[jboss-cvs] Picketbox SVN: r237 - in trunk/security-jboss-sx/jbosssx/src/main/java/org: jboss/resource and 5 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon Aug 1 10:38:18 EDT 2011
Author: mmoyses
Date: 2011-08-01 10:38:17 -0400 (Mon, 01 Aug 2011)
New Revision: 237
Added:
trunk/security-jboss-sx/jbosssx/src/main/java/org/picketbox/
trunk/security-jboss-sx/jbosssx/src/main/java/org/picketbox/datasource/
trunk/security-jboss-sx/jbosssx/src/main/java/org/picketbox/datasource/security/
Removed:
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/resource/security/
Modified:
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/config/parser/AuthenticationConfigParser.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/JBossSecuritySubjectFactory.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/SubjectActions.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/picketbox/datasource/security/AbstractPasswordCredentialLoginModule.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/picketbox/datasource/security/CallerIdentityLoginModule.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/picketbox/datasource/security/ConfiguredIdentityLoginModule.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/picketbox/datasource/security/GetPrincipalInfoAction.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/picketbox/datasource/security/JaasSecurityDomainIdentityLoginModule.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/picketbox/datasource/security/PBEIdentityLoginModule.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/picketbox/datasource/security/SecureIdentityLoginModule.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/picketbox/datasource/security/SubjectActions.java
Log:
SECURITY-605: fixing classloading issue
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/config/parser/AuthenticationConfigParser.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/config/parser/AuthenticationConfigParser.java 2011-07-06 19:03:14 UTC (rev 236)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/config/parser/AuthenticationConfigParser.java 2011-08-01 14:38:17 UTC (rev 237)
@@ -39,11 +39,6 @@
import javax.xml.stream.events.StartElement;
import javax.xml.stream.events.XMLEvent;
-import org.jboss.resource.security.CallerIdentityLoginModule;
-import org.jboss.resource.security.ConfiguredIdentityLoginModule;
-import org.jboss.resource.security.JaasSecurityDomainIdentityLoginModule;
-import org.jboss.resource.security.PBEIdentityLoginModule;
-import org.jboss.resource.security.SecureIdentityLoginModule;
import org.jboss.security.ClientLoginModule;
import org.jboss.security.auth.spi.BaseCertLoginModule;
import org.jboss.security.auth.spi.CertRolesLoginModule;
@@ -57,6 +52,11 @@
import org.jboss.security.auth.spi.SimpleServerLoginModule;
import org.jboss.security.auth.spi.UsersRolesLoginModule;
import org.jboss.security.config.Element;
+import org.picketbox.datasource.security.CallerIdentityLoginModule;
+import org.picketbox.datasource.security.ConfiguredIdentityLoginModule;
+import org.picketbox.datasource.security.JaasSecurityDomainIdentityLoginModule;
+import org.picketbox.datasource.security.PBEIdentityLoginModule;
+import org.picketbox.datasource.security.SecureIdentityLoginModule;
/**
* Stax based JAAS authentication configuration Parser
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/JBossSecuritySubjectFactory.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/JBossSecuritySubjectFactory.java 2011-07-06 19:03:14 UTC (rev 236)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/JBossSecuritySubjectFactory.java 2011-08-01 14:38:17 UTC (rev 237)
@@ -79,8 +79,18 @@
}
authenticationManager = securityManagement.getAuthenticationManager(defaultSecurityDomain);
}
- if (authenticationManager.isValid(principal, SubjectActions.getCredential(), subject) == false)
- throw new SecurityException("Unauthenticated caller:" + principal);
+ //AS7-1072: we can't have TCCL null or else LoginContext can't find the login modules
+ ClassLoader tccl = SubjectActions.getContextClassLoader();
+ try
+ {
+ SubjectActions.setContextClassLoader(this.getClass().getClassLoader());
+ if (!authenticationManager.isValid(principal, SubjectActions.getCredential(), subject))
+ throw new SecurityException("Unauthenticated caller:" + principal);
+ }
+ finally
+ {
+ SubjectActions.setContextClassLoader(tccl);
+ }
return subject;
}
