[jboss-svn-commits] JBL Code SVN: r21267 - in labs/jbossesb/workspace/dbevenius/security/product: rosetta/src/org/jboss/internal/soa/esb/services/security/jaas and 7 other directories.
jboss-svn-commits at lists.jboss.org
jboss-svn-commits at lists.jboss.org
Tue Jul 29 02:31:39 EDT 2008
Author: beve
Date: 2008-07-29 02:31:39 -0400 (Tue, 29 Jul 2008)
New Revision: 21267
Added:
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityConfig.java
Removed:
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/JaasSecurityContext.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityConfigInfo.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityContext.java
Modified:
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/internal/soa/esb/services/security/JaasSecurityService.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/internal/soa/esb/services/security/UserPassCallbackHandler.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/internal/soa/esb/services/security/jaas/OpenSSOLoginModule.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/listeners/ListenerTagNames.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/listeners/message/ActionProcessingPipeline.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityConfigUtil.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityService.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/auth/AuthenticationRequest.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/internal/soa/esb/services/security/JaasSecurityServiceUnitTest.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/services/security/SecurityConfigUtilUnitTest.java
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/build.xml
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jaas.login
Log:
Refactoring.
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/internal/soa/esb/services/security/JaasSecurityService.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/internal/soa/esb/services/security/JaasSecurityService.java 2008-07-29 05:07:48 UTC (rev 21266)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/internal/soa/esb/services/security/JaasSecurityService.java 2008-07-29 06:31:39 UTC (rev 21267)
@@ -30,10 +30,11 @@
import javax.security.auth.login.LoginException;
import org.apache.log4j.Logger;
+import org.jboss.internal.soa.esb.assertion.AssertArgument;
import org.jboss.soa.esb.ConfigurationException;
import org.jboss.soa.esb.common.Configuration;
import org.jboss.soa.esb.common.Environment;
-import org.jboss.soa.esb.services.security.SecurityContext;
+import org.jboss.soa.esb.services.security.SecurityConfig;
import org.jboss.soa.esb.services.security.SecurityService;
import org.jboss.soa.esb.services.security.SecurityServiceException;
import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
@@ -65,20 +66,23 @@
* @throws SecurityServiceException
* @throws LoginException if the authentication fails
*/
- public void authenticate(final SecurityContext context, final AuthenticationRequest authRequest) throws SecurityServiceException
+ public void authenticate(final SecurityConfig config, Subject subject, final AuthenticationRequest authRequest) throws SecurityServiceException
{
+ AssertArgument.isNotNull(subject, "subject");
+ AssertArgument.isNotNull(config, "config");
+
LoginContext loginContext;
try
{
- EsbCallbackHandler callbackHandler = null;
- if ( callbackHandlerClassName != null )
+ EsbCallbackHandler callbackHandler = getCallbackHandler(config);
+ if ( callbackHandler != null )
{
- callbackHandler = getInstance(callbackHandlerClassName);
callbackHandler.setAuthenticationRequest(authRequest);
}
- loginContext = new LoginContext(context.getConfigInfo().getModuleName(), context.getSubject(), callbackHandler, configuration);
+
+ loginContext = new LoginContext(config.getModuleName(), subject, callbackHandler, configuration);
loginContext.login();
- addRunAs(context);
+ addRunAs(config, subject);
}
catch (final LoginException e)
{
@@ -91,6 +95,31 @@
}
/**
+ * If a callbackHandler was specified in the config object instance use it.
+ * Otherwise use the one that was globally configured, if any.
+ *
+ * @param config
+ * @return
+ * @throws ConfigurationException
+ */
+ private EsbCallbackHandler getCallbackHandler( final SecurityConfig config ) throws ConfigurationException
+ {
+ EsbCallbackHandler callbackHandler = null;
+
+ String fromConfig = config.getCallbackHandler();
+ if ( fromConfig != null )
+ {
+ callbackHandler = getInstance(fromConfig);
+ }
+ else if ( callbackHandlerClassName != null )
+ {
+ callbackHandler = getInstance(callbackHandlerClassName);
+ }
+ return callbackHandler;
+
+ }
+
+ /**
* Determines if the passed in Subjects has the role specified in the context.
