[jboss-cvs] JBossAS SVN: r110637 - in projects/security/security-negotiation/trunk: assembly/src/assembly and 12 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Fri Feb 11 09:58:49 EST 2011
Author: darran.lofthouse at jboss.com
Date: 2011-02-11 09:58:48 -0500 (Fri, 11 Feb 2011)
New Revision: 110637
Added:
projects/security/security-negotiation/trunk/jboss-negotiation-net/
projects/security/security-negotiation/trunk/jboss-negotiation-net/.classpath
projects/security/security-negotiation/trunk/jboss-negotiation-net/.project
projects/security/security-negotiation/trunk/jboss-negotiation-net/pom.xml
projects/security/security-negotiation/trunk/jboss-negotiation-net/src/
projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/
projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/
projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/
projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/
projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/
projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/
projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/
projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/InitSPNEGOContextAction.java
projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SPNEGOServerSocket.java
projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SPNEGOServerSocketFactory.java
projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SPNEGOSocket.java
projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SPNEGOSocketFactory.java
projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SecurityActions.java
projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/resources/
projects/security/security-negotiation/trunk/jboss-negotiation-net/tests/
projects/security/security-negotiation/trunk/jboss-negotiation-net/tests/java/
Removed:
projects/security/security-negotiation/trunk/jboss-negotiation-net/.classpath
projects/security/security-negotiation/trunk/jboss-negotiation-net/.project
projects/security/security-negotiation/trunk/jboss-negotiation-net/pom.xml
projects/security/security-negotiation/trunk/jboss-negotiation-net/src/
projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/
projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/
projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/
projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/
projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/
projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/
projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/
projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/InitSPNEGOContextAction.java
projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SPNEGOServerSocket.java
projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SPNEGOServerSocketFactory.java
projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SPNEGOSocket.java
projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SPNEGOSocketFactory.java
projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SecurityActions.java
projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/resources/
projects/security/security-negotiation/trunk/jboss-negotiation-net/tests/
projects/security/security-negotiation/trunk/jboss-negotiation-net/tests/java/
projects/security/security-negotiation/trunk/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/net/
Modified:
projects/security/security-negotiation/trunk/assembly/src/assembly/bin.xml
projects/security/security-negotiation/trunk/assembly/src/assembly/sources.xml
projects/security/security-negotiation/trunk/jboss-negotiation-spnego/pom.xml
projects/security/security-negotiation/trunk/pom.xml
Log:
[SECURITY-568] Move networking code under a new project.
Modified: projects/security/security-negotiation/trunk/assembly/src/assembly/bin.xml
===================================================================
--- projects/security/security-negotiation/trunk/assembly/src/assembly/bin.xml 2011-02-11 14:51:59 UTC (rev 110636)
+++ projects/security/security-negotiation/trunk/assembly/src/assembly/bin.xml 2011-02-11 14:58:48 UTC (rev 110637)
@@ -11,8 +11,12 @@
<fileSet>
<directory>../jboss-negotiation-extras/target/classes</directory>
<outputDirectory>/</outputDirectory>
- </fileSet>
+ </fileSet>
<fileSet>
+ <directory>../jboss-negotiation-net/target/classes</directory>
+ <outputDirectory>/</outputDirectory>
+ </fileSet>
+ <fileSet>
<directory>../jboss-negotiation-ntlm/target/classes</directory>
<outputDirectory>/</outputDirectory>
</fileSet>
Modified: projects/security/security-negotiation/trunk/assembly/src/assembly/sources.xml
===================================================================
--- projects/security/security-negotiation/trunk/assembly/src/assembly/sources.xml 2011-02-11 14:51:59 UTC (rev 110636)
+++ projects/security/security-negotiation/trunk/assembly/src/assembly/sources.xml 2011-02-11 14:58:48 UTC (rev 110637)
@@ -12,14 +12,18 @@
<fileSet>
<directory>../jboss-negotiation-extras/src/main/java</directory>
<outputDirectory>/</outputDirectory>
- </fileSet>
+ </fileSet>
<fileSet>
+ <directory>../jboss-negotiation-net/src/main/java</directory>
+ <outputDirectory>/</outputDirectory>
+ </fileSet>
+ <fileSet>
<directory>../jboss-negotiation-ntlm/src/main/java</directory>
<outputDirectory>/</outputDirectory>
- </fileSet>
+ </fileSet>
<fileSet>
<directory>../jboss-negotiation-spnego/src/main/java</directory>
<outputDirectory>/</outputDirectory>
- </fileSet>
+ </fileSet>
</fileSets>
</assembly>
Copied: projects/security/security-negotiation/trunk/jboss-negotiation-net (from rev 110636, projects/security/security-negotiation/branches/dlofthouse/SECURITY-568/jboss-negotiation-net)
Property changes on: projects/security/security-negotiation/trunk/jboss-negotiation-net
___________________________________________________________________
Name: svn:ignore
+ .settings
target
Deleted: projects/security/security-negotiation/trunk/jboss-negotiation-net/.classpath
===================================================================
--- projects/security/security-negotiation/branches/dlofthouse/SECURITY-568/jboss-negotiation-net/.classpath 2011-02-11 14:51:59 UTC (rev 110636)
+++ projects/security/security-negotiation/trunk/jboss-negotiation-net/.classpath 2011-02-11 14:58:48 UTC (rev 110637)
@@ -1,7 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<classpath>
- <classpathentry kind="src" output="target/classes" path="src/main/java"/>
- <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5"/>
- <classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/>
- <classpathentry kind="output" path="target/classes"/>
-</classpath>
Copied: projects/security/security-negotiation/trunk/jboss-negotiation-net/.classpath (from rev 110636, projects/security/security-negotiation/branches/dlofthouse/SECURITY-568/jboss-negotiation-net/.classpath)
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation-net/.classpath (rev 0)
+++ projects/security/security-negotiation/trunk/jboss-negotiation-net/.classpath 2011-02-11 14:58:48 UTC (rev 110637)
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+ <classpathentry kind="src" output="target/classes" path="src/main/java"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5"/>
+ <classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/>
+ <classpathentry kind="output" path="target/classes"/>
+</classpath>
Deleted: projects/security/security-negotiation/trunk/jboss-negotiation-net/.project
===================================================================
--- projects/security/security-negotiation/branches/dlofthouse/SECURITY-568/jboss-negotiation-net/.project 2011-02-11 14:51:59 UTC (rev 110636)
+++ projects/security/security-negotiation/trunk/jboss-negotiation-net/.project 2011-02-11 14:58:48 UTC (rev 110637)
@@ -1,23 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<projectDescription>
- <name>jboss-negotiation-net</name>
- <comment></comment>
- <projects>
- </projects>
- <buildSpec>
- <buildCommand>
- <name>org.eclipse.jdt.core.javabuilder</name>
- <arguments>
- </arguments>
- </buildCommand>
- <buildCommand>
- <name>org.maven.ide.eclipse.maven2Builder</name>
- <arguments>
- </arguments>
- </buildCommand>
- </buildSpec>
- <natures>
- <nature>org.eclipse.jdt.core.javanature</nature>
- <nature>org.maven.ide.eclipse.maven2Nature</nature>
- </natures>
-</projectDescription>
Copied: projects/security/security-negotiation/trunk/jboss-negotiation-net/.project (from rev 110636, projects/security/security-negotiation/branches/dlofthouse/SECURITY-568/jboss-negotiation-net/.project)
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation-net/.project (rev 0)
+++ projects/security/security-negotiation/trunk/jboss-negotiation-net/.project 2011-02-11 14:58:48 UTC (rev 110637)
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+ <name>jboss-negotiation-net</name>
+ <comment></comment>
+ <projects>
+ </projects>
+ <buildSpec>
+ <buildCommand>
+ <name>org.eclipse.jdt.core.javabuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ <buildCommand>
+ <name>org.maven.ide.eclipse.maven2Builder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ </buildSpec>
+ <natures>
+ <nature>org.eclipse.jdt.core.javanature</nature>
+ <nature>org.maven.ide.eclipse.maven2Nature</nature>
+ </natures>
+</projectDescription>
Deleted: projects/security/security-negotiation/trunk/jboss-negotiation-net/pom.xml
===================================================================
--- projects/security/security-negotiation/branches/dlofthouse/SECURITY-568/jboss-negotiation-net/pom.xml 2011-02-11 14:51:59 UTC (rev 110636)
