[jboss-cvs] JBossAS SVN: r76859 - in projects/security/security-negotiation/trunk: jboss-negotiation/src/main/java/org/jboss/security/negotiation/spnego and 7 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Sun Aug 10 08:38:38 EDT 2008
Author: darran.lofthouse at jboss.com
Date: 2008-08-10 08:38:38 -0400 (Sun, 10 Aug 2008)
New Revision: 76859
Added:
projects/security/security-negotiation/trunk/jboss-negotiation-common/src/main/java/org/jboss/security/negotiation/MessageFactory.java
projects/security/security-negotiation/trunk/jboss-negotiation-common/src/main/java/org/jboss/security/negotiation/NegotiationAuthenticator.java
projects/security/security-negotiation/trunk/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOAuthenticator.java
Removed:
projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOAuthenticator.java
Modified:
projects/security/security-negotiation/trunk/jboss-negotiation-common/.classpath
projects/security/security-negotiation/trunk/jboss-negotiation-common/pom.xml
projects/security/security-negotiation/trunk/jboss-negotiation-common/src/main/java/org/jboss/security/negotiation/common/NegotiationContext.java
projects/security/security-negotiation/trunk/jboss-negotiation-ntlm/.classpath
projects/security/security-negotiation/trunk/jboss-negotiation-spnego/.classpath
projects/security/security-negotiation/trunk/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java
projects/security/security-negotiation/trunk/jboss-negotiation-toolkit/.classpath
projects/security/security-negotiation/trunk/jboss-negotiation/.classpath
projects/security/security-negotiation/trunk/jboss-negotiation/pom.xml
Log:
[SECURITY-270] Refactoring to allow different negotiation schemes to be chosen.
Modified: projects/security/security-negotiation/trunk/jboss-negotiation/.classpath
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation/.classpath 2008-08-10 10:28:37 UTC (rev 76858)
+++ projects/security/security-negotiation/trunk/jboss-negotiation/.classpath 2008-08-10 12:38:38 UTC (rev 76859)
@@ -9,9 +9,9 @@
<classpathentry kind="var" path="M2_REPO/jboss/jboss-jmx/4.2.2.GA/jboss-jmx-4.2.2.GA.jar"/>
<classpathentry kind="var" path="M2_REPO/jboss/jboss-system/4.2.2.GA/jboss-system-4.2.2.GA.jar"/>
<classpathentry kind="var" path="M2_REPO/jboss/jbosssx/4.2.2.GA/jbosssx-4.2.2.GA.jar"/>
+ <classpathentry kind="src" path="/jboss-negotiation-common"/>
<classpathentry kind="var" path="M2_REPO/jboss/web/jbossweb/2.1.0.GA/jbossweb-2.1.0.GA.jar"/>
<classpathentry kind="var" path="M2_REPO/jboss/web/servlet-api/2.1.0.GA/servlet-api-2.1.0.GA.jar"/>
- <classpathentry kind="src" path="/jboss-negotiation-common"/>
<classpathentry kind="src" path="/jboss-negotiation-ntlm"/>
<classpathentry kind="var" path="M2_REPO/junit/junit/3.8.1/junit-3.8.1.jar"/>
<classpathentry kind="src" path="/jboss-negotiation-spnego"/>
Modified: projects/security/security-negotiation/trunk/jboss-negotiation/pom.xml
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation/pom.xml 2008-08-10 10:28:37 UTC (rev 76858)
+++ projects/security/security-negotiation/trunk/jboss-negotiation/pom.xml 2008-08-10 12:38:38 UTC (rev 76859)
@@ -90,14 +90,7 @@
<groupId>jboss</groupId>
<artifactId>jboss-system</artifactId>
</dependency>
- <dependency>
- <groupId>jboss.web</groupId>
- <artifactId>jbossweb</artifactId>
- </dependency>
- <dependency>
- <groupId>jboss.web</groupId>
- <artifactId>servlet-api</artifactId>
- </dependency>
+
</dependencies>
Deleted: projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOAuthenticator.java
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOAuthenticator.java 2008-08-10 10:28:37 UTC (rev 76858)
+++ projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOAuthenticator.java 2008-08-10 12:38:38 UTC (rev 76859)
@@ -1,133 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- *
- * Copyright 2007, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.negotiation.spnego;
-
-import java.io.IOException;
-import java.security.Principal;
-
-import org.apache.catalina.Realm;
-import org.apache.catalina.Session;
-import org.apache.catalina.authenticator.AuthenticatorBase;
-import org.apache.catalina.connector.Request;
-import org.apache.catalina.connector.Response;
-import org.apache.catalina.deploy.LoginConfig;
-import org.apache.log4j.Logger;
-import org.jboss.security.negotiation.common.NegotiationContext;
-
-/**
- * An authenticator to manage SPNEGO authentication in connection with the
- * SPNEGO login module.
