[jboss-cvs] JBossAS SVN: r62954 - in projects/security/security-jboss-sx/trunk/src/main/org/jboss/security: auth/spi and 4 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu May 10 00:12:18 EDT 2007
Author: anil.saldhana at jboss.com
Date: 2007-05-10 00:12:18 -0400 (Thu, 10 May 2007)
New Revision: 62954
Added:
projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/SecurityUtil.java
Removed:
projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/Util.java
projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/jce/
projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/jndi/
projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/propertyeditor/
projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/ssl/
Modified:
projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/auth/spi/DecodeAction.java
projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/auth/spi/UsernamePasswordLoginModule.java
projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/auth/spi/Util.java
projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/authorization/AuthorizationContext.java
projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/config/SecurityConfiguration.java
projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins/JBossAuthorizationManager.java
projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins/JBossSecurityContext.java
projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins/mapping/JBossMappingManager.java
Log:
SECURITY-26: JBAS integration code moved to JBAS trunk
Added: projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/SecurityUtil.java
===================================================================
--- projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/SecurityUtil.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/SecurityUtil.java 2007-05-10 04:12:18 UTC (rev 62954)
@@ -0,0 +1,151 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security;
+
+import java.security.acl.Group;
+import java.util.Iterator;
+import java.util.Set;
+
+import javax.naming.InitialContext;
+import javax.security.auth.Subject;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.config.ApplicationPolicy;
+import org.jboss.security.config.SecurityConfiguration;
+
+//$Id$
+
+/**
+ * Security Utility Class
+ * @author Anil.Saldhana at redhat.com
+ * @since May 9, 2007
+ * @version $Revision$
+ */
+public class SecurityUtil
+{
+ private static Logger log = Logger.getLogger(SecurityUtil.class);
+
+ /**
+ * Strip the security domain of prefix (java:jaas or java:jbsx)
+ * @param securityDomain
+ * @return
+ */
+ public static String unprefixSecurityDomain(String securityDomain)
+ {
+ String result = null;
+ if(securityDomain != null)
+ {
+ if(securityDomain.startsWith(SecurityConstants.JAAS_CONTEXT_ROOT))
+ result = securityDomain.substring(SecurityConstants.JAAS_CONTEXT_ROOT.length() + 1);
+ else
+ if(securityDomain.startsWith(SecurityConstants.JASPI_CONTEXT_ROOT))
+ result = securityDomain.substring(SecurityConstants.JASPI_CONTEXT_ROOT.length() + 1);
+ else
+ result = securityDomain;
+ }
+ return result;
+
+ }
+
+ /**
+ * Get the Subject roles by looking for a Group called 'Roles'
+ * @param theSubject - the Subject to search for roles
+ * @return the Group contain the subject roles if found, null otherwise
+ */
+ public static Group getSubjectRoles(Subject theSubject)
+ {
+ if(theSubject == null)
+ throw new IllegalArgumentException("Subject is null");
+ Set subjectGroups = theSubject.getPrincipals(Group.class);
+ Iterator iter = subjectGroups.iterator();
+ Group roles = null;
+ while( iter.hasNext() )
+ {
+ Group grp = (Group) iter.next();
+ String name = grp.getName();
+ if( name.equals("Roles") )
+ roles = grp;
+ }
+ return roles;
+ }
+
+ /**
+ * Obtain the Application Policy
+ *
+ * @param domainName Security Domain
+ * @return
+ */
+ public static ApplicationPolicy getApplicationPolicy(String domainName)
+ {
+ return SecurityConfiguration.getApplicationPolicy(domainName);
+ }
+
+ public static AuthenticationManager getAuthenticationManager(String securityDomain)
+ {
+ String securityMgrURL = "/securityMgr";
+ String lookupURL = null;
+ if(securityDomain.startsWith(SecurityConstants.JAAS_CONTEXT_ROOT))
+ lookupURL = securityDomain + securityMgrURL;
+ else
+ lookupURL = SecurityConstants.JAAS_CONTEXT_ROOT + "/"
+ + securityDomain + securityMgrURL;
+ AuthenticationManager am = null;
+ try
+ {
+ InitialContext ic = new InitialContext();
+ am = (AuthenticationManager)ic.lookup(lookupURL);
+ }
+ catch(Exception e)
+ {
+ if(log.isTraceEnabled())
+ log.trace("Error in obtaining AuthenticationManager",e);
+ }
+ return am;
+ }
+
+ /**
+ * Do a JNDI lookup to obtain the authorization manager
+ * @param securityDomain
+ * @return
+ */
+ public static AuthorizationManager getAuthorizationManager(String securityDomain)
+ {
+ String authorizationMgrURL = "/authorizationMgr";
+ String lookupURL = null;
+ if(securityDomain.startsWith(SecurityConstants.JAAS_CONTEXT_ROOT))
+ lookupURL = securityDomain + authorizationMgrURL;
+ else
+ lookupURL = SecurityConstants.JAAS_CONTEXT_ROOT + "/" + securityDomain + authorizationMgrURL;
+ AuthorizationManager am = null;
+ try
+ {
+ InitialContext ic = new InitialContext();
+ am = (AuthorizationManager)ic.lookup(lookupURL);
+ }
+ catch(Exception e)
+ {
+ if(log.isTraceEnabled())
+ log.trace("Error in obtaining AuthorizationMgr",e);
+ }
+ return am;
+ }
+}
Deleted: projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/Util.java
===================================================================
--- projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/Util.java 2007-05-10 04:08:50 UTC (rev 62953)
+++ projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/Util.java 2007-05-10 04:12:18 UTC (rev 62954)
@@ -1,708 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security;
-
-import java.io.Serializable;
-import java.io.UnsupportedEncodingException;
-import java.lang.reflect.Constructor;
-import java.lang.reflect.Method;
-import java.math.BigInteger;
-import java.security.GeneralSecurityException;
-import java.security.KeyException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.Provider;
-import java.security.Security;
-import java.security.SecureRandom;
-import java.security.acl.Group;
-import java.util.Iterator;
-import java.util.Random;
-import java.util.Set;
-import javax.naming.InitialContext;
-import javax.security.auth.Subject;
-
-import org.jboss.crypto.JBossSXProvider;
-import org.jboss.crypto.digest.DigestCallback;
-import org.jboss.logging.Logger;
-import org.jboss.security.config.ApplicationPolicy;
-import org.jboss.security.config.SecurityConfiguration;
-
-/** Various security related utilities like MessageDigest
- factories, SecureRandom access, password hashing.