+++ projects/security/security-negotiation/trunk/jboss-negotiation-net/pom.xml 2011-02-11 14:58:48 UTC (rev 110637)
@@ -1,69 +0,0 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>org.jboss.security</groupId>
- <artifactId>jboss-negotiation-project</artifactId>
- <version>2.0.3.SP1</version>
- <relativePath>../parent/pom.xml</relativePath>
- </parent>
- <modelVersion>4.0.0</modelVersion>
- <artifactId>jboss-negotiation-net</artifactId>
- <packaging>jar</packaging>
- <name>JBoss Negotiation Net</name>
- <url>http://www.jboss.org</url>
- <description>JBoss Negotiation Library (Networking Components)</description>
- <build>
- <plugins>
- <plugin>
- <artifactId>maven-surefire-plugin</artifactId>
- <configuration>
- <printSummary>true</printSummary>
- <disableXmlReport>false</disableXmlReport>
- <testFailureIgnore>true</testFailureIgnore>
- <includes>
- <include>**/**TestCase.java</include>
- </includes>
- <forkMode>pertest</forkMode>
- </configuration>
- </plugin>
- </plugins>
- </build>
-
- <!-- Do not add version information here, use ../parent/pom.xml instead -->
- <dependencies>
- <!-- Local Dependencies -->
- <dependency>
- <groupId>org.jboss.security</groupId>
- <artifactId>jboss-negotiation-common</artifactId>
- </dependency>
- <dependency>
- <groupId>org.jboss.security</groupId>
- <artifactId>jboss-negotiation-spnego</artifactId>
- </dependency>
-
- <!-- Global dependencies -->
- <dependency>
- <groupId>org.jboss.jbossas</groupId>
- <artifactId>jboss-as-security</artifactId>
- </dependency>
- <dependency>
- <groupId>org.jboss.logging</groupId>
- <artifactId>jboss-logging</artifactId>
- </dependency>
- <dependency>
- <groupId>org.jboss.mx</groupId>
- <artifactId>jboss-j2se</artifactId>
- </dependency>
- <dependency>
- <groupId>org.jboss.security</groupId>
- <artifactId>jbosssx</artifactId>
- </dependency>
- <dependency>
- <groupId>org.jboss.security</groupId>
- <artifactId>jboss-security-spi</artifactId>
- </dependency>
-
-
- </dependencies>
-
-</project>
Copied: projects/security/security-negotiation/trunk/jboss-negotiation-net/pom.xml (from rev 110636, projects/security/security-negotiation/branches/dlofthouse/SECURITY-568/jboss-negotiation-net/pom.xml)
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation-net/pom.xml (rev 0)
+++ projects/security/security-negotiation/trunk/jboss-negotiation-net/pom.xml 2011-02-11 14:58:48 UTC (rev 110637)
@@ -0,0 +1,69 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jboss-negotiation-project</artifactId>
+ <version>2.0.3.SP1</version>
+ <relativePath>../parent/pom.xml</relativePath>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>jboss-negotiation-net</artifactId>
+ <packaging>jar</packaging>
+ <name>JBoss Negotiation Net</name>
+ <url>http://www.jboss.org</url>
+ <description>JBoss Negotiation Library (Networking Components)</description>
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <printSummary>true</printSummary>
+ <disableXmlReport>false</disableXmlReport>
+ <testFailureIgnore>true</testFailureIgnore>
+ <includes>
+ <include>**/**TestCase.java</include>
+ </includes>
+ <forkMode>pertest</forkMode>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <!-- Do not add version information here, use ../parent/pom.xml instead -->
+ <dependencies>
+ <!-- Local Dependencies -->
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jboss-negotiation-common</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jboss-negotiation-spnego</artifactId>
+ </dependency>
+
+ <!-- Global dependencies -->
+ <dependency>
+ <groupId>org.jboss.jbossas</groupId>
+ <artifactId>jboss-as-security</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.logging</groupId>
+ <artifactId>jboss-logging</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.mx</groupId>
+ <artifactId>jboss-j2se</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jbosssx</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jboss-security-spi</artifactId>
+ </dependency>
+
+
+ </dependencies>
+
+</project>
Copied: projects/security/security-negotiation/trunk/jboss-negotiation-net/src (from rev 110636, projects/security/security-negotiation/branches/dlofthouse/SECURITY-568/jboss-negotiation-net/src)
Copied: projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main (from rev 110636, projects/security/security-negotiation/branches/dlofthouse/SECURITY-568/jboss-negotiation-net/src/main)
Copied: projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java (from rev 110636, projects/security/security-negotiation/branches/dlofthouse/SECURITY-568/jboss-negotiation-net/src/main/java)
Copied: projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org (from rev 110636, projects/security/security-negotiation/branches/dlofthouse/SECURITY-568/jboss-negotiation-net/src/main/java/org)
Copied: projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss (from rev 110636, projects/security/security-negotiation/branches/dlofthouse/SECURITY-568/jboss-negotiation-net/src/main/java/org/jboss)
Copied: projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security (from rev 110636, projects/security/security-negotiation/branches/dlofthouse/SECURITY-568/jboss-negotiation-net/src/main/java/org/jboss/security)
Copied: projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation (from rev 110636, projects/security/security-negotiation/branches/dlofthouse/SECURITY-568/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation)
Copied: projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net (from rev 110636, projects/security/security-negotiation/branches/dlofthouse/SECURITY-568/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net)
Deleted: projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/InitSPNEGOContextAction.java
===================================================================
--- projects/security/security-negotiation/branches/dlofthouse/SECURITY-568/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/InitSPNEGOContextAction.java 2011-02-11 14:51:59 UTC (rev 110636)
+++ projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/InitSPNEGOContextAction.java 2011-02-11 14:58:48 UTC (rev 110637)
@@ -1,163 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2010, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.negotiation.net;
-
-import static org.jboss.security.negotiation.Constants.SPNEGO;
-
-import java.io.DataInputStream;
-import java.io.DataOutputStream;
-import java.io.IOException;
-import java.net.Socket;
-import java.security.Principal;
-import java.security.PrivilegedAction;
-
-import javax.security.auth.Subject;
-import javax.security.auth.login.LoginContext;
-
-import org.ietf.jgss.GSSContext;
-import org.ietf.jgss.GSSException;
-import org.ietf.jgss.GSSManager;
-import org.ietf.jgss.GSSName;
-import org.ietf.jgss.Oid;
-import org.jboss.logging.Logger;
-import org.jboss.security.SecurityContext;
-
-/**
- * A {@link PrivilegedAction} that establishes the {@link GSSContext} according to GSS API.
- *
- * @author <a href="mmoyses at redhat.com">Marcus Moyses</a>
- * @version $Revision: 1 $
- */
-public class InitSPNEGOContextAction implements PrivilegedAction<Object>
-{
-
- protected static Logger log = Logger.getLogger(InitSPNEGOContextAction.class);
-
- private Socket socket;
-
- private LoginContext lc;
-
- /**
- * Default constructor
- *
- * @param socket {@link Socket} used to exchange the tokens.
- * @param lc {@link LoginContext} with the authenticated Subject who will execute the action
- */
- InitSPNEGOContextAction(Socket socket, LoginContext lc)
- {
- this.socket = socket;
- this.lc = lc;
- }
-
- /**
- * @see PrivilegedAction#run()
- */
- public Object run()
- {
- boolean DEBUG = log.isDebugEnabled();
- byte[] token = new byte[0];
- GSSManager manager = GSSManager.getInstance();
- GSSContext context = null;
- try
- {
- DataInputStream inStream = new DataInputStream(socket.getInputStream());
- DataOutputStream outStream = new DataOutputStream(socket.getOutputStream());
-
- Oid oid = SPNEGO;
- String nameStr = SecurityActions.getServerName();
- if (nameStr == null)
- throw new IllegalArgumentException("Server name must be set using the org.jboss.security.negotiation.server.principal system property");
- GSSName serverName = manager.createName(nameStr, null);
- context = manager.createContext(serverName, oid, null, GSSContext.DEFAULT_LIFETIME);
- while (!context.isEstablished())
- {
- token = context.initSecContext(token, 0, token.length);
- if (token != null)
- {
- if (DEBUG)
- log.debug("Sending token of length " + token.length);
- outStream.writeInt(token.length);
- outStream.write(token);
- outStream.flush();
- }
-
- if (!context.isEstablished())
- {
- token = new byte[inStream.readInt()];
- if (DEBUG)
- log.debug("Receiving token of length " + token.length);
- inStream.readFully(token);
- }
- }
- if (DEBUG)
- log.trace("GSSContext established");
- Subject subject = lc.getSubject();
- Principal principal = (Principal)subject.getPrincipals().iterator().next();
- try
- {
- setSecurityContext(principal, null, subject, "CLIENT");
- }
- catch (Exception e)
- {
- log.error("Error setting the SecurityContext: " + e.getMessage(), e);
- }
- }
- catch (GSSException gsse)
- {
- log.error("Error establishing GSSContext: " + gsse.getMessage(), gsse);
- }
- catch (IOException ioe)
- {
- log.error("Error reading/writing token: " + ioe.getMessage(), ioe);
- }
- finally
- {
- if (context != null)
- {
- try
- {
- context.dispose();
- }
- catch (GSSException gsse)
- {
- log.error("Error dispoing GSSContext: " + gsse.getMessage(), gsse);
- }
- }
- }
- return null;
- }
-
- /**
- * Performs JBoss specific security context association.