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/SubjectActions.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/SubjectActions.java 2011-07-06 19:03:14 UTC (rev 236)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/SubjectActions.java 2011-08-01 14:38:17 UTC (rev 237)
@@ -194,6 +194,22 @@
return loader;
}
}
+
+ private static class SetTCLAction implements PrivilegedAction<Void>
+ {
+ ClassLoader cl;
+
+ SetTCLAction(ClassLoader cl)
+ {
+ this.cl = cl;
+ }
+
+ public Void run()
+ {
+ Thread.currentThread().setContextClassLoader(cl);
+ return null;
+ }
+ }
private static class SetContextInfoAction implements PrivilegedAction<Object>
{
@@ -354,6 +370,11 @@
ClassLoader loader = (ClassLoader) AccessController.doPrivileged(GetTCLAction.ACTION);
return loader;
}
+
+ static void setContextClassLoader(ClassLoader cl)
+ {
+ AccessController.doPrivileged(new SetTCLAction(cl));
+ }
static Object setContextInfo(String key, Object value)
{
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/picketbox/datasource/security/AbstractPasswordCredentialLoginModule.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/resource/security/AbstractPasswordCredentialLoginModule.java 2011-05-26 18:23:11 UTC (rev 225)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/picketbox/datasource/security/AbstractPasswordCredentialLoginModule.java 2011-08-01 14:38:17 UTC (rev 237)
@@ -19,25 +19,15 @@
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
-package org.jboss.resource.security;
+package org.picketbox.datasource.security;
-import java.util.Map;
-
-import javax.management.MBeanServer;
-import javax.management.MalformedObjectNameException;
-import javax.management.ObjectName;
-import javax.resource.spi.ManagedConnectionFactory;
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
-import org.jboss.logging.Logger;
-import org.jboss.security.util.MBeanServerLocator;
import org.jboss.security.auth.spi.AbstractServerLoginModule;
-/** A base login module that provides access to the ManagedConnectionFactory
- * needed by the PasswordCredential.
+/**
+ * A base login module that handles {@code PasswordCredential}s
*
* @see javax.resource.spi.security.PasswordCredential
*
@@ -46,104 +36,16 @@
* @version $Revision: 71545 $
*/
- at SuppressWarnings("unchecked")
-public abstract class AbstractPasswordCredentialLoginModule
- extends AbstractServerLoginModule
+public abstract class AbstractPasswordCredentialLoginModule extends AbstractServerLoginModule
{
- private static final Logger log = Logger.getLogger(AbstractPasswordCredentialLoginModule.class);
- private MBeanServer server;
- private ObjectName managedConnectionFactoryName;
- private ManagedConnectionFactory mcf;
- /** A flag that allows a missing MCF service to be ignored */
- private Boolean ignoreMissigingMCF;
- public AbstractPasswordCredentialLoginModule()
- {
-
- }
-
- public void initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options)
- {
- super.initialize(subject, handler, sharedState, options);
- String name = (String) options.get("managedConnectionFactoryName");
- try
- {
- managedConnectionFactoryName = new ObjectName(name);
- }
- catch (MalformedObjectNameException mone)
- {
- throw new IllegalArgumentException("Malformed ObjectName: " + name);
- }
-
- if (managedConnectionFactoryName == null)
- {
- throw new IllegalArgumentException("Must supply a managedConnectionFactoryName!");
- }
- Object flag = options.get("ignoreMissigingMCF");
- if( flag instanceof Boolean )
- ignoreMissigingMCF = (Boolean) flag;
- else if( flag != null )
- ignoreMissigingMCF = Boolean.valueOf(flag.toString());
- server = MBeanServerLocator.locateJBoss();
- getMcf();
- }
-
- /** Return false if there is no mcf, else return super.login(). Override
- * to provide custom authentication.
- *
- * @return false if there is no mcf, else return super.login().
- * @exception LoginException if an error occurs
- */
- public boolean login() throws LoginException
- {
- if (mcf == null)
- {
- return false;
- }
- return super.login();
- }
-
+ @Override
public boolean logout() throws LoginException
{
removeCredentials();
return super.logout();
}
- protected ManagedConnectionFactory getMcf()
- {
- if (mcf == null)
- {
- try
- {
- mcf = (ManagedConnectionFactory) server.getAttribute(
- managedConnectionFactoryName,
- "ManagedConnectionFactory");
- }
- catch (Exception e)
- {
- log.error("The ConnectionManager mbean: " + managedConnectionFactoryName
- + " specified in a ConfiguredIdentityLoginModule could not be found."
