[jboss-cvs] Picketbox SVN: r195 - trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon Apr 18 11:38:42 EDT 2011
Author: mmoyses
Date: 2011-04-18 11:38:42 -0400 (Mon, 18 Apr 2011)
New Revision: 195
Modified:
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/BaseCertLoginModule.java
Log:
SECURITY-585: handle JSSESecurityDomain in BaseCertLoginModule
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/BaseCertLoginModule.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/BaseCertLoginModule.java 2011-04-15 20:15:53 UTC (rev 194)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/BaseCertLoginModule.java 2011-04-18 15:38:42 UTC (rev 195)
@@ -41,7 +41,10 @@
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
+import org.jboss.security.JSSESecurityDomain;
+import org.jboss.security.SecurityConstants;
import org.jboss.security.SecurityDomain;
+import org.jboss.security.SecurityUtil;
import org.jboss.security.auth.callback.ObjectCallback;
import org.jboss.security.auth.certs.X509CertificateVerifier;
@@ -67,7 +70,7 @@
/** The client certificate */
private X509Certificate credential;
/** The SecurityDomain to obtain the KeyStore/TrustStore from */
- private SecurityDomain domain = null;
+ private Object domain = null;
/** An option certificate verifier */
private X509CertificateVerifier verifier;
@@ -96,30 +99,38 @@
// Get the security domain and default to "other"
String sd = (String) options.get("securityDomain");
+ sd = SecurityUtil.unprefixSecurityDomain(sd);
if (sd == null)
- sd = "java:/jaas/other";
+ sd = "other";
if( trace )
log.trace("securityDomain=" + sd);
try
{
- Object tempDomain = new InitialContext().lookup(sd);
+ Object tempDomain = new InitialContext().lookup(SecurityConstants.JAAS_CONTEXT_ROOT + sd);
if (tempDomain instanceof SecurityDomain)
{
- domain = (SecurityDomain) tempDomain;
+ domain = tempDomain;
if( trace )
{
- if (domain != null)
+ log.trace("found domain: " + domain.getClass().getName());
+ }
+ }
+ else {
+ tempDomain = new InitialContext().lookup(SecurityConstants.JAAS_CONTEXT_ROOT + sd + "/jsse");
+ if (tempDomain instanceof JSSESecurityDomain) {
+ domain = tempDomain;
+ if( trace )
+ {
log.trace("found domain: " + domain.getClass().getName());
- else
- log.trace("the domain " + sd + " is null!");
+ }
}
+ else
+ {
+ log.error("The JSSE security domain " + sd + " is not valid. All authentication using this login module will fail!");
+ }
}
- else
- {
- log.error("The domain " + sd + " is not a SecurityDomain. All authentication using this module will fail!");
- }
}
catch (NamingException e)
{
@@ -353,8 +364,17 @@
KeyStore trustStore = null;
if( domain != null )
{
- keyStore = domain.getKeyStore();
- trustStore = domain.getTrustStore();
+ if (domain instanceof SecurityDomain)
+ {
+ keyStore = ((SecurityDomain) domain).getKeyStore();
+ trustStore = ((SecurityDomain) domain).getTrustStore();
+ }
+ else
+ if (domain instanceof JSSESecurityDomain)
+ {
+ keyStore = ((JSSESecurityDomain) domain).getKeyStore();
+ trustStore = ((JSSESecurityDomain) domain).getTrustStore();
+ }
}
if( trustStore == null )
trustStore = keyStore;
More information about the jboss-cvs-commits
mailing list