- *
- * @param principal {@link Principal} of the user
- * @param credential Credentials of the user
- * @param subject {@link Subject} of the user
- * @param securityDomain Security domain of the context
- * @throws Exception if an error occurs while setting the security context
- */
- protected void setSecurityContext(Principal principal, Object credential, Subject subject, String securityDomain) throws Exception
- {
- SecurityContext sc = SecurityActions.createSecurityContext(principal, null, subject, securityDomain);
- SecurityActions.setSecurityContext(sc);
- }
-}
Copied: projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/InitSPNEGOContextAction.java (from rev 110636, projects/security/security-negotiation/branches/dlofthouse/SECURITY-568/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/InitSPNEGOContextAction.java)
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/InitSPNEGOContextAction.java (rev 0)
+++ projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/InitSPNEGOContextAction.java 2011-02-11 14:58:48 UTC (rev 110637)
@@ -0,0 +1,163 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2010, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.negotiation.net;
+
+import static org.jboss.security.negotiation.Constants.SPNEGO;
+
+import java.io.DataInputStream;
+import java.io.DataOutputStream;
+import java.io.IOException;
+import java.net.Socket;
+import java.security.Principal;
+import java.security.PrivilegedAction;
+
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginContext;
+
+import org.ietf.jgss.GSSContext;
+import org.ietf.jgss.GSSException;
+import org.ietf.jgss.GSSManager;
+import org.ietf.jgss.GSSName;
+import org.ietf.jgss.Oid;
+import org.jboss.logging.Logger;
+import org.jboss.security.SecurityContext;
+
+/**
+ * A {@link PrivilegedAction} that establishes the {@link GSSContext} according to GSS API.
+ *
+ * @author <a href="mmoyses at redhat.com">Marcus Moyses</a>
+ * @version $Revision: 1 $
+ */
+public class InitSPNEGOContextAction implements PrivilegedAction<Object>
+{
+
+ protected static Logger log = Logger.getLogger(InitSPNEGOContextAction.class);
+
+ private Socket socket;
+
+ private LoginContext lc;
+
+ /**
+ * Default constructor
+ *
+ * @param socket {@link Socket} used to exchange the tokens.
+ * @param lc {@link LoginContext} with the authenticated Subject who will execute the action
+ */
+ InitSPNEGOContextAction(Socket socket, LoginContext lc)
+ {
+ this.socket = socket;
+ this.lc = lc;
+ }
+
+ /**
+ * @see PrivilegedAction#run()
+ */
+ public Object run()
+ {
+ boolean DEBUG = log.isDebugEnabled();
+ byte[] token = new byte[0];
+ GSSManager manager = GSSManager.getInstance();
+ GSSContext context = null;
+ try
+ {
+ DataInputStream inStream = new DataInputStream(socket.getInputStream());
+ DataOutputStream outStream = new DataOutputStream(socket.getOutputStream());
+
+ Oid oid = SPNEGO;
+ String nameStr = SecurityActions.getServerName();
+ if (nameStr == null)
+ throw new IllegalArgumentException("Server name must be set using the org.jboss.security.negotiation.server.principal system property");
+ GSSName serverName = manager.createName(nameStr, null);
+ context = manager.createContext(serverName, oid, null, GSSContext.DEFAULT_LIFETIME);
+ while (!context.isEstablished())
+ {
+ token = context.initSecContext(token, 0, token.length);
+ if (token != null)
+ {
+ if (DEBUG)
+ log.debug("Sending token of length " + token.length);
+ outStream.writeInt(token.length);
+ outStream.write(token);
+ outStream.flush();
+ }
+
+ if (!context.isEstablished())
+ {
+ token = new byte[inStream.readInt()];
+ if (DEBUG)
+ log.debug("Receiving token of length " + token.length);
+ inStream.readFully(token);
+ }
+ }
+ if (DEBUG)
+ log.trace("GSSContext established");
+ Subject subject = lc.getSubject();
+ Principal principal = (Principal)subject.getPrincipals().iterator().next();
+ try
+ {
+ setSecurityContext(principal, null, subject, "CLIENT");
+ }
+ catch (Exception e)
+ {
+ log.error("Error setting the SecurityContext: " + e.getMessage(), e);
+ }
+ }
+ catch (GSSException gsse)
+ {
+ log.error("Error establishing GSSContext: " + gsse.getMessage(), gsse);
+ }
+ catch (IOException ioe)
+ {
+ log.error("Error reading/writing token: " + ioe.getMessage(), ioe);
+ }
+ finally
+ {
+ if (context != null)
+ {
+ try
+ {
+ context.dispose();
+ }
+ catch (GSSException gsse)
+ {
+ log.error("Error dispoing GSSContext: " + gsse.getMessage(), gsse);
+ }
+ }
+ }
+ return null;
+ }
+
+ /**
+ * Performs JBoss specific security context association.
+ *
+ * @param principal {@link Principal} of the user
+ * @param credential Credentials of the user
+ * @param subject {@link Subject} of the user
+ * @param securityDomain Security domain of the context
+ * @throws Exception if an error occurs while setting the security context
+ */
+ protected void setSecurityContext(Principal principal, Object credential, Subject subject, String securityDomain) throws Exception
+ {
+ SecurityContext sc = SecurityActions.createSecurityContext(principal, null, subject, securityDomain);
+ SecurityActions.setSecurityContext(sc);
+ }
+}
Deleted: projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SPNEGOServerSocket.java
===================================================================
--- projects/security/security-negotiation/branches/dlofthouse/SECURITY-568/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SPNEGOServerSocket.java 2011-02-11 14:51:59 UTC (rev 110636)
+++ projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SPNEGOServerSocket.java 2011-02-11 14:58:48 UTC (rev 110637)
@@ -1,355 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2010, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.negotiation.net;
-
-import java.io.ByteArrayInputStream;
-import java.io.DataInputStream;
-import java.io.DataOutputStream;
-import java.io.IOException;
-import java.net.InetAddress;
-import java.net.ServerSocket;
-import java.net.Socket;
-import java.security.Principal;
-
-import javax.management.MBeanServer;
-import javax.management.ObjectName;
-import javax.naming.InitialContext;
-import javax.naming.NamingException;
-import javax.security.auth.Subject;
-import javax.security.auth.kerberos.KerberosPrincipal;
-import javax.security.auth.login.LoginContext;
-import javax.security.auth.login.LoginException;
-
-import org.ietf.jgss.GSSContext;
-import org.jboss.logging.Logger;
-import org.jboss.mx.util.MBeanServerLocator;
-import org.jboss.security.SecurityConstants;
-import org.jboss.security.auth.callback.SecurityAssociationHandler;
-import org.jboss.security.negotiation.MessageFactory;
-import org.jboss.security.negotiation.NegotiationException;
-import org.jboss.security.negotiation.NegotiationMessage;
-import org.jboss.security.negotiation.common.MessageTrace;
-import org.jboss.security.negotiation.common.NegotiationContext;
-import org.jboss.security.negotiation.spnego.encoding.NegTokenInit;
-import org.jboss.security.negotiation.spnego.encoding.NegTokenTarg;
-import org.jboss.security.negotiation.spnego.encoding.TokenParser;
-import org.jboss.security.plugins.JaasSecurityManager;
-
-/**
- * An implementation of {@link ServerSocket} that tries to establish a {@link GSSContext}
- * when a {@link Socket} connects to it.
- *
- * @author <a href="mmoyses at redhat.com">Marcus Moyses</a>
- * @version $Revision: 1 $
- */
-public class SPNEGOServerSocket extends ServerSocket
-{
-
- private static Logger log = Logger.getLogger(SPNEGOServerSocket.class);
-
- private Principal principal;
-
- private String securityDomain;
-
- private String hostSecurityDomain;
-
- private LoginContext lc;
-
- private Subject subject;
-
- /**
- * @see ServerSocket#ServerSocket()
- */
- public SPNEGOServerSocket() throws IOException
- {
- super();
- if (log.isTraceEnabled())
- log.trace("Creating " + this.getClass().getName());
- }
-
- /**
- * @see ServerSocket#ServerSocket(int)
- */
- public SPNEGOServerSocket(int port) throws IOException
- {
- super(port);
- }
-
- /**
- * @see ServerSocket#ServerSocket(int, int)
- */
- public SPNEGOServerSocket(int port, int backlog) throws IOException
- {
- super(port, backlog);
- }
-
- /**
- * @see ServerSocket#ServerSocket(int, int, InetAddress)
- */
- public SPNEGOServerSocket(int port, int backlog, InetAddress bindAddr) throws IOException
- {
- super(port, backlog, bindAddr);
- }
-
- /**
- * Tries to establish a {@link GSSContext} with the client using the tokens
- * provided.
- *
- * @see ServerSocket#accept()
- */
- public Socket accept() throws IOException
- {
- boolean TRACE = log.isTraceEnabled();
- if (TRACE)
- log.trace(this.getClass().getName() + ".accept()");
- Socket socket = super.accept();
-
- if (TRACE)
- log.trace("Creating new NegotiationContext");
- NegotiationContext negotiationContext = new NegotiationContext();
- try
- {
- negotiationContext.associate();
- acceptSocket(socket, negotiationContext);
- }
- catch (Exception e)
- {
- // re-throw the Exception as a IOException
- throw new IOException(e);
- }
- finally
- {
- negotiationContext.clear();
- }
-
- return socket;
- }
-
- /**
- * @see ServerSocket#close()
- */
- public void close() throws IOException
- {
- try
- {
- logout();
- }
- catch (LoginException le)
- {
- // just logs error
- log.error("Error during logout: " + le.getMessage(), le);
- }
- super.close();
- }
-
- /**
- * Accepts a {@link Socket} connection by trying to do a JAAS Kerberos login using the tokens exchanged
- * with the client.