- *
- * @author darran.lofthouse at jboss.com
- * @version $Revision$
- */
-public class SPNEGOAuthenticator extends AuthenticatorBase
-{
-
- private static final Logger log = Logger.getLogger(SPNEGOAuthenticator.class);
-
- private static final String SPNEGO = "SPNEGO";
-
- private static final String SPNEGO_CONTEXT = "SPNEGO_CONTEXT";
-
- @Override
- protected boolean authenticate(final Request request, final Response response, final LoginConfig config)
- throws IOException
- {
- log.trace("Authenticating user");
-
- Principal principal = request.getUserPrincipal();
- if (principal != null)
- {
- if (log.isTraceEnabled())
- log.trace("Already authenticated '" + principal.getName() + "'");
- return true;
- }
-
- log.info("Header - " + request.getHeader("Authorization"));
- String authHeader = request.getHeader("Authorization");
- if (authHeader == null)
- {
- log.debug("No Authorization Header, sending 401");
- response.setHeader("WWW-Authenticate", "Negotiate");
- response.sendError(401);
-
- return false;
- }
- else if (authHeader.startsWith("Negotiate ") == false)
- {
- throw new IOException("Invalid 'Authorization' header.");
- }
-
- Session session = request.getSessionInternal();
- NegotiationContext spnegoContext = (NegotiationContext) session.getNote(SPNEGO_CONTEXT);
- if (spnegoContext == null)
- {
- log.debug("Creating new SPNEGOContext");
- {
- spnegoContext = new NegotiationContext();
- session.setNote(SPNEGO_CONTEXT, spnegoContext);
- }
- }
-
- // TODO - Probably not good if session reused.
- // Maybe create arbitary ID or use SSO ID.
- String username = session.getId();
- try
- {
- // Set the ThreadLocal association.
- spnegoContext.associate();
- spnegoContext.setRequestHeader(authHeader.substring(10));
-
- Realm realm = context.getRealm();
-
- principal = realm.authenticate(username, (String) null);
-
- if (log.isDebugEnabled())
- log.debug("authenticated principal = " + principal);
-
- String responseHeader = spnegoContext.getResponseHeader();
- if (responseHeader != null)
- {
- response.setHeader("WWW-Authenticate", "Negotiate " + responseHeader);
- }
-
- }
- finally
- {
- // Clear the headers and remove the ThreadLocal association.
