2:57 p.m.
Author: sohil.shah(a)jboss.com
Date: 2007-08-22 15:57:38 -0400 (Wed, 22 Aug 2007)
New Revision: 8038
Added:
branches/2_6_CAS_Integration/identity/josso/
branches/2_6_CAS_Integration/identity/josso/config/
branches/2_6_CAS_Integration/identity/josso/config/context.xml
branches/2_6_CAS_Integration/identity/josso/config/error.jsp
branches/2_6_CAS_Integration/identity/josso/config/josso-1.5.jar
branches/2_6_CAS_Integration/identity/josso/config/josso-agent-config.xml
branches/2_6_CAS_Integration/identity/josso/config/josso-common-1.5.jar
branches/2_6_CAS_Integration/identity/josso/config/josso-config.xml
branches/2_6_CAS_Integration/identity/josso/config/josso-gateway-config.xml
branches/2_6_CAS_Integration/identity/josso/config/josso-jboss4-plugin-1.5.jar
branches/2_6_CAS_Integration/identity/josso/config/josso-tomcat55-plugin-1.5.jar
branches/2_6_CAS_Integration/identity/josso/config/login-config.xml
branches/2_6_CAS_Integration/identity/josso/config/login.jsp
branches/2_6_CAS_Integration/identity/josso/config/server.xml
branches/2_6_CAS_Integration/identity/josso/lib/
branches/2_6_CAS_Integration/identity/josso/lib/josso-1.5.jar
branches/2_6_CAS_Integration/identity/josso/lib/josso-jboss4-plugin-1.5.jar
branches/2_6_CAS_Integration/identity/josso/lib/josso-tomcat55-plugin-1.5.jar
branches/2_6_CAS_Integration/identity/src/main/org/jboss/portal/identity/auth/JOSSOIdentityService.java
branches/2_6_CAS_Integration/identity/src/main/org/jboss/portal/identity/auth/JOSSOIdentityServiceImpl.java
branches/2_6_CAS_Integration/identity/src/main/org/jboss/portal/identity/auth/JOSSOIdentityStore.java
branches/2_6_CAS_Integration/identity/src/main/org/jboss/portal/identity/auth/JOSSOLoginModule.java
branches/2_6_CAS_Integration/identity/src/main/org/jboss/portal/identity/auth/JOSSOLogoutValve.java
Modified:
branches/2_6_CAS_Integration/core/build.xml
branches/2_6_CAS_Integration/core/src/main/org/jboss/portal/core/model/portal/PortalObjectPermission.java
branches/2_6_CAS_Integration/core/src/resources/portal-core-sar/META-INF/jboss-service.xml
branches/2_6_CAS_Integration/identity/build.xml
branches/2_6_CAS_Integration/identity/src/main/org/jboss/portal/identity/auth/CASAuthenticationService.java
branches/2_6_CAS_Integration/thirdparty/
Log:
JOSSO Single Sign On Framework integration
Modified: branches/2_6_CAS_Integration/core/build.xml
===================================================================
--- branches/2_6_CAS_Integration/core/build.xml 2007-08-22 17:39:30 UTC (rev 8037)
+++ branches/2_6_CAS_Integration/core/build.xml 2007-08-22 19:57:38 UTC (rev 8038)
@@ -743,6 +743,7 @@
</copy>
</target>
+ <!-- Deploying the CAS SSO Framework integration -->
<target name="deploy-cas" depends="deploy-explode">
<require file="${jboss.home}/server/${portal.deploy.dir}"/>
<delete
file="${jboss.home}/server/${portal.deploy.dir}/jboss-portal.sar/lib/casclient-lenient.jar"/>
@@ -774,5 +775,29 @@
<copy
todir="${jboss.home}/server/${portal.deploy.dir}/cas.war/WEB-INF/lib"
overwrite="true">
<fileset
dir="${jboss.home}/server/${portal.deploy.dir}/jboss-portal.sar/lib"
includes="portal-identity-lib.jar"/>
</copy>
- </target>
+ </target>
+
+
+ <!-- Deploying the JOSSO SSO Framework integration -->
+ <target name="deploy-josso" depends="deploy-explode">
+ <require file="${jboss.home}/server/${portal.deploy.dir}"/>
+ <copy todir="${jboss.home}/server/${portal.deploy.dir}/../conf"
overwrite="true">
+ <fileset dir="../identity/josso/config"
includes="josso-agent-config.xml, josso-config.xml, login-config.xml"/>
+ </copy>
+ <copy
todir="${jboss.home}/server/${portal.deploy.dir}/jbossweb-tomcat55.sar"
overwrite="true">
+ <fileset dir="../identity/josso/config" includes="server.xml,
josso-1.5.jar, josso-common-1.5.jar, josso-jboss4-plugin-1.5.jar,
josso-tomcat55-plugin-1.5.jar"/>
+ </copy>
+ <copy
todir="${jboss.home}/server/${portal.deploy.dir}/jboss-portal.sar/portal-server.war"
overwrite="true">
+ <fileset dir="../identity/josso/config" includes="login.jsp,
error.jsp"/>
+ </copy>
+ <copy
todir="${jboss.home}/server/${portal.deploy.dir}/jboss-portal.sar/portal-server.war/WEB-INF"
overwrite="true">
+ <fileset dir="../identity/josso/config"
includes="context.xml"/>
+ </copy>
+ <copy
todir="${jboss.home}/server/${portal.deploy.dir}/josso.war/WEB-INF/classes"
overwrite="true">
+ <fileset dir="../identity/josso/config"
includes="josso-gateway-config.xml"/>
+ </copy>
+ <copy
todir="${jboss.home}/server/${portal.deploy.dir}/josso.war/WEB-INF/lib"
overwrite="true">
+ <fileset
dir="${jboss.home}/server/${portal.deploy.dir}/jboss-portal.sar/lib"
includes="portal-identity-lib.jar"/>
+ </copy>
+ </target>
</project>
Modified:
branches/2_6_CAS_Integration/core/src/main/org/jboss/portal/core/model/portal/PortalObjectPermission.java
===================================================================
---
branches/2_6_CAS_Integration/core/src/main/org/jboss/portal/core/model/portal/PortalObjectPermission.java 2007-08-22
17:39:30 UTC (rev 8037)
+++
branches/2_6_CAS_Integration/core/src/main/org/jboss/portal/core/model/portal/PortalObjectPermission.java 2007-08-22
19:57:38 UTC (rev 8038)
@@ -29,6 +29,7 @@
import org.jboss.portal.security.spi.provider.PermissionRepository;
import javax.security.auth.Subject;
+import java.security.Principal;
import java.security.Permission;
import java.util.Collection;
import java.util.Iterator;
@@ -273,7 +274,7 @@
caller != null &&
thisPath.getLength() < thatPath.getLength())
{
- Set tmp = caller.getPrincipals(UserPrincipal.class);
+ Set tmp = caller.getPrincipals();
if (tmp.size() > 0)
{
Iterator i1 = thisPath.names();
@@ -292,7 +293,7 @@
//
Iterator i = tmp.iterator();
- UserPrincipal user = (UserPrincipal)i.next();
+ Principal user = (Principal)i.next();
String userName = user.getName();
//
Modified:
branches/2_6_CAS_Integration/core/src/resources/portal-core-sar/META-INF/jboss-service.xml
===================================================================
---
branches/2_6_CAS_Integration/core/src/resources/portal-core-sar/META-INF/jboss-service.xml 2007-08-22
17:39:30 UTC (rev 8037)
+++
branches/2_6_CAS_Integration/core/src/resources/portal-core-sar/META-INF/jboss-service.xml 2007-08-22
19:57:38 UTC (rev 8038)
@@ -529,6 +529,14 @@
<depends>portal:service=Module,type=IdentityServiceController</depends>
<attribute name="HavingRole"></attribute>
</mbean>
+ <mbean
+ code="org.jboss.portal.identity.auth.JOSSOIdentityServiceImpl"
+ name="portal:service=Module,type=JOSSOIdentityService"
+ xmbean-dd=""
+ xmbean-code="org.jboss.portal.jems.as.system.JBossServiceModelMBean">
+ <xmbean/>
+ <depends>portal:service=Module,type=IdentityServiceController</depends>
+ </mbean>
<mbean
code="org.jboss.portal.core.impl.mail.MailModuleImpl"
Modified: branches/2_6_CAS_Integration/identity/build.xml
===================================================================
--- branches/2_6_CAS_Integration/identity/build.xml 2007-08-22 17:39:30 UTC (rev 8037)
+++ branches/2_6_CAS_Integration/identity/build.xml 2007-08-22 19:57:38 UTC (rev 8038)
@@ -89,7 +89,7 @@
<!-- Configure thirdparty libraries -->
&libraries;
- <!--TODO: need to add the CAS SSO system dependency to the thirdparty
repository. For now, this is just added to identity/cas/lib -->
+ <!--TODO: need to add the CAS/JOSSO SSO system dependency to the thirdparty
repository. For now, this is just added to identity/cas/lib -->
<property name="yale.cas.root" value="cas"/>
<property name="yale.cas.lib"
value="${yale.cas.root}/lib/"/>
<path id="yale.cas.classpath">
@@ -98,6 +98,14 @@
<pathelement path="${yale.cas.lib}/catalina.jar"/>
<pathelement path="${yale.cas.lib}/spring-2.0.3.jar"/>
</path>
+
+ <property name="josso.root" value="josso"/>
+ <property name="josso.lib" value="${josso.root}/lib/"/>
+ <path id="josso.classpath">
+ <pathelement path="${josso.lib}/josso-1.5.jar"/>
+ <pathelement path="${josso.lib}/josso-tomcat55-plugin-1.5.jar"/>
+ <pathelement path="${josso.lib}/josso-jboss4-plugin-1.5.jar"/>
+ </path>
<path id="library.classpath">
<path refid="sun.servlet.classpath"/>
@@ -114,6 +122,7 @@
<!-- cas integration -->
<path refid="sun.servlet.classpath"/>
<path refid="yale.cas.classpath"/>
+ <path refid="josso.classpath"/>
<path refid="apache.httpclient.classpath"/>
</path>
Added: branches/2_6_CAS_Integration/identity/josso/config/context.xml
===================================================================
--- branches/2_6_CAS_Integration/identity/josso/config/context.xml
(rev 0)
+++ branches/2_6_CAS_Integration/identity/josso/config/context.xml 2007-08-22 19:57:38 UTC
(rev 8038)
@@ -0,0 +1,4 @@
+<?xml version="1.0"?>
+<Context>
+ <Valve className="org.jboss.portal.identity.auth.JOSSOLogoutValve"/>
+</Context>
Added: branches/2_6_CAS_Integration/identity/josso/config/error.jsp
===================================================================
--- branches/2_6_CAS_Integration/identity/josso/config/error.jsp
(rev 0)
+++ branches/2_6_CAS_Integration/identity/josso/config/error.jsp 2007-08-22 19:57:38 UTC
(rev 8038)
@@ -0,0 +1,41 @@
+<%--
+ ~ Copyright (c) 2004-2006, Novascope S.A. and the JOSSO team
+ ~ All rights reserved.
