Author: sohil.shah(a)jboss.com
Date: 2009-11-17 09:32:16 -0500 (Tue, 17 Nov 2009)
New Revision: 13836
Added:
jbossexo/modules/sso/trunk/agent/src/main/config/jboss/
jbossexo/modules/sso/trunk/agent/src/main/config/jboss/server/
jbossexo/modules/sso/trunk/agent/src/main/config/jboss/server/default/
jbossexo/modules/sso/trunk/agent/src/main/config/jboss/server/default/conf/
jbossexo/modules/sso/trunk/agent/src/main/config/jboss/server/default/conf/login-config.xml
jbossexo/modules/sso/trunk/agent/src/main/java/org/gatein/sso/agent/cas/
jbossexo/modules/sso/trunk/agent/src/main/java/org/gatein/sso/agent/cas/CASAgent.java
jbossexo/modules/sso/trunk/agent/src/main/java/org/gatein/sso/agent/login/
jbossexo/modules/sso/trunk/agent/src/main/java/org/gatein/sso/agent/login/SSOLoginModule.java
Modified:
jbossexo/modules/sso/trunk/.classpath
jbossexo/modules/sso/trunk/agent/pom.xml
jbossexo/modules/sso/trunk/agent/src/main/java/org/gatein/sso/agent/GenericSSOAgent.java
jbossexo/modules/sso/trunk/auth-callback/src/main/java/org/gatein/sso/authentication/callback/AuthenticationHandler.java
jbossexo/modules/sso/trunk/pom.xml
Log:
CAS end-to-end
Modified: jbossexo/modules/sso/trunk/.classpath
===================================================================
--- jbossexo/modules/sso/trunk/.classpath 2009-11-17 09:09:00 UTC (rev 13835)
+++ jbossexo/modules/sso/trunk/.classpath 2009-11-17 14:32:16 UTC (rev 13836)
@@ -11,10 +11,7 @@
<classpathentry kind="con"
path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
<classpathentry kind="var"
path="M2_REPO/org/jasig/cas/cas-server-core/3.3.4/cas-server-core-3.3.4.jar"
sourcepath="M2_REPO/org/jasig/cas/cas-server-core/3.3.4/cas-server-core-3.3.4-sources.jar"/>
<classpathentry kind="var"
path="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14.jar"
sourcepath="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14-sources.jar"/>
- <classpathentry kind="var"
path="M2_REPO/org/exoplatform/ws/exo.ws.rest.core/2.1.0-Beta02/exo.ws.rest.core-2.1.0-Beta02.jar"
sourcepath="M2_REPO/org/exoplatform/ws/exo.ws.rest.core/2.1.0-Beta02/exo.ws.rest.core-2.1.0-Beta02-sources.jar"/>
- <classpathentry kind="var"
path="M2_REPO/org/exoplatform/core/exo.core.component.security.core/2.3.0-Beta02/exo.core.component.security.core-2.3.0-Beta02.jar"
sourcepath="M2_REPO/org/exoplatform/core/exo.core.component.security.core/2.3.0-Beta02/exo.core.component.security.core-2.3.0-Beta02-sources.jar"/>
- <classpathentry kind="var"
path="M2_REPO/org/exoplatform/kernel/exo.kernel.container/2.2.0-Beta02/exo.kernel.container-2.2.0-Beta02.jar"
sourcepath="M2_REPO/org/exoplatform/kernel/exo.kernel.container/2.2.0-Beta02/exo.kernel.container-2.2.0-Beta02-sources.jar"/>
- <classpathentry kind="var"
path="M2_REPO/org/exoplatform/portal/exo.portal.component.web/3.0.0-CR01-SNAPSHOT/exo.portal.component.web-3.0.0-CR01-SNAPSHOT.jar"
sourcepath="M2_REPO/org/exoplatform/portal/exo.portal.component.web/3.0.0-CR01-SNAPSHOT/exo.portal.component.web-3.0.0-CR01-SNAPSHOT-sources.jar"/>
+
<classpathentry kind="var"
path="M2_REPO/javax/ws/rs/jsr311-api/1.0/jsr311-api-1.0.jar"
sourcepath="M2_REPO/javax/ws/rs/jsr311-api/1.0/jsr311-api-1.0-sources.jar"/>
<classpathentry kind="var"
path="M2_REPO/picocontainer/picocontainer/1.1/picocontainer-1.1.jar"/>
<classpathentry kind="var"
path="M2_REPO/commons-httpclient/commons-httpclient/3.1/commons-httpclient-3.1.jar"/>
@@ -24,12 +21,36 @@
<classpathentry kind="var"
path="M2_REPO/org/jasig/cas/cas-client-core/3.1.9/cas-client-core-3.1.9.jar"/>