- spnegoContext.clear();
- }
-
- if (principal == null)
- {
- response.sendError(Response.SC_UNAUTHORIZED);
- }
- else
- {
- register(request, response, principal, SPNEGO, username, null);
- }
-
- return (principal != null);
- }
-}
Modified: projects/security/security-negotiation/trunk/jboss-negotiation-common/.classpath
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation-common/.classpath 2008-08-10 10:28:37 UTC (rev 76858)
+++ projects/security/security-negotiation/trunk/jboss-negotiation-common/.classpath 2008-08-10 12:38:38 UTC (rev 76859)
@@ -5,4 +5,6 @@
<classpathentry kind="output" path="target/classes"/>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
<classpathentry kind="var" path="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/web/jbossweb/2.1.0.GA/jbossweb-2.1.0.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/web/servlet-api/2.1.0.GA/servlet-api-2.1.0.GA.jar"/>
</classpath>
\ No newline at end of file
Modified: projects/security/security-negotiation/trunk/jboss-negotiation-common/pom.xml
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation-common/pom.xml 2008-08-10 10:28:37 UTC (rev 76858)
+++ projects/security/security-negotiation/trunk/jboss-negotiation-common/pom.xml 2008-08-10 12:38:38 UTC (rev 76859)
@@ -37,6 +37,15 @@
<groupId>apache-log4j</groupId>
<artifactId>log4j</artifactId>
</dependency>
+ <dependency>
+ <groupId>jboss.web</groupId>
+ <artifactId>jbossweb</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>jboss.web</groupId>
+ <artifactId>servlet-api</artifactId>
+ </dependency>
+
</dependencies>
</project>
Added: projects/security/security-negotiation/trunk/jboss-negotiation-common/src/main/java/org/jboss/security/negotiation/MessageFactory.java
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation-common/src/main/java/org/jboss/security/negotiation/MessageFactory.java (rev 0)
+++ projects/security/security-negotiation/trunk/jboss-negotiation-common/src/main/java/org/jboss/security/negotiation/MessageFactory.java 2008-08-10 12:38:38 UTC (rev 76859)
@@ -0,0 +1,52 @@
+/*
+ * Copyright © 2008 Red Hat Middleware, LLC. or third-party contributors as indicated
+ * by the @author tags or express copyright attribution statements applied by the
+ * authors. All third-party contributions are distributed under license by Red Hat
+ * Middleware LLC.
+ *
+ * This copyrighted material is made available to anyone wishing to use, modify, copy,
+ * or redistribute it subject to the terms and conditions of the GNU Lesser General
+ * Public License, v. 2.1. This program is distributed in the hope that it will be
+ * useful, but WITHOUT A WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for
+ * more details. You should have received a copy of the GNU Lesser General Public License,
+ * v.2.1 along with this distribution; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+
+package org.jboss.security.negotiation;
+
+import java.io.InputStream;
+
+/**
+ * The base message factory for reading messages from InputStreams and
+ * creating the Java representation of the message.
+ *
+ * @author darran.lofthouse at jboss.com
+ * @since 10th August 2008
+ * @version $Revision$
+ */
+public abstract class MessageFactory
+{
+
+ /**
+ * @return a new MessageFactory to process a message available from an InputStream.
+ */
+ public static MessageFactory newInstance()
+ {
+ return null;
+ }
+
+ /**
+ * Peek at the data in the InputStream and return true if this
+ * MessageFactory can handle the data.
+ */
+ public abstract boolean accepts(final InputStream in);
+
+ /**
+ * Read the message from the InputStream and create the Java
+ * representation of the message.
+ */
+ public abstract Object createMessage(final InputStream in);
+
+}
Property changes on: projects/security/security-negotiation/trunk/jboss-negotiation-common/src/main/java/org/jboss/security/negotiation/MessageFactory.java
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Name: svn:eol-style
+ LF
Copied: projects/security/security-negotiation/trunk/jboss-negotiation-common/src/main/java/org/jboss/security/negotiation/NegotiationAuthenticator.java (from rev 76849, projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOAuthenticator.java)
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation-common/src/main/java/org/jboss/security/negotiation/NegotiationAuthenticator.java (rev 0)
+++ projects/security/security-negotiation/trunk/jboss-negotiation-common/src/main/java/org/jboss/security/negotiation/NegotiationAuthenticator.java 2008-08-10 12:38:38 UTC (rev 76859)
@@ -0,0 +1,145 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ *
+ * Copyright 2007, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.negotiation;
+
+import java.io.IOException;
+import java.security.Principal;
+
+import org.apache.catalina.Realm;
+import org.apache.catalina.Session;
+import org.apache.catalina.authenticator.AuthenticatorBase;
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.apache.catalina.deploy.LoginConfig;
+import org.apache.log4j.Logger;
+import org.jboss.security.negotiation.common.NegotiationContext;
+
+/**
+ * An authenticator to manage Negotiation based authentication in connection with the
+ * Negotiation login module.