* @return true - if the callers has the role
*/
@@ -152,17 +181,17 @@
}
}
- public void logout(SecurityContext context)
+ public void logout(SecurityConfig config)
{
throw new UnsupportedOperationException("Logout is not implemented for " + getClass().getName());
}
- private void addRunAs( final SecurityContext context )
+ private void addRunAs( final SecurityConfig config, final Subject subject )
{
- final String runAs = context.getConfigInfo().getRunAs();
+ final String runAs = config.getRunAs();
if ( runAs != null )
{
- context.getSubject().getPrincipals().add(new Role(runAs));
+ subject.getPrincipals().add(new Role(runAs));
}
}
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/internal/soa/esb/services/security/UserPassCallbackHandler.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/internal/soa/esb/services/security/UserPassCallbackHandler.java 2008-07-29 05:07:48 UTC (rev 21266)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/internal/soa/esb/services/security/UserPassCallbackHandler.java 2008-07-29 06:31:39 UTC (rev 21267)
@@ -43,10 +43,10 @@
public void handle(final Callback[] callbacks) throws IOException, UnsupportedCallbackException
{
- log.info("Nr of callback to handle : " + callbacks.length);
+ log.debug("Nr of callback to handle : " + callbacks.length);
for (int i = 0; i < callbacks.length; i++)
{
- log.info("Callback" + callbacks[i].getClass().getName());
+ log.debug("Callback" + callbacks[i].getClass().getName());
if (callbacks[i] instanceof NameCallback)
{
NameCallback nc = (NameCallback) callbacks[i];
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/internal/soa/esb/services/security/jaas/OpenSSOLoginModule.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/internal/soa/esb/services/security/jaas/OpenSSOLoginModule.java 2008-07-29 05:07:48 UTC (rev 21266)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/internal/soa/esb/services/security/jaas/OpenSSOLoginModule.java 2008-07-29 06:31:39 UTC (rev 21267)
@@ -22,7 +22,6 @@
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
-import java.net.URL;
import java.security.Principal;
import java.util.Map;
import java.util.Properties;
@@ -37,7 +36,6 @@
import org.apache.log4j.Logger;
import org.jboss.soa.esb.ConfigurationException;
-import org.jboss.soa.esb.common.Environment;
import org.jboss.soa.esb.services.security.principals.SSOPrincipal;
import org.jboss.soa.esb.util.ClassUtil;
@@ -112,6 +110,8 @@
Principal principal = new SSOPrincipal(ssoToken.getTokenID().toString());
log.info(principal);
+ log.info(subject);
+ log.info(subject.getPrincipals());
subject.getPrincipals().add(principal);
}
@@ -119,6 +119,7 @@
}
catch (final Exception ignore)
{
+ log.error("Exception in commit: ", ignore);
commitSucceeded = false;
}
@@ -172,6 +173,7 @@
public boolean login() throws LoginException
{
Set<SSOPrincipal> principals = subject.getPrincipals(SSOPrincipal.class);
+ log.info("SSOPrincipals : " + principals);
if ( !principals.isEmpty() )
{
SSOPrincipal ssoPrincipal = principals.iterator().next();
@@ -236,13 +238,19 @@
*/
private void configure(final String amProperties) throws ConfigurationException
{
+ log.info("Access Manager(AM) configuration properties file : " + amProperties);
if ( amProperties != null )
{
Properties props = new Properties();
try
{
InputStream inputStream = ClassUtil.getResourceAsStream(amProperties, getClass());
- props.load(inputStream);
+ if ( inputStream != null )
+ {
+ props.load(inputStream);
+ }
+ else
+ throw new ConfigurationException("Could not locate Access Manager(AM) configuration properties file: " + amProperties);
}
catch (FileNotFoundException e)
{
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/listeners/ListenerTagNames.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/listeners/ListenerTagNames.java 2008-07-29 05:07:48 UTC (rev 21266)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/listeners/ListenerTagNames.java 2008-07-29 06:31:39 UTC (rev 21267)
@@ -80,6 +80,7 @@