-
- This product includes software developed by Tom Wu and Eugene
- Jhong for the SRP Distribution (http://srp.stanford.edu/srp/).
-
- @author Scott.Stark at jboss.org
- @version $Revision$
- */
-public class Util
-{
- private static Logger log = Logger.getLogger(Util.class);
- private static final int HASH_LEN = 20;
- public static final String BASE64_ENCODING = "BASE64";
- public static final String BASE16_ENCODING = "HEX";
- public static final String RFC2617_ENCODING = "RFC2617";
- /**
- The ASCII printable characters the MD5 digest maps to for RFC2617
- */
- private static char[] MD5_HEX = "0123456789abcdef".toCharArray();
-
- private static SecureRandom psuedoRng;
- private static MessageDigest sha1Digest;
- private static boolean initialized;
-
- public static void init() throws NoSuchAlgorithmException
- {
- if( initialized )
- return;
- init(null);
- }
- public static void init(byte[] prngSeed) throws NoSuchAlgorithmException
- {
- // Get an instance of the SHA-1 digest
- sha1Digest = MessageDigest.getInstance("SHA");
- // Get a cryptographically strong pseudo-random generator
- psuedoRng = SecureRandom.getInstance("SHA1PRNG");
- if( prngSeed != null )
- psuedoRng.setSeed(prngSeed);
- // Install the JBossSX security provider
- Provider provider = new JBossSXProvider();
- Security.addProvider(provider);
- initialized = true;
- }
-
- public static MessageDigest newDigest()
- {
- MessageDigest md = null;
- try
- {
- md = (MessageDigest) sha1Digest.clone();
- }
- catch(CloneNotSupportedException e)
- {
- }
- return md;
- }
- public static MessageDigest copy(MessageDigest md)
- {
- MessageDigest copy = null;
- try
- {
- copy = (MessageDigest) md.clone();
- }
- catch(CloneNotSupportedException e)
- {
- }
- return copy;
- }
-
- public static Random getPRNG()
- {
- return psuedoRng;
- }
- /** Returns the next pseudorandom, uniformly distributed double value
- between 0.0 and 1.0 from this random number generator's sequence.
- */
- public static double nextDouble()
- {
- return psuedoRng.nextDouble();
- }
- /** Returns the next pseudorandom, uniformly distributed long value from
- this random number generator's sequence. The general contract of
- nextLong is that one long value is pseudorandomly generated and
- returned. All 264 possible long values are produced with
- (approximately) equal probability.
- */
- public static long nextLong()
- {
- return psuedoRng.nextLong();
- }
- /** Generates random bytes and places them into a user-supplied byte
- array. The number of random bytes produced is equal to the length
- of the byte array.
- */
- public static void nextBytes(byte[] bytes)
- {
- psuedoRng.nextBytes(bytes);
- }
- /** Returns the given number of seed bytes, computed using the seed
- generation algorithm that this class uses to seed itself. This call
- may be used to seed other random number generators.
- */
- public static byte[] generateSeed(int numBytes)
- {
- return psuedoRng.generateSeed(numBytes);
- }
-
- /** Cacluate the SRP RFC2945 password hash = H(salt | H(username | ':' | password))
- where H = SHA secure hash. The username is converted to a byte[] using the
- UTF-8 encoding.
- */
- public static byte[] calculatePasswordHash(String username, char[] password,
- byte[] salt)
- {
- // Calculate x = H(s | H(U | ':' | password))
- MessageDigest xd = newDigest();
- // Try to convert the username to a byte[] using UTF-8
- byte[] user = null;
- byte[] colon = {};
- try
- {
- user = username.getBytes("UTF-8");
- colon = ":".getBytes("UTF-8");
- }
- catch(UnsupportedEncodingException e)
- {
- log.error("Failed to convert username to byte[] using UTF-8", e);
- // Use the default platform encoding
- user = username.getBytes();
- colon = ":".getBytes();
- }
- byte[] passBytes = new byte[2*password.length];
- int passBytesLength = 0;
- for(int p = 0; p < password.length; p ++)
- {
- int c = (password[p] & 0x00FFFF);
- // The low byte of the char
- byte b0 = (byte) (c & 0x0000FF);
- // The high byte of the char
- byte b1 = (byte) ((c & 0x00FF00) >> 8);
- passBytes[passBytesLength ++] = b0;
- // Only encode the high byte if c is a multi-byte char
- if( c > 255 )
- passBytes[passBytesLength ++] = b1;
- }
-
- // Build the hash
- xd.update(user);
- xd.update(colon);
- xd.update(passBytes, 0, passBytesLength);
- byte[] h = xd.digest();
- xd.reset();
- xd.update(salt);
- xd.update(h);
- byte[] xb = xd.digest();
- return xb;
- }
-
- /** Calculate x = H(s | H(U | ':' | password)) verifier
- v = g^x % N
- described in RFC2945.
- */
- public static byte[] calculateVerifier(String username, char[] password,
- byte[] salt, byte[] Nb, byte[] gb)
- {
- BigInteger g = new BigInteger(1, gb);
- BigInteger N = new BigInteger(1, Nb);
- return calculateVerifier(username, password, salt, N, g);
- }
- /** Calculate x = H(s | H(U | ':' | password)) verifier
- v = g^x % N
- described in RFC2945.
- */
- public static byte[] calculateVerifier(String username, char[] password,
- byte[] salt, BigInteger N, BigInteger g)
- {
- byte[] xb = calculatePasswordHash(username, password, salt);
- BigInteger x = new BigInteger(1, xb);
- BigInteger v = g.modPow(x, N);
- return v.toByteArray();
- }
-
- /** Perform an interleaved even-odd hash on the byte string
- */
- public static byte[] sessionKeyHash(byte[] number)
- {
- int i, offset;
-
- for(offset = 0; offset < number.length && number[offset] == 0; ++offset)
- ;
-
- byte[] key = new byte[2 * HASH_LEN];
- byte[] hout;
-
- int klen = (number.length - offset) / 2;
- byte[] hbuf = new byte[klen];
-
- for(i = 0; i < klen; ++i)
- {
- hbuf[i] = number[number.length - 2 * i - 1];
- }
- hout = newDigest().digest(hbuf);
- for(i = 0; i < HASH_LEN; ++i)
- key[2 * i] = hout[i];
-
- for(i = 0; i < klen; ++i)
- {
- hbuf[i] = number[number.length - 2 * i - 2];
- }
- hout = newDigest().digest(hbuf);
- for(i = 0; i < HASH_LEN; ++i)
- key[2 * i + 1] = hout[i];
-
- return key;
- }
-
- /** Treat the input as the MSB representation of a number,
- and lop off leading zero elements. For efficiency, the
- input is simply returned if no leading zeroes are found.
