[jboss-cvs] JBossAS SVN: r76800 - in projects/security/security-negotiation/trunk: jboss-negotiation/src/main/java/org/jboss/security/negotiation and 14 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Aug 7 18:43:20 EDT 2008
Author: darran.lofthouse at jboss.com
Date: 2008-08-07 18:43:20 -0400 (Thu, 07 Aug 2008)
New Revision: 76800
Added:
projects/security/security-negotiation/trunk/jboss-negotiation-common/src/main/java/org/jboss/security/negotiation/common/
projects/security/security-negotiation/trunk/jboss-negotiation-common/src/main/java/org/jboss/security/negotiation/common/DebugHelper.java
projects/security/security-negotiation/trunk/jboss-negotiation-common/src/main/java/org/jboss/security/negotiation/common/MessageTrace.java
projects/security/security-negotiation/trunk/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/
projects/security/security-negotiation/trunk/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java
projects/security/security-negotiation/trunk/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/encoding/
projects/security/security-negotiation/trunk/jboss-negotiation-spnego/src/tests/java/org/jboss/security/negotiation/spnego/
projects/security/security-negotiation/trunk/jboss-negotiation-spnego/src/tests/java/org/jboss/security/negotiation/spnego/encoding/
projects/security/security-negotiation/trunk/jboss-negotiation-spnego/src/tests/java/org/jboss/security/negotiation/spnego/encoding/encoding/
Removed:
projects/security/security-negotiation/trunk/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/encoding/DebugHelper.java
projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/MessageTrace.java
projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/Negotiation.java
projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java
projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/spnego/encoding/
projects/security/security-negotiation/trunk/jboss-negotiation/src/tests/java/org/jboss/security/negotiation/spnego/encoding/
Modified:
projects/security/security-negotiation/trunk/jboss-negotiation-common/pom.xml
projects/security/security-negotiation/trunk/jboss-negotiation-spnego/pom.xml
projects/security/security-negotiation/trunk/jboss-negotiation-toolkit/pom.xml
projects/security/security-negotiation/trunk/parent/pom.xml
projects/security/security-negotiation/trunk/pom.xml
Log:
[SECURITY-271] Project refactoring.
Deleted: projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/MessageTrace.java
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/MessageTrace.java 2008-08-07 21:12:57 UTC (rev 76799)
+++ projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/MessageTrace.java 2008-08-07 22:43:20 UTC (rev 76800)
@@ -1,73 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- *
- * Copyright 2007, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.negotiation;
-
-import org.apache.log4j.Logger;
-import org.jboss.security.negotiation.spnego.encoding.DebugHelper;
-
-/**
- * Handle message tracing hierarchy.
- *
- * @author darran.lofthouse at jboss.com
- * @version $Revision$
- */
-public class MessageTrace
-{
-
- private static final String BASE_CLASS = MessageTrace.class.getName();
-
- private static final Logger REQUEST_BASE64 = Logger.getLogger(BASE_CLASS + ".Request.Base64");
-
- private static final Logger REQUEST_HEX = Logger.getLogger(BASE_CLASS + ".Request.Hex");
-
- private static final Logger RESPONSE_BASE64 = Logger.getLogger(BASE_CLASS + ".Response.Base64");
-
- private static final Logger RESPONSE_HEX = Logger.getLogger(BASE_CLASS + ".Response.Hex");
-
- public static void logRequestBase64(final String request)
- {
- REQUEST_BASE64.trace(request);
- }
-
- public static void logRequestHex(final byte[] request)
- {
- if (REQUEST_HEX.isTraceEnabled())
- {
- REQUEST_HEX.trace(DebugHelper.convertToHex(request));
- }
- }
-
- public static void logResponseBase64(final String response)
- {
- RESPONSE_BASE64.trace(response);
- }
-
- public static void logResponseHex(final byte[] response)
- {
- if (RESPONSE_HEX.isTraceEnabled())
- {
- RESPONSE_HEX.trace(DebugHelper.convertToHex(response));
- }
- }
-
-}
Deleted: projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/Negotiation.java
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/Negotiation.java 2008-08-07 21:12:57 UTC (rev 76799)
+++ projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/Negotiation.java 2008-08-07 22:43:20 UTC (rev 76800)
@@ -1,6 +0,0 @@
-package org.jboss.security.negotiation;
-
-public class Negotiation
-{
-
-}
