[jboss-remoting-commits] JBoss Remoting SVN: r5800 - remoting3/trunk/jboss-remoting/src/main/java/org/jboss/remoting3/remote.
jboss-remoting-commits at lists.jboss.org
jboss-remoting-commits at lists.jboss.org
Thu Mar 4 17:19:37 EST 2010
Author: david.lloyd at jboss.com
Date: 2010-03-04 17:19:36 -0500 (Thu, 04 Mar 2010)
New Revision: 5800
Modified:
remoting3/trunk/jboss-remoting/src/main/java/org/jboss/remoting3/remote/ExternalSaslServer.java
remoting3/trunk/jboss-remoting/src/main/java/org/jboss/remoting3/remote/ExternalSaslServerFactory.java
remoting3/trunk/jboss-remoting/src/main/java/org/jboss/remoting3/remote/RemoteConnectionHandler.java
remoting3/trunk/jboss-remoting/src/main/java/org/jboss/remoting3/remote/ServerOpenListener.java
Log:
Only offer EXTERNAL if the peer has a verified identity
Modified: remoting3/trunk/jboss-remoting/src/main/java/org/jboss/remoting3/remote/ExternalSaslServer.java
===================================================================
--- remoting3/trunk/jboss-remoting/src/main/java/org/jboss/remoting3/remote/ExternalSaslServer.java 2010-03-04 16:58:10 UTC (rev 5799)
+++ remoting3/trunk/jboss-remoting/src/main/java/org/jboss/remoting3/remote/ExternalSaslServer.java 2010-03-04 22:19:36 UTC (rev 5800)
@@ -26,10 +26,7 @@
import java.io.UnsupportedEncodingException;
import java.security.Principal;
import java.util.concurrent.atomic.AtomicBoolean;
-import org.jboss.xnio.channels.SslChannel;
-import javax.net.ssl.SSLPeerUnverifiedException;
-import javax.net.ssl.SSLSession;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
@@ -40,13 +37,13 @@
final class ExternalSaslServer implements SaslServer {
private final AtomicBoolean complete = new AtomicBoolean();
private String authorizationID;
- private final SslChannel sslChannel;
+ private final Principal peerPrincipal;
private final CallbackHandler callbackHandler;
private static final byte[] EMPTY = new byte[0];
- ExternalSaslServer(final SslChannel sslChannel, final CallbackHandler callbackHandler) {
- this.sslChannel = sslChannel;
+ ExternalSaslServer(final CallbackHandler callbackHandler, final Principal peerPrincipal) {
this.callbackHandler = callbackHandler;
+ this.peerPrincipal = peerPrincipal;
}
public String getMechanismName() {
@@ -63,13 +60,6 @@
} catch (UnsupportedEncodingException e) {
throw new SaslException("Cannot convert user name from UTF-8", e);
}
- final SSLSession session = sslChannel.getSslSession();
- final Principal peerPrincipal;
- try {
- peerPrincipal = session.getPeerPrincipal();
- } catch (SSLPeerUnverifiedException e) {
- throw new SaslException("SSL peer is unverified", e);
- }
final AuthorizeCallback authorizeCallback = new AuthorizeCallback(peerPrincipal.getName(), userName);
handleCallback(callbackHandler, authorizeCallback);
authorizationID = userName;
Modified: remoting3/trunk/jboss-remoting/src/main/java/org/jboss/remoting3/remote/ExternalSaslServerFactory.java
===================================================================
--- remoting3/trunk/jboss-remoting/src/main/java/org/jboss/remoting3/remote/ExternalSaslServerFactory.java 2010-03-04 16:58:10 UTC (rev 5799)
+++ remoting3/trunk/jboss-remoting/src/main/java/org/jboss/remoting3/remote/ExternalSaslServerFactory.java 2010-03-04 22:19:36 UTC (rev 5800)
@@ -22,8 +22,8 @@
package org.jboss.remoting3.remote;
+import java.security.Principal;
import java.util.Map;
-import org.jboss.xnio.channels.SslChannel;
import javax.security.auth.callback.CallbackHandler;
import javax.security.sasl.SaslException;
@@ -34,17 +34,14 @@
private static final String[] NAMES = new String[] { "EXTERNAL" };
- private final SslChannel sslChannel;
+ private final Principal peerPrincipal;
- ExternalSaslServerFactory(final SslChannel sslChannel) {
- this.sslChannel = sslChannel;
+ ExternalSaslServerFactory(final Principal peerPrincipal) {
+ this.peerPrincipal = peerPrincipal;
}
public SaslServer createSaslServer(final String mechanism, final String protocol, final String serverName, final Map<String, ?> props, final CallbackHandler cbh) throws SaslException {