public static final String RUN_AS_TAG = "runAs";
public static final String USE_CALLERS_IDENTIDY_TAG = "useCallersIdentity";
public static final String MODULE_NAME_TAG = "moduleName";
+ public static final String CALLBACK_HANDLER_TAG = "callbackHandler";
public static final String MEP_ONE_WAY = "OneWay" ;
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/listeners/message/ActionProcessingPipeline.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/listeners/message/ActionProcessingPipeline.java 2008-07-29 05:07:48 UTC (rev 21266)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/listeners/message/ActionProcessingPipeline.java 2008-07-29 06:31:39 UTC (rev 21267)
@@ -22,8 +22,6 @@
package org.jboss.soa.esb.listeners.message;
-import java.io.Serializable;
-import java.security.Principal;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.concurrent.atomic.AtomicBoolean;
@@ -31,7 +29,6 @@
import javax.security.auth.Subject;
import org.apache.log4j.Logger;
-import org.jboss.internal.soa.esb.message.format.serialized.SerializedValueImpl;
import org.jboss.soa.esb.ConfigurationException;
import org.jboss.soa.esb.actions.ActionLifecycle;
import org.jboss.soa.esb.actions.ActionPipelineProcessor;
@@ -54,15 +51,12 @@
import org.jboss.soa.esb.message.Message;
import org.jboss.soa.esb.message.Properties;
import org.jboss.soa.esb.services.persistence.MessageStore;
-import org.jboss.soa.esb.services.security.JaasSecurityContext;
-import org.jboss.soa.esb.services.security.SecurityConfigInfo;
+import org.jboss.soa.esb.services.security.SecurityConfig;
import org.jboss.soa.esb.services.security.SecurityConfigUtil;
-import org.jboss.soa.esb.services.security.SecurityContext;
import org.jboss.soa.esb.services.security.SecurityService;
import org.jboss.soa.esb.services.security.SecurityServiceException;
import org.jboss.soa.esb.services.security.SecurityServiceFactory;
import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
-import org.jboss.soa.esb.services.security.auth.AuthenticationRequestImpl;
import org.jboss.soa.esb.util.ClassUtil;
/**
@@ -111,7 +105,7 @@
*/
private boolean defaultProcessing ;
- private SecurityConfigInfo securityConf;
+ private SecurityConfig securityConf;
/**
* public constructor
@@ -261,7 +255,7 @@
ConfigTree[] securityConfigs = config.getChildren( ListenerTagNames.SECURITY_TAG );
if (securityConfigs.length > 0)
{
- securityConf = SecurityConfigUtil.createSecurityConfigInfo(securityConfigs[0]);
+ securityConf = SecurityConfigUtil.createSecurityConfig(securityConfigs[0]);
LOGGER.info(securityConf);
SecurityServiceFactory.getSecurityService().configure();
}
@@ -353,18 +347,31 @@
callDetails.copy(message.getHeader().getCall()) ;
LOGGER.info("processPipeine secured");
- // if the gateway or another service passed a subject, use that subject for authentication.
+ /*
+ * If the gateway or another service passed a subject, use that subject for authentication.
+ * A subject will only contain Principal(given that they are serializable), but a Principal
+ * might represent an id or a SSO Token that can be used for authentication.
+ * If a Subject does not exist then create one to drive the authentication.
+ */
Subject subject = (Subject) message.getProperties().getProperty( SecurityService.SUBJECT );
+ LOGGER.info("Subject before authentication : " + subject);
- SecurityContext securityContext = new JaasSecurityContext(securityConf, subject);
+ if ( subject == null )
+ {
+ subject = new Subject();
+ }
- AuthenticationRequest authRequest = (AuthenticationRequest) message.getProperties().getProperty( SecurityService.AUTH_REQUEST );
try
{
- LOGGER.info("authenticate request : " + authRequest.getPrincipal());
- SecurityServiceFactory.getSecurityService().authenticate(securityContext, authRequest);
- message.getProperties().setProperty( SecurityService.SUBJECT, securityContext.getSubject());
- LOGGER.debug("Subject after authentication" + securityContext.getSubject());
+ // get the authentication request if one exists.