+ ~ Redistribution and use in source and binary forms, with or
+ ~ without modification, are permitted provided that the following
+ ~ conditions are met:
+ ~
+ ~ * Redistributions of source code must retain the above copyright
+ ~ notice, this list of conditions and the following disclaimer.
+ ~
+ ~ * Redistributions in binary form must reproduce the above copyright
+ ~ notice, this list of conditions and the following disclaimer in
+ ~ the documentation and/or other materials provided with the
+ ~ distribution.
+ ~
+ ~ * Neither the name of the JOSSO team nor the names of its
+ ~ contributors may be used to endorse or promote products derived
+ ~ from this software without specific prior written permission.
+ ~
+ ~ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+ ~ CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ ~ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ ~ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ ~ DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+ ~ BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ ~ EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ ~ TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ ~ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ ~ ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ ~ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ ~ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ ~ POSSIBILITY OF SUCH DAMAGE.
+ --%>
+
+<%@page contentType="text/html; charset=iso-8859-1"
language="java" session="true" %>
+<!--
+Redirects the user to the propper login page. Configured as the login url the web.xml
for this application.
+-->
+<%
+ response.sendRedirect(request.getContextPath() + "/josso_login/");
+%>
Added: branches/2_6_CAS_Integration/identity/josso/config/josso-1.5.jar
===================================================================
(Binary files differ)
Property changes on: branches/2_6_CAS_Integration/identity/josso/config/josso-1.5.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: branches/2_6_CAS_Integration/identity/josso/config/josso-agent-config.xml
===================================================================
--- branches/2_6_CAS_Integration/identity/josso/config/josso-agent-config.xml
(rev 0)
+++ branches/2_6_CAS_Integration/identity/josso/config/josso-agent-config.xml 2007-08-22
19:57:38 UTC (rev 8038)
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="ISO-8859-1" ?>
+<agent>
+ <class>org.josso.jb4.agent.JBossCatalinaSSOAgent</class>
+
<gatewayLoginUrl>http://localhost:8080/josso/signon/login.do</gatewayLoginUrl>
+
<gatewayLogoutUrl>http://localhost:8080/josso/signon/logout.do</gatewayLogoutUrl>
+ <service-locator>
+ <class>org.josso.gateway.WebserviceGatewayServiceLocator</class>
+ <endpoint>localhost:8080</endpoint>
+ </service-locator>
+ <partner-apps>
+ <partner-app>
+ <context>/portal</context>
+ </partner-app>
+ </partner-apps>
+</agent>
Added: branches/2_6_CAS_Integration/identity/josso/config/josso-common-1.5.jar
===================================================================
(Binary files differ)
Property changes on:
branches/2_6_CAS_Integration/identity/josso/config/josso-common-1.5.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: branches/2_6_CAS_Integration/identity/josso/config/josso-config.xml
===================================================================
--- branches/2_6_CAS_Integration/identity/josso/config/josso-config.xml
(rev 0)
+++ branches/2_6_CAS_Integration/identity/josso/config/josso-config.xml 2007-08-22
19:57:38 UTC (rev 8038)
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="ISO-8859-1" ?>
+<configuration>
+ <hierarchicalXml fileName="josso-agent-config.xml"/>
+</configuration>
Added: branches/2_6_CAS_Integration/identity/josso/config/josso-gateway-config.xml
===================================================================
--- branches/2_6_CAS_Integration/identity/josso/config/josso-gateway-config.xml
(rev 0)
+++ branches/2_6_CAS_Integration/identity/josso/config/josso-gateway-config.xml 2007-08-22
19:57:38 UTC (rev 8038)
@@ -0,0 +1,569 @@
+<?xml version="1.0" encoding="ISO-8859-1" ?>
+<!--
+ ~ Copyright (c) 2004-2006, Novascope S.A. and the JOSSO team
+ ~ All rights reserved.
+ ~ Redistribution and use in source and binary forms, with or
+ ~ without modification, are permitted provided that the following
+ ~ conditions are met:
+ ~
+ ~ * Redistributions of source code must retain the above copyright
+ ~ notice, this list of conditions and the following disclaimer.
+ ~
+ ~ * Redistributions in binary form must reproduce the above copyright
+ ~ notice, this list of conditions and the following disclaimer in
+ ~ the documentation and/or other materials provided with the
+ ~ distribution.
+ ~
+ ~ * Neither the name of the JOSSO team nor the names of its
+ ~ contributors may be used to endorse or promote products derived
+ ~ from this software without specific prior written permission.
+ ~
+ ~ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+ ~ CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ ~ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ ~ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ ~ DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+ ~ BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ ~ EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ ~ TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ ~ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ ~ ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ ~ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ ~ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ ~ POSSIBILITY OF SUCH DAMAGE.
+ -->
+
+<domain>
+ <name>JOSSO</name>
+ <type>web</type>
+
+ <!--sso-web-config-->
+
+ <!-- Optional : The URL where the user will be redirected after a successfull
login only if josso_back_to request parameter
+ is not present when accessing the login url
+
<loginBackToURL>http://localhost:8080/partnerapp/protected/</loginBackToURL>
+ -->
+
+ <!-- Optional : The URL where the user will be redirected after a logout only
if josso_back_to is not present
+ when accessing the logout url
+
<logoutBackToURL>http://localhost:8080/partnerapp/protected/</logoutBackToURL>
+ -->
+
+ <!-- Session token properties -->
+ <!--session-token-->
+
+ <!-- Optional : Use a secure session token, a secure channel like SSL must
be available for this to work
+ <secure>false</secure>
+ -->
+
+
+ <!--/session-token-->
+
+ <!--/sso-web-config-->
+
+ <authenticator>
+ <class>org.josso.auth.AuthenticatorImpl</class>
+ <authentication-schemes>
+ <!-- Basic Authentication Scheme -->
+ <authentication-scheme>
+ <name>basic-authentication</name>
+
<class>org.josso.auth.scheme.BindUsernamePasswordAuthScheme</class>
+
+ <!--
+ The message digest algorithm to be used when hashing passwords.
+ This must be an algorithm supported by the java.security.MessageDigest
class
+ on your platform.
+
+ In J2SE 1.4.2 you can check :
+ Java Cryptography Architecture API Specification & Reference -
Apendix B : Algorithms
+ Values are : MD2, MD5, SHA-1, SHA-256, SHA-384, SHA-512,etc.
+
+ To provide LDAP support, also CRYPT is available.
+ -->
+ <!--
+ <hashAlgorithm>MD5</hashAlgorithm>
+ -->
+
+ <!-- Supported values are HEX, BASE64. Mandatory if hashAlgorithm was
specified -->
+ <!--
+ <hashEncoding>HEX</hashEncoding>
+ -->
+
+ <!-- Some hash algorithms, like CRYPT, use this property. The default
value is 2.
+ <saltLength>2</saltLength>
+ -->
+
+ <!--
+ <ignorePasswordCase>false</ignorePasswordCase>
+ <ignoreUserCase>false</ignoreUserCase>
+ -->
+ <!-- ========================================================= -->
+ <!-- JDBC Credential Store -->
+ <!-- -->
+ <!-- Always scape comma chars [,] in queries because -->
+ <!-- jakarta commons-configuration uses them to define arrays. -->
+ <!-- ========================================================= -->
+ <!--
+ <credential-store>
+
<class>org.josso.gateway.identity.service.store.db.JDBCIdentityStore</class>
+
+ <credentialsQueryString>
+
+ SELECT login AS username , password AS password FROM josso_user
WHERE login = ?
