2:36 p.m.
Author: sohil.shah(a)jboss.com
Date: 2010-11-12 15:36:12 -0500 (Fri, 12 Nov 2010)
New Revision: 5076
Modified:
components/sso/branches/sso-wci/agent/pom.xml
components/sso/branches/sso-wci/agent/src/main/java/org/gatein/sso/agent/cas/CASAgent.java
components/sso/branches/sso-wci/agent/src/main/java/org/gatein/sso/agent/josso/JOSSOAgent.java
components/sso/branches/sso-wci/agent/src/main/java/org/gatein/sso/agent/login/SSOLoginModule.java
components/sso/branches/sso-wci/agent/src/main/java/org/gatein/sso/agent/opensso/OpenSSOAgent.java
components/sso/branches/sso-wci/pom.xml
Log:
working CAS
Modified: components/sso/branches/sso-wci/agent/pom.xml
===================================================================
--- components/sso/branches/sso-wci/agent/pom.xml 2010-11-12 19:33:09 UTC (rev 5075)
+++ components/sso/branches/sso-wci/agent/pom.xml 2010-11-12 20:36:12 UTC (rev 5076)
@@ -13,7 +13,7 @@
<properties>
<!-- ChangeMe to your specific local environment -->
- <gatein.location>/home/soshah/projects/gatein/portal/trunk/packaging/pkg/target/jboss/server/gatein-spnego</gatein.location>
+ <gatein.location>/home/soshah/projects/gatein/modules/gatein-wci-branch/packaging/pkg/target/jboss/server/gatein-cas</gatein.location>
</properties>
<dependencies>
@@ -35,6 +35,10 @@
<groupId>org.exoplatform.core</groupId>
<artifactId>exo.core.component.organization.api</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.gatein.wci</groupId>
+ <artifactId>wci-wci</artifactId>
+ </dependency>
<dependency>
<groupId>commons-httpclient</groupId>
Modified:
components/sso/branches/sso-wci/agent/src/main/java/org/gatein/sso/agent/cas/CASAgent.java
===================================================================
---
components/sso/branches/sso-wci/agent/src/main/java/org/gatein/sso/agent/cas/CASAgent.java 2010-11-12
19:33:09 UTC (rev 5075)
+++
components/sso/branches/sso-wci/agent/src/main/java/org/gatein/sso/agent/cas/CASAgent.java 2010-11-12
20:36:12 UTC (rev 5076)
@@ -25,13 +25,11 @@
import javax.servlet.http.HttpServletRequest;
+import org.gatein.sso.agent.GenericSSOAgent;
+import org.gatein.wci.security.Credentials;
import org.jasig.cas.client.validation.Cas20ProxyTicketValidator;
import org.jasig.cas.client.validation.Assertion;
-import org.exoplatform.web.security.Credentials;
-
-import org.gatein.sso.agent.GenericSSOAgent;
-
/**
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
*/
@@ -77,22 +75,24 @@
public void validateTicket(HttpServletRequest httpRequest, String ticket) throws
Exception
{
Cas20ProxyTicketValidator ticketValidator = new
Cas20ProxyTicketValidator(casServerUrl);
- ticketValidator.setRenew(this.renewTicket);
-
- String serviceUrl = "http://"+ httpRequest.getServerName() +":" +
httpRequest.getServerPort() +
- httpRequest.getContextPath() +"/private/classic";
- Assertion assertion = ticketValidator.validate(ticket, serviceUrl);
-
-
log.debug("------------------------------------------------------------------------------------");
- log.debug("Service: "+serviceUrl);
- log.debug("Principal: "+assertion.getPrincipal().getName());
-
log.debug("------------------------------------------------------------------------------------");
-
-
- //Use empty password....it shouldn't be needed...this is a SSO login. The
password has
- //already been presented with the SSO server. It should not be passed around for
- //better security
- Credentials credentials = new Credentials(assertion.getPrincipal().getName(),
"");
- httpRequest.getSession().setAttribute(GenericSSOAgent.CREDENTIALS, credentials);
+ ticketValidator.setRenew(this.renewTicket);
+
+ String serviceUrl = "http://"+ httpRequest.getServerName() +":"
+ httpRequest.getServerPort() +
+ httpRequest.getContextPath() +"/private/classic";
+ Assertion assertion = ticketValidator.validate(ticket, serviceUrl);
+
+
log.debug("------------------------------------------------------------------------------------");
+ log.debug("Service: "+serviceUrl);
+ log.debug("Principal: "+assertion.getPrincipal().getName());
