[jboss-svn-commits] JBL Code SVN: r21270 - in labs/jbossesb/workspace/dbevenius/security/product: rosetta/src/org/jboss/soa/esb/listeners/message and 4 other directories.
jboss-svn-commits at lists.jboss.org
jboss-svn-commits at lists.jboss.org
Tue Jul 29 03:26:38 EDT 2008
Author: beve
Date: 2008-07-29 03:26:38 -0400 (Tue, 29 Jul 2008)
New Revision: 21270
Added:
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityContext.java
Modified:
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/internal/soa/esb/services/security/JaasSecurityService.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/listeners/message/ActionProcessingPipeline.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityService.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/auth/AuthenticationRequest.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/internal/soa/esb/services/security/JaasSecurityServiceUnitTest.java
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/readme.txt
Log:
added a SecurityContext
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/internal/soa/esb/services/security/JaasSecurityService.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/internal/soa/esb/services/security/JaasSecurityService.java 2008-07-29 07:11:28 UTC (rev 21269)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/internal/soa/esb/services/security/JaasSecurityService.java 2008-07-29 07:26:38 UTC (rev 21270)
@@ -35,6 +35,7 @@
import org.jboss.soa.esb.common.Configuration;
import org.jboss.soa.esb.common.Environment;
import org.jboss.soa.esb.services.security.SecurityConfig;
+import org.jboss.soa.esb.services.security.SecurityContext;
import org.jboss.soa.esb.services.security.SecurityService;
import org.jboss.soa.esb.services.security.SecurityServiceException;
import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
@@ -66,9 +67,9 @@
* @throws SecurityServiceException
* @throws LoginException if the authentication fails
*/
- public void authenticate(final SecurityConfig config, Subject subject, final AuthenticationRequest authRequest) throws SecurityServiceException
+ public void authenticate(final SecurityConfig config, SecurityContext securityContext, final AuthenticationRequest authRequest) throws SecurityServiceException
{
- AssertArgument.isNotNull(subject, "subject");
+ AssertArgument.isNotNull(securityContext, "subject");
AssertArgument.isNotNull(config, "config");
LoginContext loginContext;
@@ -80,9 +81,9 @@
callbackHandler.setAuthenticationRequest(authRequest);
}
- loginContext = new LoginContext(config.getModuleName(), subject, callbackHandler, configuration);
+ loginContext = new LoginContext(config.getModuleName(), securityContext.getSubject(), callbackHandler, configuration);
loginContext.login();
- addRunAs(config, subject);
+ addRunAs(config, securityContext.getSubject());
}
catch (final LoginException e)
{
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/listeners/message/ActionProcessingPipeline.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/listeners/message/ActionProcessingPipeline.java 2008-07-29 07:11:28 UTC (rev 21269)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/listeners/message/ActionProcessingPipeline.java 2008-07-29 07:26:38 UTC (rev 21270)
@@ -23,6 +23,7 @@
package org.jboss.soa.esb.listeners.message;
import java.security.PrivilegedAction;
+import java.security.Security;
import java.util.ArrayList;
import java.util.concurrent.atomic.AtomicBoolean;
@@ -53,6 +54,7 @@
import org.jboss.soa.esb.services.persistence.MessageStore;
import org.jboss.soa.esb.services.security.SecurityConfig;
import org.jboss.soa.esb.services.security.SecurityConfigUtil;
+import org.jboss.soa.esb.services.security.SecurityContext;
import org.jboss.soa.esb.services.security.SecurityService;
import org.jboss.soa.esb.services.security.SecurityServiceException;
import org.jboss.soa.esb.services.security.SecurityServiceFactory;
@@ -348,17 +350,17 @@
LOGGER.info("processPipeine secured");
/*
- * If the gateway or another service passed a subject, use that subject for authentication.
- * A subject will only contain Principal(given that they are serializable), but a Principal
+ * If the gateway or another service passed a security context, use that context for authentication.
+ * A SecurityContext's subject will only contain Principal(given that they are serializable), but a Principal
* might represent an id or a SSO Token that can be used for authentication.
- * If a Subject does not exist then create one to drive the authentication.
+ * If a SubjectContext does not exist then create one to drive the authentication.