- + " ConnectionFactory will be unusable!", e);
- if( Boolean.TRUE != ignoreMissigingMCF )
- {
- throw new IllegalArgumentException("Managed Connection Factory not found: "
- + managedConnectionFactoryName);
- }
- } // end of try-catch
- if (log.isTraceEnabled())
- {
- log.trace("mcfname: " + managedConnectionFactoryName);
- }
- } // end of if ()
-
- return mcf;
- }
-
- protected MBeanServer getServer()
- {
- return server;
- }
-
/** This removes the javax.security.auth.login.name and
* javax.security.auth.login.password settings from the sharteState map
* along with any PasswordCredential found in the PrivateCredentials set
@@ -152,7 +54,7 @@
{
sharedState.remove("javax.security.auth.login.name");
sharedState.remove("javax.security.auth.login.password");
- SubjectActions.removeCredentials(subject, mcf);
+ SubjectActions.removeCredentials(subject);
}
}
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/picketbox/datasource/security/CallerIdentityLoginModule.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/resource/security/CallerIdentityLoginModule.java 2011-05-26 18:23:11 UTC (rev 225)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/picketbox/datasource/security/CallerIdentityLoginModule.java 2011-08-01 14:38:17 UTC (rev 237)
@@ -19,7 +19,7 @@
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
-package org.jboss.resource.security;
+package org.picketbox.datasource.security;
import java.security.Principal;
import java.security.acl.Group;
@@ -43,7 +43,7 @@
* <code>org.jboss.security.SimplePrincipal.</code>
* <p>
*
- * @see org.jboss.resource.security.ConfiguredIdentityLoginModule
+ * @see org.picketbox.datasource.security.ConfiguredIdentityLoginModule
*
* @author Scott.Stark at jboss.org
* @author <a href="mailto:d_jencks at users.sourceforge.net">David Jencks</a>
@@ -73,7 +73,7 @@
private char[] password;
/** A flag indicating if the run-as principal roles should be added to the subject */
private boolean addRunAsRoles;
- private Set runAsRoles;
+ private Set<Principal> runAsRoles;
/**
* Default Constructor
@@ -93,8 +93,8 @@
* @param sharedState
* @param options
*/
- public void initialize(Subject subject, CallbackHandler handler,
- Map sharedState, Map options)
+ @Override
+ public void initialize(Subject subject, CallbackHandler handler, Map<String, ?> sharedState, Map<String, ?> options)
{
super.initialize(subject, handler, sharedState, options);
@@ -132,6 +132,7 @@
* @return True if authentication succeeds
* @throws LoginException
*/
+ @Override
public boolean login() throws LoginException
{
if(trace)
@@ -187,6 +188,7 @@
return true;
}
+ @Override
public boolean commit() throws LoginException
{
// Put the principal name into the sharedState map
@@ -199,7 +201,6 @@
// Add the PasswordCredential
PasswordCredential cred = new PasswordCredential(userName, password);
- cred.setManagedConnectionFactory(getMcf());
SubjectActions.addCredentials(subject, cred);
return super.commit();
}
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/picketbox/datasource/security/ConfiguredIdentityLoginModule.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/resource/security/ConfiguredIdentityLoginModule.java 2011-05-26 18:23:11 UTC (rev 225)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/picketbox/datasource/security/ConfiguredIdentityLoginModule.java 2011-08-01 14:38:17 UTC (rev 237)
@@ -19,7 +19,7 @@
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
-package org.jboss.resource.security;
+package org.picketbox.datasource.security;
import java.security.Principal;
@@ -66,35 +66,39 @@
{
}
- public void initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options)
+ @Override
+ public void initialize(Subject subject, CallbackHandler handler, Map<String, ?> sharedState, Map<String, ?> options)
{
super.initialize(subject, handler, sharedState, options);
principalName = (String) options.get("principal");
- if( principalName == null )
+ if (principalName == null)
{
throw new IllegalArgumentException("Must supply a principal name!");
}
userName = (String) options.get("userName");
- if( userName == null )
+ if (userName == null)
{
