[jboss-cvs] JBossAS SVN: r83023 - trunk/server/src/main/org/jboss/naming.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Sun Jan 18 01:29:40 EST 2009 

Author: acoliver at jboss.org
Date: 2009-01-18 01:29:39 -0500 (Sun, 18 Jan 2009)
New Revision: 83023

Modified:
   trunk/server/src/main/org/jboss/naming/HttpNamingContextFactory.java
Log:
https://jira.jboss.org/jira/browse/JBAS-6392 Make HttpNamingContextFactory support jndi 
SECURITY_PRINCIPAL style logins like /security/src/main/org/jboss/security/jndi/LoginInitialContextFactory


Modified: trunk/server/src/main/org/jboss/naming/HttpNamingContextFactory.java
===================================================================
--- trunk/server/src/main/org/jboss/naming/HttpNamingContextFactory.java	2009-01-18 06:12:52 UTC (rev 83022)
+++ trunk/server/src/main/org/jboss/naming/HttpNamingContextFactory.java	2009-01-18 06:29:39 UTC (rev 83023)
@@ -26,8 +26,10 @@
 import java.io.ObjectInputStream;
 import java.net.HttpURLConnection;
 import java.net.URL;
+import java.security.Principal;
 import java.util.Hashtable;
 import java.lang.reflect.InvocationTargetException;
+import javax.naming.AuthenticationException;
 import javax.naming.Context;
 import javax.naming.Name;
 import javax.naming.NamingException;
@@ -35,14 +37,22 @@
 import javax.naming.RefAddr;
 import javax.naming.spi.InitialContextFactory;
 import javax.naming.spi.ObjectFactory;
-
+import javax.security.auth.login.AppConfigurationEntry;
+import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;
+import javax.security.auth.login.Configuration;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
 import org.jboss.invocation.InvocationException;
 import org.jboss.invocation.MarshalledValue;
 import org.jboss.invocation.http.interfaces.Util;
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.auth.callback.UsernamePasswordHandler;
 import org.jboss.logging.Logger;
 import org.jnp.interfaces.Naming;
 import org.jnp.interfaces.NamingContext;
 
+
+
 /** A naming provider InitialContextFactory implementation that obtains a
  Naming proxy from an HTTP URL.
 
@@ -71,6 +81,8 @@
       else if( provider.startsWith("jnp-https:") == true )
          provider = "https:" + provider.substring(10);
 
+      tryLogin(env);
+
       URL providerURL = null;
       Naming namingServer = null;
       try
@@ -91,6 +103,70 @@
       return new NamingContext(env, null, namingServer);
    }
 
+   /**
+    * if anyone bothers to set the JNDI style authentication stuff then let's use it or 
+    * just ignore it if they don't (they can still use JAAS style if they want)
+    */
+   private void tryLogin(Hashtable env) throws NamingException {
+      // Get the login configuration name to use, initially set to default.
+      String protocol = SecurityConstants.DEFAULT_APPLICATION_POLICY;
+      Object prop = env.get(Context.SECURITY_PROTOCOL);
+      if( prop != null )
+         protocol = prop.toString();
+
+      // Get the login principal and credentials from the JNDI env
+      Object credentials = env.get(Context.SECURITY_CREDENTIALS);
+      Object principal = env.get(Context.SECURITY_PRINCIPAL);
+      if(principal == null || credentials == null) {
+           return;  //don't bother and don't throw any exceptions
+      }
+      try
+      {
+         // Get the principal username
+         String username;
+         if( principal instanceof Principal )
+         {
+            Principal p = (Principal) principal;
+            username = p.getName();
+         }
+         else
+         {
+            username = principal.toString();
+         }
+    
+         UsernamePasswordHandler handler = new UsernamePasswordHandler(username,
+            credentials);
+         Configuration conf = getConfiguration();
+         // Do the JAAS login
+         LoginContext lc = new LoginContext(protocol, null, handler, conf);
+         lc.login();
+      }
+      catch(LoginException e)
+      {
+         AuthenticationException ex = new AuthenticationException("Failed to login using protocol="+protocol);
+         ex.setRootCause(e);
+         throw ex;
+      }
+
+   }
+
+   /**
+    * Either call Configuration.getConfiguration() like LoginContext does, or if that fails due to no
+    * auth.conf or whatever config file, then return DummyConfiguration which does what we expect for 
+    * UsernamePasswordHandler. 
+    */
+   private Configuration getConfiguration() {
+      Configuration conf = null;
+      try {
+        conf = Configuration.getConfiguration(); 
+      } catch (Exception e) {
+        if(e.getCause() instanceof IOException) { //no auth.conf or whatever so we make our own dummy
+            conf = new DummyConfiguration();
+        }
+      }
+      return conf;
+   }
+
    // ObjectFactory implementation ----------------------------------
    public Object getObjectInstance(Object obj, Name name, Context nameCtx,
       Hashtable env)
@@ -157,3 +233,19 @@
       return namingServer;
    }
 }
+
+/**
+ * When no configuration file is found (we get IOException as the cause of a SecurityException),
+ * we make this dummy that uses the default ClientLoginModule as required with no options.  
+ *
+ */
+class DummyConfiguration extends Configuration {
+  public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
+        return new AppConfigurationEntry[] {
+           new AppConfigurationEntry("org.jboss.security.ClientLoginModule",AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, new java.util.HashMap())
+        }; //return a big dummy entry saying use the jboss login module that takes username/password
+  }
+  public void refresh() {
+           //do nothing 
+  } 
+}

More information about the jboss-cvs-commits mailing list