- *
- * @param socket Client {@link Socket}
- * @param negotiationContext {@link NegotiationContext} to be used for the JAAS login
- * @throws IOException
- * @throws NegotiationException
- * @throws NamingException
- */
- protected void acceptSocket(Socket socket, NegotiationContext negotiationContext) throws Exception
- {
- boolean TRACE = log.isTraceEnabled();
-
- byte[] token = new byte[0];
- DataInputStream inStream = new DataInputStream(socket.getInputStream());
- // first reads the size of the client's token
- token = new byte[inStream.readInt()];
- if (TRACE)
- log.debug("Receiving token of length " + token.length);
- // then reads the client's token
- inStream.readFully(token);
- MessageTrace.logRequestHex(token);
-
- ByteArrayInputStream authTokenIS = new ByteArrayInputStream(token);
- MessageFactory mf = MessageFactory.newInstance();
- if (mf.accepts(authTokenIS) == false)
- {
- throw new IOException("Unsupported negotiation mechanism.");
- }
- NegotiationMessage requestMessage = mf.createMessage(authTokenIS);
- authTokenIS.close();
- // AP_REQ token
- byte[] kerberosToken = ((NegTokenInit) requestMessage).getMechToken();
- // need to pass the full token and let JDK classes parse it
- ((NegTokenInit) requestMessage).setMechToken(token);
- negotiationContext.setRequestMessage(requestMessage);
-
- // retrieve client principal from the kerberos token
- if (subject == null)
- {
- if (TRACE)
- log.trace("Starting host login");
- subject = login();
- if (TRACE)
- log.trace("Host login successful");
- }
- principal = getClientPrincipal(kerberosToken, subject);
- // need to flush the cache first and let the tokens be validated every time
- if (TRACE)
- log.trace("Flushing cache");
- flushPrincipalFromCache(principal, securityDomain);
-
- // authenticates using the token
- isValid(principal, null, securityDomain);
-
- NegotiationMessage responseMessage = negotiationContext.getResponseMessage();
- DataOutputStream outStream = new DataOutputStream(socket.getOutputStream());
- // need to pass the full token and let JDK classes parse it
- token = ((NegTokenTarg) responseMessage).getResponseToken();
- if (TRACE)
- log.debug("Sending token of length " + token.length);
- MessageTrace.logResponseHex(token);
- // first writes the size of the token
- outStream.writeInt(token.length);
- // then writes the token
- outStream.write(token);
- outStream.flush();
- }
-
- /**
- * Performs a JAAS login.
- *
- * @param principal User {@link Principal} to login
- * @param credential Credentials of the user
- * @param securityDomain Name of the JAAS security domain
- * @return true if authentication succeeds, false otherwise
- * @throws Exception if an error occurs
- */
- protected boolean isValid(Principal principal, Object credential, String securityDomain) throws Exception
- {
- InitialContext ctx = new InitialContext();
- JaasSecurityManager jsm = (JaasSecurityManager) ctx.lookup(SecurityConstants.JAAS_CONTEXT_ROOT + "/" + securityDomain);
- return jsm.isValid(principal, credential);
- }
-
- /**
- * Removes the user entry from the authentication cache.
- *
- * @param principal User {@link Principal} to remove from cache
- * @param securityDomain Name of the JAAS security domain
- * @throws Exception if an error occurs
- */
- protected void flushPrincipalFromCache(Principal principal, String securityDomain) throws Exception
- {
- MBeanServer server = MBeanServerLocator.locateJBoss();
- ObjectName jaasMgr = new ObjectName("jboss.security:service=JaasSecurityManager");
- Object[] params = {securityDomain, principal};
- String[] signature = {String.class.getName(), Principal.class.getName()};
- server.invoke(jaasMgr, "flushAuthenticationCache", params, signature);
- }
-
- /**
- * Returns the security domain securing the EJBs.
- *
- * @return name of the security domain
- */
- public String getSecurityDomain()
- {
- return securityDomain;
- }
-
- /**
- * Sets the security domain securing the EJBs.
- *
- * @param securityDomain name of the security domain
- */
- public void setSecurityDomain(String securityDomain)
- {
- this.securityDomain = securityDomain;
- }
-
- /**
- * Returns the Kerberos security domain.
- *
- * @return name of the security domain
- */
- public String getHostSecurityDomain()
- {
- return hostSecurityDomain;
- }
-
- /**
- * Sets the Kerberos security domain.
- *
- * @param hostSecurityDomain name of the security domain
- */
- public void setHostSecurityDomain(String hostSecurityDomain)
- {
- this.hostSecurityDomain = hostSecurityDomain;
- }
-
- /**
- * Performs a JAAS login on the client side.
- *
- * @return a {@link Subject}
- * @throws LoginException if the login fails
- */
- protected Subject login() throws LoginException
- {
- if (lc == null)
- lc = new LoginContext(hostSecurityDomain, new SecurityAssociationHandler());
- lc.login();
- return lc.getSubject();
- }
-
- /**
- * Performs a JAAS logout on the client side.
- *
- * @throws LoginException if the logout fails
- */
- protected void logout() throws LoginException
- {
- if (lc != null)
- lc.logout();
- subject = null;
- }
-
- /**
- * Decodes and parses the ticket to retrieve the client {@link Principal}.
- *
- * @param ticket Kerberos ticket
- * @param subject Subject containing the server private key
- * @return client {@link Principal}
- */
- protected Principal getClientPrincipal(byte[] ticket, Subject subject)
- {
- TokenParser tp = new TokenParser();
- try
- {
- tp.parseToken(ticket, subject);
- }
- catch (Exception e)
- {
- log.error("Error parsing/decoding ticket: " + e.getMessage(), e);
- return null;
- }
- String principalName = tp.getPrincipalName();
-
- return new KerberosPrincipal(principalName);
- }
-}
Copied: projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SPNEGOServerSocket.java (from rev 110636, projects/security/security-negotiation/branches/dlofthouse/SECURITY-568/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SPNEGOServerSocket.java)
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SPNEGOServerSocket.java (rev 0)
+++ projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SPNEGOServerSocket.java 2011-02-11 14:58:48 UTC (rev 110637)
@@ -0,0 +1,355 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2010, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.negotiation.net;
+
+import java.io.ByteArrayInputStream;
+import java.io.DataInputStream;
+import java.io.DataOutputStream;
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.ServerSocket;
+import java.net.Socket;
+import java.security.Principal;
+
+import javax.management.MBeanServer;
+import javax.management.ObjectName;
+import javax.naming.InitialContext;
+import javax.naming.NamingException;
+import javax.security.auth.Subject;
+import javax.security.auth.kerberos.KerberosPrincipal;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+
+import org.ietf.jgss.GSSContext;
+import org.jboss.logging.Logger;
+import org.jboss.mx.util.MBeanServerLocator;
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.auth.callback.SecurityAssociationHandler;
+import org.jboss.security.negotiation.MessageFactory;
+import org.jboss.security.negotiation.NegotiationException;
+import org.jboss.security.negotiation.NegotiationMessage;
+import org.jboss.security.negotiation.common.MessageTrace;
+import org.jboss.security.negotiation.common.NegotiationContext;
+import org.jboss.security.negotiation.spnego.encoding.NegTokenInit;
+import org.jboss.security.negotiation.spnego.encoding.NegTokenTarg;
+import org.jboss.security.negotiation.spnego.encoding.TokenParser;
+import org.jboss.security.plugins.JaasSecurityManager;
+
+/**
+ * An implementation of {@link ServerSocket} that tries to establish a {@link GSSContext}
+ * when a {@link Socket} connects to it.
+ *
+ * @author <a href="mmoyses at redhat.com">Marcus Moyses</a>
+ * @version $Revision: 1 $
+ */
+public class SPNEGOServerSocket extends ServerSocket
+{
+
+ private static Logger log = Logger.getLogger(SPNEGOServerSocket.class);
+
+ private Principal principal;
+
+ private String securityDomain;
+
+ private String hostSecurityDomain;
+
+ private LoginContext lc;
+
+ private Subject subject;
+
+ /**
+ * @see ServerSocket#ServerSocket()
+ */
+ public SPNEGOServerSocket() throws IOException
+ {
+ super();
+ if (log.isTraceEnabled())
+ log.trace("Creating " + this.getClass().getName());
+ }
+
+ /**
+ * @see ServerSocket#ServerSocket(int)
+ */
+ public SPNEGOServerSocket(int port) throws IOException
+ {
+ super(port);
+ }
+
+ /**
+ * @see ServerSocket#ServerSocket(int, int)
+ */
+ public SPNEGOServerSocket(int port, int backlog) throws IOException
+ {
+ super(port, backlog);
+ }
+
+ /**
+ * @see ServerSocket#ServerSocket(int, int, InetAddress)
+ */
+ public SPNEGOServerSocket(int port, int backlog, InetAddress bindAddr) throws IOException
+ {
+ super(port, backlog, bindAddr);
+ }
+
+ /**
+ * Tries to establish a {@link GSSContext} with the client using the tokens
+ * provided.