+ *
+ * @author darran.lofthouse at jboss.com
+ * @version $Revision$
+ */
+public class NegotiationAuthenticator extends AuthenticatorBase
+{
+
+ private static final Logger log = Logger.getLogger(NegotiationAuthenticator.class);
+
+ private static final String NEGOTIATE = "Negotiate";
+
+ private static final String SPNEGO = "SPNEGO";
+
+ private static final String NEGOTIATION_CONTEXT = "NEGOTIATION_CONTEXT";
+
+ protected String getNegotiateScheme()
+ {
+ return NEGOTIATE;
+ }
+
+ @Override
+ protected boolean authenticate(final Request request, final Response response, final LoginConfig config)
+ throws IOException
+ {
+ log.trace("Authenticating user");
+
+ Principal principal = request.getUserPrincipal();
+ if (principal != null)
+ {
+ if (log.isTraceEnabled())
+ log.trace("Already authenticated '" + principal.getName() + "'");
+ return true;
+ }
+
+ String negotiateScheme = getNegotiateScheme();
+
+ log.info("Header - " + request.getHeader("Authorization"));
+ String authHeader = request.getHeader("Authorization");
+ if (authHeader == null)
+ {
+ log.debug("No Authorization Header, sending 401");
+ response.setHeader("WWW-Authenticate", negotiateScheme);
+ response.sendError(401);
+
+ return false;
+ }
+ else if (authHeader.startsWith(negotiateScheme + " ") == false)
+ {
+ throw new IOException("Invalid 'Authorization' header.");
+ }
+
+ Session session = request.getSessionInternal();
+ NegotiationContext negotiationContext = (NegotiationContext) session.getNote(NEGOTIATION_CONTEXT);
+ if (negotiationContext == null)
+ {
+ log.debug("Creating new NegotiationContext");
+ {
+ negotiationContext = new NegotiationContext();
+ session.setNote(NEGOTIATION_CONTEXT, negotiationContext);
+ }
+ }
+
+ // TODO - Probably not good if session reused.
+ // Maybe create arbitary ID or use SSO ID.
+ String username = session.getId();
+ try
+ {
+ // Set the ThreadLocal association.
+ negotiationContext.associate();
+ negotiationContext.setRequestHeader(authHeader.substring(negotiateScheme.length() + 1));
+
+ Realm realm = context.getRealm();
+
+ principal = realm.authenticate(username, (String) null);
+
+ if (log.isDebugEnabled())
+ log.debug("authenticated principal = " + principal);
+
+ String responseHeader = negotiationContext.getResponseHeader();
+ if (responseHeader != null)
+ {
+ response.setHeader("WWW-Authenticate", negotiateScheme + " " + responseHeader);
+ }
+
+ }
+ finally
+ {
+ // Clear the headers and remove the ThreadLocal association.
+ negotiationContext.clear();
+ }
+
+ if (principal == null)
+ {
+ response.sendError(Response.SC_UNAUTHORIZED);
+ }
+ else
+ {
+ // TODO - Set the scheme based on what happened - the NegotiationContext
+ // is probably the correct vehicle for this as it is the result of the
+ // negotiation that sets the outcome.
+ register(request, response, principal, SPNEGO, username, null);
+ }
+
+ return (principal != null);
+ }
+}
Modified: projects/security/security-negotiation/trunk/jboss-negotiation-common/src/main/java/org/jboss/security/negotiation/common/NegotiationContext.java
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation-common/src/main/java/org/jboss/security/negotiation/common/NegotiationContext.java 2008-08-10 10:28:37 UTC (rev 76858)
+++ projects/security/security-negotiation/trunk/jboss-negotiation-common/src/main/java/org/jboss/security/negotiation/common/NegotiationContext.java 2008-08-10 12:38:38 UTC (rev 76859)
@@ -23,11 +23,11 @@
package org.jboss.security.negotiation.common;
import org.apache.log4j.Logger;
-import org.ietf.jgss.GSSContext;
/**
- * The SPNEGOContext is the holder to contain the state of the current authentication process
- * and is used to transfer data between the authenticator valve and the login module.