- */
- public static byte[] trim(byte[] in)
- {
- if(in.length == 0 || in[0] != 0)
- return in;
-
- int len = in.length;
- int i = 1;
- while(in[i] == 0 && i < len)
- ++i;
- byte[] ret = new byte[len - i];
- System.arraycopy(in, i, ret, 0, len - i);
- return ret;
- }
-
- public static byte[] xor(byte[] b1, byte[] b2, int length)
- {
- byte[] result = new byte[length];
- for(int i = 0; i < length; ++i)
- result[i] = (byte) (b1[i] ^ b2[i]);
- return result;
- }
-
- /**
- 3.1.3 Representation of digest values
-
- An optional header allows the server to specify the algorithm used to create
- the checksum or digest. By default the MD5 algorithm is used and that is the
- only algorithm described in this document.
-
- For the purposes of this document, an MD5 digest of 128 bits is represented
- as 32 ASCII printable characters. The bits in the 128 bit digest are
- converted from most significant to least significant bit, four bits at a time
- to their ASCII presentation as follows. Each four bits is represented by its
- familiar hexadecimal notation from the characters 0123456789abcdef. That is,
- binary 0000 getInfos represented by the character '0', 0001, by '1', and so
- on up to the representation of 1111 as 'f'.
-
- @param data - the raw MD5 hash data
- @return the encoded MD5 representation
- */
- public static String encodeRFC2617(byte[] data)
- {
- char[] hash = new char[32];
- for (int i = 0; i < 16; i++)
- {
- int j = (data[i] >> 4) & 0xf;
- hash[i * 2] = MD5_HEX[j];
- j = data[i] & 0xf;
- hash[i * 2 + 1] = MD5_HEX[j];
- }
- return new String(hash);
- }
-
- /**
- * Hex encoding of hashes, as used by Catalina. Each byte is converted to
- * the corresponding two hex characters.
- */
- public static String encodeBase16(byte[] bytes)
- {
- StringBuffer sb = new StringBuffer(bytes.length * 2);
- for (int i = 0; i < bytes.length; i++)
- {
- byte b = bytes[i];
- // top 4 bits
- char c = (char)((b >> 4) & 0xf);
- if(c > 9)
- c = (char)((c - 10) + 'a');
- else
- c = (char)(c + '0');
- sb.append(c);
- // bottom 4 bits
- c = (char)(b & 0xf);
- if (c > 9)
- c = (char)((c - 10) + 'a');
- else
- c = (char)(c + '0');
- sb.append(c);
- }
- return sb.toString();
- }
-
- /**
- * BASE64 encoder implementation.
- * Provides encoding methods, using the BASE64 encoding rules, as defined
- * in the MIME specification, <a href="http://ietf.org/rfc/rfc1521.txt">rfc1521</a>.
- */
- public static String encodeBase64(byte[] bytes)
- {
- String base64 = null;
- try
- {
- base64 = Base64Encoder.encode(bytes);
- }
- catch(Exception e)
- {
- }
- return base64;
- }
-
- /**
- * Calculate a password hash using a MessageDigest.
- *
- * @param hashAlgorithm - the MessageDigest algorithm name
- * @param hashEncoding - either base64 or hex to specify the type of
- encoding the MessageDigest as a string.
- * @param hashCharset - the charset used to create the byte[] passed to the
- * MessageDigestfrom the password String. If null the platform default is
- * used.
- * @param username - ignored in default version
- * @param password - the password string to be hashed
- * @return the hashed string if successful, null if there is a digest exception
- */
- public static String createPasswordHash(String hashAlgorithm, String hashEncoding,
- String hashCharset, String username, String password)
- {
- return createPasswordHash(hashAlgorithm, hashEncoding,
- hashCharset, username, password, null);
- }
- /**
- * Calculate a password hash using a MessageDigest.
- *
- * @param hashAlgorithm - the MessageDigest algorithm name
- * @param hashEncoding - either base64 or hex to specify the type of
- encoding the MessageDigest as a string.
- * @param hashCharset - the charset used to create the byte[] passed to the
- * MessageDigestfrom the password String. If null the platform default is
- * used.
- * @param username - ignored in default version
- * @param password - the password string to be hashed
- * @param callback - the callback used to allow customization of the hash
- * to occur. The preDigest method is called before the password is added
- * and the postDigest method is called after the password has been added.
- * @return the hashed string if successful, null if there is a digest exception
- */
- public static String createPasswordHash(String hashAlgorithm, String hashEncoding,
- String hashCharset, String username, String password, DigestCallback callback)
- {
- byte[] passBytes;
- String passwordHash = null;
-
- // convert password to byte data
- try
- {
- if(hashCharset == null)
- passBytes = password.getBytes();
- else
- passBytes = password.getBytes(hashCharset);
- }
- catch(UnsupportedEncodingException uee)
- {
- log.error("charset " + hashCharset + " not found. Using platform default.", uee);
- passBytes = password.getBytes();
- }
-
- // calculate the hash and apply the encoding.
- try
- {
- MessageDigest md = MessageDigest.getInstance(hashAlgorithm);
- if( callback != null )
- callback.preDigest(md);
- md.update(passBytes);
- if( callback != null )
- callback.postDigest(md);
- byte[] hash = md.digest();
- if(hashEncoding.equalsIgnoreCase(BASE64_ENCODING))
- {
- passwordHash = Util.encodeBase64(hash);
- }
- else if(hashEncoding.equalsIgnoreCase(BASE16_ENCODING))
- {
- passwordHash = Util.encodeBase16(hash);
- }
- else if(hashEncoding.equalsIgnoreCase(RFC2617_ENCODING))
- {
- passwordHash = Util.encodeRFC2617(hash);
- }
- else
- {
- log.error("Unsupported hash encoding format " + hashEncoding);
- }
- }
- catch(Exception e)
- {
- log.error("Password hash calculation failed ", e);
- }
- return passwordHash;
- }
-
- // These functions assume that the byte array has MSB at 0, LSB at end.
- // Reverse the byte array (not the String) if this is not the case.
- // All base64 strings are in natural order, least significant digit last.