+
+ </credentialsQueryString>
+ <connectionName>josso</connectionName>
+ <connectionPassword>josso</connectionPassword>
+
<connectionURL>jdbc:oracle:thin:@localhost:1521:josso_db</connectionURL>
+ <driverName>oracle.jdbc.driver.OracleDriver</driverName>
+ </credential-store>
+ <credential-store>
+
<class>org.josso.gateway.identity.service.store.db.DataSourceIdentityStore</class>
+
+ <credentialsQueryString>SELECT login AS username , password AS
password FROM josso_user WHERE login = ?</credentialsQueryString>
+ <dsJndiName>java:jdbc/JossoSamplesDB</dsJndiName>
+ </credential-store>
+ -->
+
+ <!-- ===============================================================
-->
+ <!-- LDAP Credential Store
-->
+ <!--
-->
+ <!-- Chcek javadoc for configuration details :
-->
+ <!-- org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore
-->
+ <!-- ===============================================================
-->
+ <!--
+ <credential-store>
+
<class>org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore</class>
+
<initialContextFactory>com.sun.jndi.ldap.LdapCtxFactory</initialContextFactory>
+ <providerUrl>ldap://ldaphost</providerUrl>
+
<securityPrincipal>cn=Manager,dc=my-domain,dc=com</securityPrincipal>
+ <securityCredential>secret</securityCredential>
+ <securityAuthentication>simple</securityAuthentication>
+ <ldapSearchScope>SUBTREE</ldapSearchScope>
+ <usersCtxDN>ou=People,dc=my-domain,dc=com</usersCtxDN>
+ <principalUidAttributeID>uid</principalUidAttributeID>
+ <rolesCtxDN>ou=Roles,dc=my-domain,dc=com</rolesCtxDN>
+ <uidAttributeID>uniquemember</uidAttributeID>
+ <roleAttributeID>cn</roleAttributeID>
+
<credentialQueryString>uid=username,userPassword=password</credentialQueryString>
+
<userPropertiesQueryString>mail=mail,cn=description</userPropertiesQueryString>
+ </credential-store>
+ -->
+
+ <!-- ================================================= -->
+ <!-- Memory Credential Store -->
+ <!-- ================================================= -->
+ <!--
+ <credential-store>
+
<class>org.josso.gateway.identity.service.store.MemoryIdentityStore</class>
+
<credentialsFileName>josso-credentials.xml</credentialsFileName>
+ </credential-store>
+ -->
+
+ <!-- ================================================= -->
+ <!-- JBoss Portal Credential Store -->
+ <!-- ================================================= -->
+ <credential-store>
+
<class>org.jboss.portal.identity.auth.JOSSOIdentityStore</class>
+ </credential-store>
+
+
+
+ <!-- ================================================= -->
+ <!-- Credential Store Key adapter -->
+ <!-- ================================================= -->
+ <credential-store-key-adapter>
+
<class>org.josso.gateway.identity.service.store.SimpleIdentityStoreKeyAdapter</class>
+ </credential-store-key-adapter>
+
+ </authentication-scheme>
+
+ <!-- Strong Authentication Scheme -->
+ <authentication-scheme>
+ <name>strong-authentication</name>
+
<class>org.josso.auth.scheme.X509CertificateAuthScheme</class>
+
+ <!-- ========================================================= -->
+ <!-- JDBC Credential Store -->
+ <!-- -->
+ <!-- Always scape comma chars [,] in queries because -->
+ <!-- jakarta commons-configuration uses them to define arrays. -->
+ <!-- ========================================================= -->
+ <!--
+ <credential-store>
+
<class>org.josso.gateway.identity.service.store.db.JDBCIdentityStore</class>
+
+ <credentialsQueryString>
+
+ SELECT login AS username , password AS password FROM josso_user
WHERE login = ?
+
+ </credentialsQueryString>
+ <connectionName>josso</connectionName>
+ <connectionPassword>josso</connectionPassword>
+
<connectionURL>jdbc:oracle:thin:@localhost:1521:josso_db</connectionURL>
+ <driverName>oracle.jdbc.driver.OracleDriver</driverName>
+ </credential-store>
+ -->
+
+ <!-- ===============================================================
-->
+ <!-- LDAP Credential Store
-->
+ <!--
-->
+ <!-- Chcek javadoc for configuration details :
-->
+ <!-- org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore
-->
+ <!-- ===============================================================
-->
+ <!--
+ <credential-store>
+
<class>org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore</class>
+
<initialContextFactory>com.sun.jndi.ldap.LdapCtxFactory</initialContextFactory>
+ <providerUrl>ldap://ldaphost</providerUrl>
+
<securityPrincipal>cn=Manager,dc=my-domain,dc=com</securityPrincipal>
+ <securityCredential>secret</securityCredential>
+ <securityAuthentication>simple</securityAuthentication>
+ <ldapSearchScope>SUBTREE</ldapSearchScope>
+ <usersCtxDN>ou=People,dc=my-domain,dc=com</usersCtxDN>
+ <principalUidAttributeID>uid</principalUidAttributeID>
+ <rolesCtxDN>ou=Roles,dc=my-domain,dc=com</rolesCtxDN>
+ <uidAttributeID>uniquemember</uidAttributeID>
+ <roleAttributeID>cn</roleAttributeID>
+
<credentialQueryString>uid=username,userCertificate;binary=userCertificate</credentialQueryString>
+
<userPropertiesQueryString>mail=mail,cn=description</userPropertiesQueryString>
+ </credential-store>
+ -->
+
+ <!-- ================================================= -->
+ <!-- Memory Credential Store -->
+ <!-- ================================================= -->
+ <credential-store>
+
<class>org.josso.gateway.identity.service.store.MemoryIdentityStore</class>
+
<credentialsFileName>josso-credentials.xml</credentialsFileName>
+ </credential-store>
+
+ <!-- ================================================= -->
+ <!-- Credential Store Key adapter -->
+ <!-- ================================================= -->
+ <credential-store-key-adapter>
+
<class>org.josso.gateway.identity.service.store.SimpleIdentityStoreKeyAdapter</class>
+ </credential-store-key-adapter>
+
+ </authentication-scheme>
+ </authentication-schemes>
+ </authenticator>
+
+ <sso-identity-manager>
+
+
<class>org.josso.gateway.identity.service.SSOIdentityManagerImpl</class>
+
+ <!-- ========================================================= -->
+ <!-- DataSource Identity Store -->
+ <!-- -->
+ <!-- Always scape comma chars [,] in queries because -->
+ <!-- jakarta commons-configuration uses them to define arrays. -->
+ <!-- ========================================================= -->
+ <!--
+ <sso-identity-store>
+
<class>org.josso.gateway.identity.service.store.db.DataSourceIdentityStore</class>
+
+ <userQueryString>
+ SELECT login FROM josso_user WHERE login = ?
+ </userQueryString>
+
+ <userPropertiesQueryString>
+ SELECT 'user.description' AS name , description AS value FROM
josso_user WHERE login = ?
+ UNION
+ SELECT name AS name , value AS value FROM josso_user_property WHERE
login = ?
+ </userPropertiesQueryString>
+
+ <rolesQueryString>
+ SELECT josso_role.name FROM josso_role , josso_user_role , josso_user
WHERE josso_user.login = ? AND josso_user.login = josso_user_role.login AND
josso_role.name = josso_user_role.name
+ </rolesQueryString>
+
+ <dsJndiName>java:jdbc/JossoSamplesDB</dsJndiName>
+ </sso-identity-store>
+ -->
+ <!-- ========================================================= -->
+ <!-- JDBC Identity Store -->
+ <!-- -->
+ <!-- Always scape comma chars [,] in queries because -->
+ <!-- jakarta commons-configuration uses them to define arrays. -->
+ <!-- ========================================================= -->
+
+ <!--sso-identity-store>
+
<class>org.josso.gateway.identity.service.store.db.JDBCIdentityStore</class>
+
+ <userQueryString>
+ SELECT login FROM josso_user WHERE login = ?
+ </userQueryString>
+
+ You could use a UNION to select properties from different tables/columns :
+ SELECT 'user.lastName' AS name , lastName AS value FROM josso_user
WHERE login = ?
+ UNION
+ SELECT 'user.name' AS name , name AS value FROM josso_user WHERE
login = ?
+ UNION
+ SELECT name AS name , value AS value FROM josso_user_properties WHERE login
= ?
+
+ <userPropertiesQueryString>
+ SELECT 'user.description' AS name , description AS value FROM
josso_user WHERE login = ?
+ UNION
+ SELECT name AS name , value AS value FROM josso_user_property WHERE
login = ?
+ </userPropertiesQueryString>
+ <rolesQueryString>
+ SELECT josso_role.name FROM josso_role , josso_user_role , josso_user
WHERE josso_user.login = ? AND josso_user.login = josso_user_role.login AND
josso_role.name = josso_user_role.name
+ </rolesQueryString>
+ <connectionName>josso</connectionName>
+ <connectionPassword>josso</connectionPassword>
+
<connectionURL>jdbc:oracle:thin:@localhost:1521:josso_db</connectionURL>
+ <driverName>oracle.jdbc.driver.OracleDriver</driverName>
+ </sso-identity-store-->
+
+ <!-- =============================================================== -->
+ <!-- LDAP Identity Store -->
+ <!-- -->
+ <!-- Chcek javadoc for configuration details : -->
+ <!-- org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore -->
+ <!-- ================================================= -->
+ <!--
+ <sso-identity-store>
+
<class>org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore</class>
+
<initialContextFactory>com.sun.jndi.ldap.LdapCtxFactory</initialContextFactory>
+ <providerUrl>ldap://ldaphost</providerUrl>
+
<securityPrincipal>cn=Manager,dc=my-domain,dc=com</securityPrincipal>
+ <securityCredential>secret</securityCredential>
+ <securityAuthentication>simple</securityAuthentication>
+ <ldapSearchScope>SUBTREE</ldapSearchScope>
+ <usersCtxDN>ou=People,dc=my-domain,dc=com</usersCtxDN>
+ <principalUidAttributeID>uid</principalUidAttributeID>
+ <rolesCtxDN>ou=Roles,dc=my-domain,dc=com</rolesCtxDN>
+ <uidAttributeID>uniquemember</uidAttributeID>
+ <roleAttributeID>cn</roleAttributeID>
+
<credentialQueryString>uid=username,userPassword=password</credentialQueryString>
+
<userPropertiesQueryString>mail=mail,cn=description</userPropertiesQueryString>
+ </sso-identity-store>
+ -->
+
+ <!-- ================================================= -->
+ <!-- Memory Identity Store -->
+ <!-- ================================================= -->
+ <!--
+ <sso-identity-store>
+
<class>org.josso.gateway.identity.service.store.MemoryIdentityStore</class>
+ <usersFileName>josso-users.xml</usersFileName>
+ </sso-identity-store>
+ -->
+
+ <!-- ================================================= -->
+ <!-- JBoss Portal Credential Store -->
+ <!-- ================================================= -->
+ <sso-identity-store>
+ <class>org.jboss.portal.identity.auth.JOSSOIdentityStore</class>
+ </sso-identity-store>
+
+ <!-- ================================================= -->
+ <!-- Identity Store Key adapter -->
+ <!-- ================================================= -->
+ <sso-identity-store-key-adapter>
+
<class>org.josso.gateway.identity.service.store.SimpleIdentityStoreKeyAdapter</class>
+ </sso-identity-store-key-adapter>
+
+ </sso-identity-manager>
+
+ <sso-session-manager>
+
+
<class>org.josso.gateway.session.service.SSOSessionManagerImpl</class>
+
+ <!--
+ Set the maximum time interval, in minutes, between client requests before the SSO
Service will invalidate
+ the session. A negative time indicates that the session should never time out.