Deleted: projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java 2008-08-07 21:12:57 UTC (rev 76799)
+++ projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java 2008-08-07 22:43:20 UTC (rev 76800)
@@ -1,335 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- *
- * Copyright 2007, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.negotiation.spnego;
-
-import java.security.Principal;
-import java.security.PrivilegedAction;
-import java.security.acl.Group;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.kerberos.KerberosPrincipal;
-import javax.security.auth.login.LoginContext;
-import javax.security.auth.login.LoginException;
-
-import org.jboss.util.Base64;
-import org.ietf.jgss.GSSContext;
-import org.ietf.jgss.GSSCredential;
-import org.ietf.jgss.GSSException;
-import org.ietf.jgss.GSSManager;
-import org.ietf.jgss.Oid;
-import org.jboss.security.SimpleGroup;
-import org.jboss.security.auth.spi.AbstractServerLoginModule;
-import org.jboss.security.negotiation.MessageTrace;
-import org.jboss.security.negotiation.spnego.encoding.NegTokenInit;
-import org.jboss.security.negotiation.spnego.encoding.NegTokenInitDecoder;
-import org.jboss.security.negotiation.spnego.encoding.NegTokenTarg;
-import org.jboss.security.negotiation.spnego.encoding.NegTokenTargDecoder;
-import org.jboss.security.negotiation.spnego.encoding.NegTokenTargEncoder;
-
-/**
- * Login module to work in conjunction with SPNEGOAuthenticator to handle the
- * authentication requirements.
- *
- * @author darran.lofthouse at jboss.com
- * @version $Revision$
- */
-public class SPNEGOLoginModule extends AbstractServerLoginModule
-{
-
- private static final Oid kerberos;
-
- // TODO - Pick a name for a default domain?
- private String serverSecurityDomain;
-
- private LoginContext serverLoginContext = null;
-
- private Principal identity = null;
-
- static
- {
- try
- {
- kerberos = new Oid("1.2.840.113554.1.2.2");
- }
- catch (GSSException e)
- {
- throw new RuntimeException("Unable to initialise Oid", e);
- }
- }
-
- @Override
- public void initialize(final Subject subject, final CallbackHandler callbackHandler, final Map sharedState,
- final Map options)
- {
- super.initialize(subject, callbackHandler, sharedState, options);
- // Which security domain to authenticate the server.
- serverSecurityDomain = (String) options.get("serverSecurityDomain");
- log.debug("serverSecurityDomain=" + serverSecurityDomain);
- }
-
- @Override
- public boolean login() throws LoginException
- {
- if (super.login() == true)
- {
- // TODO - Does this login module need to do anything with the identity?
- // Especially as this module does not do any role mapping.
- log.debug("super.login()==true");
- return true;
- }
-
- super.loginOk = false;
-
- SPNEGOContext spnegoContext = SPNEGOContext.getCurrentSPNEGOContext();
-
- try
- {
- Subject server = getServerSubject();
- AcceptSecContext action = new AcceptSecContext(spnegoContext);
- Object result = Subject.doAs(server, action);
-
- log.trace("Result - " + result);
-
- if (result instanceof Boolean)
- {
- if (Boolean.TRUE.equals(result))
- {
- super.loginOk = true;
- if (getUseFirstPass() == true)
- {
- String userName = identity.getName();
- log.debug("Storing username '" + userName + "' and empty password");
- // Add the username and a null password to the shared state map
- sharedState.put("javax.security.auth.login.name", identity);
- sharedState.put("javax.security.auth.login.password", "");
- }
- }
- }
- else if (result instanceof Exception)
- {
- Exception e = (Exception) result;
- log.error("Unable to authenticate", e);
- throw new LoginException("Unable to authenticate - " + e.getMessage());
- }
-
- }
- finally
- {
- if (serverLoginContext != null)
- {
- // TODO - We may not actually want to logout as if we use cache this may clear it,
- serverLoginContext.logout();
- }
- }
-
- log.trace("super.loginOk " + super.loginOk);
- if (super.loginOk == true)
- {
- return true;
- }
- else
- {
- throw new LoginException("Continuation Required.");
-
- }
-
- }
-
- @Override
- protected Principal getIdentity()
- {
- return identity;
- }
-
- @Override
- protected Group[] getRoleSets() throws LoginException
- {
-
- Group roles = new SimpleGroup("Roles");
- Group callerPrincipal = new SimpleGroup("CallerPrincipal");
- Group[] groups =
- {roles, callerPrincipal};
- callerPrincipal.addMember(identity);
- return groups;
- }
-
- protected Subject getServerSubject() throws LoginException
- {
- LoginContext lc = new LoginContext(serverSecurityDomain);
- lc.login();
- // Cache so we can log out.