- public static String tob64(byte[] buffer)
- {
- return Base64Utils.tob64(buffer);
- }
-
- public static byte[] fromb64(String str) throws NumberFormatException
- {
- return Base64Utils.fromb64(str);
- }
-
- /** From Appendix E of the JCE ref guide, the xaximum key size
- * allowed by the "Strong" jurisdiction policy files allows a maximum Blowfish
- * cipher size of 128 bits.
- * @return true if a Blowfish key can be initialized with 256 bit
- * size, false otherwise.
- */
- public static boolean hasUnlimitedCrypto()
- {
- boolean hasUnlimitedCrypto = false;
- try
- {
- ClassLoader loader = Thread.currentThread().getContextClassLoader();
- Class keyGenClass = loader.loadClass("javax.crypto.KeyGenerator");
- Class[] sig = {String.class};
- Object[] args = {"Blowfish"};
- Method kgenInstance = keyGenClass.getDeclaredMethod("getInstance", sig);
- Object kgen = kgenInstance.invoke(null, args);
-
- Class[] sig2 = {int.class};
- Object[] args2 = {new Integer(256)};
- Method init = keyGenClass.getDeclaredMethod("init", sig2);
- init.invoke(kgen, args2);
- hasUnlimitedCrypto = true;
- }
- catch(Throwable e)
- {
- log.debug("hasUnlimitedCrypto error", e);
- }
- return hasUnlimitedCrypto;
- }
-
- /** Use reflection to create a javax.crypto.spec.SecretKeySpec to avoid
- an explicit reference to SecretKeySpec so that the JCE is not needed
- unless the SRP parameters indicate that encryption is needed.
- @return a javax.cyrpto.SecretKey
- */
- public static Object createSecretKey(String cipherAlgorithm, Object key) throws KeyException
- {
- Class[] signature = {key.getClass(), String.class};
- Object[] args = {key, cipherAlgorithm};
- Object secretKey = null;
- try
- {
- ClassLoader loader = Thread.currentThread().getContextClassLoader();
- Class secretKeySpecClass = loader.loadClass("javax.crypto.spec.SecretKeySpec");
- Constructor ctor = secretKeySpecClass.getDeclaredConstructor(signature);
- secretKey = ctor.newInstance(args);
- }
- catch(Exception e)
- {
- throw new KeyException("Failed to create SecretKeySpec from session key, msg="+e.getMessage());
- }
- catch(Throwable e)
- {
- throw new KeyException("Unexpected exception during SecretKeySpec creation, msg="+e.getMessage());
- }
- return secretKey;
- }
-
- /**
- * @param cipherAlgorithm
- * @return A javax.crypto.Cipher
- * @throws GeneralSecurityException
- */
- public static Object createCipher(String cipherAlgorithm)
- throws GeneralSecurityException
- {
- javax.crypto.Cipher cipher = javax.crypto.Cipher.getInstance(cipherAlgorithm);
- return cipher;
- }
- public static Object createSealedObject(String cipherAlgorithm, Object key, byte[] cipherIV,
- Serializable data)
- throws GeneralSecurityException
- {
- Object sealedObject = null;
- try
- {
- javax.crypto.Cipher cipher = javax.crypto.Cipher.getInstance(cipherAlgorithm);
- javax.crypto.SecretKey skey = (javax.crypto.SecretKey) key;
- if( cipherIV != null )
- {
- javax.crypto.spec.IvParameterSpec iv = new javax.crypto.spec.IvParameterSpec(cipherIV);
- cipher.init(javax.crypto.Cipher.ENCRYPT_MODE, skey, iv);
- }
- else
- {
- cipher.init(javax.crypto.Cipher.ENCRYPT_MODE, skey);
- }
- sealedObject = new javax.crypto.SealedObject(data, cipher);
- }
- catch(GeneralSecurityException e)
- {
- throw e;
- }
- catch(Throwable e)
- {
- throw new GeneralSecurityException("Failed to create SealedObject, msg="+e.getMessage());
- }
- return sealedObject;
- }
-
- public static Object accessSealedObject(String cipherAlgorithm, Object key, byte[] cipherIV,
- Object obj)
- throws GeneralSecurityException
- {
- Object data = null;
- try
- {
- javax.crypto.Cipher cipher = javax.crypto.Cipher.getInstance(cipherAlgorithm);
- javax.crypto.SecretKey skey = (javax.crypto.SecretKey) key;
- if( cipherIV != null )
- {
- javax.crypto.spec.IvParameterSpec iv = new javax.crypto.spec.IvParameterSpec(cipherIV);
- cipher.init(javax.crypto.Cipher.DECRYPT_MODE, skey, iv);
- }
- else
- {
- cipher.init(javax.crypto.Cipher.DECRYPT_MODE, skey);
- }
- javax.crypto.SealedObject sealedObj = (javax.crypto.SealedObject) obj;
- data = sealedObj.getObject(cipher);
- }
- catch(GeneralSecurityException e)
- {
- throw e;
- }
- catch(Throwable e)
- {
- throw new GeneralSecurityException("Failed to access SealedObject, msg="+e.getMessage());
- }
- return data;
- }
-
- /**
- * Strip the security domain of prefix (java:jaas or java:jbsx)
- * @param securityDomain
- * @return
- */
- public static String unprefixSecurityDomain(String securityDomain)
- {
- String result = null;
- if(securityDomain != null)
- {
- if(securityDomain.startsWith(SecurityConstants.JAAS_CONTEXT_ROOT))
- result = securityDomain.substring(SecurityConstants.JAAS_CONTEXT_ROOT.length() + 1);
- else
- if(securityDomain.startsWith(SecurityConstants.JASPI_CONTEXT_ROOT))
- result = securityDomain.substring(SecurityConstants.JASPI_CONTEXT_ROOT.length() + 1);
- else
- result = securityDomain;
- }
- return result;
-
- }
-
- /**
- * Get the Subject roles by looking for a Group called 'Roles'
- * @param theSubject - the Subject to search for roles
- * @return the Group contain the subject roles if found, null otherwise
- */
- public static Group getSubjectRoles(Subject theSubject)
- {
- if(theSubject == null)
- throw new IllegalArgumentException("Subject is null");
- Set subjectGroups = theSubject.getPrincipals(Group.class);
- Iterator iter = subjectGroups.iterator();
- Group roles = null;
- while( iter.hasNext() )
- {
