[jboss-cvs] Picketbox SVN: r90 - in trunk/security-jboss-sx/jbosssx/src: test/java/org/jboss/test/authentication/jaas and 1 other directory.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed May 12 20:19:29 EDT 2010
Author: anil.saldhana at jboss.com
Date: 2010-05-12 20:19:29 -0400 (Wed, 12 May 2010)
New Revision: 90
Added:
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/callback/JASPICallbackHandler.java
trunk/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/authentication/jaas/JASPICallbackHandlerUnitTestCase.java
Modified:
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/callback/JBossCallbackHandler.java
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/callback/SecurityActions.java
Log:
SECURITY-508: JASPI callback handler
Added: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/callback/JASPICallbackHandler.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/callback/JASPICallbackHandler.java (rev 0)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/callback/JASPICallbackHandler.java 2010-05-13 00:19:29 UTC (rev 90)
@@ -0,0 +1,141 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.auth.callback;
+
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.message.callback.CallerPrincipalCallback;
+import javax.security.auth.message.callback.GroupPrincipalCallback;
+import javax.security.auth.message.callback.PasswordValidationCallback;
+
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextUtil;
+import org.jboss.security.SimplePrincipal;
+import org.jboss.security.identity.Identity;
+import org.jboss.security.identity.IdentityFactory;
+import org.jboss.security.identity.Role;
+import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.identity.plugins.SimpleRole;
+import org.jboss.security.identity.plugins.SimpleRoleGroup;
+
+
+/**
+ * {@code CallbackHandler} with the JASPI callbacks
+ * @author Anil.Saldhana at redhat.com
+ * @since May 12, 2010
+ */
+public class JASPICallbackHandler extends JBossCallbackHandler
+{
+ private static final long serialVersionUID = 1L;
+
+ public JASPICallbackHandler()
+ {
+ super();
+ }
+
+
+ public JASPICallbackHandler(Principal principal, Object credential)
+ {
+ super(principal, credential);
+ }
+
+
+ @Override
+ protected void handleCallBack(Callback callback) throws UnsupportedCallbackException
+ {
+ if( callback instanceof GroupPrincipalCallback )
+ {
+ GroupPrincipalCallback groupPrincipalCallback = (GroupPrincipalCallback) callback;
+ SecurityContext currentSC = SecurityActions.getCurrentSecurityContext();
+ if( currentSC == null )
+ throw new RuntimeException( " The security context is null " );
+
+ String[] rolesArray = groupPrincipalCallback.getGroups();
+ int sizeOfRoles = rolesArray != null ? rolesArray.length : 0;
+
+ if( sizeOfRoles > 0 )
+ {
+ List<Role> rolesList = new ArrayList<Role>();
+ for( int i = 0; i < sizeOfRoles ; i++ )
+ {
+ Role role = new SimpleRole( rolesArray[ i ] );
+ rolesList.add( role );
+ }
+ RoleGroup roles = new SimpleRoleGroup( SecurityConstants.ROLES_IDENTIFIER, rolesList );
+ currentSC.getUtil().setRoles( roles );
+ }
+
+ Subject subject = groupPrincipalCallback.getSubject();
+
+ if( subject != null )
+ {
+ currentSC.getSubjectInfo().setAuthenticatedSubject( subject );
+ }
+ }
+ else if( callback instanceof CallerPrincipalCallback )
+ {
+ CallerPrincipalCallback callerPrincipalCallback = (CallerPrincipalCallback) callback;
+
+ SecurityContext currentSC = SecurityActions.getCurrentSecurityContext();
+
+ Subject subject = callerPrincipalCallback.getSubject();
+ if( currentSC == null )
+ throw new RuntimeException( " The security context is null " );
+
+ if( subject != null )
+ {
+ currentSC.getSubjectInfo().setAuthenticatedSubject( subject );
+ }
+
+ Principal callerPrincipal = callerPrincipalCallback.getPrincipal();
+ if( callerPrincipal != null )
+ {
+ Identity principalBasedIdentity = IdentityFactory.getIdentity( callerPrincipal, null );
+ currentSC.getSubjectInfo().addIdentity( principalBasedIdentity );
+ }
+ }
+ else if( callback instanceof PasswordValidationCallback )
+ {
+ PasswordValidationCallback passwordValidationCallback = ( PasswordValidationCallback ) callback;