+ -->
+ <maxInactiveInterval>30</maxInactiveInterval>
+
+ <!-- Max number of sessions per user, default 1
+ A negative value indicates that an unlimited number of sessions per user is
allowed.
+ -->
+ <maxSessionsPerUser>-1</maxSessionsPerUser>
+ <!--
+ If true, when the max number of sessions per user is exceeded,
+ an already existing session will be invalidated to create a new one.
+ If false, when the max number of sessions per user is exceeded,
+ an exception is thrown and the new session is not created.
+ -->
+ <invalidateExceedingSessions>false</invalidateExceedingSessions>
+
+
+ <!--
+ Time interval, in milliseconds, between exired sessions cleanup.
+ -->
+ <sessionMonitorInterval>10000</sessionMonitorInterval>
+
+ <!-- ===================================================================
-->
+ <!-- Serialized Session Store
-->
+ <!--
-->
+ <!-- Session Store implementation which uses Java Serialization to
-->
+ <!-- persist Single Sign-On user sessions.
-->
+ <!-- It allows to reconstruct the session state after a system shutdown.
-->
+ <!-- ===================================================================
-->
+ <!--
+ <sso-session-store>
+
<class>org.josso.gateway.session.service.store.SerializedSessionStore</class>
+ file where serialized sessions will be stored (optional)
+ <serializedFile>/tmp/josso_sessions.ser</serializedFile>
+ </sso-session-store>
+ -->
+
+
+ <!-- =============================================================== -->
+ <!-- DataSource Session Store -->
+ <!-- -->
+ <!-- This store persists SSO sessions in a RDBMS, it's usefull for
-->
+ <!-- example when multiple SSO servers must share session information-->
+ <!-- like in a cluster. -->
+ <!-- -->
+ <!-- NOTE :Remember to escape spetial chars like < with < , etc
-->
+ <!-- -->
+ <!-- -->
+ <!-- Chcek javadoc for configuration details : -->
+ <!-- org.josso.gateway.session.service.store.db.DataSourceSessionStore -->
+ <!-- =============================================================== -->
+ <!--
+ <sso-session-store>
+
+
<class>org.josso.gateway.session.service.store.db.DataSourceSessionStore</class>
+
+ <dsJndiName>java:jdbc/JossoSamplesDB</dsJndiName>
+
+ <sizeQuery>SELECT COUNT(*) FROM JOSSO_SESSION</sizeQuery>
+ <keysQuery>SELECT session_id FROM JOSSO_SESSION</keysQuery>
+ <loadAllQuery>SELECT session_id, userName, creation_time,
last_access_time, access_count, max_inactive_interval, valid FROM
JOSSO_SESSION</loadAllQuery>
+ <loadQuery>SELECT session_id, userName, creation_time,
last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE
session_id = ?</loadQuery>
+ <loadByUserNameQuery>SELECT session_id, userName, creation_time,
last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE
username = ?</loadByUserNameQuery>
+
+ <loadByLastAccessTimeQuery>SELECT session_id, userName, creation_time,
last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE
last_access_time < ?</loadByLastAccessTimeQuery>
+ <loadByValidQuery>SELECT session_id, userName, creation_time,
last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE
valid = ?</loadByValidQuery>
+ <deleteDml>DELETE FROM JOSSO_SESSION WHERE session_id =
?</deleteDml>
+ <deleteAllDml>DELETE FROM JOSSO_SESSION</deleteAllDml>
+ <insertDml>INSERT INTO JOSSO_SESSION (session_id, userName,
creation_time, last_access_time, access_count, max_inactive_interval, valid) VALUES (?, ?,
?, ?, ?, ?, ?) </insertDml>
+
+ <dsJndiName>java:jdbc/JossoSamplesDB</dsJndiName>
+
+ </sso-session-store>
+ -->
+
+ <!-- =============================================================== -->
+ <!-- Jdbc Session Store -->
+ <!-- -->
+ <!-- This store persists SSO sessions in a RDBMS, it's usefull for
-->
+ <!-- example when multiple SSO servers must share session information-->
+ <!-- like in a cluster. -->
+ <!-- -->
+ <!-- NOTE :Remember to escape spetial chars like < with < , etc
-->
+ <!-- -->
+ <!-- Chcek javadoc for configuration details : -->
+ <!-- org.josso.gateway.session.service.store.db.JdbcSessionStore -->
+ <!-- =============================================================== -->
+ <!--
+ <sso-session-store>
+
+
<class>org.josso.gateway.session.service.store.db.JdbcSessionStore</class>
+
+ <connectionName>josso</connectionName>
+ <connectionPassword>josso</connectionPassword>
+
<connectionURL>jdbc:oracle:thin:@localhost:1521:josso_db</connectionURL>
+ <driverName>oracle.jdbc.driver.OracleDriver</driverName>
+
+ <sizeQuery>SELECT COUNT(*) FROM JOSSO_SESSION</sizeQuery>
+ <keysQuery>SELECT session_id FROM JOSSO_SESSION</keysQuery>
+ <loadAllQuery>SELECT session_id, userName, creation_time,
last_access_time, access_count, max_inactive_interval, valid FROM
JOSSO_SESSION</loadAllQuery>
+ <loadQuery>SELECT session_id, userName, creation_time,
last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE
session_id = ?</loadQuery>
+ <loadByUserNameQuery>SELECT session_id, userName, creation_time,
last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE
username = ?</loadByUserNameQuery>
+
+ <loadByLastAccessTimeQuery>SELECT session_id, userName, creation_time,
last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE
last_access_time < ?</loadByLastAccessTimeQuery>
+ <loadByValidQuery>SELECT session_id, userName, creation_time,
last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE
valid = ?</loadByValidQuery>
+ <deleteDml>DELETE FROM JOSSO_SESSION WHERE session_id =
?</deleteDml>
+ <deleteAllDml>DELETE FROM JOSSO_SESSION</deleteAllDml>
+ <insertDml>INSERT INTO JOSSO_SESSION (session_id, userName,
creation_time, last_access_time, access_count, max_inactive_interval, valid) VALUES (?, ?,
?, ?, ?, ?, ?) </insertDml>
+
+ </sso-session-store>
+ -->
+
+
+ <!-- =============================================================== -->
+ <!-- Memory Session Store -->
+ <!-- =============================================================== -->
+ <sso-session-store>
+
<class>org.josso.gateway.session.service.store.MemorySessionStore</class>
+ </sso-session-store>
+
+ <sso-session-id-generator>
+
+
<class>org.josso.gateway.session.service.SessionIdGeneratorImpl</class>
+ <!--
+ The message digest algorithm to be used when generating session
+ identifiers. This must be an algorithm supported by the
+ java.security.MessageDigest class on your platform.
+
+ In J2SE 1.4.2 you can check :
+ Java Cryptography Architecture API Specification & Reference - Apendix
A : Standard Names
+ Values are : MD2, MD5, SHA-1, SHA-256, SHA-384, SHA-512
+ -->
+ <algorithm>MD5</algorithm>
+
+ </sso-session-id-generator>
+
+ </sso-session-manager>
+
+ <!-- SSO Audit Manager compoment -->
+ <sso-audit-manager>
+ <class>org.josso.gateway.audit.service.SSOAuditManagerImpl</class>
+
+ <!--
+ List of handlers that will process this request
+ Every handler must have its own unique name.
+ -->
+ <handlers>
+
+ <!-- This handler logs all audit trails using Log4J, under the given
category -->
+ <handler>
+
<class>org.josso.gateway.audit.service.handler.LoggerAuditTrailHandler</class>
+ <name>LoggerAuditTrailHandler</name>
+ <category>org.josso.gateway.audit.SSO_AUDIT</category>
+ </handler>
+
+ <!--
+ <handler>
+ <class>MyOtherHandler</class>
+ <name>MyOhterHandlerName</name>
+ <myProperty>value</myProperty>
+ </handler>
+ -->
+
+ </handlers>
+ </sso-audit-manager>
+
+ <!-- SSO Event Manager component -->
+ <sso-event-manager>
+
<class>org.josso.gateway.event.security.JMXSSOEventManagerImpl</class>
+ <!--
+ JMX Name of the EventManager MBean that will send SSO Events as JMX
Notifications
+ The MBean will be registered by the MBeanComponentKeeper.
+ -->
+ <oname>josso:type=SSOEventManager</oname>
+ <!-- You can add your own listeners here : -->
+ <!-- Every listener should have a unique name -->
+
+ <!--
+ <listeners>
+ <listener>
+ <class>com.myCompany.MyEventListener</class>
+ <name>MyEventListener</name>
+ <property1>MyListenerProperty1Value</property1>
+ </listener>
+ <listener>
+ <class>com.myCompany.MyOtherEventListener</class>
+ <name>MyOtherEventListener</name>
+ <propertyA>MyOtherListenerPropertyAValue</propertyA>
+ </listener>
+ </listeners>
+ -->
+
+ </sso-event-manager>
+
+</domain>
Added: branches/2_6_CAS_Integration/identity/josso/config/josso-jboss4-plugin-1.5.jar
===================================================================
(Binary files differ)
Property changes on:
branches/2_6_CAS_Integration/identity/josso/config/josso-jboss4-plugin-1.5.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: branches/2_6_CAS_Integration/identity/josso/config/josso-tomcat55-plugin-1.5.jar
===================================================================
(Binary files differ)
Property changes on:
branches/2_6_CAS_Integration/identity/josso/config/josso-tomcat55-plugin-1.5.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: branches/2_6_CAS_Integration/identity/josso/config/login-config.xml
===================================================================
--- branches/2_6_CAS_Integration/identity/josso/config/login-config.xml
(rev 0)
+++ branches/2_6_CAS_Integration/identity/josso/config/login-config.xml 2007-08-22
19:57:38 UTC (rev 8038)
@@ -0,0 +1,165 @@
+<?xml version='1.0'?>
+<!DOCTYPE policy PUBLIC
+ "-//JBoss//DTD JBOSS Security Config 3.0//EN"
+ "http://www.jboss.org/j2ee/dtd/security_config.dtd">
+
+<!-- The XML based JAAS login configuration read by the
+org.jboss.security.auth.login.XMLLoginConfig mbean. Add
+an application-policy element for each security domain.