<classpathentry kind="var"
path="M2_REPO/org/josso/josso-basic-authscheme/1.8.1/josso-basic-authscheme-1.8.1.jar"/>
<classpathentry kind="var"
path="M2_REPO/org/josso/josso-agent/1.8.1/josso-agent-1.8.1.jar"/>
- <classpathentry kind="var"
path="M2_REPO/org/josso/josso-agent-shared/1.8.1/josso-agent-shared-1.8.1.jar"/>
- <classpathentry kind="var"
path="M2_REPO/org/josso/josso-common/1.8.1/josso-common-1.8.1.jar"/>
- <classpathentry kind="var"
path="M2_REPO/org/josso/josso-core/1.8.1/josso-core-1.8.1.jar"/>
- <classpathentry kind="var"
path="M2_REPO/org/josso/josso-protocol-client/1.8.1/josso-protocol-client-1.8.1.jar"/>
- <classpathentry kind="var"
path="M2_REPO/org/josso/josso-servlet-agent/1.8.1/josso-servlet-agent-1.8.1.jar"/>
- <classpathentry kind="var"
path="M2_REPO/org/josso/josso-ws/1.8.1/josso-ws-1.8.1.jar"/>
+ <classpathentry kind="var"
path="M2_REPO/org/josso/josso-agent-shared/1.8.1/josso-agent-shared-1.8.1.jar"/>
+ <classpathentry kind="var"
path="M2_REPO/org/josso/josso-common/1.8.1/josso-common-1.8.1.jar"/>
+ <classpathentry kind="var"
path="M2_REPO/org/josso/josso-core/1.8.1/josso-core-1.8.1.jar"/>
+ <classpathentry kind="var"
path="M2_REPO/org/josso/josso-protocol-client/1.8.1/josso-protocol-client-1.8.1.jar"/>
+ <classpathentry kind="var"
path="M2_REPO/org/josso/josso-servlet-agent/1.8.1/josso-servlet-agent-1.8.1.jar"/>
+ <classpathentry kind="var"
path="M2_REPO/org/josso/josso-ws/1.8.1/josso-ws-1.8.1.jar"/>
+
+ <classpathentry kind="var"
path="M2_REPO/org/exoplatform/core/exo.core.component.database/2.3.0-Beta02/exo.core.component.database-2.3.0-Beta02.jar"
sourcepath="M2_REPO/org/exoplatform/core/exo.core.component.database/2.3.0-Beta02/exo.core.component.database-2.3.0-Beta02-sources.jar"/>
+ <classpathentry kind="var"
path="M2_REPO/org/exoplatform/core/exo.core.component.document/2.3.0-Beta02/exo.core.component.document-2.3.0-Beta02.jar"
sourcepath="M2_REPO/org/exoplatform/core/exo.core.component.document/2.3.0-Beta02/exo.core.component.document-2.3.0-Beta02-sources.jar"/>
+ <classpathentry kind="var"
path="M2_REPO/org/exoplatform/core/exo.core.component.organization.api/2.3.0-Beta02/exo.core.component.organization.api-2.3.0-Beta02.jar"
sourcepath="M2_REPO/org/exoplatform/core/exo.core.component.organization.api/2.3.0-Beta02/exo.core.component.organization.api-2.3.0-Beta02-sources.jar"/>
+ <classpathentry kind="var"
path="M2_REPO/org/exoplatform/core/exo.core.component.script.groovy/2.3.0-Beta02/exo.core.component.script.groovy-2.3.0-Beta02.jar"
sourcepath="M2_REPO/org/exoplatform/core/exo.core.component.script.groovy/2.3.0-Beta02/exo.core.component.script.groovy-2.3.0-Beta02-sources.jar"/>
+ <classpathentry kind="var"
path="M2_REPO/org/exoplatform/core/exo.core.component.security.core/2.3.0-Beta02/exo.core.component.security.core-2.3.0-Beta02.jar"
sourcepath="M2_REPO/org/exoplatform/core/exo.core.component.security.core/2.3.0-Beta02/exo.core.component.security.core-2.3.0-Beta02-sources.jar"/>
+ <classpathentry kind="var"
path="M2_REPO/org/exoplatform/core/exo.core.component.xml-processing/2.3.0-Beta02/exo.core.component.xml-processing-2.3.0-Beta02.jar"
sourcepath="M2_REPO/org/exoplatform/core/exo.core.component.xml-processing/2.3.0-Beta02/exo.core.component.xml-processing-2.3.0-Beta02-sources.jar"/>
+ <classpathentry kind="var"
path="M2_REPO/org/exoplatform/jcr/exo.jcr.component.core/1.12.0-Beta02/exo.jcr.component.core-1.12.0-Beta02.jar"