- Group grp = (Group) iter.next();
- String name = grp.getName();
- if( name.equals("Roles") )
- roles = grp;
- }
- return roles;
- }
-
- /**
- * Obtain the Application Policy
- *
- * @param domainName Security Domain
- * @return
- */
- public static ApplicationPolicy getApplicationPolicy(String domainName)
- {
- return SecurityConfiguration.getApplicationPolicy(domainName);
- }
-
- public static AuthenticationManager getAuthenticationManager(String securityDomain)
- {
- String securityMgrURL = "/securityMgr";
- String lookupURL = null;
- if(securityDomain.startsWith(SecurityConstants.JAAS_CONTEXT_ROOT))
- lookupURL = securityDomain + securityMgrURL;
- else
- lookupURL = SecurityConstants.JAAS_CONTEXT_ROOT + "/"
- + securityDomain + securityMgrURL;
- AuthenticationManager am = null;
- try
- {
- InitialContext ic = new InitialContext();
- am = (AuthenticationManager)ic.lookup(lookupURL);
- }
- catch(Exception e)
- {
- if(log.isTraceEnabled())
- log.trace("Error in obtaining AuthenticationManager",e);
- }
- return am;
- }
-
- /**
- * Do a JNDI lookup to obtain the authorization manager
- * @param securityDomain
- * @return
- */
- public static AuthorizationManager getAuthorizationManager(String securityDomain)
- {
- String authorizationMgrURL = "/authorizationMgr";
- String lookupURL = null;
- if(securityDomain.startsWith(SecurityConstants.JAAS_CONTEXT_ROOT))
- lookupURL = securityDomain + authorizationMgrURL;
- else
- lookupURL = SecurityConstants.JAAS_CONTEXT_ROOT + "/" + securityDomain + authorizationMgrURL;
- AuthorizationManager am = null;
- try
- {
- InitialContext ic = new InitialContext();
- am = (AuthorizationManager)ic.lookup(lookupURL);
- }
- catch(Exception e)
- {
- if(log.isTraceEnabled())
- log.trace("Error in obtaining AuthorizationMgr",e);
- }
- return am;
- }
-}
Modified: projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/auth/spi/DecodeAction.java
===================================================================
--- projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/auth/spi/DecodeAction.java 2007-05-10 04:08:50 UTC (rev 62953)
+++ projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/auth/spi/DecodeAction.java 2007-05-10 04:12:18 UTC (rev 62954)
@@ -24,12 +24,10 @@
import java.security.PrivilegedExceptionAction;
import java.security.AccessController;
import java.security.PrivilegedActionException;
-import javax.management.ObjectName;
-import javax.management.MBeanServer;
-import javax.management.MBeanServerInvocationHandler;
-import org.jboss.security.plugins.JaasSecurityDomainMBean;
-import org.jboss.mx.util.MBeanServerLocator;
+import javax.crypto.Cipher;
+import javax.management.ObjectName;
+import org.jboss.security.config.SecurityConfiguration;
/**
* PriviledgedActions used by login modules for decoding passwords
@@ -39,6 +37,10 @@
*/
class DecodeAction implements PrivilegedExceptionAction
{
+ /** The permission required to access decode, decode64 */
+ private static final RuntimePermission decodePermission =
+ new RuntimePermission("org.jboss.security.auth.spi.DecodeAction.decode");
+
String password;
ObjectName serviceName;
@@ -54,18 +56,42 @@
* @throws Exception
*/
public Object run() throws Exception
- {
- MBeanServer server = MBeanServerLocator.locateJBoss();
- JaasSecurityDomainMBean securityDomain = (JaasSecurityDomainMBean)
- MBeanServerInvocationHandler.newProxyInstance(server, serviceName,
- JaasSecurityDomainMBean.class, false);
-
- // Invoke the jaasSecurityDomain.decodeb64 op
- byte[] secret = securityDomain.decode64(password);
+ {
+ // Invoke the decodeb64 op
+ byte[] secret = decode64(password);
// Convert to UTF-8 base char array
String secretPassword = new String(secret, "UTF-8");
return secretPassword.toCharArray();
}
+
+ private byte[] decode64(String secret)
+ throws Exception
+ {
+ byte[] encoding = Util.fromb64(secret);
+ byte[] decode = decode(encoding);
+ return decode;
+ }
+
+ /** Decrypt the secret using the cipherKey.
+ *
+ * @param secret - the encrypted secret to decrypt.
+ * @return the decrypted secret
+ * @throws Exception
+ */
+ private byte[] decode(byte[] secret)
+ throws Exception
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if( sm != null )
+ sm.checkPermission(decodePermission);
+
+ Cipher cipher = Cipher.getInstance(SecurityConfiguration.getCipherAlgorithm());
+ cipher.init(Cipher.DECRYPT_MODE, SecurityConfiguration.getCipherKey(),
+ SecurityConfiguration.getCipherSpec());
+ byte[] decode = cipher.doFinal(secret);
+ return decode;
+ }
+
static char[] decode(String password, ObjectName serviceName)
throws Exception
{
Modified: projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/auth/spi/UsernamePasswordLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/auth/spi/UsernamePasswordLoginModule.java 2007-05-10 04:08:50 UTC (rev 62953)
+++ projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/auth/spi/UsernamePasswordLoginModule.java 2007-05-10 04:12:18 UTC (rev 62954)
@@ -36,8 +36,7 @@
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
-
-import org.jboss.security.Util;
+
import org.jboss.crypto.digest.DigestCallback;
@@ -82,7 +81,7 @@
/** A flag that restores the ability to override the createPasswordHash(String,String) */
private boolean legacyCreatePasswordHash;
/** */
- private Throwable validateError;
+ private Throwable validateError;
/** Override the superclass method to look for the following options after
first invoking the super version.