+ * The NegotiationContext is the holder to contain the state of the current authentication
+ * process and is used to transfer data between the authenticator valve and the login
+ * module.
*
* @author darran.lofthouse at jboss.com
* @version $Revision$
@@ -45,9 +45,7 @@
private String responseHeader = null;
- // TODO : This class needs to be Externalizable so this can be converted to a
- // byte[] for transport.
- private GSSContext gssContext = null;
+ private Object schemeContext = null;
public static NegotiationContext getCurrentSPNEGOContext()
{
@@ -101,14 +99,14 @@
this.responseHeader = responseHeader;
}
- public GSSContext getGssContext()
+ public Object getSchemeContext()
{
- return gssContext;
+ return schemeContext;
}
- public void setGssContext(GSSContext gssContext)
+ public void setSchemeContext(Object schemeContext)
{
- this.gssContext = gssContext;
+ this.schemeContext = schemeContext;
}
}
Modified: projects/security/security-negotiation/trunk/jboss-negotiation-ntlm/.classpath
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation-ntlm/.classpath 2008-08-10 10:28:37 UTC (rev 76858)
+++ projects/security/security-negotiation/trunk/jboss-negotiation-ntlm/.classpath 2008-08-10 12:38:38 UTC (rev 76859)
@@ -8,4 +8,6 @@
<classpathentry kind="var" path="M2_REPO/junit/junit/3.8.1/junit-3.8.1.jar"/>
<classpathentry kind="src" path="/jboss-negotiation-common"/>
<classpathentry kind="var" path="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/web/jbossweb/2.1.0.GA/jbossweb-2.1.0.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/web/servlet-api/2.1.0.GA/servlet-api-2.1.0.GA.jar"/>
</classpath>
\ No newline at end of file
Modified: projects/security/security-negotiation/trunk/jboss-negotiation-spnego/.classpath
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation-spnego/.classpath 2008-08-10 10:28:37 UTC (rev 76858)
+++ projects/security/security-negotiation/trunk/jboss-negotiation-spnego/.classpath 2008-08-10 12:38:38 UTC (rev 76859)
@@ -9,4 +9,6 @@
<classpathentry kind="var" path="M2_REPO/junit/junit/3.8.1/junit-3.8.1.jar"/>
<classpathentry kind="src" path="/jboss-negotiation-common"/>
<classpathentry kind="var" path="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/web/jbossweb/2.1.0.GA/jbossweb-2.1.0.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/web/servlet-api/2.1.0.GA/servlet-api-2.1.0.GA.jar"/>
</classpath>
\ No newline at end of file
Copied: projects/security/security-negotiation/trunk/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOAuthenticator.java (from rev 76849, projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOAuthenticator.java)
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOAuthenticator.java (rev 0)
+++ projects/security/security-negotiation/trunk/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOAuthenticator.java 2008-08-10 12:38:38 UTC (rev 76859)
@@ -0,0 +1,53 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ *
+ * Copyright 2007, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.negotiation.spnego;
+
+import org.apache.catalina.Valve;
+import org.apache.log4j.Logger;
+import org.jboss.security.negotiation.NegotiationAuthenticator;
+
+/**
+ * The authenticator should be configured using
+ * 'org.jboss.security.negotiation.NegotiationAuthenticator',
+ * this was the old classname so is only retained for
+ * backwards compatibility.
