[jboss-cvs] JBossAS SVN: r70502 - in projects/security/security-negotiation/trunk: NegotiationToolkit/descriptors and 3 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Mar 6 12:55:33 EST 2008
Author: darran.lofthouse at jboss.com
Date: 2008-03-06 12:55:33 -0500 (Thu, 06 Mar 2008)
New Revision: 70502
Added:
projects/security/security-negotiation/trunk/NegotiationToolkit/descriptors/jboss-web.xml
projects/security/security-negotiation/trunk/NegotiationToolkit/pages/index.html
projects/security/security-negotiation/trunk/NegotiationToolkit/src/main/org/jboss/security/negotiation/toolkit/SecuredServlet.java
Modified:
projects/security/security-negotiation/trunk/NegotiationToolkit/.classpath
projects/security/security-negotiation/trunk/NegotiationToolkit/descriptors/web.xml
projects/security/security-negotiation/trunk/spnego-configuration/descriptors/spnego-roles.properties
Log:
[SECURITY-151] Added a fully secured servlet to test SPNEGO authentication.
Modified: projects/security/security-negotiation/trunk/NegotiationToolkit/.classpath
===================================================================
--- projects/security/security-negotiation/trunk/NegotiationToolkit/.classpath 2008-03-06 17:53:28 UTC (rev 70501)
+++ projects/security/security-negotiation/trunk/NegotiationToolkit/.classpath 2008-03-06 17:55:33 UTC (rev 70502)
@@ -4,6 +4,7 @@
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
<classpathentry kind="lib" path="/home/darranl/src/links/JBoss_Current/client/servlet-api.jar"/>
<classpathentry kind="lib" path="/home/darranl/src/links/JBoss_Current/client/log4j.jar"/>
+ <classpathentry kind="lib" path="/home/darranl/src/links/JBoss_Current/client/jbosssx-client.jar"/>
<classpathentry kind="var" path="M2_REPO/commons-codec/commons-codec/1.3/commons-codec-1.3.jar"/>
<classpathentry combineaccessrules="false" kind="src" path="/jboss-negotiation"/>
<classpathentry kind="output" path="bin"/>
Added: projects/security/security-negotiation/trunk/NegotiationToolkit/descriptors/jboss-web.xml
===================================================================
--- projects/security/security-negotiation/trunk/NegotiationToolkit/descriptors/jboss-web.xml (rev 0)
+++ projects/security/security-negotiation/trunk/NegotiationToolkit/descriptors/jboss-web.xml 2008-03-06 17:55:33 UTC (rev 70502)
@@ -0,0 +1,7 @@
+<!DOCTYPE jboss-web PUBLIC
+ "-//JBoss//DTD Web Application 2.4//EN"
+ "http://www.jboss.org/j2ee/dtd/jboss-web_4_0.dtd">
+
+<jboss-web>
+ <security-domain>java:/jaas/SPNEGO</security-domain>
+</jboss-web>
Property changes on: projects/security/security-negotiation/trunk/NegotiationToolkit/descriptors/jboss-web.xml
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Name: svn:eol-style
+ LF
Modified: projects/security/security-negotiation/trunk/NegotiationToolkit/descriptors/web.xml
===================================================================
--- projects/security/security-negotiation/trunk/NegotiationToolkit/descriptors/web.xml 2008-03-06 17:53:28 UTC (rev 70501)
+++ projects/security/security-negotiation/trunk/NegotiationToolkit/descriptors/web.xml 2008-03-06 17:55:33 UTC (rev 70502)
@@ -17,6 +17,13 @@
</servlet-class>
</servlet>
+ <servlet>
+ <servlet-name>Secured</servlet-name>
+ <servlet-class>
+ org.jboss.security.negotiation.toolkit.SecuredServlet
+ </servlet-class>
+ </servlet>
+
<servlet-mapping>
<servlet-name>BasicNegotiation</servlet-name>
<url-pattern>/BasicNegotiation</url-pattern>
@@ -25,5 +32,31 @@
<servlet-name>SecurityDomainTest</servlet-name>
<url-pattern>/SecurityDomainTest</url-pattern>
</servlet-mapping>
-
+ <servlet-mapping>
+ <servlet-name>Secured</servlet-name>
+ <url-pattern>/Secured</url-pattern>
+ </servlet-mapping>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Restricted</web-resource-name>
+ <url-pattern>/Secured/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>Users</role-name>
+ </auth-constraint>
+ <user-data-constraint>
+ <transport-guarantee>NONE</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>SPNEGO</auth-method>
+ <realm-name>SPNEGO</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>Users</role-name>
+ </security-role>
+
</web-app>
\ No newline at end of file
Added: projects/security/security-negotiation/trunk/NegotiationToolkit/pages/index.html
===================================================================
--- projects/security/security-negotiation/trunk/NegotiationToolkit/pages/index.html (rev 0)
+++ projects/security/security-negotiation/trunk/NegotiationToolkit/pages/index.html 2008-03-06 17:55:33 UTC (rev 70502)
@@ -0,0 +1,44 @@
+<html>
+ <head>
+ <title>Negotiation Toolkit</title>
+ </head>
+ <body>
+ <h1>Negotiation Toolkit</h1>
+
+ <p>The NegotiationToolkit is a set of servlets that can be used to test SPNEGO.</p>
+
+ <h3>Basic Negotiation</h3>
+ <p>
+ The Basic Negotiation servlet is a servlet that will attempt the initial
+ stages of negotiation with the client browser.<br>