+
+ SecurityContext currentSC = SecurityActions.getCurrentSecurityContext();
+ if( currentSC == null )
+ throw new RuntimeException( " The security context is null " );
+ String userName = passwordValidationCallback.getUsername();
+ char[] password = passwordValidationCallback.getPassword();
+ Subject subject = passwordValidationCallback.getSubject();
+
+ SecurityContextUtil util = currentSC.getUtil();
+ if( subject != null )
+ {
+ util.createSubjectInfo( new SimplePrincipal( userName ), password, subject);
+ }
+ }
+ else super.handleCallBack(callback);
+ }
+}
\ No newline at end of file
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/callback/JBossCallbackHandler.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/callback/JBossCallbackHandler.java 2010-05-12 16:23:39 UTC (rev 89)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/callback/JBossCallbackHandler.java 2010-05-13 00:19:29 UTC (rev 90)
@@ -81,50 +81,61 @@
{
for (int i = 0; i < callbacks.length; i++)
{
- Callback c = callbacks[i];
- if (c instanceof SecurityAssociationCallback)
+ Callback callback = callbacks[i];
+ this.handleCallBack( callback );
+ }
+ }
+
+ /**
+ * Handle a {@code Callback}
+ * @param c callback
+ * @throws UnsupportedCallbackException If the callback is not supported by this handler
+ */
+ protected void handleCallBack( Callback c ) throws UnsupportedCallbackException
+ {
+ if (c instanceof SecurityAssociationCallback)
+ {
+ SecurityAssociationCallback sac = (SecurityAssociationCallback) c;
+ sac.setPrincipal(principal);
+ sac.setCredential(credential);
+ }
+ else if (c instanceof ObjectCallback)
+ {
+ ObjectCallback oc = (ObjectCallback) c;
+ oc.setCredential(credential);
+ }
+ else if (c instanceof NameCallback)
+ {
+ NameCallback nc = (NameCallback) c;
+ if (principal != null)
+ nc.setName(principal.getName());
+ }
+ else if (c instanceof PasswordCallback)
+ {
+ PasswordCallback pc = (PasswordCallback) c;
+ char[] password = getPassword();
+ if (password != null)
+ pc.setPassword(password);
+ }
+ else
+ {
+ try
{
- SecurityAssociationCallback sac = (SecurityAssociationCallback) c;
- sac.setPrincipal(principal);
- sac.setCredential(credential);
+ CallbackHandler handler = SecurityActions.getContextCallbackHandler();
+ if( handler != null )
+ {
+ Callback[] unknown = {c};
+ handler.handle(unknown);
+ return;
+ }
}
- else if (c instanceof ObjectCallback)
+ catch (Exception e)
{
- ObjectCallback oc = (ObjectCallback) c;
- oc.setCredential(credential);
- }
- else if (c instanceof NameCallback)
- {
- NameCallback nc = (NameCallback) c;
- if (principal != null)
- nc.setName(principal.getName());
- }
- else if (c instanceof PasswordCallback)
- {
- PasswordCallback pc = (PasswordCallback) c;
- char[] password = getPassword();
- if (password != null)
- pc.setPassword(password);
- }
- else
- {
- try
- {
- CallbackHandler handler = SecurityActions.getContextCallbackHandler();
- if( handler != null )
- {
- Callback[] unknown = {c};
- handler.handle(unknown);
- return;
- }
- }
- catch (Exception e)
- {
- }
+ }
- throw new UnsupportedCallbackException(c, "Unrecognized Callback");
- }
+ throw new UnsupportedCallbackException(c, "Unrecognized Callback");
}
+
}
/** Try to convert the credential value into a char[] using the
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/callback/SecurityActions.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/callback/SecurityActions.java 2010-05-12 16:23:39 UTC (rev 89)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/callback/SecurityActions.java 2010-05-13 00:19:29 UTC (rev 90)
@@ -23,6 +23,7 @@
import java.lang.reflect.UndeclaredThrowableException;
import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
@@ -30,6 +31,9 @@
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextException;
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextAssociation;
+
/**
Security actions for the callback package
@@ -94,4 +98,16 @@
return PolicyContextActions.PRIVILEGED.getContextCallbackHandler();
}
}
+
+ static SecurityContext getCurrentSecurityContext()
+ {