+ AuthenticationRequest authRequest = (AuthenticationRequest) message.getProperties().getProperty( SecurityService.AUTH_REQUEST );
+
+ // perform the authentication
+ SecurityServiceFactory.getSecurityService().authenticate(securityConf, subject, authRequest);
+
+ // add the subject to the message
+ message.getProperties().setProperty( SecurityService.SUBJECT, subject );
+
}
catch (final SecurityServiceException e)
{
@@ -378,6 +385,11 @@
faultTo(callDetails, Factory.createErrorMessage(Factory.UNEXPECTED_ERROR, message, e));
return false;
}
+ finally
+ {
+ // always remove the authentication request as it contains sensitive information
+ //message.getProperties().remove( SecurityService.AUTH_REQUEST );
+ }
PrivilegedAction<Boolean> action = new PrivilegedAction<Boolean>()
{
@@ -387,7 +399,7 @@
}
};
- Boolean processResult = (Boolean) Subject.doAsPrivileged(securityContext.getSubject(), action, null);
+ Boolean processResult = (Boolean) Subject.doAsPrivileged(subject, action, null);
return processResult.booleanValue();
}
Deleted: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/JaasSecurityContext.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/JaasSecurityContext.java 2008-07-29 05:07:48 UTC (rev 21266)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/JaasSecurityContext.java 2008-07-29 06:31:39 UTC (rev 21267)
@@ -1,74 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
- * LLC, and individual contributors by the @authors tag. See the copyright.txt
- * in the distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 2.1 of the License, or (at your option)
- * any later version.
- *
- * This software is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
- * details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this software; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
- * site: http://www.fsf.org.
- */
-package org.jboss.soa.esb.services.security;
-
-import java.io.Serializable;
-
-import javax.security.auth.Subject;
-
-/**
- * JAAS Security context implementation.
- * <p/>
- *
- * @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
- * @since 4.4
- */
-public class JaasSecurityContext implements SecurityContext, Serializable
-{
- private static final long serialVersionUID = 1L;
- private Subject subject;
- private SecurityConfigInfo configInfo;
-
- /**
- * Constructs a JassSecurityContext with the passed in paramters.
- *
- * @param configInfo - {@link SecurityConfigInfo} instance
- * @param subject - Subject for this context. If null, a new Subject will be created.
- */
- public JaasSecurityContext(final SecurityConfigInfo configInfo, final Subject subject)
- {
- this.subject = subject == null ? this.subject = new Subject():subject;
- this.configInfo = configInfo;
- }
-
- /* (non-Javadoc)
- * @see org.jboss.soa.esb.services.security.SecurityContext2#getConfigInfo()
- */
- public SecurityConfigInfo getConfigInfo()
- {
- return configInfo;
- }
-
- /* (non-Javadoc)
- * @see org.jboss.soa.esb.services.security.SecurityContext2#getSubject()
- */
- public Subject getSubject()
- {
- return subject;
- }
-
- @Override
- public String toString()
- {
- return "SecurityContext [ configinfo=" + configInfo + ", subject=" + subject + "]";
- }
-
-}
Copied: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityConfig.java (from rev 21254, labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityConfigInfo.java)
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityConfig.java (rev 0)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityConfig.java 2008-07-29 06:31:39 UTC (rev 21267)
@@ -0,0 +1,95 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.soa.esb.services.security;
+
+
+/**
+ * This class is indended to security related configuration properties.