+
+The outline of the application-policy is:
+<application-policy name="security-domain-name">
+ <authentication>
+ <login-module code="login.module1.class.name"
flag="control_flag">
+ <module-option name =
"option1-name">option1-value</module-option>
+ <module-option name =
"option2-name">option2-value</module-option>
+ ...
+ </login-module>
+
+ <login-module code="login.module2.class.name"
flag="control_flag">
+ ...
+ </login-module>
+ ...
+ </authentication>
+</application-policy>
+
+-->
+
+<policy>
+ <!-- Used by clients within the application server VM such as
+ mbeans and servlets that access EJBs.
+ -->
+ <application-policy name = "client-login">
+ <authentication>
+ <login-module code = "org.jboss.security.ClientLoginModule"
+ flag = "required">
+ <!-- Any existing security context will be restored on logout -->
+ <module-option
name="restore-login-identity">true</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!-- Security domain for JBossMQ -->
+ <application-policy name = "jbossmq">
+ <authentication>
+ <login-module code =
"org.jboss.security.auth.spi.DatabaseServerLoginModule"
+ flag = "required">
+ <module-option name =
"unauthenticatedIdentity">guest</module-option>
+ <module-option name =
"dsJndiName">java:/DefaultDS</module-option>
+ <module-option name = "principalsQuery">SELECT PASSWD FROM
JMS_USERS WHERE USERID=?</module-option>
+ <module-option name = "rolesQuery">SELECT ROLEID,
'Roles' FROM JMS_ROLES WHERE USERID=?</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!-- Security domain for JBossMQ when using file-state-service.xml
+ <application-policy name = "jbossmq">
+ <authentication>
+ <login-module code = "org.jboss.mq.sm.file.DynamicLoginModule"
+ flag = "required">
+ <module-option name =
"unauthenticatedIdentity">guest</module-option>
+ <module-option name =
"sm.objectname">jboss.mq:service=StateManager</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+ -->
+
+ <!-- Security domains for testing new jca framework -->
+ <application-policy name = "HsqlDbRealm">
+ <authentication>
+ <login-module code =
"org.jboss.resource.security.ConfiguredIdentityLoginModule"
+ flag = "required">
+ <module-option name = "principal">sa</module-option>
+ <module-option name = "userName">sa</module-option>
+ <module-option name = "password"></module-option>
+ <module-option name =
"managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <application-policy name = "JmsXARealm">
+ <authentication>
+ <login-module code =
"org.jboss.resource.security.ConfiguredIdentityLoginModule"
+ flag = "required">
+ <module-option name =
"principal">guest</module-option>
+ <module-option name =
"userName">guest</module-option>
+ <module-option name =
"password">guest</module-option>
+ <module-option name =
"managedConnectionFactoryName">jboss.jca:service=TxCM,name=JmsXA</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!-- A template configuration for the jmx-console web application. This
+ defaults to the UsersRolesLoginModule the same as other and should be
+ changed to a stronger authentication mechanism as required.
+ -->
+ <application-policy name = "jmx-console">
+ <authentication>
+ <login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
+ flag = "required">
+ <module-option
name="usersProperties">props/jmx-console-users.properties</module-option>
+ <module-option
name="rolesProperties">props/jmx-console-roles.properties</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!-- A template configuration for the web-console web application. This
+ defaults to the UsersRolesLoginModule the same as other and should be
+ changed to a stronger authentication mechanism as required.
+ -->
+ <application-policy name = "$webConsoleDomain">
+ <authentication>
+ <login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
+ flag = "required">
+ <module-option
name="usersProperties">web-console-users.properties</module-option>
+ <module-option
name="rolesProperties">web-console-roles.properties</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!-- A template configuration for the JBossWS web application (and transport
layer!).
+ This defaults to the UsersRolesLoginModule the same as other and should be
+ changed to a stronger authentication mechanism as required.
+ -->
+ <application-policy name="JBossWS">
+ <authentication>
+ <login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
+ flag="required">
+ <module-option
name="usersProperties">props/jbossws-users.properties</module-option>
+ <module-option
name="rolesProperties">props/jbossws-roles.properties</module-option>
+ <module-option
name="unauthenticatedIdentity">anonymous</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!-- The default login configuration used by any security domain that
+ does not have a application-policy entry with a matching name
+ -->
+ <application-policy name = "other">
+ <!-- A simple server login module, which can be used when the number
+ of users is relatively small. It uses two properties files:
+ users.properties, which holds users (key) and their password (value).
+ roles.properties, which holds users (key) and a comma-separated list of
+ their roles (value).
+ The unauthenticatedIdentity property defines the name of the principal
+ that will be used when a null username and password are presented as is
+ the case for an unuathenticated web client or MDB. If you want to
+ allow such users to be authenticated add the property, e.g.,
+ unauthenticatedIdentity="nobody"
+ -->
+ <authentication>
+ <login-module code =
"org.jboss.security.auth.spi.UsersRolesLoginModule"
+ flag = "required" />
+ </authentication>
+ </application-policy>
+
+ <!-- JOSSO JAAS Module configuration -->
+ <application-policy name = "josso">
+ <authentication>
+ <login-module code =
"org.jboss.portal.identity.auth.JOSSOLoginModule"
+ flag = "required">
+ <module-option name="debug">true</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+</policy>
Added: branches/2_6_CAS_Integration/identity/josso/config/login.jsp
===================================================================
--- branches/2_6_CAS_Integration/identity/josso/config/login.jsp
(rev 0)
+++ branches/2_6_CAS_Integration/identity/josso/config/login.jsp 2007-08-22 19:57:38 UTC
(rev 8038)
@@ -0,0 +1,41 @@
+<%--
+ ~ Copyright (c) 2004-2006, Novascope S.A. and the JOSSO team
+ ~ All rights reserved.
+ ~ Redistribution and use in source and binary forms, with or
+ ~ without modification, are permitted provided that the following
+ ~ conditions are met:
+ ~
+ ~ * Redistributions of source code must retain the above copyright
+ ~ notice, this list of conditions and the following disclaimer.
+ ~
+ ~ * Redistributions in binary form must reproduce the above copyright
+ ~ notice, this list of conditions and the following disclaimer in
+ ~ the documentation and/or other materials provided with the
+ ~ distribution.
+ ~
+ ~ * Neither the name of the JOSSO team nor the names of its
+ ~ contributors may be used to endorse or promote products derived
+ ~ from this software without specific prior written permission.
+ ~
+ ~ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+ ~ CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ ~ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ ~ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ ~ DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+ ~ BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ ~ EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ ~ TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ ~ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ ~ ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ ~ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ ~ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ ~ POSSIBILITY OF SUCH DAMAGE.
+ --%>
+
+<%@page contentType="text/html; charset=iso-8859-1"
language="java" session="true" %>
+<!--
+Redirects the user to the propper login page. Configured as the login url the web.xml
for this application.
+-->
+<%
+ response.sendRedirect(request.getContextPath() + "/josso_login/");
+%>
Added: branches/2_6_CAS_Integration/identity/josso/config/server.xml
===================================================================
--- branches/2_6_CAS_Integration/identity/josso/config/server.xml
(rev 0)
+++ branches/2_6_CAS_Integration/identity/josso/config/server.xml 2007-08-22 19:57:38 UTC
(rev 8038)
@@ -0,0 +1,178 @@
+<Server>
+
+ <!-- Use a custom version of StandardService that allows the
+ connectors to be started independent of the normal lifecycle
+ start to allow web apps to be deployed before starting the
+ connectors.
+ -->
+ <Service name="jboss.web"
+ className="org.jboss.web.tomcat.tc5.StandardService">
+
+ <!-- A HTTP/1.1 Connector on port 8080 -->
+ <Connector port="8080" address="${jboss.bind.address}"
+ maxThreads="250" strategy="ms"
maxHttpHeaderSize="8192"
+ emptySessionPath="true"
+ enableLookups="false" redirectPort="8443"
acceptCount="100"
+ connectionTimeout="20000" disableUploadTimeout="true"/>
+
+ <!-- Add this option to the connector to avoid problems with
+ .NET clients that don't implement HTTP/1.1 correctly
+ restrictedUserAgents="^.*MS Web Services Client Protocol 1.1.4322.*$"
+ -->
+
+ <!-- A AJP 1.3 Connector on port 8009 -->
+ <Connector port="8009" address="${jboss.bind.address}"
+ emptySessionPath="true" enableLookups="false"
redirectPort="8443"
+ protocol="AJP/1.3"/>
+
+ <!-- SSL/TLS Connector configuration using the admin devl guide keystore
+ <Connector port="8443" address="${jboss.bind.address}"
+ maxThreads="100" strategy="ms"
maxHttpHeaderSize="8192"
+ emptySessionPath="true"
+ scheme="https" secure="true" clientAuth="false"
+ keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore"
+ keystorePass="rmi+ssl" sslProtocol = "TLS" />
+ -->
+
+ <Engine name="jboss.web" defaultHost="localhost">
+
+ <!-- The JAAS based authentication and authorization realm implementation
+ that is compatible with the jboss 3.2.x realm implementation.
+ - certificatePrincipal : the class name of the
+ org.jboss.security.auth.certs.CertificatePrincipal impl
+ used for mapping X509[] cert chains to a Princpal.