+
+ The purpose of this servlet is to verify that the client browser does
+ respond with a SPNEGO token and displays the contents of the token.<br>
+ <a href="BasicNegotiation">Basic Negotiation</a>
+ </p>
+
+ <h3>Security Domain Test</h3>
+ <p>
+ The Security Domain Test servlet is a servlet that will prompt you for the
+ name of the security domain the server is using to authenticate itself
+ and will then attempt the authentication.<br>
+
+ This servlet will display the results of the authentication.<br>
+
+ The purpose of this servlet is to verify the server can authenticate
+ without needing a full SPNEGO request from a client.<br>
+ <a href="SecurityDomainTest">SecurityDomainTest</a>
+ </p>
+
+ <h3>Secured</h3>
+ <p>
+ The Secured servlet is a servlet that has been fully secured.<br>
+
+ This servlet will display the users principal and the users roles.<br>
+
+ The purpose of this servlet is to test the final stage of configuration
+ to verify that SPNEGO authentication is working.<br>
+ <a href="Secured">Secured</a>
+ </p>
+ </body>
+</html>
Added: projects/security/security-negotiation/trunk/NegotiationToolkit/src/main/org/jboss/security/negotiation/toolkit/SecuredServlet.java
===================================================================
--- projects/security/security-negotiation/trunk/NegotiationToolkit/src/main/org/jboss/security/negotiation/toolkit/SecuredServlet.java (rev 0)
+++ projects/security/security-negotiation/trunk/NegotiationToolkit/src/main/org/jboss/security/negotiation/toolkit/SecuredServlet.java 2008-03-06 17:55:33 UTC (rev 70502)
@@ -0,0 +1,110 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ *
+ * Copyright 2007, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+
+package org.jboss.security.negotiation.toolkit;
+
+import java.io.BufferedReader;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.io.PrintWriter;
+import java.security.Principal;
+
+import javax.security.auth.Subject;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.log4j.Logger;
+import org.jboss.security.SecurityAssociation;
+
+/**
+ * A simple servlet to be secured and output information on the
+ * authenticated user.
+ *
+ * @author darran.lofthouse at jboss.com
+ * @version $Revision$
+ */
+public class SecuredServlet extends HttpServlet
+{
+
+ private static final long serialVersionUID = 4708999345009728352L;
+
+ private static final Logger log = Logger.getLogger(SecuredServlet.class);
+
+ @Override
+ protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException,
+ IOException
+ {
+ log.info(String.valueOf(req.getUserPrincipal()));
+
+ PrintWriter writer = resp.getWriter();
+
+ writer.println("<html>");
+ writer.println(" <head>");
+ writer.println(" <title>Negotiation Toolkit</title>");
+ writer.println(" </head>");
+ writer.println(" <body>");
+ writer.println(" <h1>Negotiation Toolkit</h1>");
+ writer.println(" <h2>Secured</h2>");
+
+ writer.println(" <h5>User Principal</h5>");
+ writeObject(req.getUserPrincipal(), writer);
+
+ writer.println(" <h5>Caller Principal</h5>");
+ writeObject(SecurityAssociation.getCallerPrincipal(), writer);
+
+ writer.println(" <h5>Subject</h5>");
+ writeObject(SecurityAssociation.getSubject(), writer);
+
+ writer.println(" </body>");
+ writer.println("</html>");
+ writer.flush();
+ }
+
+ private void writeObject(final Object obj, final PrintWriter writer) throws IOException
+ {
+ ByteArrayInputStream bais = new ByteArrayInputStream(String.valueOf(obj).getBytes());
+ InputStreamReader isr = new InputStreamReader(bais);
+ BufferedReader br = new BufferedReader(isr);
+
+ writer.println("<code>");
+ String currentLine;
+ while ((currentLine = br.readLine()) != null)
+ {
+ writer.print(currentLine);
+ writer.println("<br>");
+ }
+ writer.println("</code>");
+ }
+
+ @Override
+ protected void doPost(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException,
+ IOException
+ {
+ // Handle POST the same as GET.
+ doGet(req, resp);
+ }
+
+}
Property changes on: projects/security/security-negotiation/trunk/NegotiationToolkit/src/main/org/jboss/security/negotiation/toolkit/SecuredServlet.java
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Name: svn:eol-style
+ LF
Modified: projects/security/security-negotiation/trunk/spnego-configuration/descriptors/spnego-roles.properties
===================================================================
--- projects/security/security-negotiation/trunk/spnego-configuration/descriptors/spnego-roles.properties 2008-03-06 17:53:28 UTC (rev 70501)
+++ projects/security/security-negotiation/trunk/spnego-configuration/descriptors/spnego-roles.properties 2008-03-06 17:55:33 UTC (rev 70502)
@@ -1,2 +1,2 @@
# A roles.properties file for use with the UsersRolesLoginModule
-darranl at GSSLAB.RDU.REDHAT.COM=Mathematician,JBossAdmin
+darranl at GSSLAB.RDU.REDHAT.COM=Mathematician,JBossAdmin,Users
More information about the jboss-cvs-commits
mailing list