+ *
+ * @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
+ * @since 4.4
+ */
+public class SecurityConfig
+{
+ private String runAs;
+ public String getCallbackHandler()
+ {
+ return callbackHandler;
+ }
+
+ private String useCallerIdentity;
+ private String moduleName;
+ private final String callbackHandler;
+
+ private SecurityConfig(
+ final String runAs,
+ final String useCallerIdentity,
+ final String moduleName,
+ final String callbackHandler)
+ {
+ this.runAs = runAs;
+ this.useCallerIdentity = useCallerIdentity;
+ this.moduleName = moduleName;
+ this.callbackHandler= callbackHandler;
+ }
+
+ /**
+ *
+ * @param runAs - run as the specified role
+ * @param useCallerIdentity - use the callers identity
+ * @param moduleName - index into the jaas configuration policy file
+ * @return <code>SecurityConfigInfo</code>
+ */
+ public static SecurityConfig createSecurityInfo(
+ final String runAs,
+ final String useCallerIdentity,
+ final String moduleName,
+ final String callbackHandler)
+ {
+ return new SecurityConfig(runAs, useCallerIdentity, moduleName, callbackHandler);
+ }
+
+ public String getRunAs()
+ {
+ return runAs;
+ }
+ public String getUseCallerIdentity()
+ {
+ return useCallerIdentity;
+ }
+
+ public String getModuleName()
+ {
+ return moduleName;
+ }
+
+ @Override
+ public String toString()
+ {
+ return "[SecurityConfigInfo : runAs=" + runAs + ", useCallerIdentity=" + useCallerIdentity + ", moduleName=" + moduleName + ", callbackHandler=" + callbackHandler +"]";
+ }
+
+ public boolean hasRunAs()
+ {
+ return runAs != null;
+ }
+
+}
Deleted: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityConfigInfo.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityConfigInfo.java 2008-07-29 05:07:48 UTC (rev 21266)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityConfigInfo.java 2008-07-29 06:31:39 UTC (rev 21267)
@@ -1,86 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
- * LLC, and individual contributors by the @authors tag. See the copyright.txt
- * in the distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 2.1 of the License, or (at your option)
- * any later version.
- *
- * This software is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
- * details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this software; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
- * site: http://www.fsf.org.
- */
-package org.jboss.soa.esb.services.security;
-
-
-/**
- * This class is indended to security related configuration properties.
- *
- * @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
- * @since 4.4
- */
-public class SecurityConfigInfo
-{
- private String runAs;
- private String useCallerIdentity;
- private String moduleName;
-
- private SecurityConfigInfo(
- final String runAs,
- final String useCallerIdentity,
- final String moduleName)
- {
- this.runAs = runAs;
- this.useCallerIdentity = useCallerIdentity;
- this.moduleName = moduleName;
- }
-
- /**
- *
- * @param runAs - run as the specified role
- * @param useCallerIdentity - use the callers identity
- * @param moduleName - index into the jaas configuration policy file
- * @return <code>SecurityConfigInfo</code>
- */
- public static SecurityConfigInfo createSecurityInfo(
- final String runAs,
- final String useCallerIdentity,
- final String moduleName)
- {
- return new SecurityConfigInfo(runAs, useCallerIdentity, moduleName);
- }
-
- public String getRunAs()
- {
- return runAs;
- }
- public String getUseCallerIdentity()
- {
- return useCallerIdentity;
- }
-
- public String getModuleName()
- {
- return moduleName;
- }
-
- @Override
- public String toString()
- {
- return "[SecurityConfigInfo : runAs=" + runAs + ", useCallerIdentity=" + useCallerIdentity + ", moduleName=" + moduleName + "]";
- }
-
- public boolean hasRunAs()
- {
- return runAs != null;
- }
-
-}
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityConfigUtil.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityConfigUtil.java 2008-07-29 05:07:48 UTC (rev 21266)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityConfigUtil.java 2008-07-29 06:31:39 UTC (rev 21267)
@@ -35,12 +35,13 @@
{
private SecurityConfigUtil() { }
- public static SecurityConfigInfo createSecurityConfigInfo(final ConfigTree securityFragment)
+ public static SecurityConfig createSecurityConfig(final ConfigTree securityFragment)
{
final String runAs = securityFragment.getAttribute(ListenerTagNames.RUN_AS_TAG);
final String useCallersIdentity = securityFragment.getAttribute(ListenerTagNames.USE_CALLERS_IDENTIDY_TAG);
final String moduleName = securityFragment.getAttribute(ListenerTagNames.MODULE_NAME_TAG);
+ final String callbackHandler = securityFragment.getAttribute(ListenerTagNames.CALLBACK_HANDLER_TAG);
- return SecurityConfigInfo.createSecurityInfo(runAs, useCallersIdentity, moduleName);
+ return SecurityConfig.createSecurityInfo(runAs, useCallersIdentity, moduleName, callbackHandler);
}
}
Deleted: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityContext.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityContext.java 2008-07-29 05:07:48 UTC (rev 21266)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityContext.java 2008-07-29 06:31:39 UTC (rev 21267)
@@ -1,35 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
- * LLC, and individual contributors by the @authors tag. See the copyright.txt
- * in the distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 2.1 of the License, or (at your option)
- * any later version.