+ - allRolesMode : how to handle an auth-constraint with a role-name=*,
+ one of strict, authOnly, strictAuthOnly
+ + strict = Use the strict servlet spec interpretation which requires
+ that the user have one of the web-app/security-role/role-name
+ + authOnly = Allow any authenticated user
+ + strictAuthOnly = Allow any authenticated user only if there are no
+ web-app/security-roles
+ -->
+ <!--
+ <Realm
className="org.jboss.web.tomcat.security.JBossSecurityMgrRealm"
+
certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
+ allRolesMode="authOnly"
+ />
+ -->
+
+ <!-- A subclass of JBossSecurityMgrRealm that uses the authentication
+ behavior of JBossSecurityMgrRealm, but overrides the authorization
+ checks to use JACC permissions with the current java.security.Policy
+ to determine authorized access.
+ - allRolesMode : how to handle an auth-constraint with a role-name=*,
+ one of strict, authOnly, strictAuthOnly
+ + strict = Use the strict servlet spec interpretation which requires
+ that the user have one of the web-app/security-role/role-name
+ + authOnly = Allow any authenticated user
+ + strictAuthOnly = Allow any authenticated user only if there are no
+ web-app/security-roles
+ <Realm
className="org.jboss.web.tomcat.security.JaccAuthorizationRealm"
+
certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
+ allRolesMode="authOnly"
+ />
+ -->
+
+ <!-- Integrating the JOSSO realm -->
+ <Realm className="org.josso.jb4.agent.JBossCatalinaRealm"
+ appName="josso"
+ userClassNames="org.josso.gateway.identity.service.BaseUserImpl"
+ roleClassNames="org.josso.gateway.identity.service.BaseRoleImpl"
+ debug="1" />
+
+ <Host name="localhost"
+ autoDeploy="false" deployOnStartup="false"
deployXML="false">
+
+ <!-- UNCOMMENT TO ENABLE CUSTOMIZATION OF TOMCAT AUTHENTICATORS
+ <Host name="localhost"
+ autoDeploy="false" deployOnStartup="false"
deployXML="false"
+ configClass="org.jboss.web.tomcat.security.config.JBossContextConfig">
+ -->
+
+
+ <!-- Uncomment to enable request dumper. This Valve "logs interesting
+ contents from the specified Request (before processing) and the
+ corresponding Response (after processing). It is especially useful
+ in debugging problems related to headers and cookies."
+ -->
+ <!--
+ <Valve className="org.apache.catalina.valves.RequestDumperValve"
/>
+ -->
+
+ <!-- Access logger -->
+ <!--
+ <Valve
className="org.apache.catalina.valves.FastCommonAccessLogValve"
+ prefix="localhost_access_log." suffix=".log"
+ pattern="common"
directory="${jboss.server.home.dir}/log"
+ resolveHosts="false" />
+ -->
+
+ <!-- Uncomment to enable single sign-on across web apps
+ deployed to this host. Does not provide SSO across a cluster.
+
+ If this valve is used, do not use the JBoss ClusteredSingleSignOn
+ valve shown below.
+
+ A new configuration attribute is available beginning with
+ release 4.0.4:
+
+ cookieDomain configures the domain to which the SSO cookie
+ will be scoped (i.e. the set of hosts to
+ which the cookie will be presented). By default
+ the cookie is scoped to "/", meaning the host
+ that presented it. Set cookieDomain to a
+ wider domain (e.g. "xyz.com") to allow an SSO
+ to span more than one hostname.
+ -->
+ <!--
+ <Valve
className="org.apache.catalina.authenticator.SingleSignOn" />
+ -->
+
+ <!-- Uncomment to enable single sign-on across web apps
+ deployed to this host AND to all other hosts in the cluster.
+
+ If this valve is used, do not use the standard Tomcat SingleSignOn
+ valve shown above.
+
+ Valve uses a JBossCache instance to support SSO credential
+ caching and replication across the cluster. The JBossCache
+ instance must be configured separately. By default, the valve
+ shares a JBossCache with the service that supports HttpSession
+ replication. See the "tc5-cluster-service.xml" file in the
+ server/all/deploy directory for cache configuration details.
+
+ Besides the attributes supported by the standard Tomcat
+ SingleSignOn valve (see the Tomcat docs), this version also
+ supports the following attributes:
+
+ cookieDomain see above
+
+ treeCacheName JMX ObjectName of the JBossCache MBean used to
+ support credential caching and replication across
+ the cluster. If not set, the default value is
+ "jboss.cache:service=TomcatClusteringCache", the
+ standard ObjectName of the JBossCache MBean used
+ to support session replication.
+ -->
+ <!--
+ <Valve
className="org.jboss.web.tomcat.tc5.sso.ClusteredSingleSignOn" />
+ -->
+
+
+ <!-- Uncomment to check for unclosed connections and transaction
terminated checks
+ in servlets/jsps.
+ Important: You need to uncomment the dependency on the
CachedConnectionManager
+ in META-INF/jboss-service.xml
+ <Valve
className="org.jboss.web.tomcat.tc5.jca.CachedConnectionValve"
+
cachedConnectionManagerObjectName="jboss.jca:service=CachedConnectionManager"
+ transactionManagerObjectName="jboss:service=TransactionManager"
/>
+ -->
+
+ <!-- JOSSO Agent Valve -->
+ <Valve className="org.josso.tc55.agent.SSOAgentValve"
debug="1"/>
+ </Host>
+ </Engine>
+
+ </Service>
+
+</Server>
Added: branches/2_6_CAS_Integration/identity/josso/lib/josso-1.5.jar
===================================================================
(Binary files differ)
Property changes on: branches/2_6_CAS_Integration/identity/josso/lib/josso-1.5.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: branches/2_6_CAS_Integration/identity/josso/lib/josso-jboss4-plugin-1.5.jar
===================================================================
(Binary files differ)
Property changes on:
branches/2_6_CAS_Integration/identity/josso/lib/josso-jboss4-plugin-1.5.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: branches/2_6_CAS_Integration/identity/josso/lib/josso-tomcat55-plugin-1.5.jar
===================================================================
(Binary files differ)
Property changes on:
branches/2_6_CAS_Integration/identity/josso/lib/josso-tomcat55-plugin-1.5.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Modified:
branches/2_6_CAS_Integration/identity/src/main/org/jboss/portal/identity/auth/CASAuthenticationService.java
===================================================================
---
branches/2_6_CAS_Integration/identity/src/main/org/jboss/portal/identity/auth/CASAuthenticationService.java 2007-08-22
17:39:30 UTC (rev 8037)
+++
branches/2_6_CAS_Integration/identity/src/main/org/jboss/portal/identity/auth/CASAuthenticationService.java 2007-08-22
19:57:38 UTC (rev 8038)
@@ -109,14 +109,16 @@
*/
public boolean authenticate(String username, String password)
{
+ Session session = null;
+ Transaction tx = null;
try
{
boolean status = false;
InitialContext initialContext = new InitialContext();
SessionFactory sessionFactory =
(SessionFactory)initialContext.lookup("java:/portal/IdentitySessionFactory");
- Session session = sessionFactory.openSession();
- Transaction tx = session.beginTransaction();
+ session = sessionFactory.openSession();
+ tx = session.beginTransaction();
User user = this.userModule.findUserByUserName(username);
if(user != null)
@@ -149,10 +151,7 @@
status = user.validatePassword(password);
}
}
-
- tx.commit();
- session.close();
-
+
return status;
}
catch(Exception e)
@@ -160,5 +159,10 @@
log.error(this, e);
return false;
}
+ finally
+ {
+ tx.commit();
+ session.close();
+ }
}
}
Added:
branches/2_6_CAS_Integration/identity/src/main/org/jboss/portal/identity/auth/JOSSOIdentityService.java
===================================================================
---
branches/2_6_CAS_Integration/identity/src/main/org/jboss/portal/identity/auth/JOSSOIdentityService.java
(rev 0)
+++
branches/2_6_CAS_Integration/identity/src/main/org/jboss/portal/identity/auth/JOSSOIdentityService.java 2007-08-22
19:57:38 UTC (rev 8038)
@@ -0,0 +1,45 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.portal.identity.auth;
+
+/*
+ * Created on May 24, 2007
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public interface JOSSOIdentityService extends AuthenticationService
+{
+ /**
+ *
+ * @param username
+ * @return
+ */
+ public String[] getUserRoles(String username);
+
+ /**
+ *
+ * @param username
+ * @return
+ */
+ public boolean exists(String username);
+}
Added:
branches/2_6_CAS_Integration/identity/src/main/org/jboss/portal/identity/auth/JOSSOIdentityServiceImpl.java
===================================================================
---
branches/2_6_CAS_Integration/identity/src/main/org/jboss/portal/identity/auth/JOSSOIdentityServiceImpl.java
(rev 0)
+++
branches/2_6_CAS_Integration/identity/src/main/org/jboss/portal/identity/auth/JOSSOIdentityServiceImpl.java 2007-08-22
19:57:38 UTC (rev 8038)
@@ -0,0 +1,212 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.portal.identity.auth;
+
+import java.util.Iterator;
+import java.util.Set;
+
+import javax.naming.InitialContext;
+
+import org.apache.log4j.Logger;
+
+import org.hibernate.SessionFactory;
+import org.hibernate.Session;
+import org.hibernate.Transaction;
+
+import org.jboss.portal.identity.Role;
+import org.jboss.portal.identity.UserModule;
+import org.jboss.portal.identity.UserProfileModule;
+import org.jboss.portal.identity.MembershipModule;
+import org.jboss.portal.identity.User;
+
+/*
+ * Created on May 24, 2007
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public class JOSSOIdentityServiceImpl implements JOSSOIdentityService
+{
+ private static Logger log = Logger.getLogger(JOSSOIdentityServiceImpl.class);
+
+ private UserModule userModule = null;
+ private UserProfileModule profileModule = null;
+ private MembershipModule membershipModule = null;
+
+ /**
+ *
+ *
+ */
+ public void start()
+ {
+ try
+ {
+ InitialContext initialContext = new InitialContext();
+
+ this.userModule =
(UserModule)initialContext.lookup("java:/portal/UserModule");