+ return AccessController.doPrivileged( new PrivilegedAction<SecurityContext>()
+ {
+
+ public SecurityContext run()
+ {
+ return SecurityContextAssociation.getSecurityContext();
+ }
+ });
+ }
}
\ No newline at end of file
Added: trunk/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/authentication/jaas/JASPICallbackHandlerUnitTestCase.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/authentication/jaas/JASPICallbackHandlerUnitTestCase.java (rev 0)
+++ trunk/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/authentication/jaas/JASPICallbackHandlerUnitTestCase.java 2010-05-13 00:19:29 UTC (rev 90)
@@ -0,0 +1,131 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.authentication.jaas;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
+import java.security.Principal;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.message.callback.CallerPrincipalCallback;
+import javax.security.auth.message.callback.GroupPrincipalCallback;
+import javax.security.auth.message.callback.PasswordValidationCallback;
+
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextAssociation;
+import org.jboss.security.SecurityContextFactory;
+import org.jboss.security.SimplePrincipal;
+import org.jboss.security.auth.callback.JASPICallbackHandler;
+import org.jboss.security.identity.Identity;
+import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.identity.extensions.CredentialIdentity;
+import org.jboss.security.identity.plugins.SimpleRole;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+/**
+ * @author Anil.Saldhana at redhat.com
+ * @since May 12, 2010
+ */
+public class JASPICallbackHandlerUnitTestCase
+{
+ private Subject subject = new Subject();
+
+ private Principal principal = new SimplePrincipal( "somePrincipal" );
+
+ private Object cred = new char[] { 't', 'e' };
+
+ @BeforeClass
+ public static void setup() throws Exception
+ {
+ SecurityContext sc = SecurityContextFactory.createSecurityContext( "test" );
+ SecurityContextAssociation.setSecurityContext(sc);
+ }
+
+ @AfterClass
+ public static void tearDown()
+ {
+ SecurityContextAssociation.setSecurityContext(null);
+ }
+
+ @Test
+ public void testGroupPrincipalCallback() throws Exception
+ {
+ JASPICallbackHandler cbh = new JASPICallbackHandler();
+
+ GroupPrincipalCallback gpc = new GroupPrincipalCallback( subject, new String[] { "role1", "role2" } );
+
+ cbh.handle( new Callback[] { gpc } );
+
+ SecurityContext currentSC = SecurityContextAssociation.getSecurityContext();
+
+ assertNotNull( "subject is not null" , gpc.getSubject() );
+ assertEquals( subject, currentSC.getUtil().getSubject() );
+
+ RoleGroup roles = currentSC.getUtil().getRoles();
+
+ assertEquals( 2, roles.getRoles().size() );
+ assertTrue( roles.containsRole( new SimpleRole( "role1" )));
+ assertTrue( roles.containsRole( new SimpleRole( "role2" )));
+ }
+
+ @Test
+ public void testCallerPrincipalCallback() throws Exception
+ {
+ JASPICallbackHandler cbh = new JASPICallbackHandler();
+
+ CallerPrincipalCallback cpc = new CallerPrincipalCallback( subject, principal );
+
+ cbh.handle( new Callback[] { cpc } );
+
+ SecurityContext currentSC = SecurityContextAssociation.getSecurityContext();
+
+ assertNotNull( "subject is not null" , cpc.getSubject() );
+ assertEquals( subject, currentSC.getUtil().getSubject() );
+
+ Set<Identity> identities = currentSC.getUtil().getIdentities( CredentialIdentity.class );
+ assertEquals( 2, identities.size() );
+ }
+
+ @Test
+ public void testPasswordValidationCallback() throws Exception
+ {
+ JASPICallbackHandler cbh = new JASPICallbackHandler();
+
+ PasswordValidationCallback pvc = new PasswordValidationCallback( subject, principal.getName(), (char[]) cred );
+
+ cbh.handle( new Callback[] { pvc } );
+
+ SecurityContext currentSC = SecurityContextAssociation.getSecurityContext();
+
+ assertNotNull( "subject is not null" , pvc.getSubject() );
+ assertEquals( subject, currentSC.getUtil().getSubject() );
+
+ assertEquals( principal, currentSC.getUtil().getUserPrincipal() );
+ assertEquals( cred, currentSC.getUtil().getCredential());
+ }
+}
\ No newline at end of file
More information about the jboss-cvs-commits
mailing list