- *
- * This software is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
- * details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this software; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
- * site: http://www.fsf.org.
- */
-package org.jboss.soa.esb.services.security;
-
-import javax.security.auth.Subject;
-
-/**
- *
- * @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
- *
- */
-public interface SecurityContext
-{
- SecurityConfigInfo getConfigInfo();
-
- Subject getSubject();
-}
\ No newline at end of file
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityService.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityService.java 2008-07-29 05:07:48 UTC (rev 21266)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityService.java 2008-07-29 06:31:39 UTC (rev 21267)
@@ -58,7 +58,7 @@
* @param securityContext - the security context to authenticate
* @throws LoginException - if the authentication was not sucessful
*/
- void authenticate(final SecurityContext securityContext, final AuthenticationRequest authRequest) throws SecurityServiceException;
+ void authenticate(final SecurityConfig securityConfig, final Subject subject, final AuthenticationRequest authRequest) throws SecurityServiceException;
/**
* Determines if the subject contains the passed in role in it's
@@ -76,5 +76,5 @@
* @param securityContext
* @throws LoginException
*/
- void logout(final SecurityContext securityContext);
+ void logout(final SecurityConfig securityConfig);
}
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/auth/AuthenticationRequest.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/auth/AuthenticationRequest.java 2008-07-29 05:07:48 UTC (rev 21266)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/auth/AuthenticationRequest.java 2008-07-29 06:31:39 UTC (rev 21267)
@@ -6,7 +6,6 @@
public interface AuthenticationRequest
{
-
public abstract Set<?> getCredentials();
public abstract Map<String, ?> getProperties();
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/internal/soa/esb/services/security/JaasSecurityServiceUnitTest.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/internal/soa/esb/services/security/JaasSecurityServiceUnitTest.java 2008-07-29 05:07:48 UTC (rev 21266)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/internal/soa/esb/services/security/JaasSecurityServiceUnitTest.java 2008-07-29 06:31:39 UTC (rev 21267)
@@ -34,8 +34,7 @@
import org.jboss.soa.esb.ConfigurationException;
import org.jboss.soa.esb.common.Environment;
-import org.jboss.soa.esb.services.security.JaasSecurityContext;
-import org.jboss.soa.esb.services.security.SecurityConfigInfo;
+import org.jboss.soa.esb.services.security.SecurityConfig;
import org.jboss.soa.esb.services.security.SecurityService;
import org.jboss.soa.esb.services.security.SecurityServiceException;
import org.jboss.soa.esb.services.security.TestPrincipal;
@@ -67,17 +66,16 @@
{
final String userName = "testUser";
final String password = "testPassword";
- SecurityConfigInfo configInfo = SecurityConfigInfo.createSecurityInfo(null, null, "UserPassLogin");
- JaasSecurityContext context = new JaasSecurityContext(configInfo, subject);
+ SecurityConfig configInfo = SecurityConfig.createSecurityInfo(null, null, "UserPassLogin", "org.jboss.internal.soa.esb.services.security.UserPassCallbackHandler");
TestPrincipal principal = new TestPrincipal(userName);
Set<String> credentials = new HashSet<String>();
credentials.add(password);
AuthenticationRequest authRequest = new AuthenticationRequestImpl.Builder(principal, credentials).bulid();
service.configure();
- service.authenticate(context, authRequest);
+ service.authenticate(configInfo, subject, authRequest);
- Set<TestPrincipal> principals = context.getSubject().getPrincipals( TestPrincipal.class );
+ Set<TestPrincipal> principals = subject.getPrincipals( TestPrincipal.class );