- serverLoginContext = lc;
-
- Subject serverSubject = serverLoginContext.getSubject();
- log.debug("Subject = " + serverSubject);
- log.debug("Logged in '" + serverSecurityDomain + "' LoginContext");
-
- return serverSubject;
- }
-
- private class AcceptSecContext implements PrivilegedAction
- {
-
- private final SPNEGOContext spnegoContext;
-
- public AcceptSecContext(final SPNEGOContext spnegoContext)
- {
- this.spnegoContext = spnegoContext;
- }
-
- public Object run()
- {
- try
- {
- String requestHeader = spnegoContext.getRequestHeader();
- byte[] reqToken = Base64.decode(requestHeader);
-
- MessageTrace.logRequestBase64(spnegoContext.getRequestHeader());
- MessageTrace.logRequestHex(reqToken);
- byte[] gssToken = null;
-
- // TODO - If Section from MY Code!!
- if (reqToken[0] == 0x60)
- {
- NegTokenInit negTokenInit = NegTokenInitDecoder.decode(reqToken);
- List<Oid> mechList = negTokenInit.getMechTypes();
-
- if (mechList.get(0).equals(kerberos))
- {
- gssToken = negTokenInit.getMechToken();
- }
- else
- {
- boolean kerberosSupported = false;
-
- Iterator<Oid> it = mechList.iterator();
- while (it.hasNext() && kerberosSupported == false)
- {
- kerberosSupported = it.next().equals(kerberos);
- }
-
- NegTokenTarg negTokenTarg = new NegTokenTarg();
-
- if (kerberosSupported)
- {
- negTokenTarg.setNegResult(NegTokenTarg.ACCEPT_INCOMPLETE);
- negTokenTarg.setSupportedMech(kerberos);
- }
- else
- {
- negTokenTarg.setNegResult(NegTokenTarg.REJECTED);
- }
-
- byte[] respSpnego = NegTokenTargEncoder.encode(negTokenTarg);
- String respEncoded = Base64.encodeBytes(respSpnego);
-
- MessageTrace.logResponseBase64(respEncoded);
- MessageTrace.logResponseHex(respSpnego);
-
- spnegoContext.setResponseHeader(respEncoded);
-
- return Boolean.FALSE;
- }
-
- }
- else if (reqToken[0] == (byte) 0xa1)
- {
- NegTokenTarg negTokenTarg = NegTokenTargDecoder.decode(reqToken);
-
- gssToken = negTokenTarg.getResponseToken();
- }
- else
- {
- // TODO - Detect NTLM to specific error can be reported.
