[jboss-cvs] JBossAS SVN: r89022 - trunk/tomcat/src/main/org/jboss/web/tomcat/security/jaspi/modules.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon May 18 22:06:44 EDT 2009
Author: anil.saldhana at jboss.com
Date: 2009-05-18 22:06:43 -0400 (Mon, 18 May 2009)
New Revision: 89022
Added:
trunk/tomcat/src/main/org/jboss/web/tomcat/security/jaspi/modules/HTTPClientCertServerAuthModule.java
Log:
JBAS-6066: JASPI server auth module for CLIENT-CERT
Added: trunk/tomcat/src/main/org/jboss/web/tomcat/security/jaspi/modules/HTTPClientCertServerAuthModule.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/security/jaspi/modules/HTTPClientCertServerAuthModule.java (rev 0)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/security/jaspi/modules/HTTPClientCertServerAuthModule.java 2009-05-19 02:06:43 UTC (rev 89022)
@@ -0,0 +1,136 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.web.tomcat.security.jaspi.modules;
+
+import java.io.IOException;
+import java.security.Principal;
+import java.security.cert.X509Certificate;
+
+import javax.security.auth.Subject;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.MessageInfo;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.authenticator.Constants;
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.apache.catalina.util.StringManager;
+import org.apache.coyote.ActionCode;
+import org.jboss.logging.Logger;
+
+/**
+ * @author Anil.Saldhana at redhat.com
+ * @since May 18, 2009
+ */
+public class HTTPClientCertServerAuthModule extends TomcatServerAuthModule
+{
+ private static Logger log = Logger.getLogger(HTTPClientCertServerAuthModule.class);
+
+ protected Context context;
+
+ protected boolean cache = false;
+
+ private String delgatingLoginContextName;
+
+ public static final String CERTIFICATES_ATTR =
+ "javax.servlet.request.X509Certificate";
+
+ protected static final StringManager sm =
+ StringManager.getManager(Constants.Package);
+
+
+ public HTTPClientCertServerAuthModule()
+ {
+ super();
+ }
+
+ public HTTPClientCertServerAuthModule(String delgatingLoginContextName)
+ {
+ super();
+ this.delgatingLoginContextName = delgatingLoginContextName;
+ }
+
+ @Override
+ public AuthStatus secureResponse(MessageInfo messageInfo, Subject serviceSubject) throws AuthException
+ {
+ throw new RuntimeException("Not Applicable");
+ }
+
+ @Override
+ public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject)
+ throws AuthException
+ {
+ Request request = (Request) messageInfo.getRequestMessage();
+ Response response = (Response) messageInfo.getResponseMessage();
+
+ Principal principal;
+ context = request.getContext();
+
+ X509Certificate certs[] = (X509Certificate[])
+ request.getAttribute(CERTIFICATES_ATTR);
+ if ((certs == null) || (certs.length < 1)) {
+ request.getCoyoteRequest().action
+ (ActionCode.ACTION_REQ_SSL_CERTIFICATE, null);
+ certs = (X509Certificate[])
+ request.getAttribute(CERTIFICATES_ATTR);
+ }
+ if ((certs == null) || (certs.length < 1)) {
+ log.debug(" No certificates included with this request");
+ try
+ {
+ response.sendError(HttpServletResponse.SC_UNAUTHORIZED,
+ sm.getString("authenticator.certificates"));
+ }
+ catch (IOException e)
+ {
+ log.error(e.getLocalizedMessage(),e);
+ }
+ return (AuthStatus.FAILURE);
+ }
+
+ // Authenticate the specified certificate chain
+ principal = context.getRealm().authenticate(certs);
+ if (principal == null) {
+ log.debug(" Realm.authenticate() returned false");
+ try
+ {
+ response.sendError(HttpServletResponse.SC_UNAUTHORIZED,
+ sm.getString("authenticator.unauthorized"));
+ }
+ catch (IOException e)
+ {
+ log.error(e.getLocalizedMessage(),e);
+ }
+ return (AuthStatus.FAILURE);
+ }
+
+ registerWithCallbackHandler(principal,
+ principal.getName(),
+ null);
+ // Cache the principal (if requested) and record this authentication
+ /*register(request, response, principal, Constants.CERT_METHOD,
+ null, null);*/
+ return (AuthStatus.SUCCESS);
+ }
+}
\ No newline at end of file
More information about the jboss-cvs-commits
mailing list