3:17 p.m.
Ricardo Arguello [https://community.jboss.org/people/ricardoarguello] created the
discussion
"IronJacamar Oracle Reauthentication support"
To view the discussion, visit: https://community.jboss.org/message/757365#757365
--------------------------------------------------------------
Anybody interested in helping me test this?
https://github.com/rarguello/ironjacamar-oracle-reauth
https://github.com/rarguello/ironjacamar-oracle-reauth
--
Ricardo Arguello
--------------------------------------------------------------
Reply to this message by going to Community
[https://community.jboss.org/message/757365#757365]
Start a new discussion in IronJacamar Development at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&...]
7:27 a.m.
New subject: [IronJacamar Development] - Re: IronJacamar Oracle Reauthentication support
Jesper Pedersen [https://community.jboss.org/people/jesper.pedersen] created the
discussion
"Re: IronJacamar Oracle Reauthentication support"
To view the discussion, visit: https://community.jboss.org/message/757771#757771
--------------------------------------------------------------
Hi Richardo, feel free to submit the plugin once it is done. Then I'll include it in
our distributions.
Thanks for working on this :)
--------------------------------------------------------------
Reply to this message by going to Community
[https://community.jboss.org/message/757771#757771]
Start a new discussion in IronJacamar Development at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&...]
11:35 a.m.
New subject: [IronJacamar Development] - Re: IronJacamar Oracle Reauthentication support
Ricardo Arguello [https://community.jboss.org/people/ricardoarguello] created the
discussion
"Re: IronJacamar Oracle Reauthentication support"
To view the discussion, visit: https://community.jboss.org/message/831187#831187
--------------------------------------------------------------
Hi Jesper,
I'm working on a fork on GitHub, so I can send you a Pull Request.
Should I create an issue on Jira?
--------------------------------------------------------------
Reply to this message by going to Community
[https://community.jboss.org/message/831187#831187]
Start a new discussion in IronJacamar Development at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&...]
5 a.m.
New subject: [IronJacamar Development] - Re: IronJacamar Oracle Reauthentication support
Jesper Pedersen [https://community.jboss.org/people/jesper.pedersen] created the
discussion
"Re: IronJacamar Oracle Reauthentication support"
To view the discussion, visit: https://community.jboss.org/message/831375#831375
--------------------------------------------------------------
Yes, please - feature request / JDBC. Then submit a pull request with the JIRA number in
the commit message, and note on the pull request that is the code is submitted under the
MIT license.
Keep the license header - verify with "ant checkstyle".
Thanks !
--------------------------------------------------------------
Reply to this message by going to Community
[https://community.jboss.org/message/831375#831375]
Start a new discussion in IronJacamar Development at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&...]
1:43 a.m.
New subject: [IronJacamar Development] - Re: IronJacamar Oracle Reauthentication support
Ricardo Arguello [https://community.jboss.org/people/ricardoarguello] created the
discussion
"Re: IronJacamar Oracle Reauthentication support"
To view the discussion, visit: https://community.jboss.org/message/831527#831527
--------------------------------------------------------------
I created this issue:
[JBJCA-1068] Oracle Reauthentication plugin
https://issues.jboss.org/browse/JBJCA-1068 https://issues.jboss.org/browse/JBJCA-1068
And this Pull Request:
https://github.com/ironjacamar/ironjacamar/pull/49
https://github.com/ironjacamar/ironjacamar/pull/49
Thanks!
--------------------------------------------------------------
Reply to this message by going to Community
[https://community.jboss.org/message/831527#831527]
Start a new discussion in IronJacamar Development at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&...]
1:47 a.m.
New subject: [IronJacamar Development] - Re: IronJacamar Oracle Reauthentication support
Jesper Pedersen [https://community.jboss.org/people/jesper.pedersen] created the
discussion
"Re: IronJacamar Oracle Reauthentication support"
To view the discussion, visit: https://community.jboss.org/message/831528#831528
--------------------------------------------------------------
This will be in 1.1.0.Final - thanks again.
--------------------------------------------------------------
Reply to this message by going to Community
[https://community.jboss.org/message/831528#831528]
Start a new discussion in IronJacamar Development at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&...]
6:41 a.m.