sourcepath="M2_REPO/org/exoplatform/jcr/exo.jcr.component.core/1.12.0-Beta02/exo.jcr.component.core-1.12.0-Beta02-sources.jar"/>
+ <classpathentry kind="var"
path="M2_REPO/org/exoplatform/jcr/exo.jcr.component.ext/1.12.0-Beta02/exo.jcr.component.ext-1.12.0-Beta02.jar"
sourcepath="M2_REPO/org/exoplatform/jcr/exo.jcr.component.ext/1.12.0-Beta02/exo.jcr.component.ext-1.12.0-Beta02-sources.jar"/>
+ <classpathentry kind="var"
path="M2_REPO/org/exoplatform/kernel/exo.kernel.commons/2.2.0-Beta02/exo.kernel.commons-2.2.0-Beta02.jar"
sourcepath="M2_REPO/org/exoplatform/kernel/exo.kernel.commons/2.2.0-Beta02/exo.kernel.commons-2.2.0-Beta02-sources.jar"/>
+ <classpathentry kind="var"
path="M2_REPO/org/exoplatform/kernel/exo.kernel.component.cache/2.2.0-Beta02/exo.kernel.component.cache-2.2.0-Beta02.jar"
sourcepath="M2_REPO/org/exoplatform/kernel/exo.kernel.component.cache/2.2.0-Beta02/exo.kernel.component.cache-2.2.0-Beta02-sources.jar"/>
+ <classpathentry kind="var"
path="M2_REPO/org/exoplatform/kernel/exo.kernel.component.command/2.2.0-Beta02/exo.kernel.component.command-2.2.0-Beta02.jar"
sourcepath="M2_REPO/org/exoplatform/kernel/exo.kernel.component.command/2.2.0-Beta02/exo.kernel.component.command-2.2.0-Beta02-sources.jar"/>
+ <classpathentry kind="var"
path="M2_REPO/org/exoplatform/kernel/exo.kernel.component.common/2.2.0-Beta02/exo.kernel.component.common-2.2.0-Beta02.jar"
sourcepath="M2_REPO/org/exoplatform/kernel/exo.kernel.component.common/2.2.0-Beta02/exo.kernel.component.common-2.2.0-Beta02-sources.jar"/>
+ <classpathentry kind="var"
path="M2_REPO/org/exoplatform/kernel/exo.kernel.component.remote/2.2.0-Beta02/exo.kernel.component.remote-2.2.0-Beta02.jar"
sourcepath="M2_REPO/org/exoplatform/kernel/exo.kernel.component.remote/2.2.0-Beta02/exo.kernel.component.remote-2.2.0-Beta02-sources.jar"/>
+ <classpathentry kind="var"
path="M2_REPO/org/exoplatform/kernel/exo.kernel.container/2.2.0-Beta02/exo.kernel.container-2.2.0-Beta02.jar"
sourcepath="M2_REPO/org/exoplatform/kernel/exo.kernel.container/2.2.0-Beta02/exo.kernel.container-2.2.0-Beta02-sources.jar"/>
+ <classpathentry kind="var"
path="M2_REPO/org/exoplatform/portal/exo.portal.component.common/3.0.0-CR01-SNAPSHOT/exo.portal.component.common-3.0.0-CR01-SNAPSHOT.jar"
sourcepath="M2_REPO/org/exoplatform/portal/exo.portal.component.common/3.0.0-CR01-SNAPSHOT/exo.portal.component.common-3.0.0-CR01-SNAPSHOT-sources.jar"/>
+ <classpathentry kind="var"
path="M2_REPO/org/exoplatform/portal/exo.portal.component.scripting/3.0.0-CR01-SNAPSHOT/exo.portal.component.scripting-3.0.0-CR01-SNAPSHOT.jar"
sourcepath="M2_REPO/org/exoplatform/portal/exo.portal.component.scripting/3.0.0-CR01-SNAPSHOT/exo.portal.component.scripting-3.0.0-CR01-SNAPSHOT-sources.jar"/>
+ <classpathentry kind="var"
path="M2_REPO/org/exoplatform/portal/exo.portal.component.web/3.0.0-CR01-SNAPSHOT/exo.portal.component.web-3.0.0-CR01-SNAPSHOT.jar"
sourcepath="M2_REPO/org/exoplatform/portal/exo.portal.component.web/3.0.0-CR01-SNAPSHOT/exo.portal.component.web-3.0.0-CR01-SNAPSHOT-sources.jar"/>
+ <classpathentry kind="var"
path="M2_REPO/org/exoplatform/portal/exo.portal.component.xml-parser/3.0.0-CR01-SNAPSHOT/exo.portal.component.xml-parser-3.0.0-CR01-SNAPSHOT.jar"
sourcepath="M2_REPO/org/exoplatform/portal/exo.portal.component.xml-parser/3.0.0-CR01-SNAPSHOT/exo.portal.component.xml-parser-3.0.0-CR01-SNAPSHOT-sources.jar"/>
+ <classpathentry kind="var"
path="M2_REPO/org/exoplatform/tool/exo.tool.framework.junit/1.2.0/exo.tool.framework.junit-1.2.0.jar"