- throw new IllegalArgumentException("Must supply a user name!");
+ userName = (String) options.get("username");
+ if (userName == null)
+ throw new IllegalArgumentException("Must supply a user name!");
}
password = (String) options.get("password");
- if( password == null )
+ if (password == null)
{
log.warn("Creating LoginModule with no configured password!");
password = "";
}
- if(trace)
+ if (trace)
log.trace("got principal: " + principalName + ", username: " + userName + ", password: " + password);
}
+ @Override
public boolean login() throws LoginException
{
- if(trace)
+ if (trace)
log.trace("login called");
- if( super.login() == true )
+ if (super.login())
return true;
Principal principal = new SimplePrincipal(principalName);
@@ -102,7 +106,6 @@
// Put the principal name into the sharedState map
sharedState.put("javax.security.auth.login.name", principalName);
PasswordCredential cred = new PasswordCredential(userName, password.toCharArray());
- cred.setManagedConnectionFactory(getMcf());
SubjectActions.addCredentials(subject, cred);
super.loginOk = true;
return true;
@@ -110,7 +113,7 @@
protected Principal getIdentity()
{
- if(trace)
+ if (trace)
log.trace("getIdentity called");
Principal principal = new SimplePrincipal(principalName);
return principal;
@@ -121,7 +124,7 @@
*/
protected Group[] getRoleSets() throws LoginException
{
- if(trace)
+ if (trace)
log.trace("getRoleSets called");
return new Group[] {};
}
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/picketbox/datasource/security/GetPrincipalInfoAction.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/resource/security/GetPrincipalInfoAction.java 2011-05-26 18:23:11 UTC (rev 225)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/picketbox/datasource/security/GetPrincipalInfoAction.java 2011-08-01 14:38:17 UTC (rev 237)
@@ -19,7 +19,7 @@
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
-package org.jboss.resource.security;
+package org.picketbox.datasource.security;
import java.io.UnsupportedEncodingException;
import java.security.AccessController;
@@ -69,28 +69,27 @@
}
- @SuppressWarnings("unchecked")
interface PrincipalActions
{
PrincipalActions PRIVILEGED = new PrincipalActions()
{
- private final PrivilegedAction peekAction = new PrivilegedAction()
+ private final PrivilegedAction<RunAs> peekAction = new PrivilegedAction<RunAs>()
{
- public Object run()
+ public RunAs run()
{
return SecurityContextAssociation.peekRunAsIdentity();
}
};
- private final PrivilegedAction getPrincipalAction = new PrivilegedAction()
+ private final PrivilegedAction<Principal> getPrincipalAction = new PrivilegedAction<Principal>()
{
- public Object run()
+ public Principal run()
{
return SecurityContextAssociation.getPrincipal();
}
};
- private final PrivilegedAction getCredentialAction = new PrivilegedAction()
+ private final PrivilegedAction<Object> getCredentialAction = new PrivilegedAction<Object>()
{
public Object run()
{
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/picketbox/datasource/security/JaasSecurityDomainIdentityLoginModule.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/resource/security/JaasSecurityDomainIdentityLoginModule.java 2011-05-26 18:23:11 UTC (rev 225)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/picketbox/datasource/security/JaasSecurityDomainIdentityLoginModule.java 2011-08-01 14:38:17 UTC (rev 237)
@@ -19,7 +19,7 @@
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
-package org.jboss.resource.security;
+package org.picketbox.datasource.security;
import java.security.AccessController;
import java.security.Principal;
@@ -76,8 +76,9 @@
@author Scott.Stark at jboss.org
@author <a href="mailto:noel.rocher at jboss.org">Noel Rocher</a> 29, june 2004 username & userName issue
@version $Revision: 71545 $
+ @deprecated security domains are not used for encryption currently
*/
-
+ at Deprecated
@SuppressWarnings("unchecked")
public class JaasSecurityDomainIdentityLoginModule
extends AbstractPasswordCredentialLoginModule
@@ -146,11 +147,11 @@
// Decode the encrypted password
try
{
- char[] decodedPassword = DecodeAction.decode(password,
- jaasSecurityDomain, getServer());