+
log.debug("------------------------------------------------------------------------------------");
+
+
+ //Use empty password....it shouldn't be needed...this is a SSO login. The
password has
+ //already been presented with the SSO server. It should not be passed around for
+ //better security
+ String principal = assertion.getPrincipal().getName();
+ Credentials credentials = new Credentials(principal, "");
+ httpRequest.getSession().setAttribute(GenericSSOAgent.CREDENTIALS, credentials);
+ httpRequest.getSession().setAttribute("username", principal);
}
}
Modified:
components/sso/branches/sso-wci/agent/src/main/java/org/gatein/sso/agent/josso/JOSSOAgent.java
===================================================================
---
components/sso/branches/sso-wci/agent/src/main/java/org/gatein/sso/agent/josso/JOSSOAgent.java 2010-11-12
19:33:09 UTC (rev 5075)
+++
components/sso/branches/sso-wci/agent/src/main/java/org/gatein/sso/agent/josso/JOSSOAgent.java 2010-11-12
20:36:12 UTC (rev 5076)
@@ -26,7 +26,7 @@
import org.apache.log4j.Logger;
-import org.exoplatform.web.security.Credentials;
+import org.gatein.wci.security.Credentials;
import org.gatein.sso.agent.GenericSSOAgent;
import org.josso.agent.Lookup;
Modified:
components/sso/branches/sso-wci/agent/src/main/java/org/gatein/sso/agent/login/SSOLoginModule.java
===================================================================
---
components/sso/branches/sso-wci/agent/src/main/java/org/gatein/sso/agent/login/SSOLoginModule.java 2010-11-12
19:33:09 UTC (rev 5075)
+++
components/sso/branches/sso-wci/agent/src/main/java/org/gatein/sso/agent/login/SSOLoginModule.java 2010-11-12
20:36:12 UTC (rev 5076)
@@ -21,35 +21,49 @@
*/
package org.gatein.sso.agent.login;
+import java.lang.reflect.Method;
+
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.LoginException;
+import javax.servlet.http.HttpServletRequest;
-import org.exoplatform.container.ExoContainer;
import org.exoplatform.services.log.ExoLogger;
import org.exoplatform.services.log.Log;
import org.exoplatform.services.security.Authenticator;
import org.exoplatform.services.security.Identity;
import org.exoplatform.services.security.UsernameCredential;
import org.exoplatform.services.security.jaas.AbstractLoginModule;
-import org.exoplatform.web.security.Credentials;
-import org.exoplatform.web.security.security.CookieTokenService;
-import org.exoplatform.web.security.security.TransientTokenService;
/**
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
*/
public final class SSOLoginModule extends AbstractLoginModule
{
- private static final Log LOG = ExoLogger.getLogger(SSOLoginModule.class
+ private static final Log log = ExoLogger.getLogger(SSOLoginModule.class
.getName());
+
+ /** JACC get context method. */
+ private static Method getContextMethod;
- protected Log getLogger()
- {
- return LOG;
- }
-
+ static
+ {
+ try
+ {
+ Class<?> policyContextClass =
Thread.currentThread().getContextClassLoader().loadClass("javax.security.jacc.PolicyContext");
+ getContextMethod = policyContextClass.getDeclaredMethod("getContext",
String.class);
+ }
+ catch (ClassNotFoundException ignore)
+ {
+ log.debug("JACC not found ignoring it", ignore);
+ }
+ catch (Exception e)
+ {
+ log.error("Could not obtain JACC get context method", e);
+ }
+ }
+
public boolean login() throws LoginException
{
try
@@ -61,33 +75,37 @@
String password = new String(((PasswordCallback) callbacks[1])
.getPassword());
-
- ExoContainer container = getContainer();
- Object o = ((TransientTokenService) container
- .getComponentInstanceOfType(TransientTokenService.class))
- .validateToken(password, true);
- if (o == null)
- o = ((CookieTokenService) container
- .getComponentInstanceOfType(CookieTokenService.class))
- .validateToken(password, false);
- String username = null;
- if (o instanceof Credentials)
- {
- Credentials wc = (Credentials)o;
- username = wc.getUsername();
- }
-
+ //
+ // For clustered config check credentials stored and propagated in session.
