[jboss-cvs] JBossAS SVN: r64313 - in projects/security/security-jboss-sx/trunk/src: tests/org/jboss/test/authentication/jaspi and 1 other directory.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Jul 26 14:22:47 EDT 2007
Author: anil.saldhana at jboss.com
Date: 2007-07-26 14:22:47 -0400 (Thu, 26 Jul 2007)
New Revision: 64313
Added:
projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/auth/container/modules/SecurityActions.java
Modified:
projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/auth/container/modules/AbstractServerAuthModule.java
projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/auth/container/modules/DelegatingServerAuthModule.java
projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/auth/container/modules/SimpleServerAuthModule.java
projects/security/security-jboss-sx/trunk/src/tests/org/jboss/test/authentication/jaspi/TestServerAuthModule.java
Log:
JASPI updates
Modified: projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/auth/container/modules/AbstractServerAuthModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/auth/container/modules/AbstractServerAuthModule.java 2007-07-26 15:50:58 UTC (rev 64312)
+++ projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/auth/container/modules/AbstractServerAuthModule.java 2007-07-26 18:22:47 UTC (rev 64313)
@@ -21,24 +21,34 @@
*/
package org.jboss.security.auth.container.modules;
+import java.util.ArrayList;
+import java.util.HashMap;
import java.util.Map;
+import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.MessageInfo;
import javax.security.auth.message.MessagePolicy;
import javax.security.auth.message.module.ServerAuthModule;
+import javax.security.auth.spi.LoginModule;
//$Id$
/**
* Superclass of all ServerAuthModules
* Can be a container for common functionality and custom methods
+ * <p>
+ * The ServerAuthModule can delegate to a login module passed
+ * via the module option "login-module-delegate"
+ * </p>
* @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
* @since Jan 9, 2006
* @version $Revision$
*/
public abstract class AbstractServerAuthModule implements ServerAuthModule
-{
+{
/**
* Call back handler
*/
@@ -49,6 +59,8 @@
protected MessagePolicy responsePolicy = null;
protected Map options = null;
+
+ protected ArrayList<Class> supportedTypes = new ArrayList<Class>();
/**
* @see ServerAuthModule#initialize(MessagePolicy, MessagePolicy, CallbackHandler, Map, boolean)
@@ -61,7 +73,63 @@
this.responsePolicy = responsePolicy;
this.callbackHandler = handler;
this.options = options;
+ }
+
+ public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException
+ {
+ //Clear out the principals and credentials
+ subject.getPrincipals().clear();
+ subject.getPublicCredentials().clear();
+ subject.getPrivateCredentials().clear();
+ }
+
+ /**
+ * This method delegates to a login module if configured in the module options.
+ * The sub classes will need to validate the request
+ */
+ public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject,
+ Subject serviceSubject)
+ throws AuthException
+ {
+ //Check whether we are in the supported types
+ if(supportedTypes.contains(messageInfo.getRequestMessage().getClass()))
+ {
+ String loginModuleName = (String) options.get("login-module-delegate");
+ if(loginModuleName != null)
+ {
+ ClassLoader tcl = SecurityActions.getContextClassloader();
+ try
+ {
+ Class clazz = tcl.loadClass(loginModuleName);
+ LoginModule lm = (LoginModule) clazz.newInstance();
+ lm.initialize(clientSubject, callbackHandler, new HashMap(), options);
+ lm.login();
+ lm.commit();
+ }
+ catch (Exception e)
+ {
+ throw new AuthException(e.getLocalizedMessage());
+ }
+ }
+ else
+ {
+ return validate() ? AuthStatus.SUCCESS : AuthStatus.FAILURE;
+ }
+ }
+
+ return AuthStatus.SUCCESS;
+ }
+
+ /**
+ * @see ServerAuthModule#getSupportedMessageTypes()
+ */
+ public Class[] getSupportedMessageTypes()
+ {
+ Class[] clsarr = new Class[this.supportedTypes.size()];
+ supportedTypes.toArray(clsarr);
+ return clsarr;
}
+
//Value Added Methods
public CallbackHandler getCallbackHandler()
@@ -73,4 +141,6 @@
{
this.callbackHandler = callbackHandler;
}
+
+ protected abstract boolean validate() throws AuthException;
}
Modified: projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/auth/container/modules/DelegatingServerAuthModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/auth/container/modules/DelegatingServerAuthModule.java 2007-07-26 15:50:58 UTC (rev 64312)
+++ projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/auth/container/modules/DelegatingServerAuthModule.java 2007-07-26 18:22:47 UTC (rev 64313)