+ *
+ * @see ServerSocket#accept()
+ */
+ public Socket accept() throws IOException
+ {
+ boolean TRACE = log.isTraceEnabled();
+ if (TRACE)
+ log.trace(this.getClass().getName() + ".accept()");
+ Socket socket = super.accept();
+
+ if (TRACE)
+ log.trace("Creating new NegotiationContext");
+ NegotiationContext negotiationContext = new NegotiationContext();
+ try
+ {
+ negotiationContext.associate();
+ acceptSocket(socket, negotiationContext);
+ }
+ catch (Exception e)
+ {
+ // re-throw the Exception as a IOException
+ throw new IOException(e);
+ }
+ finally
+ {
+ negotiationContext.clear();
+ }
+
+ return socket;
+ }
+
+ /**
+ * @see ServerSocket#close()
+ */
+ public void close() throws IOException
+ {
+ try
+ {
+ logout();
+ }
+ catch (LoginException le)
+ {
+ // just logs error
+ log.error("Error during logout: " + le.getMessage(), le);
+ }
+ super.close();
+ }
+
+ /**
+ * Accepts a {@link Socket} connection by trying to do a JAAS Kerberos login using the tokens exchanged
+ * with the client.
+ *
+ * @param socket Client {@link Socket}
+ * @param negotiationContext {@link NegotiationContext} to be used for the JAAS login
+ * @throws IOException
+ * @throws NegotiationException
+ * @throws NamingException
+ */
+ protected void acceptSocket(Socket socket, NegotiationContext negotiationContext) throws Exception
+ {
+ boolean TRACE = log.isTraceEnabled();
+
+ byte[] token = new byte[0];
+ DataInputStream inStream = new DataInputStream(socket.getInputStream());
+ // first reads the size of the client's token
+ token = new byte[inStream.readInt()];
+ if (TRACE)
+ log.debug("Receiving token of length " + token.length);
+ // then reads the client's token
+ inStream.readFully(token);
+ MessageTrace.logRequestHex(token);
+
+ ByteArrayInputStream authTokenIS = new ByteArrayInputStream(token);
+ MessageFactory mf = MessageFactory.newInstance();
+ if (mf.accepts(authTokenIS) == false)
+ {
+ throw new IOException("Unsupported negotiation mechanism.");
+ }
+ NegotiationMessage requestMessage = mf.createMessage(authTokenIS);
+ authTokenIS.close();
+ // AP_REQ token
+ byte[] kerberosToken = ((NegTokenInit) requestMessage).getMechToken();
+ // need to pass the full token and let JDK classes parse it
+ ((NegTokenInit) requestMessage).setMechToken(token);
+ negotiationContext.setRequestMessage(requestMessage);
+
+ // retrieve client principal from the kerberos token
+ if (subject == null)
+ {
+ if (TRACE)
+ log.trace("Starting host login");
+ subject = login();
+ if (TRACE)
+ log.trace("Host login successful");
+ }
+ principal = getClientPrincipal(kerberosToken, subject);
+ // need to flush the cache first and let the tokens be validated every time
+ if (TRACE)
+ log.trace("Flushing cache");
+ flushPrincipalFromCache(principal, securityDomain);
+
+ // authenticates using the token
+ isValid(principal, null, securityDomain);
+
+ NegotiationMessage responseMessage = negotiationContext.getResponseMessage();
+ DataOutputStream outStream = new DataOutputStream(socket.getOutputStream());
+ // need to pass the full token and let JDK classes parse it
+ token = ((NegTokenTarg) responseMessage).getResponseToken();
+ if (TRACE)
+ log.debug("Sending token of length " + token.length);
+ MessageTrace.logResponseHex(token);
+ // first writes the size of the token
+ outStream.writeInt(token.length);
+ // then writes the token
+ outStream.write(token);
+ outStream.flush();
+ }
+
+ /**
+ * Performs a JAAS login.
+ *
+ * @param principal User {@link Principal} to login
+ * @param credential Credentials of the user
+ * @param securityDomain Name of the JAAS security domain
+ * @return true if authentication succeeds, false otherwise
+ * @throws Exception if an error occurs
+ */
+ protected boolean isValid(Principal principal, Object credential, String securityDomain) throws Exception
+ {
+ InitialContext ctx = new InitialContext();
+ JaasSecurityManager jsm = (JaasSecurityManager) ctx.lookup(SecurityConstants.JAAS_CONTEXT_ROOT + "/" + securityDomain);
+ return jsm.isValid(principal, credential);
+ }
+
+ /**
+ * Removes the user entry from the authentication cache.
+ *
+ * @param principal User {@link Principal} to remove from cache
+ * @param securityDomain Name of the JAAS security domain
+ * @throws Exception if an error occurs
+ */
+ protected void flushPrincipalFromCache(Principal principal, String securityDomain) throws Exception
+ {
+ MBeanServer server = MBeanServerLocator.locateJBoss();
+ ObjectName jaasMgr = new ObjectName("jboss.security:service=JaasSecurityManager");
+ Object[] params = {securityDomain, principal};
+ String[] signature = {String.class.getName(), Principal.class.getName()};
+ server.invoke(jaasMgr, "flushAuthenticationCache", params, signature);
+ }
+
+ /**
+ * Returns the security domain securing the EJBs.
+ *
+ * @return name of the security domain
+ */
+ public String getSecurityDomain()
+ {
+ return securityDomain;
+ }
+
+ /**
+ * Sets the security domain securing the EJBs.
+ *
+ * @param securityDomain name of the security domain
+ */
+ public void setSecurityDomain(String securityDomain)
+ {
+ this.securityDomain = securityDomain;
+ }
+
+ /**
+ * Returns the Kerberos security domain.
+ *
+ * @return name of the security domain
+ */
+ public String getHostSecurityDomain()
+ {
+ return hostSecurityDomain;
+ }
+
+ /**
+ * Sets the Kerberos security domain.
+ *
+ * @param hostSecurityDomain name of the security domain
+ */
+ public void setHostSecurityDomain(String hostSecurityDomain)
+ {
+ this.hostSecurityDomain = hostSecurityDomain;
+ }
+
+ /**
+ * Performs a JAAS login on the client side.
+ *
+ * @return a {@link Subject}
+ * @throws LoginException if the login fails
+ */
+ protected Subject login() throws LoginException
+ {
+ if (lc == null)
+ lc = new LoginContext(hostSecurityDomain, new SecurityAssociationHandler());
+ lc.login();
+ return lc.getSubject();
+ }
+
+ /**
+ * Performs a JAAS logout on the client side.
+ *
+ * @throws LoginException if the logout fails
+ */
+ protected void logout() throws LoginException
+ {
+ if (lc != null)
+ lc.logout();
+ subject = null;
+ }
+
+ /**
+ * Decodes and parses the ticket to retrieve the client {@link Principal}.
+ *
+ * @param ticket Kerberos ticket
+ * @param subject Subject containing the server private key
+ * @return client {@link Principal}
+ */
+ protected Principal getClientPrincipal(byte[] ticket, Subject subject)
+ {
+ TokenParser tp = new TokenParser();
+ try
+ {
+ tp.parseToken(ticket, subject);
+ }
+ catch (Exception e)
+ {
+ log.error("Error parsing/decoding ticket: " + e.getMessage(), e);
+ return null;
+ }
+ String principalName = tp.getPrincipalName();
+
+ return new KerberosPrincipal(principalName);
+ }
+}
Deleted: projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SPNEGOServerSocketFactory.java
===================================================================
--- projects/security/security-negotiation/branches/dlofthouse/SECURITY-568/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SPNEGOServerSocketFactory.java 2011-02-11 14:51:59 UTC (rev 110636)
+++ projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SPNEGOServerSocketFactory.java 2011-02-11 14:58:48 UTC (rev 110637)
@@ -1,126 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2010, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.negotiation.net;
-
-import java.io.IOException;
-import java.net.InetAddress;
-import java.net.ServerSocket;
-
-import javax.net.ServerSocketFactory;
-
-import org.jboss.logging.Logger;
-
-/**
- * An implementation of {@link ServerSocketFactory} that uses {@link SPNEGOServerSocket} as
- * the sockets.
- *
- * @author <a href="mmoyses at redhat.com">Marcus Moyses</a>
- * @version $Revision: 1 $
- */
-public class SPNEGOServerSocketFactory extends ServerSocketFactory
-{
-
- private String securityDomain = "other";
-
- private String hostSecurityDomain = "host";
-
- private static Logger log = Logger.getLogger(SPNEGOServerSocketFactory.class);
-
- /**
- * Default constructor.