- PasswordCredential cred = new PasswordCredential(username, decodedPassword);
- cred.setManagedConnectionFactory(getMcf());
- SubjectActions.addCredentials(subject, cred);
+// char[] decodedPassword = DecodeAction.decode(password,
+// jaasSecurityDomain, getServer());
+// PasswordCredential cred = new PasswordCredential(username, decodedPassword);
+// cred.setManagedConnectionFactory(getMcf());
+// SubjectActions.addCredentials(subject, cred);
}
catch(Exception e)
{
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/picketbox/datasource/security/PBEIdentityLoginModule.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/resource/security/PBEIdentityLoginModule.java 2011-05-26 18:23:11 UTC (rev 225)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/picketbox/datasource/security/PBEIdentityLoginModule.java 2011-08-01 14:38:17 UTC (rev 237)
@@ -19,7 +19,7 @@
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
-package org.jboss.resource.security;
+package org.picketbox.datasource.security;
import java.security.Principal;
import java.security.acl.Group;
@@ -102,40 +102,39 @@
}
PBEIdentityLoginModule(String algo, char[] pass, byte[] pbesalt, int iter)
{
- if( pass != null )
+ if (pass != null)
pbepass = pass;
- if( algo != null )
+ if (algo != null)
pbealgo = algo;
- if( pbesalt != null )
+ if (pbesalt != null)
salt = pbesalt;
- if( iter > 0 )
+ if (iter > 0)
iterationCount = iter;
}
- @SuppressWarnings("unchecked")
@Override
- public void initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options)
+ public void initialize(Subject subject, CallbackHandler handler, Map<String, ?> sharedState, Map<String, ?> options)
{
super.initialize(subject, handler, sharedState, options);
// NR : we keep this username for compatibility
username = (String) options.get("username");
- if( username == null )
+ if (username == null)
{
// NR : try with userName
username = (String) options.get("userName");
- if( username == null )
+ if (username == null)
{
throw new IllegalArgumentException("The user name is a required option");
}
}
password = (String) options.get("password");
- if( password == null )
+ if (password == null)
{
throw new IllegalArgumentException("The password is a required option");
}
// Look for the cipher password and algo parameters
String tmp = (String) options.get("pbepass");
- if( tmp != null )
+ if (tmp != null)
{
try
{
@@ -147,21 +146,22 @@
}
}
tmp = (String) options.get("pbealgo");
- if( tmp != null )
+ if (tmp != null)
pbealgo = tmp;
tmp = (String) options.get("salt");
- if( tmp != null )
+ if (tmp != null)
salt = tmp.substring(0, 8).getBytes();
tmp = (String) options.get("iterationCount");
- if( tmp != null )
+ if (tmp != null)
iterationCount = Integer.parseInt(tmp);
}
+ @Override
public boolean login() throws LoginException
{
- if(trace)
+ if (trace)
log.trace("login called");
- if( super.login() == true )
+ if (super.login())
return true;
super.loginOk = true;
@@ -169,6 +169,7 @@
}
@SuppressWarnings("unchecked")
+ @Override
public boolean commit() throws LoginException
{
Principal principal = new SimplePrincipal(username);
@@ -179,18 +180,18 @@
{
char[] decodedPassword = decode(password);
PasswordCredential cred = new PasswordCredential(username, decodedPassword);
- cred.setManagedConnectionFactory(getMcf());
SubjectActions.addCredentials(subject, cred);
}
catch(Exception e)
{
- if(trace)
+ if (trace)
log.trace("Failed to decode password", e);
- throw new LoginException("Failed to decode password: "+e.getMessage());
+ throw new LoginException("Failed to decode password: " + e.getMessage());
}
return true;
}
+ @Override
public boolean abort()
{
username = null;
@@ -200,16 +201,15 @@
protected Principal getIdentity()
{
- if(trace)
- log.trace("getIdentity called, username="+username);
+ if (trace)
+ log.trace("getIdentity called, username=" + username);
Principal principal = new SimplePrincipal(username);
return principal;
}
protected Group[] getRoleSets() throws LoginException
{
- Group[] empty = new Group[0];
- return empty;
+ return new Group[] {};
}
private String encode(String secret)
@@ -259,17 +259,17 @@
char[] pass = "jaas is the way".toCharArray();