- throw new LoginException("Unsupported negotiation mechanism.");
- }
-
- GSSContext gssContext = spnegoContext.getGssContext();
- if (gssContext == null)
- {
- log.debug("Creating new GSSContext.");
- GSSManager manager = GSSManager.getInstance();
- gssContext = manager.createContext((GSSCredential) null);
-
- spnegoContext.setGssContext(gssContext);
- }
-
- if (gssContext.isEstablished())
- {
- log.warn("Authentication was performed despite already being authenticated!");
- identity = new KerberosPrincipal(gssContext.getSrcName().toString());
-
- log.debug("context.getCredDelegState() = " + gssContext.getCredDelegState());
- log.debug("context.getMutualAuthState() = " + gssContext.getMutualAuthState());
- log.debug("context.getSrcName() = " + gssContext.getSrcName().toString());
-
- spnegoContext.setAuthenticated(true);
-
- return Boolean.TRUE;
- }
-
- byte[] respToken = gssContext.acceptSecContext(gssToken, 0, gssToken.length);
-
- if (respToken != null)
- {
- NegTokenTarg negTokenTarg = new NegTokenTarg();
- negTokenTarg.setResponseToken(respToken);
-
- byte[] respSpnego = NegTokenTargEncoder.encode(negTokenTarg);
- String respEncoded = Base64.encodeBytes(respSpnego);
-
- MessageTrace.logResponseBase64(respEncoded);
- MessageTrace.logResponseHex(respSpnego);
-
- spnegoContext.setResponseHeader(respEncoded);
- }
-
- if (gssContext.isEstablished() == false)
- {
- return Boolean.FALSE;
- }
- else
- {
- identity = new KerberosPrincipal(gssContext.getSrcName().toString());
-
- log.debug("context.getCredDelegState() = " + gssContext.getCredDelegState());
- log.debug("context.getMutualAuthState() = " + gssContext.getMutualAuthState());
- log.debug("context.getSrcName() = " + gssContext.getSrcName().toString());
-
- spnegoContext.setAuthenticated(true);
- return Boolean.TRUE;
- }
-
- }
- catch (Exception e)
- {
- return e;
- }
-
- }
- }
-}
Modified: projects/security/security-negotiation/trunk/jboss-negotiation-common/pom.xml
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation-common/pom.xml 2008-08-07 21:12:57 UTC (rev 76799)
+++ projects/security/security-negotiation/trunk/jboss-negotiation-common/pom.xml 2008-08-07 22:43:20 UTC (rev 76800)
@@ -33,7 +33,14 @@
<!-- Local Dependencies -->
<!-- Global dependencies -->
-
+ <dependency>
+ <groupId>apache-codec</groupId>
+ <artifactId>commons-codec</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>apache-log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </dependency>
</dependencies>
</project>
Copied: projects/security/security-negotiation/trunk/jboss-negotiation-common/src/main/java/org/jboss/security/negotiation/common/DebugHelper.java (from rev 75396, projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/spnego/encoding/DebugHelper.java)
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation-common/src/main/java/org/jboss/security/negotiation/common/DebugHelper.java (rev 0)
+++ projects/security/security-negotiation/trunk/jboss-negotiation-common/src/main/java/org/jboss/security/negotiation/common/DebugHelper.java 2008-08-07 22:43:20 UTC (rev 76800)
@@ -0,0 +1,47 @@
+/*
+ * Copyright © 2008 Red Hat Middleware, LLC. or third-party contributors as indicated
+ * by the @author tags or express copyright attribution statements applied by the
+ * authors. All third-party contributions are distributed under license by Red Hat
+ * Middleware LLC.
+ *
+ * This copyrighted material is made available to anyone wishing to use, modify, copy,
+ * or redistribute it subject to the terms and conditions of the GNU Lesser General
+ * Public License, v. 2.1. This program is distributed in the hope that it will be
+ * useful, but WITHOUT A WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for
+ * more details. You should have received a copy of the GNU Lesser General Public License,
+ * v.2.1 along with this distribution; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+
+package org.jboss.security.negotiation.spnego.encoding;
+
+import org.apache.commons.codec.binary.Hex;
+
+/**
+ * Utility class to assist debugging.
+ *
+ * @author <a href="darranlofthouse at hotmail.com">Darran Lofthouse</a>
+ */
+public class DebugHelper
+{
+
+ public static String convertToHex(final byte[] message)
+ {
+ StringBuffer sb = new StringBuffer(message.length * 5);
+
+ char[] hex = Hex.encodeHex(message);
+
+ for (int i = 0; i < hex.length; i++)
+ {
+ if (i % 2 == 0)
+ {
+ sb.append(" 0x");
+ }
+
+ sb.append(hex[i]);
+ }
+
+ return sb.toString();
+ }
+}
Copied: projects/security/security-negotiation/trunk/jboss-negotiation-common/src/main/java/org/jboss/security/negotiation/common/MessageTrace.java (from rev 76307, projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/MessageTrace.java)
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation-common/src/main/java/org/jboss/security/negotiation/common/MessageTrace.java (rev 0)
+++ projects/security/security-negotiation/trunk/jboss-negotiation-common/src/main/java/org/jboss/security/negotiation/common/MessageTrace.java 2008-08-07 22:43:20 UTC (rev 76800)
@@ -0,0 +1,73 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ *
+ * Copyright 2007, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.negotiation;
+
+import org.apache.log4j.Logger;
+import org.jboss.security.negotiation.spnego.encoding.DebugHelper;
+
+/**
+ * Handle message tracing hierarchy.