@@ -28,8 +28,6 @@
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.MessageInfo;
-import org.jboss.security.SecurityConstants;
-
//$Id$
/**
@@ -63,22 +61,23 @@
public AuthStatus secureResponse(MessageInfo messageInfo, Subject arg1) throws AuthException
{
return null;
- }
-
- public AuthStatus validateRequest(MessageInfo messageInfo,
- Subject clientSubject, Subject serviceSubject) throws AuthException
- {
+ }
+
+ @Override
+ protected boolean validate() throws AuthException
+ {
try
{
- loginContext = new LoginContext(getSecurityDomainName());
+ loginContext = new LoginContext(getSecurityDomainName(), this.callbackHandler);
+ loginContext.login();
+ return true;
}
catch (LoginException e)
{
throw new AuthException(e.getLocalizedMessage());
- }
- return null;
- }
-
+ }
+ }
+
private String getSecurityDomainName()
{
//Check if it is passed in the options
Added: projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/auth/container/modules/SecurityActions.java
===================================================================
--- projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/auth/container/modules/SecurityActions.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/auth/container/modules/SecurityActions.java 2007-07-26 18:22:47 UTC (rev 64313)
@@ -0,0 +1,47 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.auth.container.modules;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+//$Id$
+
+/**
+ * Privileged Blocks
+ * @author Anil.Saldhana at redhat.com
+ * @since Jul 26, 2007
+ * @version $Revision$
+ */
+public class SecurityActions
+{
+ public static ClassLoader getContextClassloader()
+ {
+ return (ClassLoader) AccessController.doPrivileged(new PrivilegedAction()
+ {
+ public Object run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+}
Modified: projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/auth/container/modules/SimpleServerAuthModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/auth/container/modules/SimpleServerAuthModule.java 2007-07-26 15:50:58 UTC (rev 64312)
+++ projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/auth/container/modules/SimpleServerAuthModule.java 2007-07-26 18:22:47 UTC (rev 64313)
@@ -21,30 +21,18 @@
*/
package org.jboss.security.auth.container.modules;
-import java.io.IOException;
-import java.util.ArrayList;
import java.util.Arrays;
-import java.util.Iterator;
-import java.util.List;
import java.util.Map;
-import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
-import javax.security.auth.callback.UnsupportedCallbackException;
-import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.MessageInfo;
-import javax.security.auth.message.MessagePolicy;
import javax.security.auth.message.module.ServerAuthModule;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import org.jboss.security.SimplePrincipal;
-
/**
* A simple implementation of an username/password based
* server auth module. The principal name and password are
@@ -52,95 +40,40 @@
* @author <mailto:Anil.Saldhana at jboss.org>Anil Saldhana
* @since Dec 6, 2005
*/
-public class SimpleServerAuthModule implements ServerAuthModule
-{
- private ArrayList<Class> supportedTypes = new ArrayList<Class>();
- private List principals = new ArrayList();
- private Object credential = null;
+public class SimpleServerAuthModule extends AbstractServerAuthModule
+{
- private MessagePolicy requestPolicy = null;
- private MessagePolicy responsePolicy = null;
- private CallbackHandler handler = null;
- private Map options = null;
-
public SimpleServerAuthModule()
{
- supportedTypes.add(HttpServletRequest.class);
- supportedTypes.add(HttpServletResponse.class);
+ supportedTypes.add(Object.class);
+ supportedTypes.add(Object.class);
}
public SimpleServerAuthModule(Class[] supTypes)
{
super();
this.supportedTypes.addAll(Arrays.asList(supTypes));
- }
-
- /**
- * @see ServerAuthModule#cleanSubject(Subject, Map)
- */
- public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException
- {
- subject.getPrincipals().remove(principals);
- subject.getPublicCredentials().remove(credential);
- }
+ }
/**
- *
- * @see ServerAuthModule#initialize(MessagePolicy, MessagePolicy, CallbackHandler, Map, boolean)
- */
- public void initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy,
- CallbackHandler handler, Map options)
- throws AuthException
- {
- this.requestPolicy = requestPolicy;
- this.responsePolicy = responsePolicy;
- this.handler = handler;
- this.options = options;
- }
-
- /**