+ *
+ * @author darran.lofthouse at jboss.com
+ * @version $Revision$
+ */
+ at Deprecated
+public class SPNEGOAuthenticator extends NegotiationAuthenticator
+{
+
+ private static final Logger log = Logger.getLogger(SPNEGOAuthenticator.class);
+
+ @Override
+ public void setNext(Valve valve)
+ {
+ String thisClass = this.getClass().getName();
+ String superClass = NegotiationAuthenticator.class.getName();
+ log.warn("'" + thisClass + "' is deprecated, use '" + superClass + "' instead.");
+ super.setNext(valve);
+ }
+
+}
Modified: projects/security/security-negotiation/trunk/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java 2008-08-10 10:28:37 UTC (rev 76858)
+++ projects/security/security-negotiation/trunk/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java 2008-08-10 12:38:38 UTC (rev 76859)
@@ -35,7 +35,6 @@
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
-import org.jboss.util.Base64;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
@@ -43,7 +42,6 @@
import org.ietf.jgss.Oid;
import org.jboss.security.SimpleGroup;
import org.jboss.security.auth.spi.AbstractServerLoginModule;
-
import org.jboss.security.negotiation.common.MessageTrace;
import org.jboss.security.negotiation.common.NegotiationContext;
import org.jboss.security.negotiation.spnego.encoding.NegTokenInit;
@@ -51,6 +49,7 @@
import org.jboss.security.negotiation.spnego.encoding.NegTokenTarg;
import org.jboss.security.negotiation.spnego.encoding.NegTokenTargDecoder;
import org.jboss.security.negotiation.spnego.encoding.NegTokenTargEncoder;
+import org.jboss.util.Base64;
/**
* Login module to work in conjunction with SPNEGOAuthenticator to handle the
@@ -98,8 +97,6 @@
{
if (super.login() == true)
{
- // TODO - Does this login module need to do anything with the identity?
- // Especially as this module does not do any role mapping.
log.debug("super.login()==true");
return true;
}
@@ -270,14 +267,20 @@
throw new LoginException("Unsupported negotiation mechanism.");
}
- GSSContext gssContext = spnegoContext.getGssContext();
+ Object schemeContext = spnegoContext.getSchemeContext();
+ if (schemeContext != null && schemeContext instanceof GSSContext == false)
+ {
+ throw new IllegalStateException("The schemeContext is not a GSSContext");
+ }
+
+ GSSContext gssContext = (GSSContext) schemeContext;
if (gssContext == null)
{
log.debug("Creating new GSSContext.");
GSSManager manager = GSSManager.getInstance();
gssContext = manager.createContext((GSSCredential) null);
- spnegoContext.setGssContext(gssContext);
+ spnegoContext.setSchemeContext(gssContext);
}
if (gssContext.isEstablished())
Modified: projects/security/security-negotiation/trunk/jboss-negotiation-toolkit/.classpath
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation-toolkit/.classpath 2008-08-10 10:28:37 UTC (rev 76858)
+++ projects/security/security-negotiation/trunk/jboss-negotiation-toolkit/.classpath 2008-08-10 12:38:38 UTC (rev 76859)
@@ -8,10 +8,10 @@
<classpathentry kind="var" path="M2_REPO/jboss/web/servlet-api/2.1.0.GA/servlet-api-2.1.0.GA.jar"/>
<classpathentry kind="src" path="/jboss-negotiation"/>
<classpathentry kind="src" path="/jboss-negotiation-common"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/web/jbossweb/2.1.0.GA/jbossweb-2.1.0.GA.jar"/>
<classpathentry kind="src" path="/jboss-negotiation-ntlm"/>
<classpathentry kind="var" path="M2_REPO/junit/junit/3.8.1/junit-3.8.1.jar"/>
<classpathentry kind="src" path="/jboss-negotiation-spnego"/>
<classpathentry kind="var" path="M2_REPO/jboss/jboss-jmx/4.2.2.GA/jboss-jmx-4.2.2.GA.jar"/>
<classpathentry kind="var" path="M2_REPO/jboss/jboss-system/4.2.2.GA/jboss-system-4.2.2.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/web/jbossweb/2.1.0.GA/jbossweb-2.1.0.GA.jar"/>
</classpath>
\ No newline at end of file
More information about the jboss-cvs-commits
mailing list