+ *
+ * @author darran.lofthouse at jboss.com
+ * @version $Revision$
+ */
+public class MessageTrace
+{
+
+ private static final String BASE_CLASS = MessageTrace.class.getName();
+
+ private static final Logger REQUEST_BASE64 = Logger.getLogger(BASE_CLASS + ".Request.Base64");
+
+ private static final Logger REQUEST_HEX = Logger.getLogger(BASE_CLASS + ".Request.Hex");
+
+ private static final Logger RESPONSE_BASE64 = Logger.getLogger(BASE_CLASS + ".Response.Base64");
+
+ private static final Logger RESPONSE_HEX = Logger.getLogger(BASE_CLASS + ".Response.Hex");
+
+ public static void logRequestBase64(final String request)
+ {
+ REQUEST_BASE64.trace(request);
+ }
+
+ public static void logRequestHex(final byte[] request)
+ {
+ if (REQUEST_HEX.isTraceEnabled())
+ {
+ REQUEST_HEX.trace(DebugHelper.convertToHex(request));
+ }
+ }
+
+ public static void logResponseBase64(final String response)
+ {
+ RESPONSE_BASE64.trace(response);
+ }
+
+ public static void logResponseHex(final byte[] response)
+ {
+ if (RESPONSE_HEX.isTraceEnabled())
+ {
+ RESPONSE_HEX.trace(DebugHelper.convertToHex(response));
+ }
+ }
+
+}
Modified: projects/security/security-negotiation/trunk/jboss-negotiation-spnego/pom.xml
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation-spnego/pom.xml 2008-08-07 21:12:57 UTC (rev 76799)
+++ projects/security/security-negotiation/trunk/jboss-negotiation-spnego/pom.xml 2008-08-07 22:43:20 UTC (rev 76800)
@@ -31,9 +31,24 @@
<!-- Do not add version information here, use ../parent/pom.xml instead -->
<dependencies>
<!-- Local Dependencies -->
-
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jboss-negotiation</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jboss-negotiation-common</artifactId>
+ </dependency>
+
<!-- Global dependencies -->
-
+ <dependency>
+ <groupId>jboss</groupId>
+ <artifactId>jboss-common</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>jboss</groupId>
+ <artifactId>jbosssx</artifactId>
+ </dependency>
</dependencies>
</project>
Copied: projects/security/security-negotiation/trunk/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java (from rev 75396, projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java)
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java (rev 0)
+++ projects/security/security-negotiation/trunk/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java 2008-08-07 22:43:20 UTC (rev 76800)
@@ -0,0 +1,335 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ *
+ * Copyright 2007, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.negotiation.spnego;
+
+import java.security.Principal;
+import java.security.PrivilegedAction;
+import java.security.acl.Group;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.kerberos.KerberosPrincipal;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+
+import org.jboss.util.Base64;
+import org.ietf.jgss.GSSContext;
+import org.ietf.jgss.GSSCredential;
+import org.ietf.jgss.GSSException;
+import org.ietf.jgss.GSSManager;
+import org.ietf.jgss.Oid;
+import org.jboss.security.SimpleGroup;
+import org.jboss.security.auth.spi.AbstractServerLoginModule;
+import org.jboss.security.negotiation.MessageTrace;
+import org.jboss.security.negotiation.spnego.encoding.NegTokenInit;
+import org.jboss.security.negotiation.spnego.encoding.NegTokenInitDecoder;
+import org.jboss.security.negotiation.spnego.encoding.NegTokenTarg;
+import org.jboss.security.negotiation.spnego.encoding.NegTokenTargDecoder;
+import org.jboss.security.negotiation.spnego.encoding.NegTokenTargEncoder;
+
+/**
+ * Login module to work in conjunction with SPNEGOAuthenticator to handle the
+ * authentication requirements.
