[jboss-cvs] Picketbox SVN: r195 - trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Mon Apr 18 11:38:42 EDT 2011


Author: mmoyses
Date: 2011-04-18 11:38:42 -0400 (Mon, 18 Apr 2011)
New Revision: 195

Modified:
   trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/BaseCertLoginModule.java
Log:
SECURITY-585: handle JSSESecurityDomain in BaseCertLoginModule

Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/BaseCertLoginModule.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/BaseCertLoginModule.java	2011-04-15 20:15:53 UTC (rev 194)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/BaseCertLoginModule.java	2011-04-18 15:38:42 UTC (rev 195)
@@ -41,7 +41,10 @@
 import javax.security.auth.login.FailedLoginException;
 import javax.security.auth.login.LoginException;
 
+import org.jboss.security.JSSESecurityDomain;
+import org.jboss.security.SecurityConstants;
 import org.jboss.security.SecurityDomain;
+import org.jboss.security.SecurityUtil;
 import org.jboss.security.auth.callback.ObjectCallback;
 import org.jboss.security.auth.certs.X509CertificateVerifier;
 
@@ -67,7 +70,7 @@
    /** The client certificate */
    private X509Certificate credential;
    /** The SecurityDomain to obtain the KeyStore/TrustStore from */
-   private SecurityDomain domain = null;
+   private Object domain = null;
    /** An option certificate verifier */
    private X509CertificateVerifier verifier; 
 
@@ -96,30 +99,38 @@
 
       // Get the security domain and default to "other"
       String sd = (String) options.get("securityDomain");
+      sd = SecurityUtil.unprefixSecurityDomain(sd);
       if (sd == null)
-         sd = "java:/jaas/other";
+         sd = "other";
 
       if( trace )
          log.trace("securityDomain=" + sd);
 
       try
       {
-         Object tempDomain = new InitialContext().lookup(sd);
+         Object tempDomain = new InitialContext().lookup(SecurityConstants.JAAS_CONTEXT_ROOT + sd);
          if (tempDomain instanceof SecurityDomain)
          {
-            domain = (SecurityDomain) tempDomain;
+            domain = tempDomain;
             if( trace )
             {
-               if (domain != null)
+               log.trace("found domain: " + domain.getClass().getName());
+            }
+         }
+         else {
+            tempDomain = new InitialContext().lookup(SecurityConstants.JAAS_CONTEXT_ROOT + sd + "/jsse");
+            if (tempDomain instanceof JSSESecurityDomain) {
+               domain = tempDomain;
+               if( trace )
+               {
                   log.trace("found domain: " + domain.getClass().getName());
-               else
-                  log.trace("the domain " + sd + " is null!");
+               }
             }
+            else
+            {
+               log.error("The JSSE security domain " + sd + " is not valid. All authentication using this login module will fail!");
+            }
          }
-         else
-         {
-            log.error("The domain " + sd + " is not a SecurityDomain. All authentication using this module will fail!");
-         }
       }
       catch (NamingException e)
       {
@@ -353,8 +364,17 @@
       KeyStore trustStore = null;
       if( domain != null )
       {
-         keyStore = domain.getKeyStore();
-         trustStore = domain.getTrustStore();
+         if (domain instanceof SecurityDomain)
+         {
+            keyStore = ((SecurityDomain) domain).getKeyStore();
+            trustStore = ((SecurityDomain) domain).getTrustStore();
+         }
+         else
+            if (domain instanceof JSSESecurityDomain)
+            {
+               keyStore = ((JSSESecurityDomain) domain).getKeyStore();
+               trustStore = ((JSSESecurityDomain) domain).getTrustStore();
+            }
       }
       if( trustStore == null )
          trustStore = keyStore;



More information about the jboss-cvs-commits mailing list