sourcepath="M2_REPO/org/exoplatform/tool/exo.tool.framework.junit/1.2.0/exo.tool.framework.junit-1.2.0-sources.jar"/>
+ <classpathentry kind="var"
path="M2_REPO/org/exoplatform/ws/exo.ws.commons/2.1.0-Beta02/exo.ws.commons-2.1.0-Beta02.jar"
sourcepath="M2_REPO/org/exoplatform/ws/exo.ws.commons/2.1.0-Beta02/exo.ws.commons-2.1.0-Beta02-sources.jar"/>
+ <classpathentry kind="var"
path="M2_REPO/org/exoplatform/ws/exo.ws.frameworks.json/2.1.0-Beta02/exo.ws.frameworks.json-2.1.0-Beta02.jar"
sourcepath="M2_REPO/org/exoplatform/ws/exo.ws.frameworks.json/2.1.0-Beta02/exo.ws.frameworks.json-2.1.0-Beta02-sources.jar"/>
+ <classpathentry kind="var"
path="M2_REPO/org/exoplatform/ws/exo.ws.rest.core/2.1.0-Beta02/exo.ws.rest.core-2.1.0-Beta02.jar"
sourcepath="M2_REPO/org/exoplatform/ws/exo.ws.rest.core/2.1.0-Beta02/exo.ws.rest.core-2.1.0-Beta02-sources.jar"/>
+
<classpathentry kind="con"
path="org.eclipse.jdt.junit.JUNIT_CONTAINER/3"/>
<classpathentry kind="output" path="bin"/>
</classpath>
Modified: jbossexo/modules/sso/trunk/agent/pom.xml
===================================================================
--- jbossexo/modules/sso/trunk/agent/pom.xml 2009-11-17 09:09:00 UTC (rev 13835)
+++ jbossexo/modules/sso/trunk/agent/pom.xml 2009-11-17 14:32:16 UTC (rev 13836)
@@ -26,11 +26,16 @@
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
- </dependency>
+ </dependency>
+
<dependency>
<groupId>org.exoplatform.portal</groupId>
<artifactId>exo.portal.component.web</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.exoplatform.core</groupId>
+ <artifactId>exo.core.component.organization.api</artifactId>
+ </dependency>
<dependency>
<groupId>org.jasig.cas</groupId>
@@ -117,6 +122,10 @@
todir="${gatein.location}/deploy/gatein.ear"
overwrite="true"/>
+ <copy
file="${basedir}/src/main/config/jboss/server/default/conf/login-config.xml"
+ tofile="${gatein.location}/conf/login-config.xml"
+ overwrite="true"/>
+
<!-- Deploy the Authentication Callback RESTful service -->
<copy
file="${settings.localRepository}/org/gatein/sso/auth-callback/${project.version}/auth-callback-${project.version}.jar"
todir="${gatein.location}/deploy/gatein.ear/lib"
@@ -125,7 +134,12 @@
<!-- Deploy the SSO Agent -->
<copy
file="${settings.localRepository}/org/gatein/sso/agent/${project.version}/agent-${project.version}.jar"
todir="${gatein.location}/deploy/gatein.ear/lib"
- overwrite="true"/>
+ overwrite="true"/>
+
+ <!-- Deploy CAS Agent dependencies -->
+ <copy
file="${settings.localRepository}/org/jasig/cas/cas-client-core/${version.cas.client}/cas-client-core-${version.cas.client}.jar"
+ todir="${gatein.location}/deploy/gatein.ear/lib"
+ overwrite="true"/>
</tasks>
</configuration>
<goals>
Added:
jbossexo/modules/sso/trunk/agent/src/main/config/jboss/server/default/conf/login-config.xml
===================================================================
---
jbossexo/modules/sso/trunk/agent/src/main/config/jboss/server/default/conf/login-config.xml
(rev 0)
+++
jbossexo/modules/sso/trunk/agent/src/main/config/jboss/server/default/conf/login-config.xml 2009-11-17
14:32:16 UTC (rev 13836)
@@ -0,0 +1,200 @@
+<?xml version='1.0'?>
+<!--
+
+ Copyright (C) 2009 eXo Platform SAS.
+
+ This is free software; you can redistribute it and/or modify it
+ under the terms of the GNU Lesser General Public License as
+ published by the Free Software Foundation; either version 2.1 of
+ the License, or (at your option) any later version.
+
+ This software is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this software; if not, write to the Free
+ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+
+-->
+
+<!DOCTYPE policy PUBLIC
+ "-//JBoss//DTD JBOSS Security Config 3.0//EN"
+ "http://www.jboss.org/j2ee/dtd/security_config.dtd">
+
+<!-- The XML based JAAS login configuration read by the
+org.jboss.security.auth.login.XMLLoginConfig mbean. Add
+an application-policy element for each security domain.
+
+The outline of the application-policy is:
+<application-policy name="security-domain-name">
+ <authentication>
+ <login-module code="login.module1.class.name"
flag="control_flag">
+ <module-option name =
"option1-name">option1-value</module-option>
+ <module-option name =
"option2-name">option2-value</module-option>
+ ...
+ </login-module>
+
+ <login-module code="login.module2.class.name"
flag="control_flag">
+ ...
+ </login-module>
+ ...
+ </authentication>
+</application-policy>
+
+$Revision: 64598 $
+-->
+
+<policy>
+ <!-- Used by clients within the application server VM such as
+ mbeans and servlets that access EJBs.
+ -->
+ <application-policy name = "client-login">
+ <authentication>
+ <login-module code = "org.jboss.security.ClientLoginModule"
+ flag = "required">
+ <!-- Any existing security context will be restored on logout -->
+ <module-option
name="restore-login-identity">true</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!-- Security domain for JBossMQ -->
+ <application-policy name = "jbossmq">
+ <authentication>
+ <login-module code =
"org.jboss.security.auth.spi.DatabaseServerLoginModule"
+ flag = "required">
+ <module-option name =
"unauthenticatedIdentity">guest</module-option>
+ <module-option name =
"dsJndiName">java:/DefaultDS</module-option>
+ <module-option name = "principalsQuery">SELECT PASSWD FROM
JMS_USERS WHERE USERID=?</module-option>
+ <module-option name = "rolesQuery">SELECT ROLEID,
'Roles' FROM JMS_ROLES WHERE USERID=?</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!-- Security domain for JBossMQ when using file-state-service.xml
+ <application-policy name = "jbossmq">
+ <authentication>
+ <login-module code = "org.jboss.mq.sm.file.DynamicLoginModule"
+ flag = "required">
+ <module-option name =
"unauthenticatedIdentity">guest</module-option>
+ <module-option name =
"sm.objectname">jboss.mq:service=StateManager</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+ -->
+
+ <!-- Security domains for testing new jca framework -->
+ <application-policy name = "HsqlDbRealm">
+ <authentication>
+ <login-module code =
"org.jboss.resource.security.ConfiguredIdentityLoginModule"
+ flag = "required">
+ <module-option name = "principal">sa</module-option>
+ <module-option name = "userName">sa</module-option>
+ <module-option name = "password"></module-option>
+ <module-option name =
"managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <application-policy name = "JmsXARealm">
+ <authentication>
+ <login-module code =
"org.jboss.resource.security.ConfiguredIdentityLoginModule"
+ flag = "required">
+ <module-option name =
"principal">guest</module-option>
+ <module-option name =
"userName">guest</module-option>
+ <module-option name =
"password">guest</module-option>
+ <module-option name =
"managedConnectionFactoryName">jboss.jca:service=TxCM,name=JmsXA</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!-- A template configuration for the jmx-console web application. This
+ defaults to the UsersRolesLoginModule the same as other and should be
+ changed to a stronger authentication mechanism as required.
