[jboss-cvs] JBossAS SVN: r83572 - in projects/security/security-negotiation/branches/Branch_2_0: jboss-negotiation-ntlm/src/main/java/org/jboss/security/negotiation/ntlm/encoding and 2 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Jan 28 12:49:03 EST 2009
Author: darran.lofthouse at jboss.com
Date: 2009-01-28 12:49:03 -0500 (Wed, 28 Jan 2009)
New Revision: 83572
Modified:
projects/security/security-negotiation/branches/Branch_2_0/jboss-negotiation-common/src/main/java/org/jboss/security/negotiation/NegotiationAuthenticator.java
projects/security/security-negotiation/branches/Branch_2_0/jboss-negotiation-common/src/main/java/org/jboss/security/negotiation/NegotiationMessage.java
projects/security/security-negotiation/branches/Branch_2_0/jboss-negotiation-ntlm/src/main/java/org/jboss/security/negotiation/ntlm/encoding/NegotiateMessage.java
projects/security/security-negotiation/branches/Branch_2_0/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java
projects/security/security-negotiation/branches/Branch_2_0/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/encoding/NegTokenTarg.java
projects/security/security-negotiation/branches/Branch_2_0/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/encoding/NegTokenTargEncoder.java
projects/security/security-negotiation/branches/Branch_2_0/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/encoding/SPNEGOMessage.java
Log:
[SECURITY-142] Detect NTLM and log an appropriate error.
Modified: projects/security/security-negotiation/branches/Branch_2_0/jboss-negotiation-common/src/main/java/org/jboss/security/negotiation/NegotiationAuthenticator.java
===================================================================
--- projects/security/security-negotiation/branches/Branch_2_0/jboss-negotiation-common/src/main/java/org/jboss/security/negotiation/NegotiationAuthenticator.java 2009-01-28 17:41:02 UTC (rev 83571)
+++ projects/security/security-negotiation/branches/Branch_2_0/jboss-negotiation-common/src/main/java/org/jboss/security/negotiation/NegotiationAuthenticator.java 2009-01-28 17:49:03 UTC (rev 83572)
@@ -75,7 +75,7 @@
String negotiateScheme = getNegotiateScheme();
- log.info("Header - " + request.getHeader("Authorization"));
+ log.debug("Header - " + request.getHeader("Authorization"));
String authHeader = request.getHeader("Authorization");
if (authHeader == null)
{
@@ -125,20 +125,21 @@
Realm realm = context.getRealm();
principal = realm.authenticate(username, (String) null);
+
authenticationMethod = negotiationContext.getAuthenticationMethod();
- if (log.isDebugEnabled())
+ if (log.isDebugEnabled() && principal != null)
log.debug("authenticated principal = " + principal);
NegotiationMessage responseMessage = negotiationContext.getResponseMessage();
- ByteArrayOutputStream responseMessageOS = new ByteArrayOutputStream();
- responseMessage.writeTo(responseMessageOS, true);
- String responseHeader = responseMessageOS.toString();
+ if (responseMessage != null)
+ {
+ ByteArrayOutputStream responseMessageOS = new ByteArrayOutputStream();
+ responseMessage.writeTo(responseMessageOS, true);
+ String responseHeader = responseMessageOS.toString();
- MessageTrace.logResponseBase64(responseHeader);
+ MessageTrace.logResponseBase64(responseHeader);
- if (responseHeader != null)
- {
response.setHeader("WWW-Authenticate", negotiateScheme + " " + responseHeader);
}
@@ -147,7 +148,7 @@
{
IOException ioe = new IOException("Error processing " + negotiateScheme + " header.");
ioe.initCause(e);
- throw ioe;
+ throw ioe;
}
finally
{
Modified: projects/security/security-negotiation/branches/Branch_2_0/jboss-negotiation-common/src/main/java/org/jboss/security/negotiation/NegotiationMessage.java
===================================================================
--- projects/security/security-negotiation/branches/Branch_2_0/jboss-negotiation-common/src/main/java/org/jboss/security/negotiation/NegotiationMessage.java 2009-01-28 17:41:02 UTC (rev 83571)
+++ projects/security/security-negotiation/branches/Branch_2_0/jboss-negotiation-common/src/main/java/org/jboss/security/negotiation/NegotiationMessage.java 2009-01-28 17:49:03 UTC (rev 83572)
@@ -39,6 +39,12 @@
public abstract void writeTo(final OutputStream os) throws IOException;
/**
+ * @return The message type.
+ */
+ public abstract String getMessageType();
+
+
+ /**
* Write the message to the provided output stream, if base64 is set the
* output should be base64 encoded.
