[jboss-cvs] Picketbox SVN: r281 - in trunk: security-jboss-sx/jbosssx/src/main/java/org/picketbox/datasource/security and 1 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Nov 2 13:21:29 EDT 2011
Author: anil.saldhana at jboss.com
Date: 2011-11-02 13:21:29 -0400 (Wed, 02 Nov 2011)
New Revision: 281
Modified:
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapExtLoginModule.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapLoginModule.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/UsernamePasswordLoginModule.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/picketbox/datasource/security/CallerIdentityLoginModule.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/picketbox/datasource/security/ConfiguredIdentityLoginModule.java
trunk/security-spi/spi/src/main/java/org/jboss/security/vault/SecurityVaultUtil.java
Log:
SECURITY-625: retrofit login modules with vault
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapExtLoginModule.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapExtLoginModule.java 2011-11-02 15:23:00 UTC (rev 280)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapExtLoginModule.java 2011-11-02 17:21:29 UTC (rev 281)
@@ -45,6 +45,7 @@
import org.jboss.security.ErrorCodes;
import org.jboss.security.SimpleGroup;
import org.jboss.security.Util;
+import org.jboss.security.vault.SecurityVaultUtil;
/**
The org.jboss.security.auth.spi.LdapExtLoginModule, added in jboss-4.0.3, is an
@@ -364,6 +365,11 @@
char[] tmp = DecodeAction.decode(bindCredential, serviceName);
bindCredential = new String(tmp);
}
+ //Check if the credential is vaultified
+ if(bindCredential != null && SecurityVaultUtil.isVaultFormat(bindCredential))
+ {
+ bindCredential = SecurityVaultUtil.getValueAsString(bindCredential);
+ }
baseDN = (String) options.get(BASE_CTX_DN);
baseFilter = (String) options.get(BASE_FILTER_OPT);
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapLoginModule.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapLoginModule.java 2011-11-02 15:23:00 UTC (rev 280)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapLoginModule.java 2011-11-02 17:21:29 UTC (rev 281)
@@ -40,6 +40,7 @@
import javax.security.auth.login.LoginException;
import org.jboss.security.SimpleGroup;
+import org.jboss.security.vault.SecurityVaultUtil;
/**
* An implementation of LoginModule that authenticates against an LDAP server
@@ -298,7 +299,12 @@
char[] tmp = DecodeAction.decode(bindCredential, serviceName);
bindCredential = new String(tmp);
}
-
+ //Check if the credential is vaultified
+ if(bindCredential != null && SecurityVaultUtil.isVaultFormat(bindCredential))
+ {
+ bindCredential = SecurityVaultUtil.getValueAsString(bindCredential);
+ }
+
String principalDNPrefix = (String) options.get(PRINCIPAL_DN_PREFIX_OPT);
if (principalDNPrefix == null)
principalDNPrefix = "";
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/UsernamePasswordLoginModule.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/UsernamePasswordLoginModule.java 2011-11-02 15:23:00 UTC (rev 280)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/UsernamePasswordLoginModule.java 2011-11-02 17:21:29 UTC (rev 281)
@@ -39,6 +39,8 @@
import org.jboss.crypto.digest.DigestCallback;
import org.jboss.security.ErrorCodes;
+import org.jboss.security.vault.SecurityVaultException;
+import org.jboss.security.vault.SecurityVaultUtil;
/** An abstract subclass of AbstractServerLoginModule that imposes
@@ -244,6 +246,20 @@
password = createPasswordHash(username, password, "digestCallback");
// Validate the password supplied by the subclass
String expectedPassword = getUsersPassword();
+ //Check if the password is vaultified
+ if(SecurityVaultUtil.isVaultFormat(expectedPassword))
+ {
+ try
+ {
+ expectedPassword = SecurityVaultUtil.getValueAsString(expectedPassword);
+ }
+ catch (SecurityVaultException e)
+ {
+ LoginException le = new LoginException(ErrorCodes.PROCESSING_FAILED + "Unable to get the password value from vault");