+ *
+ * @author darran.lofthouse at jboss.com
+ * @version $Revision$
+ */
+public class SPNEGOLoginModule extends AbstractServerLoginModule
+{
+
+ private static final Oid kerberos;
+
+ // TODO - Pick a name for a default domain?
+ private String serverSecurityDomain;
+
+ private LoginContext serverLoginContext = null;
+
+ private Principal identity = null;
+
+ static
+ {
+ try
+ {
+ kerberos = new Oid("1.2.840.113554.1.2.2");
+ }
+ catch (GSSException e)
+ {
+ throw new RuntimeException("Unable to initialise Oid", e);
+ }
+ }
+
+ @Override
+ public void initialize(final Subject subject, final CallbackHandler callbackHandler, final Map sharedState,
+ final Map options)
+ {
+ super.initialize(subject, callbackHandler, sharedState, options);
+ // Which security domain to authenticate the server.
+ serverSecurityDomain = (String) options.get("serverSecurityDomain");
+ log.debug("serverSecurityDomain=" + serverSecurityDomain);
+ }
+
+ @Override
+ public boolean login() throws LoginException
+ {
+ if (super.login() == true)
+ {
+ // TODO - Does this login module need to do anything with the identity?
+ // Especially as this module does not do any role mapping.
+ log.debug("super.login()==true");
+ return true;
+ }
+
+ super.loginOk = false;
+
+ SPNEGOContext spnegoContext = SPNEGOContext.getCurrentSPNEGOContext();
+
+ try
+ {
+ Subject server = getServerSubject();
+ AcceptSecContext action = new AcceptSecContext(spnegoContext);
+ Object result = Subject.doAs(server, action);
+
+ log.trace("Result - " + result);
+
+ if (result instanceof Boolean)
+ {
+ if (Boolean.TRUE.equals(result))
+ {
+ super.loginOk = true;
+ if (getUseFirstPass() == true)
+ {
+ String userName = identity.getName();
+ log.debug("Storing username '" + userName + "' and empty password");
+ // Add the username and a null password to the shared state map
+ sharedState.put("javax.security.auth.login.name", identity);
+ sharedState.put("javax.security.auth.login.password", "");
+ }
+ }
+ }
+ else if (result instanceof Exception)
+ {
+ Exception e = (Exception) result;
+ log.error("Unable to authenticate", e);
+ throw new LoginException("Unable to authenticate - " + e.getMessage());
+ }
+
+ }
+ finally
+ {
+ if (serverLoginContext != null)
+ {
+ // TODO - We may not actually want to logout as if we use cache this may clear it,
+ serverLoginContext.logout();
+ }
+ }
+
+ log.trace("super.loginOk " + super.loginOk);
+ if (super.loginOk == true)
+ {
+ return true;
+ }
+ else
+ {
+ throw new LoginException("Continuation Required.");
+
+ }
+
+ }
+
+ @Override
+ protected Principal getIdentity()
+ {
+ return identity;
+ }
+
+ @Override
+ protected Group[] getRoleSets() throws LoginException
+ {
+
+ Group roles = new SimpleGroup("Roles");
+ Group callerPrincipal = new SimpleGroup("CallerPrincipal");
+ Group[] groups =
+ {roles, callerPrincipal};
+ callerPrincipal.addMember(identity);
+ return groups;
+ }
+
+ protected Subject getServerSubject() throws LoginException
+ {
+ LoginContext lc = new LoginContext(serverSecurityDomain);
+ lc.login();
+ // Cache so we can log out.
+ serverLoginContext = lc;
+
+ Subject serverSubject = serverLoginContext.getSubject();
+ log.debug("Subject = " + serverSubject);
+ log.debug("Logged in '" + serverSecurityDomain + "' LoginContext");
+
+ return serverSubject;
+ }
+
+ private class AcceptSecContext implements PrivilegedAction
+ {
+
+ private final SPNEGOContext spnegoContext;
+
+ public AcceptSecContext(final SPNEGOContext spnegoContext)
+ {
+ this.spnegoContext = spnegoContext;
+ }
+
+ public Object run()
+ {
+ try
+ {
+ String requestHeader = spnegoContext.getRequestHeader();
+ byte[] reqToken = Base64.decode(requestHeader);
+
+ MessageTrace.logRequestBase64(spnegoContext.getRequestHeader());
+ MessageTrace.logRequestHex(reqToken);
+ byte[] gssToken = null;
+
+ // TODO - If Section from MY Code!!