- */
- public SPNEGOServerSocketFactory()
- {
- super();
- if (log.isTraceEnabled())
- log.trace("Creating " + this.getClass().getName());
- }
-
- /**
- * Constructor that sets the security domain
- *
- * @param securityDomain
- */
- public SPNEGOServerSocketFactory(String securityDomain, String hostSecurityDomain)
- {
- this();
- if (log.isTraceEnabled())
- log.trace("Setting security domain: " + securityDomain + ". Setting host security domain: " + hostSecurityDomain);
- this.securityDomain = securityDomain;
- this.hostSecurityDomain = hostSecurityDomain;
- }
-
- /**
- * Some resources require this static getDefault method
- *
- * @return an instance of {@link SPNEGOServerSocketFactory}
- */
- public static ServerSocketFactory getDefault()
- {
- return new SPNEGOServerSocketFactory();
- }
-
- /**
- * @see ServerSocketFactory#createServerSocket()
- */
- public ServerSocket createServerSocket() throws IOException
- {
- SPNEGOServerSocket socket = new SPNEGOServerSocket();
- socket.setSecurityDomain(securityDomain);
- socket.setHostSecurityDomain(hostSecurityDomain);
- return socket;
- }
-
- /**
- * @see ServerSocketFactory#createServerSocket(int)
- */
- public ServerSocket createServerSocket(int port) throws IOException
- {
- SPNEGOServerSocket socket = new SPNEGOServerSocket(port);
- socket.setSecurityDomain(securityDomain);
- socket.setHostSecurityDomain(hostSecurityDomain);
- return socket;
- }
-
- /**
- * @see ServerSocketFactory#createServerSocket(int, int))
- */
- public ServerSocket createServerSocket(int port, int backlog) throws IOException
- {
- SPNEGOServerSocket socket = new SPNEGOServerSocket(port, backlog);
- socket.setSecurityDomain(securityDomain);
- socket.setHostSecurityDomain(hostSecurityDomain);
- return socket;
- }
-
- /**
- * @see ServerSocketFactory#createServerSocket(int, int, InetAddress))
- */
- public ServerSocket createServerSocket(int port, int backlog, InetAddress ifAddress) throws IOException
- {
- SPNEGOServerSocket socket = new SPNEGOServerSocket(port, backlog, ifAddress);
- socket.setSecurityDomain(securityDomain);
- socket.setHostSecurityDomain(hostSecurityDomain);
- return socket;
- }
-
-}
Copied: projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SPNEGOServerSocketFactory.java (from rev 110636, projects/security/security-negotiation/branches/dlofthouse/SECURITY-568/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SPNEGOServerSocketFactory.java)
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SPNEGOServerSocketFactory.java (rev 0)
+++ projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SPNEGOServerSocketFactory.java 2011-02-11 14:58:48 UTC (rev 110637)
@@ -0,0 +1,126 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2010, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.negotiation.net;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.ServerSocket;
+
+import javax.net.ServerSocketFactory;
+
+import org.jboss.logging.Logger;
+
+/**
+ * An implementation of {@link ServerSocketFactory} that uses {@link SPNEGOServerSocket} as
+ * the sockets.
+ *
+ * @author <a href="mmoyses at redhat.com">Marcus Moyses</a>
+ * @version $Revision: 1 $
+ */
+public class SPNEGOServerSocketFactory extends ServerSocketFactory
+{
+
+ private String securityDomain = "other";
+
+ private String hostSecurityDomain = "host";
+
+ private static Logger log = Logger.getLogger(SPNEGOServerSocketFactory.class);
+
+ /**
+ * Default constructor.
+ */
+ public SPNEGOServerSocketFactory()
+ {
+ super();
+ if (log.isTraceEnabled())
+ log.trace("Creating " + this.getClass().getName());
+ }
+
+ /**
+ * Constructor that sets the security domain
+ *
+ * @param securityDomain
+ */
+ public SPNEGOServerSocketFactory(String securityDomain, String hostSecurityDomain)
+ {
+ this();
+ if (log.isTraceEnabled())
+ log.trace("Setting security domain: " + securityDomain + ". Setting host security domain: " + hostSecurityDomain);
+ this.securityDomain = securityDomain;
+ this.hostSecurityDomain = hostSecurityDomain;
+ }
+
+ /**
+ * Some resources require this static getDefault method
+ *
+ * @return an instance of {@link SPNEGOServerSocketFactory}
+ */
+ public static ServerSocketFactory getDefault()
+ {
+ return new SPNEGOServerSocketFactory();
+ }
+
+ /**
+ * @see ServerSocketFactory#createServerSocket()
+ */
+ public ServerSocket createServerSocket() throws IOException
+ {
+ SPNEGOServerSocket socket = new SPNEGOServerSocket();
+ socket.setSecurityDomain(securityDomain);
+ socket.setHostSecurityDomain(hostSecurityDomain);
+ return socket;
+ }
+
+ /**
+ * @see ServerSocketFactory#createServerSocket(int)
+ */
+ public ServerSocket createServerSocket(int port) throws IOException
+ {
+ SPNEGOServerSocket socket = new SPNEGOServerSocket(port);
+ socket.setSecurityDomain(securityDomain);
+ socket.setHostSecurityDomain(hostSecurityDomain);
+ return socket;
+ }
+
+ /**
+ * @see ServerSocketFactory#createServerSocket(int, int))
+ */
+ public ServerSocket createServerSocket(int port, int backlog) throws IOException
+ {
+ SPNEGOServerSocket socket = new SPNEGOServerSocket(port, backlog);
+ socket.setSecurityDomain(securityDomain);
+ socket.setHostSecurityDomain(hostSecurityDomain);
+ return socket;
+ }
+
+ /**
+ * @see ServerSocketFactory#createServerSocket(int, int, InetAddress))
+ */
+ public ServerSocket createServerSocket(int port, int backlog, InetAddress ifAddress) throws IOException
+ {
+ SPNEGOServerSocket socket = new SPNEGOServerSocket(port, backlog, ifAddress);
+ socket.setSecurityDomain(securityDomain);
+ socket.setHostSecurityDomain(hostSecurityDomain);
+ return socket;
+ }
+
+}
Deleted: projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SPNEGOSocket.java
===================================================================
--- projects/security/security-negotiation/branches/dlofthouse/SECURITY-568/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SPNEGOSocket.java 2011-02-11 14:51:59 UTC (rev 110636)
+++ projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SPNEGOSocket.java 2011-02-11 14:58:48 UTC (rev 110637)
@@ -1,185 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2010, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.negotiation.net;
-
-import java.io.IOException;
-import java.net.InetAddress;
-import java.net.ServerSocket;
-import java.net.Socket;
-import java.net.SocketAddress;
-import java.net.UnknownHostException;
-import java.security.PrivilegedAction;
-
-import javax.security.auth.Subject;
-import javax.security.auth.login.LoginContext;
-import javax.security.auth.login.LoginException;
-
-import org.ietf.jgss.GSSContext;
-import org.jboss.logging.Logger;
-import org.jboss.security.auth.callback.SecurityAssociationHandler;
-
-/**
- * An implementation of {@link Socket} that tries to establish a {@link GSSContext}
- * when connecting to a {@link ServerSocket}
- *
- * @author <a href="mmoyses at redhat.com">Marcus Moyses</a>
- * @version $Revision: 1 $
- */
-public class SPNEGOSocket extends Socket
-{
-
- protected static Logger log = Logger.getLogger(SPNEGOSocket.class);
-
- private LoginContext lc;
-
- /**
- * @see Socket#Socket()
- */
- public SPNEGOSocket()
- {
- super();
- if (log.isTraceEnabled())
- log.trace("Creating " + this.getClass().getName());
- }
-
- /**
- * @see Socket#Socket(InetAddress, int, InetAddress, int)
- */
- public SPNEGOSocket(InetAddress address, int port, InetAddress localAddr, int localPort) throws IOException
- {
- super(address, port, localAddr, localPort);
- }
-
- /**
- * @see Socket#Socket(InetAddress, int)
- */
- public SPNEGOSocket(InetAddress address, int port) throws IOException
- {
- super(address, port);
- }
-
- /**
- * @see Socket#Socket(String, int, InetAddress, int)
- */
- public SPNEGOSocket(String host, int port, InetAddress localAddr, int localPort) throws IOException
- {
- super(host, port, localAddr, localPort);
- }
-
- /**
- * @see Socket#Socket(String, int)
- */
- public SPNEGOSocket(String host, int port) throws UnknownHostException, IOException
- {
- super(host, port);
- }
-
- /**
- * @see Socket#connect(SocketAddress)
- */
- public void connect(SocketAddress endpoint) throws IOException
- {
- super.connect(endpoint);
- }
-
- /**
- * Tries to establish a {@link GSSContext} with the server using the tokens.