Modified: projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/auth/spi/Util.java
===================================================================
--- projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/auth/spi/Util.java 2007-05-10 04:08:50 UTC (rev 62953)
+++ projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/auth/spi/Util.java 2007-05-10 04:12:18 UTC (rev 62954)
@@ -28,9 +28,11 @@
import java.util.HashMap;
import java.io.IOException;
import java.io.InputStream;
+import java.io.UnsupportedEncodingException;
import java.net.URL;
import java.net.URLClassLoader;
import java.security.acl.Group;
+import java.security.MessageDigest;
import java.security.Principal;
import java.sql.Connection;
import java.sql.PreparedStatement;
@@ -44,9 +46,12 @@
import javax.sql.DataSource;
import javax.transaction.Transaction;
+import org.jboss.crypto.digest.DigestCallback;
import org.jboss.logging.Logger;
+import org.jboss.security.Base64Encoder;
+import org.jboss.security.Base64Utils;
import org.jboss.security.SimpleGroup;
-import org.jboss.tm.TransactionDemarcationSupport;
+import org.jboss.tm.TransactionDemarcationSupport;
/**
* Common login module utility methods
@@ -56,6 +61,18 @@
*/
public class Util
{
+ private static Logger log = Logger.getLogger(Util.class);
+
+ public static final String BASE64_ENCODING = "BASE64";
+ public static final String BASE16_ENCODING = "HEX";
+ public static final String RFC2617_ENCODING = "RFC2617";
+ /**
+ The ASCII printable characters the MD5 digest maps to for RFC2617
+ */
+ private static char[] MD5_HEX = "0123456789abcdef".toCharArray();
+
+
+
/** Create the set of roles the user belongs to by parsing the roles.properties
data for username=role1,role2,... and username.XXX=role1,role2,...
patterns.
@@ -431,4 +448,183 @@
}
}
}
+
+ /**
+ * Calculate a password hash using a MessageDigest.
+ *
+ * @param hashAlgorithm - the MessageDigest algorithm name
+ * @param hashEncoding - either base64 or hex to specify the type of
+ encoding the MessageDigest as a string.
+ * @param hashCharset - the charset used to create the byte[] passed to the
+ * MessageDigestfrom the password String. If null the platform default is
+ * used.
+ * @param username - ignored in default version
+ * @param password - the password string to be hashed
+ * @return the hashed string if successful, null if there is a digest exception
+ */
+ public static String createPasswordHash(String hashAlgorithm, String hashEncoding,
+ String hashCharset, String username, String password)
+ {
+ return createPasswordHash(hashAlgorithm, hashEncoding,
+ hashCharset, username, password, null);
+ }
+ /**
+ * Calculate a password hash using a MessageDigest.
+ *
+ * @param hashAlgorithm - the MessageDigest algorithm name
+ * @param hashEncoding - either base64 or hex to specify the type of
+ encoding the MessageDigest as a string.
+ * @param hashCharset - the charset used to create the byte[] passed to the
+ * MessageDigestfrom the password String. If null the platform default is
+ * used.
+ * @param username - ignored in default version
+ * @param password - the password string to be hashed
+ * @param callback - the callback used to allow customization of the hash
+ * to occur. The preDigest method is called before the password is added
+ * and the postDigest method is called after the password has been added.
+ * @return the hashed string if successful, null if there is a digest exception
+ */
+ public static String createPasswordHash(String hashAlgorithm, String hashEncoding,
+ String hashCharset, String username, String password, DigestCallback callback)
+ {
+ byte[] passBytes;
+ String passwordHash = null;
+
+ // convert password to byte data
+ try
+ {
+ if(hashCharset == null)
+ passBytes = password.getBytes();
+ else
+ passBytes = password.getBytes(hashCharset);
+ }
+ catch(UnsupportedEncodingException uee)
+ {
+ log.error("charset " + hashCharset + " not found. Using platform default.", uee);
+ passBytes = password.getBytes();
+ }
+
+ // calculate the hash and apply the encoding.
+ try
+ {
+ MessageDigest md = MessageDigest.getInstance(hashAlgorithm);
+ if( callback != null )
+ callback.preDigest(md);
+ md.update(passBytes);
+ if( callback != null )
+ callback.postDigest(md);
+ byte[] hash = md.digest();
+ if(hashEncoding.equalsIgnoreCase(BASE64_ENCODING))
+ {
+ passwordHash = Util.encodeBase64(hash);
+ }
+ else if(hashEncoding.equalsIgnoreCase(BASE16_ENCODING))
+ {
+ passwordHash = Util.encodeBase16(hash);
+ }
+ else if(hashEncoding.equalsIgnoreCase(RFC2617_ENCODING))
+ {
+ passwordHash = Util.encodeRFC2617(hash);
+ }
+ else
+ {
+ log.error("Unsupported hash encoding format " + hashEncoding);
+ }
+ }
+ catch(Exception e)
+ {
+ log.error("Password hash calculation failed ", e);
+ }
+ return passwordHash;
+ }
+
+ /**
+ 3.1.3 Representation of digest values
+
+ An optional header allows the server to specify the algorithm used to create
+ the checksum or digest. By default the MD5 algorithm is used and that is the
+ only algorithm described in this document.
+
+ For the purposes of this document, an MD5 digest of 128 bits is represented
+ as 32 ASCII printable characters. The bits in the 128 bit digest are
+ converted from most significant to least significant bit, four bits at a time
+ to their ASCII presentation as follows. Each four bits is represented by its
+ familiar hexadecimal notation from the characters 0123456789abcdef. That is,
+ binary 0000 getInfos represented by the character '0', 0001, by '1', and so
+ on up to the representation of 1111 as 'f'.
+
+ @param data - the raw MD5 hash data
+ @return the encoded MD5 representation
+ */
+ public static String encodeRFC2617(byte[] data)
+ {
+ char[] hash = new char[32];
+ for (int i = 0; i < 16; i++)
+ {
+ int j = (data[i] >> 4) & 0xf;
+ hash[i * 2] = MD5_HEX[j];
+ j = data[i] & 0xf;
+ hash[i * 2 + 1] = MD5_HEX[j];
+ }
+ return new String(hash);
+ }
+
+ /**
+ * Hex encoding of hashes, as used by Catalina. Each byte is converted to
+ * the corresponding two hex characters.
+ */
+ public static String encodeBase16(byte[] bytes)
+ {
+ StringBuffer sb = new StringBuffer(bytes.length * 2);
+ for (int i = 0; i < bytes.length; i++)
+ {
+ byte b = bytes[i];
+ // top 4 bits
+ char c = (char)((b >> 4) & 0xf);
+ if(c > 9)
+ c = (char)((c - 10) + 'a');
+ else
+ c = (char)(c + '0');
+ sb.append(c);
+ // bottom 4 bits
+ c = (char)(b & 0xf);
+ if (c > 9)
+ c = (char)((c - 10) + 'a');
+ else
+ c = (char)(c + '0');
+ sb.append(c);
+ }
+ return sb.toString();
+ }
+
+ /**
+ * BASE64 encoder implementation.
+ * Provides encoding methods, using the BASE64 encoding rules, as defined
+ * in the MIME specification, <a href="http://ietf.org/rfc/rfc1521.txt">rfc1521</a>.
