Author: bdaw Date: 2011-01-13 05:37:47 -0500 (Thu, 13 Jan 2011) New Revision: 634 Modified: idm/branches/1.1.0/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/helper/Tools.java idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreConfiguration.java idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreSessionImpl.java idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/SimpleLDAPIdentityStoreConfiguration.java Log: - Enable LDAP password encryption with JBoss JAAS SecurityDomain Modified: idm/branches/1.1.0/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/helper/Tools.java =================================================================== --- idm/branches/1.1.0/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/helper/Tools.java 2011-01-10 16:25:50 UTC (rev 633) +++ idm/branches/1.1.0/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/helper/Tools.java 2011-01-13 10:37:47 UTC (rev 634) @@ -22,8 +22,11 @@ package org.picketlink.idm.impl.helper; +import javax.management.MBeanServer; +import javax.management.MBeanServerFactory; import java.util.Arrays; import java.util.Collection; +import java.util.Iterator; import java.util.List; import java.util.Enumeration; import java.util.ArrayList; @@ -38,6 +41,8 @@ public class Tools { + private static MBeanServer instance = null; + public static <E> List<E> toList(Enumeration<E> e) { if (e == null) @@ -231,5 +236,27 @@ } } + public static MBeanServer locateJBoss() + { + synchronized (Tools.class) + { + if (instance != null) + { + return instance; + } + } + for (Iterator i = MBeanServerFactory.findMBeanServer(null).iterator(); i.hasNext(); ) + { + MBeanServer server = (MBeanServer) i.next(); + if (server.getDefaultDomain().equals("jboss")) + { + return server; + } + } + + throw new IllegalStateException("No 'jboss' MBeanServer found!"); + } + + } Modified: idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreConfiguration.java =================================================================== --- idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreConfiguration.java 2011-01-10 16:25:50 UTC (rev 633) +++ idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreConfiguration.java 2011-01-13 10:37:47 UTC (rev 634) @@ -44,6 +44,8 @@ String getAdminPassword(); + String getJaasSecurityDomain(); + String getAuthenticationMethod(); int getSearchTimeLimit(); Modified: idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreSessionImpl.java =================================================================== --- idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreSessionImpl.java 2011-01-10 16:25:50 UTC (rev 633) +++ idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreSessionImpl.java 2011-01-13 10:37:47 UTC (rev 634) @@ -23,13 +23,23 @@ package org.picketlink.idm.impl.store.ldap; import org.picketlink.idm.common.exception.IdentityException; +import org.picketlink.idm.impl.helper.Tools; import org.picketlink.idm.spi.store.IdentityStoreSession; +import java.io.UnsupportedEncodingException; import java.util.Hashtable; +import java.util.Iterator; import java.util.Map; import java.util.logging.Level; import java.util.logging.Logger; +import javax.management.InstanceNotFoundException; +import javax.management.MBeanException; +import javax.management.MBeanServer; +import javax.management.MBeanServerFactory; +import javax.management.MalformedObjectNameException; +import javax.management.ObjectName; +import javax.management.ReflectionException; import javax.naming.Context; import javax.naming.InitialContext; import javax.naming.ldap.InitialLdapContext; @@ -90,10 +100,28 @@ env.put(Context.SECURITY_PRINCIPAL, storeConfig.getAdminDN()); } + + if (storeConfig.getAdminPassword() != null) { - env.put(Context.SECURITY_CREDENTIALS, storeConfig.getAdminPassword()); + String credentials = null; + if (storeConfig.getJaasSecurityDomain() != null) + { + String securityDomain = storeConfig.getJaasSecurityDomain(); + + credentials = getPassword(securityDomain, storeConfig.getAdminPassword()); + } + + else + { + credentials = storeConfig.getAdminPassword(); + } + + + + env.put(Context.SECURITY_CREDENTIALS, credentials); + } if (storeConfig.getAuthenticationMethod() != null) @@ -183,4 +211,29 @@ { return false; } + + public String getPassword(String securityDomain, String encoded) throws Exception + { + + + try + { + ObjectName serviceName = new ObjectName(securityDomain); + MBeanServer server = Tools.locateJBoss(); + + byte[] secret = (byte[]) server.invoke(serviceName, "decode64", new Object[] {encoded}, + new String[] {String.class.getName()}); + + // Convert to UTF-8 base char array + return new String(secret, "UTF-8"); + } + catch (Exception e) + { + log.log(Level.INFO, "Failed to decode LDAP password from JBoss JAAS Security Domain: " + securityDomain, e); + throw new IdentityException("Failed to decode LDAP password from JBoss JAAS Security Domain: " + securityDomain, e); + } + } + + + } Modified: idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/SimpleLDAPIdentityStoreConfiguration.java =================================================================== --- idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/SimpleLDAPIdentityStoreConfiguration.java 2011-01-10 16:25:50 UTC (rev 633) +++ idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/SimpleLDAPIdentityStoreConfiguration.java 2011-01-13 10:37:47 UTC (rev 634) @@ -49,6 +49,8 @@ private final String adminPassword; + private final String jaasSecurityDomain; + private final String authenticationMethod; private final int searchTimeLimit; @@ -104,6 +106,8 @@ public static final String ADMIN_PASSWORD = "adminPassword"; + public static final String SECURITY_DOMAIN_OPT = "jaasSecurityDomain"; + public static final String SEARCH_TIME_LIMIT = "searchTimeLimit"; public static final int SEARCH_TIME_LIMIT_DEFAULT = 10000; @@ -161,6 +165,7 @@ this.adminDN = storeMD.getOptionSingleValue(ADMIN_DN); this.authenticationMethod = storeMD.getOptionSingleValue(AUTHENTICATION_METHOD); this.adminPassword = storeMD.getOptionSingleValue(ADMIN_PASSWORD); + this.jaasSecurityDomain = storeMD.getOptionSingleValue(SECURITY_DOMAIN_OPT); this.externalJNDIContext = storeMD.getOptionSingleValue(EXTERNAL_JNDI_CONTEXT); this.membershipToRelationshipTypeMapping = storeMD.getOptionSingleValue(MEMBERSHIP_TO_RELATIONSHIP_TYPE_MAPPING); this.relationshipNameSearchFilter = storeMD.getOptionSingleValue(RELATIONSHIP_NAME_SEARCH_FILTER); @@ -425,6 +430,11 @@ return adminPassword; } + public String getJaasSecurityDomain() + { + return jaasSecurityDomain; + } + public int getSearchTimeLimit() { return searchTimeLimit;