+ -->
+ <application-policy name = "jmx-console">
+ <authentication>
+ <login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
+ flag = "required">
+ <module-option
name="usersProperties">props/jmx-console-users.properties</module-option>
+ <module-option
name="rolesProperties">props/jmx-console-roles.properties</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!-- A template configuration for the web-console web application. This
+ defaults to the UsersRolesLoginModule the same as other and should be
+ changed to a stronger authentication mechanism as required.
+ -->
+ <application-policy name = "web-console">
+ <authentication>
+ <login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
+ flag = "required">
+ <module-option
name="usersProperties">web-console-users.properties</module-option>
+ <module-option
name="rolesProperties">web-console-roles.properties</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!--
+ A template configuration for the JBossWS security domain.
+ This defaults to the UsersRolesLoginModule the same as other and should be
+ changed to a stronger authentication mechanism as required.
+ -->
+ <application-policy name="JBossWS">
+ <authentication>
+ <login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
+ flag="required">
+ <module-option
name="usersProperties">props/jbossws-users.properties</module-option>
+ <module-option
name="rolesProperties">props/jbossws-roles.properties</module-option>
+ <module-option
name="unauthenticatedIdentity">anonymous</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!-- The default login configuration used by any security domain that
+ does not have a application-policy entry with a matching name
+ -->
+ <application-policy name = "other">
+ <!-- A simple server login module, which can be used when the number
+ of users is relatively small. It uses two properties files:
+ users.properties, which holds users (key) and their password (value).
+ roles.properties, which holds users (key) and a comma-separated list of
+ their roles (value).
+ The unauthenticatedIdentity property defines the name of the principal
+ that will be used when a null username and password are presented as is
+ the case for an unuathenticated web client or MDB. If you want to
+ allow such users to be authenticated add the property, e.g.,
+ unauthenticatedIdentity="nobody"
+ -->
+ <authentication>
+ <login-module code =
"org.jboss.security.auth.spi.UsersRolesLoginModule"
+ flag = "required" />
+ </authentication>
+ </application-policy>
+
+ <application-policy name="exo-domain">
+ <authentication>
+ <login-module code="org.gatein.sso.agent.login.SSOLoginModule"
flag="required"></login-module>
+ <login-module
code="org.exoplatform.services.security.j2ee.JbossLoginModule"
flag="required"></login-module>
+ </authentication>
+ </application-policy>
+
+ <application-policy name="exo-domain-sample-portal">
+ <authentication>
+ <login-module code="org.gatein.sso.agent.login.SSOLoginModule"
flag="required">
+ <module-option
name="portalContainerName">sample-portal</module-option>
+ <module-option
name="realmName">exo-domain-sample-portal</module-option>
+ </login-module>
+ <login-module
code="org.exoplatform.services.security.j2ee.JbossLoginModule"
flag="required">
+ <module-option
name="portalContainerName">sample-portal</module-option>
+ <module-option
name="realmName">exo-domain-sample-portal</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+</policy>
+
Modified:
jbossexo/modules/sso/trunk/agent/src/main/java/org/gatein/sso/agent/GenericSSOAgent.java
===================================================================
---
jbossexo/modules/sso/trunk/agent/src/main/java/org/gatein/sso/agent/GenericSSOAgent.java 2009-11-17
09:09:00 UTC (rev 13835)
+++
jbossexo/modules/sso/trunk/agent/src/main/java/org/gatein/sso/agent/GenericSSOAgent.java 2009-11-17
