[jboss-cvs] JBossAS SVN: r70502 - in projects/security/security-negotiation/trunk: NegotiationToolkit/descriptors and 3 other directories.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Thu Mar 6 12:55:33 EST 2008 

Author: darran.lofthouse at jboss.com
Date: 2008-03-06 12:55:33 -0500 (Thu, 06 Mar 2008)
New Revision: 70502

Added:
   projects/security/security-negotiation/trunk/NegotiationToolkit/descriptors/jboss-web.xml
   projects/security/security-negotiation/trunk/NegotiationToolkit/pages/index.html
   projects/security/security-negotiation/trunk/NegotiationToolkit/src/main/org/jboss/security/negotiation/toolkit/SecuredServlet.java
Modified:
   projects/security/security-negotiation/trunk/NegotiationToolkit/.classpath
   projects/security/security-negotiation/trunk/NegotiationToolkit/descriptors/web.xml
   projects/security/security-negotiation/trunk/spnego-configuration/descriptors/spnego-roles.properties
Log:
[SECURITY-151] Added a fully secured servlet to test SPNEGO authentication.

Modified: projects/security/security-negotiation/trunk/NegotiationToolkit/.classpath
===================================================================
--- projects/security/security-negotiation/trunk/NegotiationToolkit/.classpath	2008-03-06 17:53:28 UTC (rev 70501)
+++ projects/security/security-negotiation/trunk/NegotiationToolkit/.classpath	2008-03-06 17:55:33 UTC (rev 70502)
@@ -4,6 +4,7 @@
 	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
 	<classpathentry kind="lib" path="/home/darranl/src/links/JBoss_Current/client/servlet-api.jar"/>
 	<classpathentry kind="lib" path="/home/darranl/src/links/JBoss_Current/client/log4j.jar"/>
+	<classpathentry kind="lib" path="/home/darranl/src/links/JBoss_Current/client/jbosssx-client.jar"/>
 	<classpathentry kind="var" path="M2_REPO/commons-codec/commons-codec/1.3/commons-codec-1.3.jar"/>
 	<classpathentry combineaccessrules="false" kind="src" path="/jboss-negotiation"/>
 	<classpathentry kind="output" path="bin"/>

Added: projects/security/security-negotiation/trunk/NegotiationToolkit/descriptors/jboss-web.xml
===================================================================
--- projects/security/security-negotiation/trunk/NegotiationToolkit/descriptors/jboss-web.xml	                        (rev 0)
+++ projects/security/security-negotiation/trunk/NegotiationToolkit/descriptors/jboss-web.xml	2008-03-06 17:55:33 UTC (rev 70502)
@@ -0,0 +1,7 @@
+<!DOCTYPE jboss-web PUBLIC
+  "-//JBoss//DTD Web Application 2.4//EN"
+  "http://www.jboss.org/j2ee/dtd/jboss-web_4_0.dtd">
+
+<jboss-web>
+  <security-domain>java:/jaas/SPNEGO</security-domain>
+</jboss-web>


Property changes on: projects/security/security-negotiation/trunk/NegotiationToolkit/descriptors/jboss-web.xml
___________________________________________________________________
Name: svn:keywords
   + Id Revision
Name: svn:eol-style
   + LF

Modified: projects/security/security-negotiation/trunk/NegotiationToolkit/descriptors/web.xml
===================================================================
--- projects/security/security-negotiation/trunk/NegotiationToolkit/descriptors/web.xml	2008-03-06 17:53:28 UTC (rev 70501)
+++ projects/security/security-negotiation/trunk/NegotiationToolkit/descriptors/web.xml	2008-03-06 17:55:33 UTC (rev 70502)
@@ -17,6 +17,13 @@
 		</servlet-class>
 	</servlet>
 
+	<servlet>
+		<servlet-name>Secured</servlet-name>
+		<servlet-class>
+			org.jboss.security.negotiation.toolkit.SecuredServlet
+		</servlet-class>
+	</servlet>
+
 	<servlet-mapping>
 		<servlet-name>BasicNegotiation</servlet-name>
 		<url-pattern>/BasicNegotiation</url-pattern>
@@ -25,5 +32,31 @@
 		<servlet-name>SecurityDomainTest</servlet-name>
 		<url-pattern>/SecurityDomainTest</url-pattern>
 	</servlet-mapping>
-	
+	<servlet-mapping>
+		<servlet-name>Secured</servlet-name>
+		<url-pattern>/Secured</url-pattern>
+	</servlet-mapping>
+		
+    <security-constraint>
+      <web-resource-collection>
+        <web-resource-name>Restricted</web-resource-name>
+        <url-pattern>/Secured/*</url-pattern>
+      </web-resource-collection>
+      <auth-constraint>
+        <role-name>Users</role-name>
+      </auth-constraint>
+      <user-data-constraint>
+        <transport-guarantee>NONE</transport-guarantee>
+      </user-data-constraint>
+    </security-constraint>
+    
+   <login-config>
+    <auth-method>SPNEGO</auth-method>
+    <realm-name>SPNEGO</realm-name>    
+   </login-config>
+          
+    <security-role>
+      <role-name>Users</role-name>
+    </security-role>		
+		
 </web-app>
\ No newline at end of file