- *
- * @see Socket#connect(SocketAddress, int)
- */
- public void connect(SocketAddress endpoint, int timeout) throws IOException
- {
- boolean TRACE = log.isTraceEnabled();
- if (TRACE)
- log.trace(this.getClass().getName() + ".connect()");
- super.connect(endpoint, timeout);
-
- Subject subject = null;
- try
- {
- if (TRACE)
- log.trace("Invoking login");
- subject = login();
- if (TRACE)
- log.trace("Login was successful");
- }
- catch (LoginException le)
- {
- log.error("Failed to login: " + le.getMessage(), le);
- }
- if (subject != null)
- {
- if (TRACE)
- log.trace("Running PrivilegedAction");
- PrivilegedAction<Object> action = getPrivilegedAction();
- Subject.doAs(subject, action);
- }
- try
- {
- if (TRACE)
- log.trace("Invoking logout");
- logout();
- if (TRACE)
- log.trace("Logout was successful");
- }
- catch (LoginException le)
- {
- log.error("Failed to logout: " + le.getMessage(), le);
- }
- }
-
- /**
- * Performs a JAAS login on the client side.
- *
- * @return a {@link Subject}
- * @throws LoginException if the login fails
- */
- protected Subject login() throws LoginException
- {
- String securityDomainName = SecurityActions.getClientSecurityDomain();
- lc = new LoginContext(securityDomainName, new SecurityAssociationHandler());
- lc.login();
- return lc.getSubject();
- }
-
- /**
- * Performs a JAAS logout on the client side.
- *
- * @throws LoginException if the logout fails
- */
- protected void logout() throws LoginException
- {
- if (lc != null)
- lc.logout();
- }
-
- /**
- * Instantiates a {@link PrivilegedAction}.
- *
- * @return {@link PrivilegedAction} implementation that will establish the {@link GSSContext}
- */
- protected PrivilegedAction<Object> getPrivilegedAction()
- {
- return new InitSPNEGOContextAction(this, lc);
- }
-
-}
Copied: projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SPNEGOSocket.java (from rev 110636, projects/security/security-negotiation/branches/dlofthouse/SECURITY-568/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SPNEGOSocket.java)
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SPNEGOSocket.java (rev 0)
+++ projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SPNEGOSocket.java 2011-02-11 14:58:48 UTC (rev 110637)
@@ -0,0 +1,185 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2010, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.negotiation.net;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.ServerSocket;
+import java.net.Socket;
+import java.net.SocketAddress;
+import java.net.UnknownHostException;
+import java.security.PrivilegedAction;
+
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+
+import org.ietf.jgss.GSSContext;
+import org.jboss.logging.Logger;
+import org.jboss.security.auth.callback.SecurityAssociationHandler;
+
+/**
+ * An implementation of {@link Socket} that tries to establish a {@link GSSContext}
+ * when connecting to a {@link ServerSocket}
+ *
+ * @author <a href="mmoyses at redhat.com">Marcus Moyses</a>
+ * @version $Revision: 1 $
+ */
+public class SPNEGOSocket extends Socket
+{
+
+ protected static Logger log = Logger.getLogger(SPNEGOSocket.class);
+
+ private LoginContext lc;
+
+ /**
+ * @see Socket#Socket()
+ */
+ public SPNEGOSocket()
+ {
+ super();
+ if (log.isTraceEnabled())
+ log.trace("Creating " + this.getClass().getName());
+ }
+
+ /**
+ * @see Socket#Socket(InetAddress, int, InetAddress, int)
+ */
+ public SPNEGOSocket(InetAddress address, int port, InetAddress localAddr, int localPort) throws IOException
+ {
+ super(address, port, localAddr, localPort);
+ }
+
+ /**
+ * @see Socket#Socket(InetAddress, int)
+ */
+ public SPNEGOSocket(InetAddress address, int port) throws IOException
+ {
+ super(address, port);
+ }
+
+ /**
+ * @see Socket#Socket(String, int, InetAddress, int)
+ */
+ public SPNEGOSocket(String host, int port, InetAddress localAddr, int localPort) throws IOException
+ {
+ super(host, port, localAddr, localPort);
+ }
+
+ /**
+ * @see Socket#Socket(String, int)
+ */
+ public SPNEGOSocket(String host, int port) throws UnknownHostException, IOException
+ {
+ super(host, port);
+ }
+
+ /**
+ * @see Socket#connect(SocketAddress)
+ */
+ public void connect(SocketAddress endpoint) throws IOException
+ {
+ super.connect(endpoint);
+ }
+
+ /**
+ * Tries to establish a {@link GSSContext} with the server using the tokens.
+ *
+ * @see Socket#connect(SocketAddress, int)
+ */
+ public void connect(SocketAddress endpoint, int timeout) throws IOException
+ {
+ boolean TRACE = log.isTraceEnabled();
+ if (TRACE)
+ log.trace(this.getClass().getName() + ".connect()");
+ super.connect(endpoint, timeout);
+
+ Subject subject = null;
+ try
+ {
+ if (TRACE)
+ log.trace("Invoking login");
+ subject = login();
+ if (TRACE)
+ log.trace("Login was successful");
+ }
+ catch (LoginException le)
+ {
+ log.error("Failed to login: " + le.getMessage(), le);
+ }
+ if (subject != null)
+ {
+ if (TRACE)
+ log.trace("Running PrivilegedAction");
+ PrivilegedAction<Object> action = getPrivilegedAction();
+ Subject.doAs(subject, action);
+ }
+ try
+ {
+ if (TRACE)
+ log.trace("Invoking logout");
+ logout();
+ if (TRACE)
+ log.trace("Logout was successful");
+ }
+ catch (LoginException le)
+ {
+ log.error("Failed to logout: " + le.getMessage(), le);
+ }
+ }
+
+ /**
+ * Performs a JAAS login on the client side.
+ *
+ * @return a {@link Subject}
+ * @throws LoginException if the login fails
+ */
+ protected Subject login() throws LoginException
+ {
+ String securityDomainName = SecurityActions.getClientSecurityDomain();
+ lc = new LoginContext(securityDomainName, new SecurityAssociationHandler());
+ lc.login();
+ return lc.getSubject();
+ }
+
+ /**
+ * Performs a JAAS logout on the client side.
+ *
+ * @throws LoginException if the logout fails
+ */
+ protected void logout() throws LoginException
+ {
+ if (lc != null)
+ lc.logout();
+ }
+
+ /**
+ * Instantiates a {@link PrivilegedAction}.
+ *
+ * @return {@link PrivilegedAction} implementation that will establish the {@link GSSContext}
+ */
+ protected PrivilegedAction<Object> getPrivilegedAction()
+ {
+ return new InitSPNEGOContextAction(this, lc);
+ }
+
+}
Deleted: projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SPNEGOSocketFactory.java
===================================================================
--- projects/security/security-negotiation/branches/dlofthouse/SECURITY-568/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SPNEGOSocketFactory.java 2011-02-11 14:51:59 UTC (rev 110636)
+++ projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SPNEGOSocketFactory.java 2011-02-11 14:58:48 UTC (rev 110637)
@@ -1,107 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2010, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.negotiation.net;
-
-import java.io.IOException;
-import java.net.InetAddress;
-import java.net.Socket;
-import java.net.UnknownHostException;
-
-import javax.net.SocketFactory;
-
-import org.jboss.logging.Logger;
-
-/**
- * An implementation of {@link SocketFactory} that uses {@link SPNEGOSocket} as
- * the sockets.
- *
- * @author <a href="mmoyses at redhat.com">Marcus Moyses</a>
- * @version $Revision: 1 $
- */
-public class SPNEGOSocketFactory extends SocketFactory
-{
-
- private static Logger log = Logger.getLogger(SPNEGOSocketFactory.class);
-
- /**
- * Default constructor
- */
- public SPNEGOSocketFactory()
- {
- super();
- if (log.isTraceEnabled())
- log.trace("Creating " + this.getClass().getName());
- }
-
- /**
- * Some resources require this static getDefault method
- *
- * @return an instance of {@link SPNEGOSocketFactory}
- */
- public static SocketFactory getDefault()
- {
- return new SPNEGOSocketFactory();
- }
-
- /**
- * @see SocketFactory#createSocket()
- */
- public Socket createSocket() throws IOException
- {
- return new SPNEGOSocket();
- }
-
- /**
- * @see SocketFactory#createSocket(String, int))
- */
- public Socket createSocket(String host, int port) throws IOException, UnknownHostException
- {
- return new SPNEGOSocket(host, port);
- }
-
- /**
- * @see SocketFactory#createSocket(InetAddress, int))
- */
- public Socket createSocket(InetAddress host, int port) throws IOException
- {
- return new SPNEGOSocket(host, port);
- }
-
- /**
- * @see SocketFactory#createSocket(String, int, InetAddress, int))
- */
- public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException,
- UnknownHostException
- {
- return new SPNEGOSocket(host, port, localHost, localPort);
- }
-
- /**
- * @see SocketFactory#createSocket(InetAddress, int, InetAddress, int))
- */
- public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort)
- throws IOException
- {
- return new SPNEGOSocket(address, port, localAddress, localPort);
- }
-
-}
Copied: projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SPNEGOSocketFactory.java (from rev 110636, projects/security/security-negotiation/branches/dlofthouse/SECURITY-568/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SPNEGOSocketFactory.java)
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SPNEGOSocketFactory.java (rev 0)
+++ projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SPNEGOSocketFactory.java 2011-02-11 14:58:48 UTC (rev 110637)
@@ -0,0 +1,107 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2010, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.negotiation.net;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+
+import javax.net.SocketFactory;
+
+import org.jboss.logging.Logger;
+
+/**
+ * An implementation of {@link SocketFactory} that uses {@link SPNEGOSocket} as
+ * the sockets.