+ */
+ public static String encodeBase64(byte[] bytes)
+ {
+ String base64 = null;
+ try
+ {
+ base64 = Base64Encoder.encode(bytes);
+ }
+ catch(Exception e)
+ {
+ }
+ return base64;
+ }
+
+ // These functions assume that the byte array has MSB at 0, LSB at end.
+ // Reverse the byte array (not the String) if this is not the case.
+ // All base64 strings are in natural order, least significant digit last.
+ public static String tob64(byte[] buffer)
+ {
+ return Base64Utils.tob64(buffer);
+ }
+
+ public static byte[] fromb64(String str) throws NumberFormatException
+ {
+ return Base64Utils.fromb64(str);
+ }
}
Modified: projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/authorization/AuthorizationContext.java
===================================================================
--- projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/authorization/AuthorizationContext.java 2007-05-10 04:08:50 UTC (rev 62953)
+++ projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/authorization/AuthorizationContext.java 2007-05-10 04:12:18 UTC (rev 62954)
@@ -31,12 +31,12 @@
import javax.security.auth.callback.CallbackHandler;
import org.jboss.logging.Logger;
-import org.jboss.security.SecurityConstants;
-import org.jboss.security.Util;
+import org.jboss.security.SecurityConstants;
import org.jboss.security.authorization.config.AuthorizationModuleEntry;
import org.jboss.security.authorization.config.AuthorizationModuleEntry.ControlFlag;
import org.jboss.security.config.ApplicationPolicy;
import org.jboss.security.config.AuthorizationInfo;
+import org.jboss.security.config.SecurityConfiguration;
//$Id$
@@ -297,7 +297,7 @@
if(this.applicationPolicy != null)
return applicationPolicy.getAuthorizationInfo();
- ApplicationPolicy aPolicy = Util.getApplicationPolicy(domainName);
+ ApplicationPolicy aPolicy = SecurityConfiguration.getApplicationPolicy(domainName);
if(aPolicy == null)
{
@@ -305,10 +305,10 @@
log.trace("Application Policy not obtained for domain="+ domainName +
". Trying to obtain the App policy for the default domain of the layer:");
if(layer == ResourceType.EJB)
- aPolicy = Util.getApplicationPolicy(SecurityConstants.DEFAULT_EJB_APPLICATION_POLICY);
+ aPolicy = SecurityConfiguration.getApplicationPolicy(SecurityConstants.DEFAULT_EJB_APPLICATION_POLICY);
else
if(layer == ResourceType.WEB)
- aPolicy = Util.getApplicationPolicy(SecurityConstants.DEFAULT_WEB_APPLICATION_POLICY);
+ aPolicy = SecurityConfiguration.getApplicationPolicy(SecurityConstants.DEFAULT_WEB_APPLICATION_POLICY);
}
if(aPolicy == null)
throw new IllegalStateException("Application Policy is null for domain:"+ domainName);
Modified: projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/config/SecurityConfiguration.java
===================================================================
--- projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/config/SecurityConfiguration.java 2007-05-10 04:08:50 UTC (rev 62953)
+++ projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/config/SecurityConfiguration.java 2007-05-10 04:12:18 UTC (rev 62954)
@@ -6,11 +6,15 @@
*/
package org.jboss.security.config;
+import java.security.Key;
+import java.security.spec.AlgorithmParameterSpec;
import java.util.HashMap;
/**
* Class that provides the Configuration for authentication,
* authorization, mapping info etc
+ * It also holds the information like JSSE keystores, keytypes and
+ * other crypto configuration
* @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
* @version $Revision$
* @since Aug 28, 2006
@@ -21,6 +25,17 @@
* Map of Application Policies keyed in by name
*/
private static HashMap appPolicies = new HashMap();
+ private static String cipherAlgorithm;
+ private static int iterationCount;
+ private static String salt;
+ private static String keyStoreType;
+ private static String keyStoreURL;
+ private static String keyStorePass;
+ private static String trustStoreType;
+ private static String trustStorePass;
+ private static String trustStoreURL;
+ private static Key cipherKey;
+ private static AlgorithmParameterSpec cipherSpec;
public static void addApplicationPolicy(String policyName, ApplicationPolicy aP)
{
@@ -35,4 +50,148 @@
{
return (ApplicationPolicy)appPolicies.get(policyName);
}
+
+ public static String getCipherAlgorithm()
+ {
+ return cipherAlgorithm;
+ }
+
+ public static void setCipherAlgorithm(String ca)
+ {
+ cipherAlgorithm = ca;
+ }
+
+ public static Key getCipherKey()
+ {
+ return cipherKey;
+ }
+
+ public static void setCipherKey(Key ca)
+ {
+ cipherKey = ca;
+ }
+
+ public static AlgorithmParameterSpec getCipherSpec()
+ {
+ return cipherSpec;
+ }
+
+ public static void setCipherSpec(AlgorithmParameterSpec aps)
+ {
+ cipherSpec = aps;
+ }
+
+ public static int getIterationCount()
+ {
+ return iterationCount;
+ }
+
+ /** Set the iteration count used with PBE based on the keystore password.
+ * @param count - an iteration count randomization value
+ */
+ public static void setIterationCount(int count)
+ {
+ iterationCount = count;
+ }
+
+
+ public static String getSalt()
+ {
+ return salt;
+ }
+ /** Set the salt used with PBE based on the keystore password.
+ * @param salt - an 8 char randomization string
+ */
+ public static void setSalt(String s)
+ {
+ salt = s;
+ }
+
+
+ /** KeyStore implementation type being used.
+ @return the KeyStore implementation type being used.
+ */
+ public static String getKeyStoreType()
+ {
+ return keyStoreType;
+ }
+ /** Set the type of KeyStore implementation to use. This is
+ passed to the KeyStore.getInstance() factory method.
+ */
+ public static void setKeyStoreType(String type)
+ {
+ keyStoreType = type;
+ }
+ /** Get the KeyStore database URL string.
+ */
+ public static String getKeyStoreURL()
+ {
+ return keyStoreURL;
+ }
+ /** Set the KeyStore database URL string. This is used to obtain
+ an InputStream to initialize the KeyStore.
+ */
+ public static void setKeyStoreURL(String storeURL)
+ {
+ keyStoreURL = storeURL;
+ }
+
+ /** Get the credential string for the KeyStore.
+ */
+ public static String getKeyStorePass()
+ {
+ return keyStorePass ;
+ }
+
+ /** Set the credential string for the KeyStore.