+ this.profileModule =
(UserProfileModule)initialContext.lookup("java:/portal/UserProfileModule");
+ this.membershipModule =
(MembershipModule)initialContext.lookup("java:/portal/MembershipModule");
+ }
+ catch(Exception e)
+ {
+ log.error(this, e);
+ this.stop();
+ }
+ }
+
+ /**
+ *
+ *
+ */
+ public void stop()
+ {
+ this.userModule = null;
+ this.profileModule = null;
+ this.membershipModule = null;
+ }
+
+ /**
+ *
+ * @param username
+ * @return
+ */
+ public String[] getUserRoles(String username)
+ {
+ Session session = null;
+ Transaction tx = null;
+ try
+ {
+ String[] userRoles = null;
+
+ InitialContext initialContext = new InitialContext();
+ SessionFactory sessionFactory =
(SessionFactory)initialContext.lookup("java:/portal/IdentitySessionFactory");
+ session = sessionFactory.openSession();
+ tx = session.beginTransaction();
+
+ User user = this.userModule.findUserByUserName(username);
+ if(user != null && user.getUserName().trim().equals(username.trim()))
+ {
+ Set roles = this.membershipModule.getRoles(user);
+ userRoles = new String[roles.size()+1];
+ userRoles[0] = "Authenticated";
+ int index = 1;
+ for(Iterator itr=roles.iterator();itr.hasNext();)
+ {
+ Role role = (Role)itr.next();
+ userRoles[index++] = role.getName();
+ }
+ }
+
+ return userRoles;
+ }
+ catch(Exception e)
+ {
+ log.error(this, e);
+ throw new RuntimeException(e);
+ }
+ finally
+ {
+ tx.commit();
+ session.close();
+ }
+ }
+
+ /**
+ *
+ * @param username
+ * @return
+ */
+ public boolean exists(String username)
+ {
+ Session session = null;
+ Transaction tx = null;
+ try
+ {
+ boolean exists = false;
+
+ InitialContext initialContext = new InitialContext();
+ SessionFactory sessionFactory =
(SessionFactory)initialContext.lookup("java:/portal/IdentitySessionFactory");
+ session = sessionFactory.openSession();
+ tx = session.beginTransaction();
+
+ User user = this.userModule.findUserByUserName(username);
+ if(user != null && user.getUserName().trim().equals(username.trim()))
+ {
+ exists = true;
+ }
+
+ return exists;
+ }
+ catch(Exception e)
+ {
+ log.error(this, e);
+ throw new RuntimeException(e);
+ }
+ finally
+ {
+ tx.commit();
+ session.close();
+ }
+ }
+
+ /**
+ *
+ */
+ public boolean authenticate(String username, String password)
+ {
+ Session session = null;
+ Transaction tx = null;
+ try
+ {
+ boolean status = false;
+
+ InitialContext initialContext = new InitialContext();
+ SessionFactory sessionFactory =
(SessionFactory)initialContext.lookup("java:/portal/IdentitySessionFactory");
+ session = sessionFactory.openSession();
+ tx = session.beginTransaction();
+
+ User user = this.userModule.findUserByUserName(username);
+ if(user != null)
+ {
+ //Check and make sure the user account is enabled
+ Boolean enabled = (Boolean)this.profileModule.getProperty(user,
User.INFO_USER_ENABLED);
+ if(enabled != null || enabled.booleanValue())
+ {
+ //Now perform validation
+ status = user.validatePassword(password);
+ }
+ }
+
+ return status;
+ }
+ catch(Exception e)
+ {
+ log.error(this, e);
+ return false;
+ }
+ finally
+ {
+ tx.commit();
+ session.close();
+ }
+ }
+}
Added:
branches/2_6_CAS_Integration/identity/src/main/org/jboss/portal/identity/auth/JOSSOIdentityStore.java
===================================================================
---
branches/2_6_CAS_Integration/identity/src/main/org/jboss/portal/identity/auth/JOSSOIdentityStore.java
(rev 0)
+++
branches/2_6_CAS_Integration/identity/src/main/org/jboss/portal/identity/auth/JOSSOIdentityStore.java 2007-08-22
19:57:38 UTC (rev 8038)
@@ -0,0 +1,190 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.portal.identity.auth;
+
+import javax.management.MBeanServer;
+import javax.management.ObjectName;
+
+import org.apache.log4j.Logger;
+
+import org.jboss.mx.util.MBeanProxy;
+import org.jboss.mx.util.MBeanServerLocator;
+import org.josso.gateway.SSONameValuePair;
+import org.josso.gateway.identity.exceptions.NoSuchUserException;
+import org.josso.gateway.identity.exceptions.SSOIdentityException;
+import org.josso.gateway.identity.service.BaseRole;
+import org.josso.gateway.identity.service.BaseRoleImpl;
+import org.josso.gateway.identity.service.BaseUser;
+import org.josso.gateway.identity.service.BaseUserImpl;
+import org.josso.gateway.identity.service.store.IdentityStore;
+import org.josso.gateway.identity.service.store.UserKey;
+import org.josso.gateway.identity.service.store.SimpleUserKey;
+import org.josso.auth.Credential;
+import org.josso.auth.CredentialKey;
+import org.josso.auth.BindableCredentialStore;
+import org.josso.auth.exceptions.SSOAuthenticationException;
+import org.josso.auth.scheme.AuthenticationScheme;
+import org.josso.auth.scheme.UsernameCredential;
+import org.josso.auth.scheme.PasswordCredential;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ *
+ */
+public class JOSSOIdentityStore implements IdentityStore, BindableCredentialStore
+{
+ /**
+ *
+ */
+ private static Logger log = Logger.getLogger(JOSSOIdentityStore.class);
+
+ /**
+ *
+ */
+ private AuthenticationScheme authenticationScheme = null;
+
+ /**
+ *
+ */
+ private JOSSOIdentityService portalIdentityService = null;
+
+
+ /**
+ *
+ *
+ */
+ public JOSSOIdentityStore()
+ {
+ try
+ {
+ MBeanServer mbeanServer = MBeanServerLocator.locateJBoss();
+ this.portalIdentityService = (JOSSOIdentityService)
+ MBeanProxy.get(JOSSOIdentityService.class,new
ObjectName("portal:service=Module,type=JOSSOIdentityService"),mbeanServer);
+ }
+ catch(Exception e)
+ {
+ this.authenticationScheme = null;
+ this.portalIdentityService = null;
+
+ log.error(this, e);
+ throw new RuntimeException("JOSSOIdentityStore registration
failed....");
+ }
+ }
+ //-----IdentityStore
implementation--------------------------------------------------------------------------------------------------
+ /**
+ *
+ */
+ public BaseRole[] findRolesByUserKey(UserKey userKey)
+ throws SSOIdentityException
+ {
+ if(this.portalIdentityService == null)
+ {
+ throw new IllegalStateException("JOSSOIdentityStore not properly registered
with the JOSSO system..");
+ }
+
+ //Get the role information from the Portal Identity System
+ String[] userRoles = this.portalIdentityService.getUserRoles(userKey.toString());
+
+ //Map the Portal Identity information to JOSSO Identity information
+ BaseRole[] roles = new BaseRole[userRoles.length];
+ for(int i=0; i<userRoles.length; i++)
+ {
+ roles[i] = new BaseRoleImpl(userRoles[i]);
+ }
+
+
+ return roles;
+ }
+
+ /**
+ *
+ */
+ public BaseUser loadUser(UserKey userKey) throws NoSuchUserException,
+ SSOIdentityException
+ {
+ if(this.portalIdentityService == null)
+ {
+ throw new IllegalStateException("JOSSOIdentityStore not properly registered
with the JOSSO system..");
+ }
+
+ //Map the Portal Identity to JOSSO Identity
+ BaseUser user = new BaseUserImpl();
+ user.setName(userKey.toString());
+ user.addProperty("password", "");
+
+ return user;
+ }
+
+ /**
+ *
+ */
+ public boolean userExists(UserKey userKey) throws SSOIdentityException
+ {
+ if(this.portalIdentityService == null)
+ {
+ throw new IllegalStateException("JOSSOIdentityStore not properly registered
with the JOSSO system..");
+ }
+
+ return this.portalIdentityService.exists(userKey.toString());
+ }
+ //---------BindableCredentialStore
implementation---------------------------------------------------------------------------------------------
+ /**
+ *
+ */
+ public Credential[] loadCredentials(CredentialKey credentialKey) throws
SSOIdentityException
+ {
+ if(this.portalIdentityService == null)
+ {
+ throw new IllegalStateException("JOSSOIdentityStore not properly registered
with the JOSSO system..");
+ }
+
+ //Get the User corresponding to this credentialKey
+ BaseUser user = this.loadUser((SimpleUserKey)credentialKey);
+ SSONameValuePair[] properties = user.getProperties();
+ String password = properties[0].getValue();
+
+ return new Credential[]{new UsernameCredential(user.getName()), new
PasswordCredential(password)};
+ }
+
+ /**
+ *
+ */
+ public boolean bind(String username, String password) throws
SSOAuthenticationException
+ {
+ return this.portalIdentityService.authenticate(username, password);
+ }
+
+
+ /**
+ *
+ */
+ public void setAuthenticationScheme(AuthenticationScheme authenticationScheme)
+ {
+ if(this.portalIdentityService == null)
+ {
+ throw new IllegalStateException("JOSSOIdentityStore not properly registered
with the JOSSO system..");
+ }
+
+ this.authenticationScheme = authenticationScheme;
+ }
+}
Added:
branches/2_6_CAS_Integration/identity/src/main/org/jboss/portal/identity/auth/JOSSOLoginModule.java
===================================================================
---
branches/2_6_CAS_Integration/identity/src/main/org/jboss/portal/identity/auth/JOSSOLoginModule.java
(rev 0)
+++
branches/2_6_CAS_Integration/identity/src/main/org/jboss/portal/identity/auth/JOSSOLoginModule.java 2007-08-22
19:57:38 UTC (rev 8038)
@@ -0,0 +1,213 @@
+/*
+ * Copyright (c) 2004-2006, Novascope S.A. and the JOSSO team
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or
+ * without modification, are permitted provided that the following
+ * conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * * Neither the name of the JOSSO team nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+ * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+package org.jboss.portal.identity.auth;
+
+import org.apache.log4j.Logger;
+import org.josso.gateway.identity.SSORole;
+import org.josso.gateway.identity.SSOUser;
+import org.josso.gateway.identity.service.BaseRoleImpl;
+import org.josso.gateway.identity.service.BaseUserImpl;
+import org.josso.tc55.agent.jaas.SSOGatewayLoginModule;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginException;
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * SSOGatewayLogin Module for JBoss.
