[jboss-cvs] JBossAS SVN: r85126 - in branches/JBPAPP_4_2_0_GA_CP/server: src/main/org/jboss/naming and 1 other directory.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon Mar 2 16:53:25 EST 2009
Author: mmoyses
Date: 2009-03-02 16:53:25 -0500 (Mon, 02 Mar 2009)
New Revision: 85126
Modified:
branches/JBPAPP_4_2_0_GA_CP/server/build.xml
branches/JBPAPP_4_2_0_GA_CP/server/src/main/org/jboss/naming/HttpNamingContextFactory.java
Log:
JBPAPP-1745: allow HttpNamingContextFactory to connect to secured URLs
Modified: branches/JBPAPP_4_2_0_GA_CP/server/build.xml
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/server/build.xml 2009-03-02 21:41:40 UTC (rev 85125)
+++ branches/JBPAPP_4_2_0_GA_CP/server/build.xml 2009-03-02 21:53:25 UTC (rev 85126)
@@ -429,6 +429,7 @@
<include name="org/jboss/naming/LinkRefPair.class"/>
<include name="org/jboss/naming/LinkRefPairObjectFactory.class"/>
<include name="org/jboss/naming/*NamingContextFactory*.class"/>
+ <include name="org/jboss/naming/DummyConfiguration.class"/>
<include name="org/jboss/naming/client/**"/>
<include name="org/jboss/naming/interceptors/*"/>
<include name="org/jboss/proxy/**"/>
Modified: branches/JBPAPP_4_2_0_GA_CP/server/src/main/org/jboss/naming/HttpNamingContextFactory.java
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/server/src/main/org/jboss/naming/HttpNamingContextFactory.java 2009-03-02 21:41:40 UTC (rev 85125)
+++ branches/JBPAPP_4_2_0_GA_CP/server/src/main/org/jboss/naming/HttpNamingContextFactory.java 2009-03-02 21:53:25 UTC (rev 85126)
@@ -21,25 +21,34 @@
*/
package org.jboss.naming;
+import java.io.IOException;
import java.io.InputStream;
-import java.io.IOException;
import java.io.ObjectInputStream;
+import java.lang.reflect.InvocationTargetException;
import java.net.HttpURLConnection;
import java.net.URL;
+import java.security.Principal;
import java.util.Hashtable;
-import java.lang.reflect.InvocationTargetException;
+
+import javax.naming.AuthenticationException;
import javax.naming.Context;
import javax.naming.Name;
import javax.naming.NamingException;
+import javax.naming.RefAddr;
import javax.naming.Reference;
-import javax.naming.RefAddr;
import javax.naming.spi.InitialContextFactory;
import javax.naming.spi.ObjectFactory;
+import javax.security.auth.login.AppConfigurationEntry;
+import javax.security.auth.login.Configuration;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
import org.jboss.invocation.InvocationException;
import org.jboss.invocation.MarshalledValue;
import org.jboss.invocation.http.interfaces.Util;
import org.jboss.logging.Logger;
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.auth.callback.UsernamePasswordHandler;
import org.jnp.interfaces.Naming;
import org.jnp.interfaces.NamingContext;
@@ -62,15 +71,17 @@
{
// Parse the Context.PROVIDER_URL
String provider = (String) env.get(Context.PROVIDER_URL);
- if( provider.startsWith("jnp:") == true )
+ if (provider.startsWith("jnp:") == true)
provider = "http:" + provider.substring(4);
- else if( provider.startsWith("jnps:") == true )
+ else if (provider.startsWith("jnps:") == true)
provider = "https:" + provider.substring(5);
- else if( provider.startsWith("jnp-http:") == true )
+ else if (provider.startsWith("jnp-http:") == true)
provider = "http:" + provider.substring(9);
- else if( provider.startsWith("jnp-https:") == true )
+ else if (provider.startsWith("jnp-https:") == true)
provider = "https:" + provider.substring(10);
+ tryLogin(env);
+
URL providerURL = null;
Naming namingServer = null;
try
@@ -79,9 +90,9 @@
// Retrieve the Naming interface
namingServer = getNamingServer(providerURL);
}
- catch(Exception e)
+ catch (Exception e)
{
- NamingException ex = new NamingException("Failed to retrieve Naming interface");
+ NamingException ex = new NamingException("Failed to retrieve Naming interface for provider " + provider);
ex.setRootCause(e);
throw ex;
}
@@ -91,6 +102,76 @@
return new NamingContext(env, null, namingServer);
}
+ /**
+ * if anyone bothers to set the JNDI style authentication stuff then let's use it or
+ * just ignore it if they don't (they can still use JAAS style if they want)
+ */
+ private void tryLogin(Hashtable env) throws NamingException
+ {
+ // Get the login configuration name to use, initially set to default.