This won't work in tomcat because
+ // of lack of JACC PolicyContext so the code must be a bit defensive
+ String username = null;
+ if (getContextMethod != null &&
password.startsWith("wci-ticket"))
+ {
+ HttpServletRequest request;
+ try
+ {
+ request = (HttpServletRequest)getContextMethod.invoke(null,
"javax.servlet.http.HttpServletRequest");
+ username =
(String)request.getSession().getAttribute("username");
+ }
+ catch(Throwable e)
+ {
+ log.error(this,e);
+ log.error("LoginModule error. Turn off session credentials checking
with proper configuration option of " +
+ "LoginModule set to false");
+ }
+ }
+
if (username == null)
{
- //SSO token could not be validated...hence a user id cannot be found
- LOG.error("---------------------------------------------------------");
- LOG.error("SSOLogin Failed. Credential Not Found!!");
- LOG.error("---------------------------------------------------------");
- return false;
+ //SSO token could not be validated...hence a user id cannot be found
+ log.error("---------------------------------------------------------");
+ log.error("SSOLogin Failed. Credential Not Found!!");
+ log.error("---------------------------------------------------------");
+ return false;
}
-
+ //Perform authentication by setting up the proper Application State
Authenticator authenticator = (Authenticator) getContainer()
.getComponentInstanceOfType(Authenticator.class);
@@ -125,4 +143,10 @@
{
return true;
}
-}
+
+ @Override
+ protected Log getLogger()
+ {
+ return log;
+ }
+}
\ No newline at end of file
Modified:
components/sso/branches/sso-wci/agent/src/main/java/org/gatein/sso/agent/opensso/OpenSSOAgent.java
===================================================================
---
components/sso/branches/sso-wci/agent/src/main/java/org/gatein/sso/agent/opensso/OpenSSOAgent.java 2010-11-12
19:33:09 UTC (rev 5075)
+++
components/sso/branches/sso-wci/agent/src/main/java/org/gatein/sso/agent/opensso/OpenSSOAgent.java 2010-11-12
20:36:12 UTC (rev 5076)
@@ -31,7 +31,8 @@
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.methods.PostMethod;
-import org.exoplatform.web.security.Credentials;
+
+import org.gatein.wci.security.Credentials;
import org.gatein.sso.agent.GenericSSOAgent;
/**
@@ -70,6 +71,11 @@
{
String token = null;
Cookie[] cookies = httpRequest.getCookies();
+ if(cookies == null)
+ {
+ return;
+ }
+
for(Cookie cookie: cookies)
{
if(cookie.getName().equals(this.cookieName))
Modified: components/sso/branches/sso-wci/pom.xml
===================================================================
--- components/sso/branches/sso-wci/pom.xml 2010-11-12 19:33:09 UTC (rev 5075)
+++ components/sso/branches/sso-wci/pom.xml 2010-11-12 20:36:12 UTC (rev 5076)
@@ -70,7 +70,11 @@
<!-- exo -->
<org.exoplatform.core.version>2.3.2-GA</org.exoplatform.core.version>
<org.exoplatform.ws.version>2.1.2-GA</org.exoplatform.ws.version>
+ <!--
<org.exoplatform.portal.version>3.1.0-GA</org.exoplatform.portal.version>
+ -->
+ <org.exoplatform.portal.version>3.2.0-Beta01-SNAPSHOT</org.exoplatform.portal.version>
+ <org.gatein.wci.version>2.1.0-Alpha01-SNAPSHOT</org.gatein.wci.version>
<!-- JAX-RS jsr-311 -->
<version.javax.ws.rs>1.0</version.javax.ws.rs>
@@ -194,6 +198,11 @@
<artifactId>exo.portal.component.web</artifactId>
<version>${org.exoplatform.portal.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.gatein.wci</groupId>
+ <artifactId>wci-wci</artifactId>
+ <version>${org.gatein.wci.version}</version>
+ </dependency>
<!-- servlet-api -->