger;
import org.jnp.interfaces.Naming;
import org.jnp.interfaces.NamingContext;
+
+
/** A naming provider InitialContextFactory implementation that obtains a
Naming proxy from an HTTP URL.
@@ -71,6 +81,8 @@
else if( provider.startsWith("jnp-https:") == true )
provider = "https:" + provider.substring(10);
+ tryLogin(env);
+
URL providerURL = null;
Naming namingServer = null;
try
@@ -91,6 +103,70 @@
return new NamingContext(env, null, namingServer);
}
+ /**
+ * if anyone bothers to set the JNDI style authentication stuff then let's use it or
+ * just ignore it if they don't (they can still use JAAS style if they want)
+ */
+ private void tryLogin(Hashtable env) throws NamingException {
+ // Get the login configuration name to use, initially set to default.
+ String protocol = SecurityConstants.DEFAULT_APPLICATION_POLICY;
+ Object prop = env.get(Context.SECURITY_PROTOCOL);
+ if( prop != null )
+ protocol = prop.toString();
+
+ // Get the login principal and credentials from the JNDI env
+ Object credentials = env.get(Context.SECURITY_CREDENTIALS);
+ Object principal = env.get(Context.SECURITY_PRINCIPAL);
+ if(principal == null || credentials == null) {
+ return; //don't bother and don't throw any exceptions
+ }
+ try
+ {
+ // Get the principal username
+ String username;
+ if( principal instanceof Principal )
+ {
+ Principal p = (Principal) principal;
+ username = p.getName();
+ }
+ else
+ {
+ username = principal.toString();
+ }
+
+ UsernamePasswordHandler handler = new UsernamePasswordHandler(username,
+ credentials);
+ Configuration conf = getConfiguration();
+ // Do the JAAS login
+ LoginContext lc = new LoginContext(protocol, null, handler, conf);
+ lc.login();
+ }
+ catch(LoginException e)
+ {
+ AuthenticationException ex = new AuthenticationException("Failed to login using protocol="+protocol);
+ ex.setRootCause(e);
+ throw ex;
+ }
+
+ }
+
+ /**
+ * Either call Configuration.getConfiguration() like LoginContext does, or if that fails due to no
+ * auth.conf or whatever config file, then return DummyConfiguration which does what we expect for
+ * UsernamePasswordHandler.
+ */
+ private Configuration getConfiguration() {
+ Configuration conf = null;
+ try {
+ conf = Configuration.getConfiguration();
+ } catch (Exception e) {
+ if(e.getCause() instanceof IOException) { //no auth.conf or whatever so we make our own dummy
+ conf = new DummyConfiguration();
+ }
+ }
+ return conf;
+ }
+
// ObjectFactory implementation ----------------------------------
public Object getObjectInstance(Object obj, Name name, Context nameCtx,
Hashtable env)
@@ -157,3 +233,19 @@
return namingServer;
}
}
+
+/**
+ * When no configuration file is found (we get IOException as the cause of a SecurityException),
+ * we make this dummy that uses the default ClientLoginModule as required with no options.
+ *
+ */
+class DummyConfiguration extends Configuration {
+ public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
+ return new AppConfigurationEntry[] {
+ new AppConfigurationEntry("org.jboss.security.ClientLoginModule",AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, new java.util.HashMap())
+ }; //return a big dummy entry saying use the jboss login module that takes username/password
+ }
+ public void refresh() {
+ //do nothing
+ }
+}
More information about the jboss-cvs-commits
mailing list