*/
Modified: projects/security/security-negotiation/branches/Branch_2_0/jboss-negotiation-ntlm/src/main/java/org/jboss/security/negotiation/ntlm/encoding/NegotiateMessage.java
===================================================================
--- projects/security/security-negotiation/branches/Branch_2_0/jboss-negotiation-ntlm/src/main/java/org/jboss/security/negotiation/ntlm/encoding/NegotiateMessage.java 2009-01-28 17:41:02 UTC (rev 83571)
+++ projects/security/security-negotiation/branches/Branch_2_0/jboss-negotiation-ntlm/src/main/java/org/jboss/security/negotiation/ntlm/encoding/NegotiateMessage.java 2009-01-28 17:49:03 UTC (rev 83572)
@@ -122,4 +122,10 @@
throw new NotImplementedException();
}
+ @Override
+ public String getMessageType()
+ {
+ return "NTLM";
+ }
+
}
Modified: projects/security/security-negotiation/branches/Branch_2_0/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java
===================================================================
--- projects/security/security-negotiation/branches/Branch_2_0/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java 2009-01-28 17:41:02 UTC (rev 83571)
+++ projects/security/security-negotiation/branches/Branch_2_0/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java 2009-01-28 17:49:03 UTC (rev 83572)
@@ -103,6 +103,13 @@
super.loginOk = false;
NegotiationContext negotiationContext = NegotiationContext.getCurrentNegotiationContext();
+ NegotiationMessage requestMessage = negotiationContext.getRequestMessage();
+ if (requestMessage instanceof SPNEGOMessage == false)
+ {
+ String message = "Unsupported negotiation mechanism '" + requestMessage.getMessageType() + "'.";
+ log.warn(message);
+ throw new LoginException(message);
+ }
try
{
@@ -152,7 +159,6 @@
else
{
throw new LoginException("Continuation Required.");
-
}
}
@@ -203,11 +209,9 @@
{
try
{
+ // The message type will have already been checked before this point so we know it is
+ // a SPNEGO message.
NegotiationMessage requestMessage = negotiationContext.getRequestMessage();
- if (requestMessage instanceof SPNEGOMessage == false)
- {
- throw new LoginException("Unsupported negotiation mechanism.");
- }
// TODO - Ensure no way to fall through with gssToken still null.
byte[] gssToken = null;
Modified: projects/security/security-negotiation/branches/Branch_2_0/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/encoding/NegTokenTarg.java
===================================================================
--- projects/security/security-negotiation/branches/Branch_2_0/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/encoding/NegTokenTarg.java 2009-01-28 17:41:02 UTC (rev 83571)
+++ projects/security/security-negotiation/branches/Branch_2_0/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/encoding/NegTokenTarg.java 2009-01-28 17:49:03 UTC (rev 83572)
@@ -19,6 +19,7 @@
import java.io.IOException;
import java.io.OutputStream;
+import org.ietf.jgss.GSSException;
import org.ietf.jgss.Oid;
/**
@@ -85,9 +86,17 @@
@Override
public void writeTo(final OutputStream os) throws IOException
{
- // TODO Auto-generated method stub
-
+ try
+ {
+ NegTokenTargEncoder.encode(this, os);
+ }
+ catch (GSSException e)
+ {
+ IOException ioe = new IOException("Unable to encode NegTokenTarg message.");
+ ioe.initCause(e);
+ throw ioe;
+ }
+
}
-
}
Modified: projects/security/security-negotiation/branches/Branch_2_0/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/encoding/NegTokenTargEncoder.java
===================================================================
--- projects/security/security-negotiation/branches/Branch_2_0/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/encoding/NegTokenTargEncoder.java 2009-01-28 17:41:02 UTC (rev 83571)
+++ projects/security/security-negotiation/branches/Branch_2_0/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/encoding/NegTokenTargEncoder.java 2009-01-28 17:49:03 UTC (rev 83572)
@@ -136,7 +136,7 @@
}
}
- public void encode(final NegTokenTarg negTokenTarg, final OutputStream os) throws GSSException, IOException
+ public static void encode(final NegTokenTarg negTokenTarg, final OutputStream os) throws GSSException, IOException
{
List<byte[]> tokens = new LinkedList<byte[]>();
@@ -152,17 +152,8 @@
public static byte[] encode(final NegTokenTarg negTokenTarg) throws GSSException, IOException
{
- List<byte[]> tokens = new LinkedList<byte[]>();
-
- encodeMechListMIC(tokens, negTokenTarg.getMechListMIC());
- encodeResponseToken(tokens, negTokenTarg.getResponseToken());
- encodeSupportedMech(tokens, negTokenTarg.getSupportedMech());
- encodeNegResult(tokens, negTokenTarg.getNegResult());
- encodeConstructedSequence(tokens);
- encodeNegTokenTarg(tokens);
-
ByteArrayOutputStream baos = new ByteArrayOutputStream();
- contructMessage(tokens, baos);
+ encode(negTokenTarg, baos);
return baos.toByteArray();
}
Modified: projects/security/security-negotiation/branches/Branch_2_0/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/encoding/SPNEGOMessage.java
===================================================================
--- projects/security/security-negotiation/branches/Branch_2_0/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/encoding/SPNEGOMessage.java 2009-01-28 17:41:02 UTC (rev 83571)
+++ projects/security/security-negotiation/branches/Branch_2_0/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/encoding/SPNEGOMessage.java 2009-01-28 17:49:03 UTC (rev 83572)
@@ -28,4 +28,10 @@
public abstract class SPNEGOMessage extends NegotiationMessage
{
+ @Override
+ public String getMessageType()
+ {
+ return "SPNEGO";
+ }
+
}
More information about the jboss-cvs-commits
mailing list