*/
- Subject subject = (Subject) message.getProperties().getProperty( SecurityService.SUBJECT );
- LOGGER.info("Subject before authentication : " + subject);
+ SecurityContext securityContext = (SecurityContext) message.getProperties().getProperty( SecurityService.CONTEXT );
+ LOGGER.info("Security Context before authentication : " + securityContext);
- if ( subject == null )
+ if ( securityContext == null )
{
- subject = new Subject();
+ securityContext = new SecurityContext();
}
try
@@ -367,10 +369,10 @@
AuthenticationRequest authRequest = (AuthenticationRequest) message.getProperties().getProperty( SecurityService.AUTH_REQUEST );
// perform the authentication
- SecurityServiceFactory.getSecurityService().authenticate(securityConf, subject, authRequest);
+ SecurityServiceFactory.getSecurityService().authenticate(securityConf, securityContext, authRequest);
- // add the subject to the message
- message.getProperties().setProperty( SecurityService.SUBJECT, subject );
+ // add the security context to the message
+ message.getProperties().setProperty( SecurityService.CONTEXT, securityContext );
}
catch (final SecurityServiceException e)
@@ -388,7 +390,7 @@
finally
{
// always remove the authentication request as it contains sensitive information
- //message.getProperties().remove( SecurityService.AUTH_REQUEST );
+ message.getProperties().remove( SecurityService.AUTH_REQUEST );
}
PrivilegedAction<Boolean> action = new PrivilegedAction<Boolean>()
@@ -399,7 +401,7 @@
}
};
- Boolean processResult = (Boolean) Subject.doAsPrivileged(subject, action, null);
+ Boolean processResult = (Boolean) Subject.doAsPrivileged(securityContext.getSubject(), action, null);
return processResult.booleanValue();
}
Added: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityContext.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityContext.java (rev 0)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityContext.java 2008-07-29 07:26:38 UTC (rev 21270)
@@ -0,0 +1,67 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.soa.esb.services.security;
+
+import java.io.Serializable;
+
+import javax.security.auth.Subject;
+
+/**
+ * Security Context contains security related information that
+ * is not sensitive.
+ * <p/>
+ * Note that even though a Subject object instance is serialiable,
+ * is private and public credentials are not(they are transient).
+ * Also not that the Principal interface is not serializable but
+ * all implemenations should be.
+ *
+ *
+ * @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
+ * @since 4.4
+ *
+ */
+public class SecurityContext implements Serializable
+{
+ private static final long serialVersionUID = 1L;
+
+ private Subject subject;
+
+ public SecurityContext()
+ {
+ subject = new Subject();
+ }
+
+ public SecurityContext(Subject subject)
+ {
+ this.subject = subject;
+ }
+
+ public Subject getSubject()
+ {
+ return subject;
+ }
+
+ public String toString()
+ {
+ return "SecurityContext [" + subject + "]";
+ }
+
+}
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityService.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityService.java 2008-07-29 07:11:28 UTC (rev 21269)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityService.java 2008-07-29 07:26:38 UTC (rev 21270)
@@ -41,7 +41,7 @@
/**
* Constant intended for usage as a key in different types of maps.
*/
- String SUBJECT = "org.jboss.soa.esb.services.security.subject";
+ String CONTEXT = "org.jboss.soa.esb.services.security.context";
String AUTH_REQUEST = "org.jboss.soa.esb.services.security.authRequest";
/**
@@ -58,7 +58,7 @@
* @param securityContext - the security context to authenticate
* @throws LoginException - if the authentication was not sucessful
*/
- void authenticate(final SecurityConfig securityConfig, final Subject subject, final AuthenticationRequest authRequest) throws SecurityServiceException;
+ void authenticate(final SecurityConfig securityConfig, final SecurityContext securityContext, final AuthenticationRequest authRequest) throws SecurityServiceException;
/**
* Determines if the subject contains the passed in role in it's
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/auth/AuthenticationRequest.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/auth/AuthenticationRequest.java 2008-07-29 07:11:28 UTC (rev 21269)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/auth/AuthenticationRequest.java 2008-07-29 07:26:38 UTC (rev 21270)
@@ -1,3 +1,23 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
package org.jboss.soa.esb.services.security.auth;
import java.security.Principal;
@@ -4,6 +24,13 @@
import java.util.Map;
import java.util.Set;
+/**
+ * An AuthenticationRequest is intended to carry sensitive security
+ * information between gateways and ESB services.