14:32:16 UTC (rev 13836)
@@ -30,9 +30,8 @@
import javax.servlet.http.HttpServletResponse;
import org.exoplatform.web.login.InitiateLoginServlet;
-import org.exoplatform.web.security.Credentials;
-import org.gatein.sso.agent.josso.JOSSOAgent;
+import org.gatein.sso.agent.cas.CASAgent;
/**
* @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
@@ -75,17 +74,11 @@
if (ticket != null && ticket.trim().length() > 0)
{
- Credentials credentials = new Credentials("root", ticket);
- httpRequest.getSession().setAttribute(InitiateLoginServlet.CREDENTIALS,
- credentials);
+ CASAgent.validateTicket(httpRequest, ticket);
}
else if (jossoAssertion != null && jossoAssertion.trim().length() > 0)
{
- Credentials credentials = new Credentials("root", jossoAssertion);
- httpRequest.getSession().setAttribute(InitiateLoginServlet.CREDENTIALS,
- credentials);
-
- JOSSOAgent.test(httpRequest,jossoAssertion);
+ //TODO: fix the JOSSO Agent. This will need to the new client side JOSSO stack that
can run on 5.1.0.GA
}
}
}
Added:
jbossexo/modules/sso/trunk/agent/src/main/java/org/gatein/sso/agent/cas/CASAgent.java
===================================================================
--- jbossexo/modules/sso/trunk/agent/src/main/java/org/gatein/sso/agent/cas/CASAgent.java
(rev 0)
+++
jbossexo/modules/sso/trunk/agent/src/main/java/org/gatein/sso/agent/cas/CASAgent.java 2009-11-17
14:32:16 UTC (rev 13836)
@@ -0,0 +1,59 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+*/
+package org.gatein.sso.agent.cas;
+
+import org.apache.log4j.Logger;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.jasig.cas.client.validation.Cas20ProxyTicketValidator;
+import org.jasig.cas.client.validation.Assertion;
+
+import org.exoplatform.web.security.Credentials;
+
+import org.gatein.sso.agent.GenericSSOAgent;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public class CASAgent
+{
+ private static Logger log = Logger.getLogger(CASAgent.class);
+
+ public static void validateTicket(HttpServletRequest httpRequest, String ticket) throws
Exception
+ {
+ Cas20ProxyTicketValidator ticketValidator = new
Cas20ProxyTicketValidator("http://localhost:8888/cas");
+ ticketValidator.setRenew(true);
+ Assertion assertion = ticketValidator.validate(ticket,
"http://localhost:8080/portal/private/classic");
+
+
log.info("------------------------------------------------------------------------------------");
+ log.info("Principal: "+assertion.getPrincipal().getName());
+
log.info("------------------------------------------------------------------------------------");
+
+
+ //Use empty password....it shouldn't be needed...this is a SSO login. The
password has
+ //already been presented with the SSO server. It should not be passed around for
+ //better security
+ Credentials credentials = new Credentials(assertion.getPrincipal().getName(),
"");
+ httpRequest.getSession().setAttribute(GenericSSOAgent.CREDENTIALS, credentials);
+ }
+}
Added:
jbossexo/modules/sso/trunk/agent/src/main/java/org/gatein/sso/agent/login/SSOLoginModule.java
===================================================================
---
jbossexo/modules/sso/trunk/agent/src/main/java/org/gatein/sso/agent/login/SSOLoginModule.java
(rev 0)
+++
jbossexo/modules/sso/trunk/agent/src/main/java/org/gatein/sso/agent/login/SSOLoginModule.java 2009-11-17
14:32:16 UTC (rev 13836)
@@ -0,0 +1,124 @@
+/*
+ * JBoss, a division of Red Hat
+ * Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.gatein.sso.agent.login;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.login.LoginException;
+
+import org.exoplatform.container.ExoContainer;
+import org.exoplatform.services.log.ExoLogger;
+import org.exoplatform.services.log.Log;
+import org.exoplatform.services.security.Authenticator;
+import org.exoplatform.services.security.Identity;