- if (! "EXTERNAL".equalsIgnoreCase(mechanism)) {
- return null;
- }
- return new ExternalSaslServer(sslChannel, cbh);
+ return new ExternalSaslServer(cbh, peerPrincipal);
}
public String[] getMechanismNames(final Map<String, ?> props) {
Modified: remoting3/trunk/jboss-remoting/src/main/java/org/jboss/remoting3/remote/RemoteConnectionHandler.java
===================================================================
--- remoting3/trunk/jboss-remoting/src/main/java/org/jboss/remoting3/remote/RemoteConnectionHandler.java 2010-03-04 16:58:10 UTC (rev 5799)
+++ remoting3/trunk/jboss-remoting/src/main/java/org/jboss/remoting3/remote/RemoteConnectionHandler.java 2010-03-04 22:19:36 UTC (rev 5800)
@@ -65,6 +65,9 @@
private final IntKeyMap<OutboundRequest> outboundRequests = new IntKeyMap<OutboundRequest>();
private final IntKeyMap<InboundRequest> inboundRequests = new IntKeyMap<InboundRequest>();
+ private final IntKeyMap<OutboundStream> outboundStreams = new IntKeyMap<OutboundStream>();
+ private final IntKeyMap<InboundStream> inboundStreams = new IntKeyMap<InboundStream>();
+
private final AtomicBoolean closed = new AtomicBoolean();
RemoteConnectionHandler(final ConnectionHandlerContext connectionContext, final RemoteConnection remoteConnection, final MarshallerFactory marshallerFactory) {
@@ -74,7 +77,7 @@
this.marshallerFactory = marshallerFactory;
final MarshallingConfiguration config = new MarshallingConfiguration();
config.setClassExternalizerFactory(PrimaryExternalizerFactory.INSTANCE);
- config.setObjectTable(new PrimaryObjectTable(connectionContext.getConnectionProviderContext().getEndpoint()));
+ config.setObjectTable(new PrimaryObjectTable(connectionContext.getConnectionProviderContext().getEndpoint(), this));
config.setStreamHeader(Marshalling.nullStreamHeader());
// fixed for now (v0)
config.setVersion(2);
@@ -189,10 +192,14 @@
return inboundRequests;
}
- AtomicBoolean getClosed() {
- return closed;
+ IntKeyMap<OutboundStream> getOutboundStreams() {
+ return outboundStreams;
}
+ IntKeyMap<InboundStream> getInboundStreams() {
+ return inboundStreams;
+ }
+
RemoteConnection getRemoteConnection() {
return remoteConnection;
}
Modified: remoting3/trunk/jboss-remoting/src/main/java/org/jboss/remoting3/remote/ServerOpenListener.java
===================================================================
--- remoting3/trunk/jboss-remoting/src/main/java/org/jboss/remoting3/remote/ServerOpenListener.java 2010-03-04 16:58:10 UTC (rev 5799)
+++ remoting3/trunk/jboss-remoting/src/main/java/org/jboss/remoting3/remote/ServerOpenListener.java 2010-03-04 22:19:36 UTC (rev 5800)
@@ -25,6 +25,7 @@
import java.io.IOException;
import java.net.InetSocketAddress;
import java.nio.ByteBuffer;
+import java.security.Principal;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.LinkedHashMap;
@@ -43,6 +44,8 @@
import org.jboss.xnio.channels.ConnectedStreamChannel;
import org.jboss.xnio.channels.SslChannel;
+import javax.net.ssl.SSLPeerUnverifiedException;
+import javax.net.ssl.SSLSession;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslServerFactory;
@@ -87,8 +90,15 @@
final Enumeration<SaslServerFactory> e = Sasl.getSaslServerFactories();
final Map<String, SaslServerFactory> saslServerFactories = new LinkedHashMap<String, SaslServerFactory>();
if (channel instanceof SslChannel && (includes == null | includes.contains("EXTERNAL"))) {
- // automatically the best mechanism.
- saslServerFactories.put("EXTERNAL", new ExternalSaslServerFactory((SslChannel) channel));
+ final SslChannel sslChannel = (SslChannel) channel;
+ final SSLSession session = sslChannel.getSslSession();
+ try {
+ final Principal peerPrincipal = session.getPeerPrincipal();
+ // automatically the best mechanism.
+ saslServerFactories.put("EXTERNAL", new ExternalSaslServerFactory(peerPrincipal));
+ } catch (SSLPeerUnverifiedException e1) {
+ // ignore
+ }
}
while (e.hasMoreElements()) {
final SaslServerFactory saslServerFactory = e.nextElement();
More information about the jboss-remoting-commits
mailing list