New subject: [IronJacamar Development] - Re: IronJacamar Oracle Reauthentication support
Peter Fry [https://community.jboss.org/people/peterfry] created the discussion
"Re: IronJacamar Oracle Reauthentication support"
To view the discussion, visit: https://community.jboss.org/message/833528#833528
--------------------------------------------------------------
Is there a test case for this component. I am trying to support Oracle Proxy
Authentication on EAP 6.0.1 but without any joy. My main stumbling block is the
configuration of the security section of the datasource:
<subsystem xmlns=++"urn:jboss:domain:datasources:1.1"++>
<xa-datasource jndi-name=++"java:jboss/datasources/someDS"++
pool-name=++"java:jboss/datasources/someDS_Pool"++>
<datasources>
<xa-datasource-property name=++"URL"++>
jdbc:oracle:thin:@%DATABASE_HOST%:%DATABASE_PORT%:%DATABASE_SID%
<xa-pool>
<is-same-rm-override>false</is-same-rm-override>
<no-tx-separate-pools>true</no-tx-separate-pools>
</xa-pool>
<security> <!--<user-name>USERNAME</user-name>
<password>PASSWORD</password>
<reauth-plugin class-name="org.me.OracleReauthPlugin"/>-->
<security-domain>demo</security-domain>
</security>
<validation>
<valid-connection-checker
class-name=++"org.jboss.jca.adapters.jdbc.extensions.oracle.OracleValidConnectionChecker"++/>
<stale-connection-checker
class-name=++"org.jboss.jca.adapters.jdbc.extensions.oracle.OracleStaleConnectionChecker"++/>
<exception-sorter
class-name=++"org.jboss.jca.adapters.jdbc.extensions.oracle.OracleExceptionSorter"++/>
</validation>
</xa-datasource>
<drivers>
<driver name=++"oracle"++ module=++"com.oracle"++>
<xa-datasource-class>oracle.jdbc.xa.client.OracleXADataSource</xa-datasource-class>
</driver>
</drivers>
</datasources>
</subsystem>
</xa-datasource-property>
<driver>oracle</driver>
I have added a security domain
<subsystem xmlns="urn:jboss:domain:security:1.2">
<security-domains>
<security-domain name="other"
cache-type="default">
<authentication>
<login-module code="Remoting"
flag="optional">
<module-option name="password-stacking"
value="useFirstPass"/>
</login-module>
<login-module code="RealmDirect"
flag="required">
<module-option name="password-stacking"
value="useFirstPass"/>
</login-module>
</authentication>
</security-domain>
<security-domain name="jboss-web-policy"
cache-type="default">
<authorization>
<policy-module code="Delegating"
flag="required"/>
</authorization>
</security-domain>
<security-domain name="jboss-ejb-policy"
cache-type="default">
<authorization>
<policy-module code="Delegating"
flag="required"/>
</authorization>
</security-domain>
<security-domain name="brms"
cache-type="default">
<authentication>
<login-module code="UsersRoles"
flag="required">
<module-option name="usersProperties"
value="${jboss.server.config.dir}/brms-users.properties"/>
<module-option name="rolesProperties"
value="${jboss.server.config.dir}/brms-roles.properties"/>
</login-module>
</authentication>
</security-domain>
<!-- Introduced for demonstrating Oracle Proxy Authentication -->
<security-domain name="demo" cache-type="default">
<authentication>
<login-module code="SimpleUsers" flag="sufficient">
<module-option name="username"
value="USERNAME"/>
<module-option name="password"
value="PASSWORD"/>
</login-module>
<login-module code="UsersRoles" flag="sufficient">
<module-option name="usersProperties"
value="${jboss.server.config.dir}/demo-users.properties"/>
<module-option name="rolesProperties"
value="${jboss.server.config.dir}/demo-roles.properties"/>
</login-module>
</authentication>
</security-domain>
</security-domains>
</subsystem>
I'm then running a arquillian test
import java.security.PrivilegedAction;
import java.sql.SQLException;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.ejb.EJB;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.arquillian.junit.Arquillian;
import org.jboss.arquillian.secureejb.JBossLoginContextFactory;
import org.jboss.arquillian.secureejb.demo.SecurityRoles;
import org.jboss.shrinkwrap.api.ShrinkWrap;
import org.jboss.shrinkwrap.api.asset.EmptyAsset;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.me.TestEjb;
@RunWith(Arquillian.class)
public class OracleReauthPluginTest {
private static final Logger logger =
Logger.getLogger(OracleReauthPluginTest.class.getName());
@EJB
private TestEjb testEjb;
@Deployment
public static WebArchive createTestArchive() {
WebArchive webArchive = ShrinkWrap.create(WebArchive.class, "test.war")
.addClasses(JBossLoginContextFactory.class, SecurityRoles.class,
TestEjb.class)
.addAsWebInfResource("META-INF/ejb-jar.xml").addAsWebInfResource("META-INF/jboss-ejb3.xml")
.addAsWebInfResource(EmptyAsset.INSTANCE,
"beans.xml").addAsResource("users.properties")
.addAsResource("roles.properties");
return webArchive;
}
@Test
public void testAuthorisedSecureOperation() throws LoginException {
LoginContext loginContext =
JBossLoginContextFactory.createLoginContext("user1", "password");
loginContext.login();
try {
Subject.doAs(loginContext.getSubject(), new PrivilegedAction<Void>() {
@Override
public Void run() {
try {
testEjb.performSecureOperation();
} catch (SQLException e) {
logger.log(Level.SEVERE, "EJB oepration failed", e);
}
return null;
}
});
} finally {
loginContext.logout();
}
}
}
With the logon context being supplied by
package org.jboss.arquillian.secureejb;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.resource.spi.security.PasswordCredential;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
/**
* Provides a https://community.jboss.org/mailto:{@link {@link LoginContext} for use by
unit tests. It is driven by users.properties and roles.properties files as
* described in <a href="
https://community.jboss.org/wiki/UsersRolesLoginModule">Users...