byte[] salt = null;
int iter = -1;
- if( args.length >= 2 )
+ if (args.length >= 2)
pass = args[1].toCharArray();
- if( args.length >= 3 )
+ if (args.length >= 3)
salt = args[2].getBytes();
- if( args.length >= 4 )
+ if (args.length >= 4)
iter = Integer.decode(args[3]).intValue();
- if( args.length >= 5 )
+ if (args.length >= 5)
algo = args[4];
PBEIdentityLoginModule pbe = new PBEIdentityLoginModule(algo, pass, salt, iter);
String encode = pbe.encode(args[0]);
- System.out.println("Encoded password: "+encode);
+ System.out.println("Encoded password: " + encode);
}
}
\ No newline at end of file
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/picketbox/datasource/security/SecureIdentityLoginModule.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/resource/security/SecureIdentityLoginModule.java 2011-05-26 18:23:11 UTC (rev 225)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/picketbox/datasource/security/SecureIdentityLoginModule.java 2011-08-01 14:38:17 UTC (rev 237)
@@ -19,7 +19,7 @@
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
-package org.jboss.resource.security;
+package org.picketbox.datasource.security;
import java.math.BigInteger;
import java.security.InvalidKeyException;
@@ -76,38 +76,41 @@
private String username;
private String password;
- public void initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options)
+ @Override
+ public void initialize(Subject subject, CallbackHandler handler, Map<String, ?> sharedState, Map<String, ?> options)
{
super.initialize(subject, handler, sharedState, options);
// NR : we keep this username for compatibility
username = (String) options.get("username");
- if( username == null )
+ if (username == null)
{
// NR : try with userName
username = (String) options.get("userName");
- if( username == null )
+ if (username == null)
{
throw new IllegalArgumentException("The user name is a required option");
}
}
password = (String) options.get("password");
- if( password == null )
+ if (password == null)
{
throw new IllegalArgumentException("The password is a required option");
}
}
+ @Override
public boolean login() throws LoginException
{
- if(trace)
+ if (trace)
log.trace("login called");
- if( super.login() == true )
+ if (super.login())
return true;
super.loginOk = true;
return true;
}
+ @Override
public boolean commit() throws LoginException
{
Principal principal = new SimplePrincipal(username);
@@ -118,18 +121,18 @@
{
char[] decodedPassword = decode(password);
PasswordCredential cred = new PasswordCredential(username, decodedPassword);
- cred.setManagedConnectionFactory(getMcf());
SubjectActions.addCredentials(subject, cred);
}
catch(Exception e)
{
- if(trace)
+ if (trace)
log.trace("Failed to decode password", e);
- throw new LoginException("Failed to decode password: "+e.getMessage());
+ throw new LoginException("Failed to decode password: " + e.getMessage());
}
return true;
}
+ @Override
public boolean abort()
{
username = null;
@@ -139,16 +142,15 @@
protected Principal getIdentity()
{
- if(trace)
- log.trace("getIdentity called, username="+username);
+ if (trace)
+ log.trace("getIdentity called, username=" + username);
Principal principal = new SimplePrincipal(username);
return principal;
}
protected Group[] getRoleSets() throws LoginException
{
- Group[] empty = new Group[0];
- return empty;
+ return new Group[] {};
}
private static String encode(String secret)
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/picketbox/datasource/security/SubjectActions.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/resource/security/SubjectActions.java 2011-05-26 18:23:11 UTC (rev 225)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/picketbox/datasource/security/SubjectActions.java 2011-08-01 14:38:17 UTC (rev 237)
@@ -19,7 +19,7 @@
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
-package org.jboss.resource.security;
+package org.picketbox.datasource.security;
import java.security.AccessController;
import java.security.Principal;
@@ -28,7 +28,6 @@
import java.util.Iterator;
import java.util.Set;
-import javax.resource.spi.ManagedConnectionFactory;