+ *
+ * @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
+ *
+ */
public interface AuthenticationRequest
{
public abstract Set<?> getCredentials();
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/internal/soa/esb/services/security/JaasSecurityServiceUnitTest.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/internal/soa/esb/services/security/JaasSecurityServiceUnitTest.java 2008-07-29 07:11:28 UTC (rev 21269)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/internal/soa/esb/services/security/JaasSecurityServiceUnitTest.java 2008-07-29 07:26:38 UTC (rev 21270)
@@ -35,6 +35,7 @@
import org.jboss.soa.esb.ConfigurationException;
import org.jboss.soa.esb.common.Environment;
import org.jboss.soa.esb.services.security.SecurityConfig;
+import org.jboss.soa.esb.services.security.SecurityContext;
import org.jboss.soa.esb.services.security.SecurityService;
import org.jboss.soa.esb.services.security.SecurityServiceException;
import org.jboss.soa.esb.services.security.TestPrincipal;
@@ -72,8 +73,9 @@
credentials.add(password);
AuthenticationRequest authRequest = new AuthenticationRequestImpl.Builder(principal, credentials).bulid();
+ SecurityContext context = new SecurityContext(subject);
service.configure();
- service.authenticate(configInfo, subject, authRequest);
+ service.authenticate(configInfo, context, authRequest);
Set<TestPrincipal> principals = subject.getPrincipals( TestPrincipal.class );
assertEquals( 1, principals.size() );
@@ -95,17 +97,18 @@
credentials.add(password);
AuthenticationRequest authRequest = new AuthenticationRequestImpl.Builder(principal, credentials).bulid();
+ SecurityContext context = new SecurityContext(subject);
service.configure();
- service.authenticate(configInfo, subject, authRequest);
+ service.authenticate(configInfo, context, authRequest);
Set<?> principals = subject.getPrincipals();
assertEquals( 1, principals.size() );
assertTrue( principals.iterator().next() instanceof SSOPrincipal );
- service.authenticate(configInfo, subject, authRequest);
- service.authenticate(configInfo, subject, authRequest);
- service.authenticate(configInfo, subject, authRequest);
- service.authenticate(configInfo, subject, authRequest);
+ service.authenticate(configInfo, context, authRequest);
+ service.authenticate(configInfo, context, authRequest);
+ service.authenticate(configInfo, context, authRequest);
+ service.authenticate(configInfo, context, authRequest);
principals = subject.getPrincipals();
assertEquals( 1, principals.size() );
assertTrue( principals.iterator().next() instanceof SSOPrincipal );
@@ -117,7 +120,8 @@
{
SecurityConfig configInfo = SecurityConfig.createSecurityInfo("adminRole", null, "SuccessfulLogin", null);
- service.authenticate(configInfo, subject, null);
+ SecurityContext context = new SecurityContext(subject);
+ service.authenticate(configInfo, context, null);
Set<Principal> principals = subject.getPrincipals( Principal.class );
assertEquals( 2, principals.size() );
@@ -128,7 +132,8 @@
{
final String roleName = "adminRole";
SecurityConfig configInfo = SecurityConfig.createSecurityInfo(roleName, null, "SuccessfulLogin", null);
- service.authenticate(configInfo, subject, null);
+ SecurityContext context = new SecurityContext(subject);
+ service.authenticate(configInfo, context, null);
Subject subject = new Subject();
subject.getPrincipals().add(new Role(roleName));
assertTrue( service.isCallerInRole(subject, new Role(roleName)));
@@ -138,7 +143,8 @@
public void loginFailure() throws ConfigurationException, SecurityServiceException
{
SecurityConfig configInfo = SecurityConfig.createSecurityInfo(null, null, "FailureLogin", null);
- service.authenticate( configInfo, subject, null );
+ SecurityContext context = new SecurityContext(subject);
+ service.authenticate( configInfo, context, null );
}
@Before
Modified: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/readme.txt
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/readme.txt 2008-07-29 07:11:28 UTC (rev 21269)
+++ labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/readme.txt 2008-07-29 07:26:38 UTC (rev 21270)
@@ -1,15 +1,15 @@
-Overview:
-=========
- The purpose of the opensso quickstart demonstrate integration with OpenSSO (Single Sign On)
+Overview:
+=========
+ The purpose of the opensso quickstart demonstrate integration with OpenSSO (Single Sign On)
-
-Running this quickstart:
-========================
- Please refer to 'ant help-quickstarts' for prerequisites about the quickstarts
- and a more detailed descripton of the different ways to run the quickstarts.
-
+
+Running this quickstart:
+========================
+ Please refer to 'ant help-quickstarts' for prerequisites about the quickstarts
+ and a more detailed descripton of the different ways to run the quickstarts.
+
Install and configure OpenSSO:
-===========================
+===========================
Install and configure OpenSSO:
1. Execute 'ant deploy-opensso' from the command line.
Unpacks the opensso.war to the esbserver.
@@ -25,9 +25,9 @@
proprerties needed to install the OpenSSOSecrityService in the ESB.
8. Restart the server
-To Run '.esb' archive mode:
-===========================
- 1. Type 'ant deploy'.
+To Run '.esb' archive mode:
+===========================
+ 1. Type 'ant deploy'.
2. Type 'ant runtest'
What to look for in this quickstart
More information about the jboss-svn-commits
mailing list