assertEquals( 1, principals.size() );
assertEquals( userName, principals.iterator().next().getName() );
}
@@ -91,30 +89,24 @@
{
final String userName = "amAdmin";
final String password = "adminpass";
- SecurityConfigInfo configInfo = SecurityConfigInfo.createSecurityInfo(null, null, "OpenSSOLogin");
- JaasSecurityContext context = new JaasSecurityContext(configInfo, subject);
+ SecurityConfig configInfo = SecurityConfig.createSecurityInfo(null, null, "OpenSSOLogin", null);
TestPrincipal principal = new TestPrincipal(userName);
Set<String> credentials = new HashSet<String>();
credentials.add(password);
AuthenticationRequest authRequest = new AuthenticationRequestImpl.Builder(principal, credentials).bulid();
service.configure();
- try
- {
- service.authenticate(context, authRequest);
- }catch (Exception e) {
- e.printStackTrace();
- }
+ service.authenticate(configInfo, subject, authRequest);
- Set<?> principals = context.getSubject().getPrincipals();
+ Set<?> principals = subject.getPrincipals();
assertEquals( 1, principals.size() );
assertTrue( principals.iterator().next() instanceof SSOPrincipal );
- service.authenticate(context, authRequest);
- service.authenticate(context, authRequest);
- service.authenticate(context, authRequest);
- service.authenticate(context, authRequest);
- principals = context.getSubject().getPrincipals();
+ service.authenticate(configInfo, subject, authRequest);
+ service.authenticate(configInfo, subject, authRequest);
+ service.authenticate(configInfo, subject, authRequest);
+ service.authenticate(configInfo, subject, authRequest);
+ principals = subject.getPrincipals();
assertEquals( 1, principals.size() );
assertTrue( principals.iterator().next() instanceof SSOPrincipal );
@@ -123,12 +115,11 @@
@Test
public void configureWithRole() throws ConfigurationException, SecurityServiceException
{
- SecurityConfigInfo configInfo = SecurityConfigInfo.createSecurityInfo("adminRole", null, "SuccessfulLogin");
- JaasSecurityContext context = new JaasSecurityContext(configInfo, subject);
+ SecurityConfig configInfo = SecurityConfig.createSecurityInfo("adminRole", null, "SuccessfulLogin", null);
- service.authenticate(context, null);
+ service.authenticate(configInfo, subject, null);
- Set<Principal> principals = context.getSubject().getPrincipals( Principal.class );
+ Set<Principal> principals = subject.getPrincipals( Principal.class );
assertEquals( 2, principals.size() );
}
@@ -136,9 +127,8 @@
public void isCallerInRole() throws SecurityServiceException
{
final String roleName = "adminRole";
- SecurityConfigInfo configInfo = SecurityConfigInfo.createSecurityInfo(roleName, null, "SuccessfulLogin");
- JaasSecurityContext context = new JaasSecurityContext(configInfo, subject);
- service.authenticate(context, null);
+ SecurityConfig configInfo = SecurityConfig.createSecurityInfo(roleName, null, "SuccessfulLogin", null);
+ service.authenticate(configInfo, subject, null);
Subject subject = new Subject();
subject.getPrincipals().add(new Role(roleName));
assertTrue( service.isCallerInRole(subject, new Role(roleName)));
@@ -147,9 +137,8 @@
@Test ( expected = SecurityServiceException.class )
public void loginFailure() throws ConfigurationException, SecurityServiceException
{
- SecurityConfigInfo configInfo = SecurityConfigInfo.createSecurityInfo(null, null, "FailureLogin");
- JaasSecurityContext context = new JaasSecurityContext(configInfo, subject);
- service.authenticate( context, null );
+ SecurityConfig configInfo = SecurityConfig.createSecurityInfo(null, null, "FailureLogin", null);
+ service.authenticate( configInfo, subject, null );
}
@Before
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/services/security/SecurityConfigUtilUnitTest.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/services/security/SecurityConfigUtilUnitTest.java 2008-07-29 05:07:48 UTC (rev 21266)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/services/security/SecurityConfigUtilUnitTest.java 2008-07-29 06:31:39 UTC (rev 21267)