import javax.resource.spi.security.PasswordCredential;
import javax.security.auth.Subject;
@@ -41,18 +40,17 @@
* @version $Revision: 71545 $
*/
- at SuppressWarnings("unchecked")
class SubjectActions
{
interface AddRolesActions
{
AddRolesActions PRIVILEGED = new AddRolesActions()
{
- public void addRoles(final Subject subject, final Set roles)
+ public void addRoles(final Subject subject, final Set<Principal> roles)
{
- AccessController.doPrivileged(new PrivilegedAction()
+ AccessController.doPrivileged(new PrivilegedAction<Void>()
{
- public Object run()
+ public Void run()
{
addSubjectRoles(subject, roles);
return null;
@@ -63,16 +61,16 @@
AddRolesActions NON_PRIVILEGED = new AddRolesActions()
{
- public void addRoles(final Subject subject, final Set roles)
+ public void addRoles(final Subject subject, final Set<Principal> roles)
{
addSubjectRoles(subject, roles);
}
};
- void addRoles(Subject subject, Set roles);
+ void addRoles(Subject subject, Set<Principal> roles);
}
- static class AddCredentialsAction implements PrivilegedAction
+ static class AddCredentialsAction implements PrivilegedAction<Void>
{
Subject subject;
PasswordCredential cred;
@@ -81,13 +79,13 @@
this.subject = subject;
this.cred = cred;
}
- public Object run()
+ public Void run()
{
subject.getPrivateCredentials().add(cred);
return null;
}
}
- static class AddPrincipalsAction implements PrivilegedAction
+ static class AddPrincipalsAction implements PrivilegedAction<Void>
{
Subject subject;
Principal p;
@@ -96,33 +94,25 @@
this.subject = subject;
this.p = p;
}
- public Object run()
+ public Void run()
{
subject.getPrincipals().add(p);
return null;
}
}
- static class RemoveCredentialsAction implements PrivilegedAction
+ static class RemoveCredentialsAction implements PrivilegedAction<Void>
{
Subject subject;
- ManagedConnectionFactory mcf;
- RemoveCredentialsAction(Subject subject, ManagedConnectionFactory mcf)
+ RemoveCredentialsAction(Subject subject)
{
this.subject = subject;
- this.mcf = mcf;
}
- public Object run()
+ public Void run()
{
- Iterator i = subject.getPrivateCredentials().iterator();
- while( i.hasNext() )
+ Iterator<PasswordCredential> i = subject.getPrivateCredentials(PasswordCredential.class).iterator();
+ while (i.hasNext())
{
- Object o = i.next();
- if ( o instanceof PasswordCredential )
- {
- PasswordCredential pc = (PasswordCredential) o;
- if( pc.getManagedConnectionFactory() == mcf )
- i.remove();
- }
+ i.remove();
}
return null;
}
@@ -138,15 +128,15 @@
AddPrincipalsAction action = new AddPrincipalsAction(subject, p);
AccessController.doPrivileged(action);
}
- static void removeCredentials(Subject subject, ManagedConnectionFactory mcf)
+ static void removeCredentials(Subject subject)
{
- RemoveCredentialsAction action = new RemoveCredentialsAction(subject, mcf);
+ RemoveCredentialsAction action = new RemoveCredentialsAction(subject);
AccessController.doPrivileged(action);
}
- static void addRoles(Subject subject, Set runAsRoles)
+ static void addRoles(Subject subject, Set<Principal> runAsRoles)
{
- if( System.getSecurityManager() != null )
+ if (System.getSecurityManager() != null)
{
AddRolesActions.PRIVILEGED.addRoles(subject, runAsRoles);
}
@@ -156,14 +146,14 @@
}
}
- private static Group addSubjectRoles(Subject theSubject, Set roles)
+ private static Group addSubjectRoles(Subject theSubject, Set<Principal> roles)
{
- Set subjectGroups = theSubject.getPrincipals(Group.class);
- Iterator iter = subjectGroups.iterator();
+ Set<Group> subjectGroups = theSubject.getPrincipals(Group.class);
+ Iterator<Group> iter = subjectGroups.iterator();
Group roleGrp = null;
while (iter.hasNext())
{
- Group grp = (Group) iter.next();
+ Group grp = iter.next();
String name = grp.getName();
if (name.equals("Roles"))
roleGrp = grp;
@@ -176,10 +166,10 @@
theSubject.getPrincipals().add(roleGrp);
}
- iter = roles.iterator();
- while (iter.hasNext())
+ Iterator<Principal> iter2 = roles.iterator();
+ while (iter2.hasNext())
{
- Principal role = (Principal) iter.next();
+ Principal role = iter2.next();
roleGrp.addMember(role);
}
return roleGrp;
More information about the jboss-cvs-commits
mailing list