+import org.exoplatform.services.security.UsernameCredential;
+import org.exoplatform.services.security.jaas.AbstractLoginModule;
+import org.exoplatform.web.security.Credentials;
+import org.exoplatform.web.security.security.CookieTokenService;
+import org.exoplatform.web.security.security.TransientTokenService;
+
+/**
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+public final class SSOLoginModule extends AbstractLoginModule
+{
+ private static final Log LOG = ExoLogger.getLogger(SSOLoginModule.class
+ .getName());
+
+ protected Log getLogger()
+ {
+ return LOG;
+ }
+
+ public boolean login() throws LoginException
+ {
+ try
+ {
+ Callback[] callbacks = new Callback[2];
+ callbacks[0] = new NameCallback("Username");
+ callbacks[1] = new PasswordCallback("Password", false);
+ callbackHandler.handle(callbacks);
+
+ String password = new String(((PasswordCallback) callbacks[1])
+ .getPassword());
+
+ ExoContainer container = getContainer();
+ Object o = ((TransientTokenService) container
+ .getComponentInstanceOfType(TransientTokenService.class))
+ .validateToken(password, true);
+ if (o == null)
+ o = ((CookieTokenService) container
+ .getComponentInstanceOfType(CookieTokenService.class))
+ .validateToken(password, false);
+
+ String username = null;
+ if (o instanceof Credentials)
+ {
+ Credentials wc = (Credentials)o;
+ username = wc.getUsername();
+ }
+
+ if (username == null)
+ {
+ //SSO token could not be validated...hence a user id cannot be found
+ return false;
+ }
+
+
+ Authenticator authenticator = (Authenticator) getContainer()
+ .getComponentInstanceOfType(Authenticator.class);
+
+ if (authenticator == null)
+ throw new LoginException(
+ "No Authenticator component found, check your configuration");
+
+ Identity identity = authenticator.createIdentity(username);
+
+ sharedState.put("exo.security.identity", identity);
+ sharedState.put("javax.security.auth.login.name", username);
+
+ subject.getPublicCredentials().add(new UsernameCredential(username));
+
+ return true;
+ }
+ catch (final Throwable e)
+ {
+ throw new LoginException(e.getMessage());
+ }
+ }
+
+ public boolean logout() throws LoginException
+ {
+ return true;
+ }
+
+ public boolean abort() throws LoginException
+ {
+ return true;
+ }
+
+ public boolean commit() throws LoginException
+ {
+ return true;
+ }
+}
Modified:
jbossexo/modules/sso/trunk/auth-callback/src/main/java/org/gatein/sso/authentication/callback/AuthenticationHandler.java
===================================================================
---
jbossexo/modules/sso/trunk/auth-callback/src/main/java/org/gatein/sso/authentication/callback/AuthenticationHandler.java 2009-11-17
09:09:00 UTC (rev 13835)
+++
jbossexo/modules/sso/trunk/auth-callback/src/main/java/org/gatein/sso/authentication/callback/AuthenticationHandler.java 2009-11-17
14:32:16 UTC (rev 13836)
@@ -72,6 +72,8 @@
Credential[] credentials = new Credential[] { new UsernameCredential(username),
new PasswordCredential(password) };
+
+ log.info("Authenticator Class-----------"+authenticator);
try
{
Modified: jbossexo/modules/sso/trunk/pom.xml
===================================================================
--- jbossexo/modules/sso/trunk/pom.xml 2009-11-17 09:09:00 UTC (rev 13835)
+++ jbossexo/modules/sso/trunk/pom.xml 2009-11-17 14:32:16 UTC (rev 13836)
@@ -179,10 +179,16 @@
<version>${org.exoplatform.core.version}</version>
</dependency>
<dependency>
+ <groupId>org.exoplatform.core</groupId>
+ <artifactId>exo.core.component.organization.api</artifactId>
+ <version>${org.exoplatform.core.version}</version>
+ </dependency>
+ <dependency>
<groupId>org.exoplatform.portal</groupId>
<artifactId>exo.portal.component.web</artifactId>
<version>${org.exoplatform.portal.version}</version>
- </dependency>
+ </dependency>
+
<!-- servlet-api -->
<dependency>