+ * <p>
+ * It specialized the SSOGatewayLoginModule by associating an additional
+ * group called ("Roles") which contains user roles.
+ * The original SSOGatewayLoginModule associates the user and its roles directly
+ * as Subject's Principals. This won't work in JBoss since it obtains user roles
+ * from a special Group that must be called "Roles".
+ * This LoginModule adds this special group, adds the roles as members of it and
+ * associates such group to the Subject as built by the SSOGatewayLoginModule.
+ * <p>
+ * To configure this JAAS Login Module module, add to the
+ * $JBOSS_HOME/server/default/conf/login-config.xml file the following entry :
+ * <p>
+<pre>
+<policy>
+ <!-- Used by JOSSO Agents for authenticating users against the Gateway
-->
+ <application-policy name = "josso">
+ <authentication>
+ <login-module code =
"org.josso.jb32.agent.JBossSSOGatewayLoginModule"
+ flag = "required">
+ <module-option
name="debug">true</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+ ...
+ </policy>
+</pre>
+ *
+ * @author <a href="mailto:gbrigand@josso.org">Gianluca
Brigandi</a>
+ * @version CVS $Id: JBossSSOGatewayLoginModule.java 338 2006-02-09 16:53:07Z sgonzalez
$
+ */
+
+public class JOSSOLoginModule extends SSOGatewayLoginModule {
+
+ private static final Logger logger = Logger.getLogger(JOSSOLoginModule .class);
+
+ private Subject _savedSubject;
+
+ /** the principal to use when user is not authenticated **/
+ protected SSOUser _unauthenticatedIdentity;
+
+
+ /**
+ * Initialize this LoginModule .
+ * Save the received Subject to change it when commit() gets invoked.
+ *
+ * @param subject the Subject to be authenticated.
+ *
+ * @param callbackHandler a CallbackHandler for communicating
+ * with the end user (prompting for user names and
+ * passwords, for example).
+ *
+ * @param sharedState shared LoginModule state.
+ *
+ * @param options options specified in the login Configuration
+ * for this particular LoginModule.
+ */
+ public void initialize(Subject subject, CallbackHandler callbackHandler,
+ Map sharedState, Map options) {
+
+ _savedSubject = subject;
+ super.initialize(subject, callbackHandler, sharedState, options);
+ // Check for unauthenticatedIdentity option.
+ String name = (String) options.get("unauthenticatedIdentity");
+ if( name != null )
+ {
+ try
+ {
+ _unauthenticatedIdentity = createIdentity(name);
+ logger.debug("Saw unauthenticatedIdentity="+name);
+ }
+ catch(Exception e)
+ {
+ logger.warn("Failed to create custom unauthenticatedIdentity",
e);
+ }
+ }
+ }
+
+ /**
+ * This method supports the unauthenticatedIdentity property used by JBoss.
+ */
+ public boolean login() throws LoginException {
+
+ if (!super.login()) {
+ // We have an unauthenticated user, use configured Principal
+ if (_unauthenticatedIdentity != null) {
+ logger.debug("Authenticated as unauthenticatedIdentity : " +
_unauthenticatedIdentity);
+ _ssoUserPrincipal = _unauthenticatedIdentity;
+ _succeeded = true;
+ return true;
+ }
+ }
+
+ return true;
+ }
+
+ /*
+ * This method is called if the LoginContext's overall authentication succeeded.
+ *
+ * The Subject saved in the previously executed initialize() method, is modified
+ * by adding a new special Group called "Roles" whose members are the SSO
user roles.
+ * JBoss will fetch user roles by examining such group.
+ *
+ * @exception LoginException if the commit fails.
+ *
+ * @return true if this LoginModule's own login and commit
+ * attempts succeeded, or false otherwise.
+ */
+ public boolean commit() throws LoginException {
+ boolean rc = false;
+ // HashMap setsMap = new HashMap();
+
+ rc = super.commit();
+
+ Set ssoRolePrincipals = _savedSubject.getPrincipals(SSORole.class);
+ Group targetGrp = new BaseRoleImpl("Roles");
+ Iterator i = ssoRolePrincipals.iterator();
+ Set cour = new java.util.HashSet();
+ while (i.hasNext()) {
+ Principal p = (Principal)i.next();
+
+ targetGrp.addMember(p); // Add user role to "Roles" group
+
+ //super hack to make the Subject work properly with the Portal Authorization
Engine
+ ((BaseRoleImpl)p).addMember(this.createIdentity(p.getName()));
+ }
+ // Add the "Roles" group to the Subject so that JBoss can fetch user
roles.
+ _savedSubject.getPrincipals().removeAll(ssoRolePrincipals);
+ _savedSubject.getPrincipals().add(targetGrp);
+
+ /*Set ssoUserPrincipals = _savedSubject.getPrincipals(SSOUser.class);
+ Group callerPrincipal = new BaseRoleImpl("CallerPrincipal");
+ Iterator j = ssoUserPrincipals.iterator();
+ if (j.hasNext()) {
+ Principal user = (Principal) j.next();
+ callerPrincipal.addMember(user);
+ }
+
+ // Add the "CallerPrincipal" group to the Subject so that JBoss can
fetch user.
+ _savedSubject.getPrincipals().add(callerPrincipal);*/
+
+ return rc;
+ }
+
+ protected SSOUser createIdentity(String username) {
+ return new BaseUserImpl(username);
+ }
+
+ protected SSORole[] getRoleSets() throws LoginException {
+ if (_ssoUserPrincipal == _unauthenticatedIdentity) {
+ // Using unauthenticatedIdentity ..
+ if(logger.isDebugEnabled())
+ logger.debug("Using unauthenticatedIdentity " +
_ssoUserPrincipal + ", returning no roles.");
+
+ return new SSORole[0];
+ }
+ return super.getRoleSets();
+ }
+
+}
Added:
branches/2_6_CAS_Integration/identity/src/main/org/jboss/portal/identity/auth/JOSSOLogoutValve.java
===================================================================
---
branches/2_6_CAS_Integration/identity/src/main/org/jboss/portal/identity/auth/JOSSOLogoutValve.java
(rev 0)
+++
branches/2_6_CAS_Integration/identity/src/main/org/jboss/portal/identity/auth/JOSSOLogoutValve.java 2007-08-22
19:57:38 UTC (rev 8038)
@@ -0,0 +1,122 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.portal.identity.auth;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.Cookie;
+
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.apache.catalina.valves.ValveBase;
+
+/*
+ * Created on May 23, 2007
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public class JOSSOLogoutValve extends ValveBase
+{
+ /**
+ *
+ */
+ public void invoke(Request request, Response response) throws IOException,
+ ServletException
+ {
+ HttpServletRequest httpRequest = (HttpServletRequest) request;
+
+ Cookie jossoPortalCookie = this.findJOSSOPortalLogoutCookie(httpRequest);
+ if(jossoPortalCookie != null)
+ {
+ String referer = jossoPortalCookie.getValue();
+
+ if(referer != null && referer.trim().length() > 0)
+ {
+ //Delete this cookie
+ jossoPortalCookie = new Cookie("JOSSO_PORTAL_LOGOUT",
"");
+ jossoPortalCookie.setMaxAge(0); //setting the value to 0 should delete this
cookie from the browser
+ response.addCookie(jossoPortalCookie);
+
+ //This form of redirect is needed instead of sendRedirect
+ //otherwise the JBOSS_PORTAL_LOGOUT cookie cleanup does not happen
+ StringBuffer buffer = new StringBuffer();
+ buffer.append("<html>"+"\n");
+ buffer.append("<head>"+"\n");
+ buffer.append("</head>"+"\n");
+ buffer.append("<body
onload=\"setTimeout('document.form1.submit()',1000);\">"+"\n");
+ buffer.append("<form name=\"form1\"
action=\""+referer+"\"
method=\"post\">"+"\n");
+ buffer.append("</form>"+"\n");
+ buffer.append("</body>"+"\n");
+ buffer.append("</html>"+"\n");
+
+ response.getOutputStream().write(buffer.toString().getBytes());
+ response.getOutputStream().flush();
+
+ return;
+ }
+ }
+
+ // continue processing the request
+ this.getNext().invoke(request, response);
+
+ if(httpRequest.getRequestURI().endsWith("/signout"))
+ {
+ String jossoLogout = httpRequest.getContextPath() +
org.josso.agent.Constants.JOSSO_LOGOUT_URI;
+
+ Cookie cookie = new
Cookie("JOSSO_PORTAL_LOGOUT",httpRequest.getHeader("Referer"));
+ cookie.setMaxAge(-1); //setting the value so that cookie expires when broser is
closed
+ response.addCookie(cookie);
+
+ response.sendRedirect(jossoLogout);
+ }
+ }
+
+ /**
+ *
+ * @param request
+ * @return
+ */
+ private Cookie findJOSSOPortalLogoutCookie(HttpServletRequest request)
+ {
+ Cookie cookie = null;
+
+ Cookie[] cookies = request.getCookies();
+ if(cookies != null)
+ {
+ for(int i=0; i<cookies.length; i++)
+ {
+ Cookie cour = cookies[i];
+
+ if(cour.getName().equals("JOSSO_PORTAL_LOGOUT"))
+ {
+ cookie = cour;
+ break;
+ }
+ }
+ }
+
+ return cookie;
+ }
+}
Property changes on: branches/2_6_CAS_Integration/thirdparty
___________________________________________________________________
Name: svn:ignore
+ antlr
apache-ant
apache-codec
apache-collections
apache-fileupload
apache-httpclient
apache-lang
*