+ if (reqToken[0] == 0x60)
+ {
+ NegTokenInit negTokenInit = NegTokenInitDecoder.decode(reqToken);
+ List<Oid> mechList = negTokenInit.getMechTypes();
+
+ if (mechList.get(0).equals(kerberos))
+ {
+ gssToken = negTokenInit.getMechToken();
+ }
+ else
+ {
+ boolean kerberosSupported = false;
+
+ Iterator<Oid> it = mechList.iterator();
+ while (it.hasNext() && kerberosSupported == false)
+ {
+ kerberosSupported = it.next().equals(kerberos);
+ }
+
+ NegTokenTarg negTokenTarg = new NegTokenTarg();
+
+ if (kerberosSupported)
+ {
+ negTokenTarg.setNegResult(NegTokenTarg.ACCEPT_INCOMPLETE);
+ negTokenTarg.setSupportedMech(kerberos);
+ }
+ else
+ {
+ negTokenTarg.setNegResult(NegTokenTarg.REJECTED);
+ }
+
+ byte[] respSpnego = NegTokenTargEncoder.encode(negTokenTarg);
+ String respEncoded = Base64.encodeBytes(respSpnego);
+
+ MessageTrace.logResponseBase64(respEncoded);
+ MessageTrace.logResponseHex(respSpnego);
+
+ spnegoContext.setResponseHeader(respEncoded);
+
+ return Boolean.FALSE;
+ }
+
+ }
+ else if (reqToken[0] == (byte) 0xa1)
+ {
+ NegTokenTarg negTokenTarg = NegTokenTargDecoder.decode(reqToken);
+
+ gssToken = negTokenTarg.getResponseToken();
+ }
+ else
+ {
+ // TODO - Detect NTLM to specific error can be reported.
+ throw new LoginException("Unsupported negotiation mechanism.");
+ }
+
+ GSSContext gssContext = spnegoContext.getGssContext();
+ if (gssContext == null)
+ {
+ log.debug("Creating new GSSContext.");
+ GSSManager manager = GSSManager.getInstance();
+ gssContext = manager.createContext((GSSCredential) null);
+
+ spnegoContext.setGssContext(gssContext);
+ }
+
+ if (gssContext.isEstablished())
+ {
+ log.warn("Authentication was performed despite already being authenticated!");
+ identity = new KerberosPrincipal(gssContext.getSrcName().toString());
+
+ log.debug("context.getCredDelegState() = " + gssContext.getCredDelegState());
+ log.debug("context.getMutualAuthState() = " + gssContext.getMutualAuthState());
+ log.debug("context.getSrcName() = " + gssContext.getSrcName().toString());
+
+ spnegoContext.setAuthenticated(true);
+
+ return Boolean.TRUE;
+ }
+
+ byte[] respToken = gssContext.acceptSecContext(gssToken, 0, gssToken.length);
+
+ if (respToken != null)
+ {
+ NegTokenTarg negTokenTarg = new NegTokenTarg();
+ negTokenTarg.setResponseToken(respToken);
+
+ byte[] respSpnego = NegTokenTargEncoder.encode(negTokenTarg);
+ String respEncoded = Base64.encodeBytes(respSpnego);
+
+ MessageTrace.logResponseBase64(respEncoded);
+ MessageTrace.logResponseHex(respSpnego);
+
+ spnegoContext.setResponseHeader(respEncoded);
+ }
+
+ if (gssContext.isEstablished() == false)
+ {
+ return Boolean.FALSE;
+ }
+ else
+ {
+ identity = new KerberosPrincipal(gssContext.getSrcName().toString());
+
+ log.debug("context.getCredDelegState() = " + gssContext.getCredDelegState());
+ log.debug("context.getMutualAuthState() = " + gssContext.getMutualAuthState());
+ log.debug("context.getSrcName() = " + gssContext.getSrcName().toString());
+
+ spnegoContext.setAuthenticated(true);
+ return Boolean.TRUE;
+ }
+
+ }
+ catch (Exception e)
+ {
+ return e;
+ }
+
+ }
+ }
+}
Copied: projects/security/security-negotiation/trunk/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/encoding (from rev 75396, projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/spnego/encoding)
Deleted: projects/security/security-negotiation/trunk/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/encoding/DebugHelper.java
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/spnego/encoding/DebugHelper.java 2008-07-04 16:14:24 UTC (rev 75396)
+++ projects/security/security-negotiation/trunk/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/encoding/DebugHelper.java 2008-08-07 22:43:20 UTC (rev 76800)
@@ -1,47 +0,0 @@
-/*
- * Copyright © 2008 Red Hat Middleware, LLC. or third-party contributors as indicated
- * by the @author tags or express copyright attribution statements applied by the
- * authors. All third-party contributions are distributed under license by Red Hat
- * Middleware LLC.