+ */
+ public static void setKeyStorePass(String password)
+ {
+ keyStorePass = password;
+ }
+
+ /** Get the type of the trust store
+ * @return the type of the trust store
+ */
+ public static String getTrustStoreType()
+ {
+ return trustStoreType;
+ }
+
+ /** Set the type of the trust store
+ * @param type - the trust store implementation type
+ */
+ public static void setTrustStoreType(String type)
+ {
+ trustStoreType = type;
+ }
+
+ /** Set the credential string for the trust store.
+ */
+ public static String getTrustStorePass()
+ {
+ return trustStorePass;
+ }
+
+ /** Set the credential string for the trust store.
+ */
+ public static void setTrustStorePass(String password)
+ {
+ trustStorePass = password;
+ }
+
+ /** Get the trust store database URL string.
+ */
+ public static String getTrustStoreURL()
+ {
+ return trustStoreURL;
+ }
+
+ /** Set the trust store database URL string. This is used to obtain
+ an InputStream to initialize the trust store.
+ */
+ public static void setTrustStoreURL(String storeURL)
+ {
+ trustStoreURL = storeURL;
+ }
}
Modified: projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins/JBossAuthorizationManager.java
===================================================================
--- projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins/JBossAuthorizationManager.java 2007-05-10 04:08:50 UTC (rev 62953)
+++ projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins/JBossAuthorizationManager.java 2007-05-10 04:12:18 UTC (rev 62954)
@@ -45,8 +45,7 @@
import org.jboss.security.SecurityConstants;
import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityRolesAssociation;
-import org.jboss.security.SimpleGroup;
-import org.jboss.security.Util;
+import org.jboss.security.SimpleGroup;
import org.jboss.security.authorization.AuthorizationContext;
import org.jboss.security.authorization.AuthorizationException;
import org.jboss.security.authorization.PolicyRegistration;
@@ -315,7 +314,7 @@
{
throw new IllegalStateException(e);
}
- Group subjectRoles = Util.getSubjectRoles(subject);
+ Group subjectRoles = getSubjectRoles(subject);
//Deal with the security context
SecurityContext sc = SubjectActions.getSecurityContext();
@@ -391,4 +390,26 @@
{
throw new RuntimeException("Not implemented");
}
+
+ /**
+ * Get the Subject roles by looking for a Group called 'Roles'
+ * @param theSubject - the Subject to search for roles
+ * @return the Group contain the subject roles if found, null otherwise
+ */
+ public Group getSubjectRoles(Subject theSubject)
+ {
+ if(theSubject == null)
+ throw new IllegalArgumentException("Subject is null");
+ Set subjectGroups = theSubject.getPrincipals(Group.class);
+ Iterator iter = subjectGroups.iterator();
+ Group roles = null;
+ while( iter.hasNext() )
+ {
+ Group grp = (Group) iter.next();
+ String name = grp.getName();
+ if( name.equals(ROLES_IDENTIFIER) )
+ roles = grp;
+ }
+ return roles;
+ }
}
Modified: projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins/JBossSecurityContext.java
===================================================================
--- projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins/JBossSecurityContext.java 2007-05-10 04:08:50 UTC (rev 62953)
+++ projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins/JBossSecurityContext.java 2007-05-10 04:12:18 UTC (rev 62954)
@@ -12,6 +12,8 @@
import java.util.HashMap;
import java.util.Map;
+import javax.naming.InitialContext;
+
import org.jboss.logging.Logger;
import org.jboss.security.AuthenticationManager;
import org.jboss.security.AuthorizationManager;
@@ -19,10 +21,10 @@
import org.jboss.security.SecurityConstants;
import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityContextUtil;
-import org.jboss.security.SubjectInfo;
-import org.jboss.security.Util;
+import org.jboss.security.SecurityUtil;
+import org.jboss.security.SubjectInfo;
import org.jboss.security.audit.AuditManager;
-import org.jboss.security.audit.SecurityAuditManager;
+import org.jboss.security.audit.SecurityAuditManager;
import org.jboss.security.mapping.MappingManager;
import org.jboss.security.plugins.mapping.JBossMappingManager;
@@ -58,7 +60,7 @@
*/
public AuthenticationManager getAuthenticationManager()
{
- return Util.getAuthenticationManager(securityDomain);
+ return SecurityUtil.getAuthenticationManager(securityDomain);
}
/**
@@ -66,7 +68,7 @@
*/
public AuthorizationManager getAuthorizationManager()
{
- return Util.getAuthorizationManager(securityDomain);
+ return SecurityUtil.getAuthorizationManager(securityDomain);
}
/**
@@ -170,6 +172,5 @@
if(jsc != null)
jsc.contextData = (Map<String, Object>) ((HashMap)contextData).clone();
return super.clone();
- }
-
+ }
}
Modified: projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins/mapping/JBossMappingManager.java
===================================================================
--- projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins/mapping/JBossMappingManager.java 2007-05-10 04:08:50 UTC (rev 62953)
+++ projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins/mapping/JBossMappingManager.java 2007-05-10 04:12:18 UTC (rev 62954)
@@ -26,10 +26,10 @@
import org.jboss.logging.Logger;
import org.jboss.security.SecurityConstants;
-import org.jboss.security.SecurityContext;
-import org.jboss.security.Util;
+import org.jboss.security.SecurityContext;
import org.jboss.security.config.ApplicationPolicy;
import org.jboss.security.config.MappingInfo;
+import org.jboss.security.config.SecurityConfiguration;
import org.jboss.security.mapping.MappingContext;
import org.jboss.security.mapping.MappingManager;
import org.jboss.security.mapping.MappingProvider;
@@ -62,7 +62,7 @@
public MappingContext getMappingContext(Class mappingType)
{
//Apply Mapping Logic
- ApplicationPolicy aPolicy = Util.getApplicationPolicy(securityDomain);
+ ApplicationPolicy aPolicy = SecurityConfiguration.getApplicationPolicy(securityDomain);
if(aPolicy == null)
{
@@ -70,7 +70,7 @@
if(trace)
log.trace("Application Policy not found for domain=" + securityDomain +
".Mapping framework will use the default domain:" + defaultDomain);
- aPolicy = Util.getApplicationPolicy(defaultDomain);
+ aPolicy = SecurityConfiguration.getApplicationPolicy(defaultDomain);
}
if(aPolicy == null )
throw new IllegalStateException("Application Policy is null for the security domain:"
More information about the jboss-cvs-commits
mailing list