https://community.jboss.org/wiki/UsersRolesLoginModule">UsersRole...
*/
public class JBossLoginContextFactory {
static class NamePasswordCallbackHandler implements CallbackHandler {
private final String username;
private final String password;
private NamePasswordCallbackHandler(String username, String password) {
this.username = username;
this.password = password;
}
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (Callback current : callbacks) {
if (current instanceof NameCallback) {
((NameCallback) current).setName(username);
} else if (current instanceof PasswordCallback) {
((PasswordCallback) current).setPassword(password.toCharArray());
} else {
throw new UnsupportedCallbackException(current);
}
}
}
}
static class JBossJaasConfiguration extends Configuration {
private final String configurationName;
JBossJaasConfiguration(String configurationName) {
this.configurationName = configurationName;
}
@Override
public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
if (!configurationName.equals(name)) {
throw new IllegalArgumentException("Unexpected configuration name
'" + name + "'");
}
return new AppConfigurationEntry[] {
createUsersRolesLoginModuleConfigEntry(),
createClientLoginModuleConfigEntry(),
};
}
/**
* The https://community.jboss.org/mailto:{@link {@link
org.jboss.security.auth.spi.UsersRolesLoginModule} creates the association between users
and
* roles.
*
* @return
*/
private AppConfigurationEntry createUsersRolesLoginModuleConfigEntry() {
Map<String, String> options = new HashMap<String, String>();
return new
AppConfigurationEntry("org.jboss.security.auth.spi.UsersRolesLoginModule",
AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options);
}
/**
* The https://community.jboss.org/mailto:{@link {@link
org.jboss.security.ClientLoginModule} associates the user credentials with the
* https://community.jboss.org/mailto:{@link {@link
org.jboss.security.SecurityContext} where the JBoss security runtime can find it.
*
* @return
*/
private AppConfigurationEntry createClientLoginModuleConfigEntry() {
Map<String, String> options = new HashMap<String, String>();
options.put("multi-threaded", "true");
options.put("restore-login-identity", "true");
return new
AppConfigurationEntry("org.jboss.security.ClientLoginModule",
AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options);
}
}
/**
* Obtain a LoginContext configured for use with the ClientLoginModule.
*
* @return the configured LoginContext.
*/
public static LoginContext createLoginContext(final String username, final String
password) throws LoginException {
final String configurationName = "Arquillian Testing";
CallbackHandler cbh = new
JBossLoginContextFactory.NamePasswordCallbackHandler(username, password);
Configuration config = new JBossJaasConfiguration(configurationName);
Subject subject = new Subject();
PasswordCredential credential = new PasswordCredential(username,
password.toCharArray());
subject.getPrivateCredentials().add(credential);
return new LoginContext(configurationName, subject, cbh, config);
}
}
The problem I have is that in BaseWrapperManagedConnectionFactory.SubjectActions.run() the
subject has no private credentials.
Is the approach I'm taking (in terms of setting up an integration test) correct? I am
hacking around with this.
--------------------------------------------------------------
Reply to this message by going to Community
[https://community.jboss.org/message/833528#833528]
Start a new discussion in IronJacamar Development at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&...]
4139
days inactive
4495
days old
jboss-dev-forums@lists.jboss.org
6 comments
3 participants
participants (3)
-
Jesper Pedersen -
Peter Fry
-
Ricardo Arguello