- *
- * This copyrighted material is made available to anyone wishing to use, modify, copy,
- * or redistribute it subject to the terms and conditions of the GNU Lesser General
- * Public License, v. 2.1. This program is distributed in the hope that it will be
- * useful, but WITHOUT A WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for
- * more details. You should have received a copy of the GNU Lesser General Public License,
- * v.2.1 along with this distribution; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- */
-
-package org.jboss.security.negotiation.spnego.encoding;
-
-import org.apache.commons.codec.binary.Hex;
-
-/**
- * Utility class to assist debugging.
- *
- * @author <a href="darranlofthouse at hotmail.com">Darran Lofthouse</a>
- */
-public class DebugHelper
-{
-
- public static String convertToHex(final byte[] message)
- {
- StringBuffer sb = new StringBuffer(message.length * 5);
-
- char[] hex = Hex.encodeHex(message);
-
- for (int i = 0; i < hex.length; i++)
- {
- if (i % 2 == 0)
- {
- sb.append(" 0x");
- }
-
- sb.append(hex[i]);
- }
-
- return sb.toString();
- }
-}
Copied: projects/security/security-negotiation/trunk/jboss-negotiation-spnego/src/tests/java/org/jboss/security/negotiation/spnego/encoding/encoding (from rev 75396, projects/security/security-negotiation/trunk/jboss-negotiation/src/tests/java/org/jboss/security/negotiation/spnego/encoding)
Modified: projects/security/security-negotiation/trunk/jboss-negotiation-toolkit/pom.xml
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation-toolkit/pom.xml 2008-08-07 21:12:57 UTC (rev 76799)
+++ projects/security/security-negotiation/trunk/jboss-negotiation-toolkit/pom.xml 2008-08-07 22:43:20 UTC (rev 76800)
@@ -33,7 +33,7 @@
<!-- Local Dependencies -->
<dependency>
<groupId>org.jboss.security</groupId>
- <artifactId>jboss-negotiation</artifactId>
+ <artifactId>jboss-negotiation-spnego</artifactId>
<scope>provided</scope>
</dependency>
Modified: projects/security/security-negotiation/trunk/parent/pom.xml
===================================================================
--- projects/security/security-negotiation/trunk/parent/pom.xml 2008-08-07 21:12:57 UTC (rev 76799)
+++ projects/security/security-negotiation/trunk/parent/pom.xml 2008-08-07 22:43:20 UTC (rev 76800)
@@ -104,9 +104,19 @@
</dependency>
<dependency>
<groupId>org.jboss.security</groupId>
+ <artifactId>jboss-negotiation-common</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.security</groupId>
<artifactId>jboss-negotiation-ntlm</artifactId>
<version>${project.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jboss-negotiation-spnego</artifactId>
+ <version>${project.version}</version>
+ </dependency>
<!-- External Dependencies -->
<dependency>
Modified: projects/security/security-negotiation/trunk/pom.xml
===================================================================
--- projects/security/security-negotiation/trunk/pom.xml 2008-08-07 21:12:57 UTC (rev 76799)
+++ projects/security/security-negotiation/trunk/pom.xml 2008-08-07 22:43:20 UTC (rev 76800)
@@ -16,7 +16,9 @@
<modules>
<module>parent</module>
<module>jboss-negotiation</module>
+ <module>jboss-negotiation-common</module>
<module>jboss-negotiation-ntlm</module>
+ <module>jboss-negotiation-spnego</module>
<module>jboss-negotiation-toolkit</module>
</modules>
<scm>
More information about the jboss-cvs-commits
mailing list