@@ -44,7 +44,7 @@
{
final ConfigTree securityFragment = createSecurityFragment(runAs, null, null);
- SecurityConfigInfo securityInfo = SecurityConfigUtil.createSecurityConfigInfo(securityFragment);
+ SecurityConfig securityInfo = SecurityConfigUtil.createSecurityConfig(securityFragment);
assertEquals(runAs, securityInfo.getRunAs());
assertNull(securityInfo.getUseCallerIdentity());
}
@@ -53,7 +53,7 @@
public void createSecurityConfigInfoWithoutAuth()
{
final ConfigTree securityFragment = createSecurityFragment(runAs, null, null);
- SecurityConfigInfo securityInfo = SecurityConfigUtil.createSecurityConfigInfo(securityFragment);
+ SecurityConfig securityInfo = SecurityConfigUtil.createSecurityConfig(securityFragment);
assertEquals(runAs, securityInfo.getRunAs());
assertNull(securityInfo.getUseCallerIdentity());
}
@@ -63,7 +63,7 @@
{
final String callersIdentity = "DrCox";
final ConfigTree securityFragment = createSecurityFragment(runAs, callersIdentity, null);
- SecurityConfigInfo securityInfo = SecurityConfigUtil.createSecurityConfigInfo(securityFragment);
+ SecurityConfig securityInfo = SecurityConfigUtil.createSecurityConfig(securityFragment);
assertEquals(callersIdentity, securityInfo.getUseCallerIdentity());
}
@@ -72,7 +72,7 @@
{
final String moduleName = "testModule";
final ConfigTree securityFragment = createSecurityFragment(runAs, null, moduleName);
- SecurityConfigInfo securityInfo = SecurityConfigUtil.createSecurityConfigInfo(securityFragment);
+ SecurityConfig securityInfo = SecurityConfigUtil.createSecurityConfig(securityFragment);
assertEquals(moduleName, securityInfo.getModuleName());
}
@@ -80,7 +80,7 @@
public void hasRunAs()
{
final ConfigTree securityFragment = createSecurityFragment(runAs, null, null);
- SecurityConfigInfo securityInfo = SecurityConfigUtil.createSecurityConfigInfo(securityFragment);
+ SecurityConfig securityInfo = SecurityConfigUtil.createSecurityConfig(securityFragment);
assertTrue(securityInfo.hasRunAs());
}
Modified: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/build.xml
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/build.xml 2008-07-29 05:07:48 UTC (rev 21266)
+++ labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/build.xml 2008-07-29 06:31:39 UTC (rev 21267)
@@ -68,11 +68,7 @@
<echo message="Copy jbossesb-properties.xml and jaas.login to jbossesb.sar" />
<copy tofile="${org.jboss.esb.server.deploy.dir}/jbossesb.sar/jbossesb-properties.xml" overwrite="true" file="${basedir}/server-jbossesb-properties.xml"/>
<copy tofile="${org.jboss.esb.server.deploy.dir}/jbossesb.sar/AMConfig.properties" overwrite="true" file="${basedir}/AMConfig.properties"/>
- <copy todir="${org.jboss.esb.server.deploy.dir}/jbossesb.sar" overwrite="true">
- <fileset dir="${basedir}">
- <include name="jaas.login"/>
- </fileset>
- </copy>
+ <copy tofile="${org.jboss.esb.server.deploy.dir}/jbossesb.sar/jaas.login" overwrite="true" file="${basedir}/jaas.login"/>
</target>
Modified: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jaas.login
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jaas.login 2008-07-29 05:07:48 UTC (rev 21266)
+++ labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jaas.login 2008-07-29 06:31:39 UTC (rev 21267)
@@ -5,5 +5,5 @@
org.jboss.soa.esb.services.security.TestLoginModule required forceLogin=false;
};
OpenSSOLogin {
- org.jboss.internal.soa.esb.services.security.jaas.OpenSSOLoginModule required orgName=opensso dataStoreModule=DataStore amPropertiesFile="AMConfig.properties";
+ org.jboss.internal.soa.esb.services.security.jaas.OpenSSOLoginModule required orgName=opensso dataStoreModule=DataStore amPropertiesFile="/AMConfig.properties";
};
More information about the jboss-svn-commits
mailing list