+ le.initCause(e);
+ throw le;
+ }
+ }
// Allow the storeDigestCallback to hash the expected password
if( hashAlgorithm != null && hashStorePassword == true )
expectedPassword = createPasswordHash(username, expectedPassword, "storeDigestCallback");
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/picketbox/datasource/security/CallerIdentityLoginModule.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/picketbox/datasource/security/CallerIdentityLoginModule.java 2011-11-02 15:23:00 UTC (rev 280)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/picketbox/datasource/security/CallerIdentityLoginModule.java 2011-11-02 17:21:29 UTC (rev 281)
@@ -35,6 +35,8 @@
import org.jboss.security.ErrorCodes;
import org.jboss.security.RunAsIdentity;
import org.jboss.security.SimplePrincipal;
+import org.jboss.security.vault.SecurityVaultException;
+import org.jboss.security.vault.SecurityVaultUtil;
/**
* A simple login module that simply associates the principal making the
@@ -114,6 +116,18 @@
{
password = pass.toCharArray();
}
+ if(pass != null && SecurityVaultUtil.isVaultFormat(pass))
+ {
+ try
+ {
+ pass = SecurityVaultUtil.getValueAsString(pass);
+ }
+ catch (SecurityVaultException e)
+ {
+ throw new RuntimeException(e);
+ }
+ password = pass.toCharArray();
+ }
// Check the addRunAsRoles
String flag = (String) options.get("addRunAsRoles");
@@ -152,6 +166,10 @@
if( userPassword != null )
{
password = userPassword;
+ if(SecurityVaultUtil.isVaultFormat(password))
+ {
+ password = SecurityVaultUtil.getValue(password);
+ }
}
if (user != null)
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/picketbox/datasource/security/ConfiguredIdentityLoginModule.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/picketbox/datasource/security/ConfiguredIdentityLoginModule.java 2011-11-02 15:23:00 UTC (rev 280)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/picketbox/datasource/security/ConfiguredIdentityLoginModule.java 2011-11-02 17:21:29 UTC (rev 281)
@@ -34,6 +34,8 @@
import org.jboss.logging.Logger;
import org.jboss.security.ErrorCodes;
import org.jboss.security.SimplePrincipal;
+import org.jboss.security.vault.SecurityVaultException;
+import org.jboss.security.vault.SecurityVaultUtil;
/**
* A simple login module that simply associates the principal specified
@@ -89,6 +91,20 @@
log.warn("Creating LoginModule with no configured password!");
password = "";
}
+ else
+ {
+ if(SecurityVaultUtil.isVaultFormat(password))
+ {
+ try
+ {
+ password = SecurityVaultUtil.getValueAsString(password);
+ }
+ catch (SecurityVaultException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+ }
if (trace)
log.trace("got principal: " + principalName + ", username: " + userName + ", password: " + password);
Modified: trunk/security-spi/spi/src/main/java/org/jboss/security/vault/SecurityVaultUtil.java
===================================================================
--- trunk/security-spi/spi/src/main/java/org/jboss/security/vault/SecurityVaultUtil.java 2011-11-02 15:23:00 UTC (rev 280)
+++ trunk/security-spi/spi/src/main/java/org/jboss/security/vault/SecurityVaultUtil.java 2011-11-02 17:21:29 UTC (rev 281)
@@ -42,6 +42,18 @@
* @param str
* @return
*/
+ public static boolean isVaultFormat(char[] chars)
+ {
+ String str = new String(chars);
+ return str.startsWith(VAULT_PREFIX);
+ }
+
+ /**
+ * Check whether the string has the format of the vault
+ *
+ * @param str
+ * @return
+ */
public static boolean isVaultFormat(String str)
{
return str.startsWith(VAULT_PREFIX);
@@ -96,6 +108,19 @@
return new String(val);
return null;
}
+
+ /**
+ * Get the value from the vault
+ * @param chars vaultified set of characters
+ * @return
+ * @throws SecurityVaultException
+ */
+ public static char[] getValue(char[] chars)
+ throws SecurityVaultException
+ {
+ String vaultString = new String(chars);
+ return getValue(vaultString);
+ }
private static String[] tokens(String vaultString)
{
More information about the jboss-cvs-commits
mailing list