* @see ServerAuthModule#secureResponse(AuthParam, Subject, Map)
*/
public AuthStatus secureResponse(MessageInfo param, Subject source) throws AuthException
- {
- //Check if the source contains a Principal set
- if(source.getPrincipals() == null)
- throw new AuthException("Principal Set is null");
- if(source.getPublicCredentials() == null)
- throw new AuthException("Public Credentials is null");
- source.getPrincipals().addAll(this.principals);
- source.getPublicCredentials().add(this.credential);
+ {
return AuthStatus.SUCCESS;
}
-
- /**
- * @see ServerAuthModule#validateRequest(AuthParam, Subject, Subject, Map)
- */
- public AuthStatus validateRequest(MessageInfo param, Subject source, Subject recipient)
- throws AuthException
- {
- /*//Custom check: Check that the source of the response and the recipient
- // of the response have identical credentials
- Set sourceSet = source.getPrincipals(SimplePrincipal.class);
- Set recipientSet = recipient.getPrincipals(SimplePrincipal.class);
- if(sourceSet == null && recipientSet == null)
- throw new AuthException("Principals are null");
- if(sourceSet.size() != recipientSet.size())
- throw new AuthException("Principals size are different");
-
- //Get the public credentials
- Set publicPrincipals = recipient.getPublicCredentials(SimplePrincipal.class);
- Iterator iter = publicPrincipals.iterator();
- while(iter.hasNext())
- principals.add((SimplePrincipal)iter.next()); */
-
- //Construct Callbacks
+
+
+ @Override
+ protected boolean validate() throws AuthException
+ {
+ //Construct Callbacks
NameCallback nc = new NameCallback("Dummy");
PasswordCallback pc = new PasswordCallback("B" , true);
try
{
- handler.handle(new Callback[]{nc,pc});
+ this.callbackHandler.handle(new Callback[]{nc,pc});
String userName = nc.getName();
String pwd = new String(pc.getPassword());
@@ -148,7 +81,7 @@
if(!(userName.equals(options.get("principal"))
&& (pwd.equals(options.get("pass")))))
{
- return AuthStatus.FAILURE;
+ return false;
}
}
@@ -156,16 +89,6 @@
{
throw new AuthException(e.getLocalizedMessage());
}
- return AuthStatus.SUCCESS;
- }
-
- /**
- * @see ServerAuthModule#getSupportedMessageTypes()
- */
- public Class[] getSupportedMessageTypes()
- {
- Class[] clsarr = new Class[this.supportedTypes.size()];
- supportedTypes.toArray(clsarr);
- return clsarr;
+ return true;
}
}
Modified: projects/security/security-jboss-sx/trunk/src/tests/org/jboss/test/authentication/jaspi/TestServerAuthModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/src/tests/org/jboss/test/authentication/jaspi/TestServerAuthModule.java 2007-07-26 15:50:58 UTC (rev 64312)
+++ projects/security/security-jboss-sx/trunk/src/tests/org/jboss/test/authentication/jaspi/TestServerAuthModule.java 2007-07-26 18:22:47 UTC (rev 64313)
@@ -21,7 +21,6 @@
*/
package org.jboss.test.authentication.jaspi;
-import java.util.HashMap;
import java.util.Map;
import javax.security.auth.Subject;
@@ -32,10 +31,9 @@
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.MessageInfo;
import javax.security.auth.message.MessagePolicy;
-import javax.security.auth.message.module.ServerAuthModule;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import org.jboss.security.auth.container.modules.AbstractServerAuthModule;
+
//$Id$
/**
@@ -44,24 +42,16 @@
* @since Jul 25, 2007
* @version $Revision$
*/
-public class TestServerAuthModule implements ServerAuthModule
-{
- private Class[] supportedTypes = new Class[]{HttpServletRequest.class,
- HttpServletResponse.class};
+public class TestServerAuthModule extends AbstractServerAuthModule
+{
private LoginContext loginContext;
- private String loginContextName = null;
- private Map options = new HashMap();
+ private String loginContextName = null;
public TestServerAuthModule(String loginContextName)
{
this.loginContextName = loginContextName;
- }
+ }
- public Class[] getSupportedMessageTypes()
- {
- return supportedTypes;
- }
-
public void initialize(MessagePolicy messagePolicyReq, MessagePolicy messagePolicyResp,
CallbackHandler cbh, Map options) throws AuthException
{
@@ -96,10 +86,10 @@
public AuthStatus secureResponse(MessageInfo mi, Subject clientSubject) throws AuthException
{
return null;
- }
+ }
- public AuthStatus validateRequest(MessageInfo mi, Subject clientSubject, Subject serviceSubject)
- throws AuthException
+ @Override
+ protected boolean validate() throws AuthException
{
try
{
@@ -109,6 +99,6 @@
{
throw new AuthException(e.getLocalizedMessage());
}
- return AuthStatus.SUCCESS;
- }
+ return true;
+ }
}
More information about the jboss-cvs-commits
mailing list