Added: projects/security/security-negotiation/trunk/NegotiationToolkit/pages/index.html
===================================================================
--- projects/security/security-negotiation/trunk/NegotiationToolkit/pages/index.html	                        (rev 0)
+++ projects/security/security-negotiation/trunk/NegotiationToolkit/pages/index.html	2008-03-06 17:55:33 UTC (rev 70502)
@@ -0,0 +1,44 @@
+<html>
+  <head>
+    <title>Negotiation Toolkit</title>
+  </head>
+  <body>
+    <h1>Negotiation Toolkit</h1>
+
+    <p>The NegotiationToolkit is a set of servlets that can be used to test SPNEGO.</p>
+
+    <h3>Basic Negotiation</h3>
+    <p> 
+      The Basic Negotiation servlet is a servlet that will attempt the initial
+      stages of negotiation with the client browser.<br>
+      
+      The purpose of this servlet is to verify that the client browser does
+      respond with a SPNEGO token and displays the contents of the token.<br>
+      <a href="BasicNegotiation">Basic Negotiation</a> 
+    </p>
+    
+    <h3>Security Domain Test</h3>
+    <p> 
+      The Security Domain Test servlet is a servlet that will prompt you for the
+      name of the security domain the server is using to authenticate itself
+      and will then attempt the authentication.<br>
+      
+      This servlet will display the results of the authentication.<br>
+      
+      The purpose of this servlet is to verify the server can authenticate
+      without needing a full SPNEGO request from a client.<br>
+      <a href="SecurityDomainTest">SecurityDomainTest</a> 
+    </p>    
+    
+    <h3>Secured</h3>
+    <p> 
+      The Secured servlet is a servlet that has been fully secured.<br>
+      
+      This servlet will display the users principal and the users roles.<br>
+      
+      The purpose of this servlet is to test the final stage of configuration
+      to verify that SPNEGO authentication is working.<br>
+      <a href="Secured">Secured</a> 
+    </p>        
+  </body>
+</html>

Added: projects/security/security-negotiation/trunk/NegotiationToolkit/src/main/org/jboss/security/negotiation/toolkit/SecuredServlet.java
===================================================================
--- projects/security/security-negotiation/trunk/NegotiationToolkit/src/main/org/jboss/security/negotiation/toolkit/SecuredServlet.java	                        (rev 0)
+++ projects/security/security-negotiation/trunk/NegotiationToolkit/src/main/org/jboss/security/negotiation/toolkit/SecuredServlet.java	2008-03-06 17:55:33 UTC (rev 70502)
@@ -0,0 +1,110 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * 
+ * Copyright 2007, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+
+package org.jboss.security.negotiation.toolkit;
+
+import java.io.BufferedReader;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.io.PrintWriter;
+import java.security.Principal;
+
+import javax.security.auth.Subject;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.log4j.Logger;
+import org.jboss.security.SecurityAssociation;
+
+/**
+ * A simple servlet to be secured and output information on the
+ * authenticated user. 
+ * 
+ * @author darran.lofthouse at jboss.com
+ * @version $Revision$
+ */
+public class SecuredServlet extends HttpServlet
+{
+
+   private static final long serialVersionUID = 4708999345009728352L;
+
+   private static final Logger log = Logger.getLogger(SecuredServlet.class);
+
+   @Override
+   protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException,
+         IOException
+   {
+      log.info(String.valueOf(req.getUserPrincipal()));
+
+      PrintWriter writer = resp.getWriter();
+
+      writer.println("<html>");
+      writer.println("  <head>");
+      writer.println("    <title>Negotiation Toolkit</title>");
+      writer.println("  </head>");
+      writer.println("  <body>");
+      writer.println("    <h1>Negotiation Toolkit</h1>");
+      writer.println("    <h2>Secured</h2>");
+
+      writer.println("    <h5>User Principal</h5>");
+      writeObject(req.getUserPrincipal(), writer);
+
+      writer.println("    <h5>Caller Principal</h5>");
+      writeObject(SecurityAssociation.getCallerPrincipal(), writer);
+
+      writer.println("    <h5>Subject</h5>");
+      writeObject(SecurityAssociation.getSubject(), writer);
+
+      writer.println("  </body>");
+      writer.println("</html>");
+      writer.flush();
+   }
+
+   private void writeObject(final Object obj, final PrintWriter writer) throws IOException
+   {
+      ByteArrayInputStream bais = new ByteArrayInputStream(String.valueOf(obj).getBytes());
+      InputStreamReader isr = new InputStreamReader(bais);
+      BufferedReader br = new BufferedReader(isr);
+
+      writer.println("<code>");
+      String currentLine;
+      while ((currentLine = br.readLine()) != null)
+      {
+         writer.print(currentLine);
+         writer.println("<br>");
+      }
+      writer.println("</code>");
+   }
+
+   @Override
+   protected void doPost(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException,
+         IOException
+   {
+      // Handle POST the same as GET.
+      doGet(req, resp);
+   }
+
+}


Property changes on: projects/security/security-negotiation/trunk/NegotiationToolkit/src/main/org/jboss/security/negotiation/toolkit/SecuredServlet.java
___________________________________________________________________
Name: svn:keywords
   + Id Revision
Name: svn:eol-style
   + LF

Modified: projects/security/security-negotiation/trunk/spnego-configuration/descriptors/spnego-roles.properties
===================================================================
--- projects/security/security-negotiation/trunk/spnego-configuration/descriptors/spnego-roles.properties	2008-03-06 17:53:28 UTC (rev 70501)
+++ projects/security/security-negotiation/trunk/spnego-configuration/descriptors/spnego-roles.properties	2008-03-06 17:55:33 UTC (rev 70502)
@@ -1,2 +1,2 @@
 # A roles.properties file for use with the UsersRolesLoginModule
-darranl at GSSLAB.RDU.REDHAT.COM=Mathematician,JBossAdmin
+darranl at GSSLAB.RDU.REDHAT.COM=Mathematician,JBossAdmin,Users

More information about the jboss-cvs-commits mailing list