+ String protocol = SecurityConstants.DEFAULT_APPLICATION_POLICY;
+ Object prop = env.get(Context.SECURITY_PROTOCOL);
+ if (prop != null)
+ protocol = prop.toString();
+
+ // Get the login principal and credentials from the JNDI env
+ Object credentials = env.get(Context.SECURITY_CREDENTIALS);
+ Object principal = env.get(Context.SECURITY_PRINCIPAL);
+ if (principal == null || credentials == null)
+ {
+ return; //don't bother and don't throw any exceptions
+ }
+ try
+ {
+ // Get the principal username
+ String username;
+ if (principal instanceof Principal)
+ {
+ Principal p = (Principal) principal;
+ username = p.getName();
+ }
+ else
+ {
+ username = principal.toString();
+ }
+
+ UsernamePasswordHandler handler = new UsernamePasswordHandler(username, credentials);
+ Configuration conf = getConfiguration();
+ // Do the JAAS login
+ LoginContext lc = new LoginContext(protocol, null, handler, conf);
+ lc.login();
+ }
+ catch (LoginException e)
+ {
+ AuthenticationException ex = new AuthenticationException("Failed to login using protocol=" + protocol);
+ ex.setRootCause(e);
+ throw ex;
+ }
+
+ }
+
+ /**
+ * Either call Configuration.getConfiguration() like LoginContext does, or if that fails due to no
+ * auth.conf or whatever config file, then return DummyConfiguration which does what we expect for
+ * UsernamePasswordHandler.
+ */
+ private Configuration getConfiguration()
+ {
+ Configuration conf = null;
+ try
+ {
+ conf = Configuration.getConfiguration();
+ }
+ catch (Exception e)
+ {
+ if (e.getCause() instanceof IOException)
+ { //no auth.conf or whatever so we make our own dummy
+ conf = new DummyConfiguration();
+ }
+ }
+ return conf;
+ }
+
// ObjectFactory implementation ----------------------------------
public Object getObjectInstance(Object obj, Name name, Context nameCtx,
Hashtable env)
@@ -112,23 +193,23 @@
* @throws IOException thrown on any trasport failure
* @throws InvocationTargetException throw on failure to install a JSSE host verifier
* @throws IllegalAccessException throw on failure to install a JSSE host verifier
- */
+ */
private Naming getNamingServer(URL providerURL)
throws ClassNotFoundException, IOException, InvocationTargetException,
IllegalAccessException
{
// Initialize the proxy Util class to integrate JAAS authentication
Util.init();
- if( log.isTraceEnabled() )
- log.trace("Retrieving content from : "+providerURL);
+ if (log.isTraceEnabled())
+ log.trace("Retrieving content from : " + providerURL);
HttpURLConnection conn = (HttpURLConnection) providerURL.openConnection();
Util.configureHttpsHostVerifier(conn);
Util.configureSSLSocketFactory(conn);
int length = conn.getContentLength();
String type = conn.getContentType();
- if( log.isTraceEnabled() )
- log.trace("ContentLength: "+length+"\nContentType: "+type);
+ if (log.isTraceEnabled())
+ log.trace("ContentLength: " + length + "\nContentType: " + type);
InputStream is = conn.getInputStream();
ObjectInputStream ois = new ObjectInputStream(is);
@@ -136,17 +217,17 @@
ois.close();
Object obj = mv.get();
- if( (obj instanceof Naming) == false )
+ if ((obj instanceof Naming) == false)
{
- String msg = "Invalid reply content seen: "+obj.getClass();
+ String msg = "Invalid reply content seen: " + obj.getClass();
Throwable t = null;
- if( obj instanceof Throwable )
+ if (obj instanceof Throwable)
{
t = (Throwable) obj;
- if( t instanceof InvocationException )
- t = ((InvocationException)t).getTargetException();
+ if (t instanceof InvocationException)
+ t = ((InvocationException) t).getTargetException();
}
- if( t != null )
+ if (t != null)
log.warn(msg, t);
else
log.warn(msg);
@@ -157,3 +238,23 @@
return namingServer;
}
}
+
+/**
+ * When no configuration file is found (we get IOException as the cause of a SecurityException),
+ * we make this dummy that uses the default ClientLoginModule as required with no options.
+ *
+ */
+class DummyConfiguration extends Configuration
+{
+ public AppConfigurationEntry[] getAppConfigurationEntry(String name)
+ {
+ return new AppConfigurationEntry[]
+ {new AppConfigurationEntry("org.jboss.security.ClientLoginModule",
+ AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, new java.util.HashMap())}; //return a big dummy entry saying use the jboss login module that takes username/password
+ }
+
+ public void refresh()
+ {
+ //do nothing
+ }
+}
More information about the jboss-cvs-commits
mailing list