[jboss-cvs] Picketlink SVN: r634 - in idm/branches/1.1.0: picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap and 1 other directory.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Thu Jan 13 05:37:47 EST 2011


Author: bdaw
Date: 2011-01-13 05:37:47 -0500 (Thu, 13 Jan 2011)
New Revision: 634

Modified:
   idm/branches/1.1.0/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/helper/Tools.java
   idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreConfiguration.java
   idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreSessionImpl.java
   idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/SimpleLDAPIdentityStoreConfiguration.java
Log:
- Enable LDAP password encryption with JBoss JAAS SecurityDomain

Modified: idm/branches/1.1.0/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/helper/Tools.java
===================================================================
--- idm/branches/1.1.0/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/helper/Tools.java	2011-01-10 16:25:50 UTC (rev 633)
+++ idm/branches/1.1.0/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/helper/Tools.java	2011-01-13 10:37:47 UTC (rev 634)
@@ -22,8 +22,11 @@
 
 package org.picketlink.idm.impl.helper;
 
+import javax.management.MBeanServer;
+import javax.management.MBeanServerFactory;
 import java.util.Arrays;
 import java.util.Collection;
+import java.util.Iterator;
 import java.util.List;
 import java.util.Enumeration;
 import java.util.ArrayList;
@@ -38,6 +41,8 @@
 public class Tools
 {
 
+   private static MBeanServer instance = null;
+
    public static <E> List<E> toList(Enumeration<E> e)
    {
       if (e == null)
@@ -231,5 +236,27 @@
       }
    }
 
+   public static MBeanServer locateJBoss()
+   {
+      synchronized (Tools.class)
+      {
+         if (instance != null)
+         {
+            return instance;
+         }
+      }
+      for (Iterator i = MBeanServerFactory.findMBeanServer(null).iterator(); i.hasNext(); )
+      {
+         MBeanServer server = (MBeanServer) i.next();
+         if (server.getDefaultDomain().equals("jboss"))
+         {
+            return server;
+         }
+      }
 
+
+      throw new IllegalStateException("No 'jboss' MBeanServer found!");
+   }
+
+
 }

Modified: idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreConfiguration.java
===================================================================
--- idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreConfiguration.java	2011-01-10 16:25:50 UTC (rev 633)
+++ idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreConfiguration.java	2011-01-13 10:37:47 UTC (rev 634)
@@ -44,6 +44,8 @@
 
    String getAdminPassword();
 
+   String getJaasSecurityDomain();
+
    String getAuthenticationMethod();
 
    int getSearchTimeLimit();

Modified: idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreSessionImpl.java
===================================================================
--- idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreSessionImpl.java	2011-01-10 16:25:50 UTC (rev 633)
+++ idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreSessionImpl.java	2011-01-13 10:37:47 UTC (rev 634)
@@ -23,13 +23,23 @@
 package org.picketlink.idm.impl.store.ldap;
 
 import org.picketlink.idm.common.exception.IdentityException;
+import org.picketlink.idm.impl.helper.Tools;
 import org.picketlink.idm.spi.store.IdentityStoreSession;
 
+import java.io.UnsupportedEncodingException;
 import java.util.Hashtable;
+import java.util.Iterator;
 import java.util.Map;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
+import javax.management.InstanceNotFoundException;
+import javax.management.MBeanException;
+import javax.management.MBeanServer;
+import javax.management.MBeanServerFactory;
+import javax.management.MalformedObjectNameException;
+import javax.management.ObjectName;
+import javax.management.ReflectionException;
 import javax.naming.Context;
 import javax.naming.InitialContext;
 import javax.naming.ldap.InitialLdapContext;
@@ -90,10 +100,28 @@
          env.put(Context.SECURITY_PRINCIPAL, storeConfig.getAdminDN());
 
       }
+
+
       if (storeConfig.getAdminPassword() != null)
       {
-         env.put(Context.SECURITY_CREDENTIALS, storeConfig.getAdminPassword());
+         String credentials = null;
 
+         if (storeConfig.getJaasSecurityDomain() != null)
+         {
+            String securityDomain = storeConfig.getJaasSecurityDomain();
+
+            credentials = getPassword(securityDomain, storeConfig.getAdminPassword());
+         }
+
+         else
+         {
+            credentials = storeConfig.getAdminPassword();
+         }
+
+
+
+         env.put(Context.SECURITY_CREDENTIALS, credentials);
+
       }
 
       if (storeConfig.getAuthenticationMethod() != null)
@@ -183,4 +211,29 @@
    {
       return false;
    }
+
+   public String getPassword(String securityDomain, String encoded) throws Exception
+   {
+
+
+      try
+      {
+         ObjectName serviceName = new ObjectName(securityDomain);
+         MBeanServer server = Tools.locateJBoss();
+
+         byte[] secret = (byte[]) server.invoke(serviceName, "decode64", new Object[] {encoded},
+            new String[] {String.class.getName()});
+
+         // Convert to UTF-8 base char array
+         return new String(secret, "UTF-8");
+      }
+      catch (Exception e)
+      {
+         log.log(Level.INFO, "Failed to decode LDAP password from JBoss JAAS Security Domain: " + securityDomain, e);
+         throw new IdentityException("Failed to decode LDAP password from JBoss JAAS Security Domain: " + securityDomain, e);
+      }
+   }
+
+
+
 }

Modified: idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/SimpleLDAPIdentityStoreConfiguration.java
===================================================================
--- idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/SimpleLDAPIdentityStoreConfiguration.java	2011-01-10 16:25:50 UTC (rev 633)
+++ idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/SimpleLDAPIdentityStoreConfiguration.java	2011-01-13 10:37:47 UTC (rev 634)
@@ -49,6 +49,8 @@
 
    private final String adminPassword;
 
+   private final String jaasSecurityDomain;
+
    private final String authenticationMethod;
 
    private final int searchTimeLimit;
@@ -104,6 +106,8 @@
 
    public static final String ADMIN_PASSWORD = "adminPassword";
 
+   public static final String SECURITY_DOMAIN_OPT = "jaasSecurityDomain";
+
    public static final String SEARCH_TIME_LIMIT = "searchTimeLimit";
 
    public static final int SEARCH_TIME_LIMIT_DEFAULT = 10000;
@@ -161,6 +165,7 @@
       this.adminDN = storeMD.getOptionSingleValue(ADMIN_DN);
       this.authenticationMethod = storeMD.getOptionSingleValue(AUTHENTICATION_METHOD);
       this.adminPassword = storeMD.getOptionSingleValue(ADMIN_PASSWORD);
+      this.jaasSecurityDomain = storeMD.getOptionSingleValue(SECURITY_DOMAIN_OPT);
       this.externalJNDIContext = storeMD.getOptionSingleValue(EXTERNAL_JNDI_CONTEXT);
       this.membershipToRelationshipTypeMapping = storeMD.getOptionSingleValue(MEMBERSHIP_TO_RELATIONSHIP_TYPE_MAPPING);
       this.relationshipNameSearchFilter = storeMD.getOptionSingleValue(RELATIONSHIP_NAME_SEARCH_FILTER);
@@ -425,6 +430,11 @@
       return adminPassword;
    }
 
+   public String getJaasSecurityDomain()
+   {
+      return jaasSecurityDomain;
+   }
+
    public int getSearchTimeLimit()
    {
       return searchTimeLimit;



More information about the jboss-cvs-commits mailing list