+ *
+ * @author <a href="mmoyses at redhat.com">Marcus Moyses</a>
+ * @version $Revision: 1 $
+ */
+public class SPNEGOSocketFactory extends SocketFactory
+{
+
+ private static Logger log = Logger.getLogger(SPNEGOSocketFactory.class);
+
+ /**
+ * Default constructor
+ */
+ public SPNEGOSocketFactory()
+ {
+ super();
+ if (log.isTraceEnabled())
+ log.trace("Creating " + this.getClass().getName());
+ }
+
+ /**
+ * Some resources require this static getDefault method
+ *
+ * @return an instance of {@link SPNEGOSocketFactory}
+ */
+ public static SocketFactory getDefault()
+ {
+ return new SPNEGOSocketFactory();
+ }
+
+ /**
+ * @see SocketFactory#createSocket()
+ */
+ public Socket createSocket() throws IOException
+ {
+ return new SPNEGOSocket();
+ }
+
+ /**
+ * @see SocketFactory#createSocket(String, int))
+ */
+ public Socket createSocket(String host, int port) throws IOException, UnknownHostException
+ {
+ return new SPNEGOSocket(host, port);
+ }
+
+ /**
+ * @see SocketFactory#createSocket(InetAddress, int))
+ */
+ public Socket createSocket(InetAddress host, int port) throws IOException
+ {
+ return new SPNEGOSocket(host, port);
+ }
+
+ /**
+ * @see SocketFactory#createSocket(String, int, InetAddress, int))
+ */
+ public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException,
+ UnknownHostException
+ {
+ return new SPNEGOSocket(host, port, localHost, localPort);
+ }
+
+ /**
+ * @see SocketFactory#createSocket(InetAddress, int, InetAddress, int))
+ */
+ public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort)
+ throws IOException
+ {
+ return new SPNEGOSocket(address, port, localAddress, localPort);
+ }
+
+}
Deleted: projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SecurityActions.java
===================================================================
--- projects/security/security-negotiation/branches/dlofthouse/SECURITY-568/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SecurityActions.java 2011-02-11 14:51:59 UTC (rev 110636)
+++ projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SecurityActions.java 2011-02-11 14:58:48 UTC (rev 110637)
@@ -1,102 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2010, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.negotiation.net;
-
-import java.security.AccessController;
-import java.security.Principal;
-import java.security.PrivilegedAction;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
-
-import javax.security.auth.Subject;
-
-import org.jboss.security.SecurityContext;
-import org.jboss.security.SecurityContextAssociation;
-import org.jboss.security.SecurityContextFactory;
-
-/**
- * PrivilegedActions for this package.
- *
- * @author <a href="mmoyses at redhat.com">Marcus Moyses</a>
- * @version $Revision: 1 $
- */
-class SecurityActions
-{
-
- static SecurityContext createSecurityContext(final Principal p, final Object cred, final Subject s,
- final String domainName) throws PrivilegedActionException
- {
- return AccessController.doPrivileged(new PrivilegedExceptionAction<SecurityContext>()
- {
- public SecurityContext run() throws Exception
- {
- return SecurityContextFactory.createSecurityContext(p, cred, s, domainName);
- }
- });
- }
-
- static void setSecurityContext(final SecurityContext sc)
- {
- AccessController.doPrivileged(new PrivilegedAction<Object>()
- {
- public Object run()
- {
- SecurityContextAssociation.setSecurityContext(sc);
- return null;
- }
- });
- }
-
- static SecurityContext getSecurityContext()
- {
- return AccessController.doPrivileged(new PrivilegedAction<SecurityContext>()
- {
- public SecurityContext run()
- {
- return SecurityContextAssociation.getSecurityContext();
- }
- });
- }
-
- static String getClientSecurityDomain()
- {
- return AccessController.doPrivileged(new PrivilegedAction<String>()
- {
- public String run()
- {
- return (String) System.getProperty("org.jboss.security.negotiation.default.client.security.domain", "com.sun.security.jgss.krb5.initiate");
- }
- });
- }
-
- static String getServerName()
- {
- return AccessController.doPrivileged(new PrivilegedAction<String>()
- {
- public String run()
- {
- return (String) System.getProperty("org.jboss.security.negotiation.server.principal");
- }
- });
- }
-
-}
Copied: projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SecurityActions.java (from rev 110636, projects/security/security-negotiation/branches/dlofthouse/SECURITY-568/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SecurityActions.java)
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SecurityActions.java (rev 0)
+++ projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/java/org/jboss/security/negotiation/net/SecurityActions.java 2011-02-11 14:58:48 UTC (rev 110637)
@@ -0,0 +1,102 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2010, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.negotiation.net;
+
+import java.security.AccessController;
+import java.security.Principal;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+import javax.security.auth.Subject;
+
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextAssociation;
+import org.jboss.security.SecurityContextFactory;
+
+/**
+ * PrivilegedActions for this package.
+ *
+ * @author <a href="mmoyses at redhat.com">Marcus Moyses</a>
+ * @version $Revision: 1 $
+ */
+class SecurityActions
+{
+
+ static SecurityContext createSecurityContext(final Principal p, final Object cred, final Subject s,
+ final String domainName) throws PrivilegedActionException
+ {
+ return AccessController.doPrivileged(new PrivilegedExceptionAction<SecurityContext>()
+ {
+ public SecurityContext run() throws Exception
+ {
+ return SecurityContextFactory.createSecurityContext(p, cred, s, domainName);
+ }
+ });
+ }
+
+ static void setSecurityContext(final SecurityContext sc)
+ {
+ AccessController.doPrivileged(new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ SecurityContextAssociation.setSecurityContext(sc);
+ return null;
+ }
+ });
+ }
+
+ static SecurityContext getSecurityContext()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<SecurityContext>()
+ {
+ public SecurityContext run()
+ {
+ return SecurityContextAssociation.getSecurityContext();
+ }
+ });
+ }
+
+ static String getClientSecurityDomain()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<String>()
+ {
+ public String run()
+ {
+ return (String) System.getProperty("org.jboss.security.negotiation.default.client.security.domain", "com.sun.security.jgss.krb5.initiate");
+ }
+ });
+ }
+
+ static String getServerName()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<String>()
+ {
+ public String run()
+ {
+ return (String) System.getProperty("org.jboss.security.negotiation.server.principal");
+ }
+ });
+ }
+
+}
Copied: projects/security/security-negotiation/trunk/jboss-negotiation-net/src/main/resources (from rev 110636, projects/security/security-negotiation/branches/dlofthouse/SECURITY-568/jboss-negotiation-net/src/main/resources)
Copied: projects/security/security-negotiation/trunk/jboss-negotiation-net/tests (from rev 110636, projects/security/security-negotiation/branches/dlofthouse/SECURITY-568/jboss-negotiation-net/tests)
Copied: projects/security/security-negotiation/trunk/jboss-negotiation-net/tests/java (from rev 110636, projects/security/security-negotiation/branches/dlofthouse/SECURITY-568/jboss-negotiation-net/tests/java)
Modified: projects/security/security-negotiation/trunk/jboss-negotiation-spnego/pom.xml
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation-spnego/pom.xml 2011-02-11 14:51:59 UTC (rev 110636)
+++ projects/security/security-negotiation/trunk/jboss-negotiation-spnego/pom.xml 2011-02-11 14:58:48 UTC (rev 110637)
@@ -51,23 +51,11 @@
<artifactId>jboss-common-core</artifactId>
</dependency>
<dependency>
- <groupId>org.jboss.jbossas</groupId>
- <artifactId>jboss-as-security</artifactId>
- </dependency>
- <dependency>
<groupId>org.jboss.logging</groupId>
<artifactId>jboss-logging</artifactId>
</dependency>
<dependency>
- <groupId>org.jboss.mx</groupId>
- <artifactId>jboss-j2se</artifactId>
- </dependency>
- <dependency>
<groupId>org.jboss.security</groupId>
- <artifactId>jboss-security-spi</artifactId>
- </dependency>
- <dependency>
- <groupId>org.jboss.security</groupId>
<artifactId>jbosssx</artifactId>
</dependency>
<dependency>
Modified: projects/security/security-negotiation/trunk/pom.xml
===================================================================
--- projects/security/security-negotiation/trunk/pom.xml 2011-02-11 14:51:59 UTC (rev 110636)
+++ projects/security/security-negotiation/trunk/pom.xml 2011-02-11 14:58:48 UTC (rev 110637)
@@ -17,6 +17,7 @@
<module>parent</module>
<module>jboss-negotiation-common</module>
<module>jboss-negotiation-extras</module>
+ <module>jboss-negotiation-net</module>
<module>jboss-negotiation-ntlm</module>
<module>jboss-negotiation-spnego</module>
<module>jboss-negotiation-toolkit</module>
More information about the jboss-cvs-commits
mailing list