[jboss-cvs] Picketlink SVN: r634 - in idm/branches/1.1.0: picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap and 1 other directory.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Jan 13 05:37:47 EST 2011
Author: bdaw
Date: 2011-01-13 05:37:47 -0500 (Thu, 13 Jan 2011)
New Revision: 634
Modified:
idm/branches/1.1.0/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/helper/Tools.java
idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreConfiguration.java
idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreSessionImpl.java
idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/SimpleLDAPIdentityStoreConfiguration.java
Log:
- Enable LDAP password encryption with JBoss JAAS SecurityDomain
Modified: idm/branches/1.1.0/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/helper/Tools.java
===================================================================
--- idm/branches/1.1.0/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/helper/Tools.java 2011-01-10 16:25:50 UTC (rev 633)
+++ idm/branches/1.1.0/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/helper/Tools.java 2011-01-13 10:37:47 UTC (rev 634)
@@ -22,8 +22,11 @@
package org.picketlink.idm.impl.helper;
+import javax.management.MBeanServer;
+import javax.management.MBeanServerFactory;
import java.util.Arrays;
import java.util.Collection;
+import java.util.Iterator;
import java.util.List;
import java.util.Enumeration;
import java.util.ArrayList;
@@ -38,6 +41,8 @@
public class Tools
{
+ private static MBeanServer instance = null;
+
public static <E> List<E> toList(Enumeration<E> e)
{
if (e == null)
@@ -231,5 +236,27 @@
}
}
+ public static MBeanServer locateJBoss()
+ {
+ synchronized (Tools.class)
+ {
+ if (instance != null)
+ {
+ return instance;
+ }
+ }
+ for (Iterator i = MBeanServerFactory.findMBeanServer(null).iterator(); i.hasNext(); )
+ {
+ MBeanServer server = (MBeanServer) i.next();
+ if (server.getDefaultDomain().equals("jboss"))
+ {
+ return server;
+ }
+ }
+
+ throw new IllegalStateException("No 'jboss' MBeanServer found!");
+ }
+
+
}
Modified: idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreConfiguration.java
===================================================================
--- idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreConfiguration.java 2011-01-10 16:25:50 UTC (rev 633)
+++ idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreConfiguration.java 2011-01-13 10:37:47 UTC (rev 634)
@@ -44,6 +44,8 @@
String getAdminPassword();
+ String getJaasSecurityDomain();
+
String getAuthenticationMethod();
int getSearchTimeLimit();
Modified: idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreSessionImpl.java
===================================================================
--- idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreSessionImpl.java 2011-01-10 16:25:50 UTC (rev 633)
+++ idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreSessionImpl.java 2011-01-13 10:37:47 UTC (rev 634)
@@ -23,13 +23,23 @@
package org.picketlink.idm.impl.store.ldap;
import org.picketlink.idm.common.exception.IdentityException;
+import org.picketlink.idm.impl.helper.Tools;
import org.picketlink.idm.spi.store.IdentityStoreSession;
+import java.io.UnsupportedEncodingException;
import java.util.Hashtable;
+import java.util.Iterator;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
+import javax.management.InstanceNotFoundException;
+import javax.management.MBeanException;
+import javax.management.MBeanServer;
+import javax.management.MBeanServerFactory;
+import javax.management.MalformedObjectNameException;
+import javax.management.ObjectName;
+import javax.management.ReflectionException;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.ldap.InitialLdapContext;
@@ -90,10 +100,28 @@
env.put(Context.SECURITY_PRINCIPAL, storeConfig.getAdminDN());
}
+
+
if (storeConfig.getAdminPassword() != null)
{
- env.put(Context.SECURITY_CREDENTIALS, storeConfig.getAdminPassword());
+ String credentials = null;
+ if (storeConfig.getJaasSecurityDomain() != null)
+ {
+ String securityDomain = storeConfig.getJaasSecurityDomain();
+
+ credentials = getPassword(securityDomain, storeConfig.getAdminPassword());
+ }
+
+ else
+ {
+ credentials = storeConfig.getAdminPassword();
+ }
+
+
+
+ env.put(Context.SECURITY_CREDENTIALS, credentials);
+
}
if (storeConfig.getAuthenticationMethod() != null)
@@ -183,4 +211,29 @@
{
return false;
}
+
+ public String getPassword(String securityDomain, String encoded) throws Exception
+ {
+
+
+ try
+ {
+ ObjectName serviceName = new ObjectName(securityDomain);
+ MBeanServer server = Tools.locateJBoss();
+
+ byte[] secret = (byte[]) server.invoke(serviceName, "decode64", new Object[] {encoded},
+ new String[] {String.class.getName()});
+
+ // Convert to UTF-8 base char array
+ return new String(secret, "UTF-8");
+ }
+ catch (Exception e)
+ {
+ log.log(Level.INFO, "Failed to decode LDAP password from JBoss JAAS Security Domain: " + securityDomain, e);
+ throw new IdentityException("Failed to decode LDAP password from JBoss JAAS Security Domain: " + securityDomain, e);
+ }
+ }
+
+
+
}
Modified: idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/SimpleLDAPIdentityStoreConfiguration.java
===================================================================
--- idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/SimpleLDAPIdentityStoreConfiguration.java 2011-01-10 16:25:50 UTC (rev 633)
+++ idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/SimpleLDAPIdentityStoreConfiguration.java 2011-01-13 10:37:47 UTC (rev 634)
@@ -49,6 +49,8 @@
private final String adminPassword;
+ private final String jaasSecurityDomain;
+
private final String authenticationMethod;
private final int searchTimeLimit;
@@ -104,6 +106,8 @@
public static final String ADMIN_PASSWORD = "adminPassword";
+ public static final String SECURITY_DOMAIN_OPT = "jaasSecurityDomain";
+
public static final String SEARCH_TIME_LIMIT = "searchTimeLimit";
public static final int SEARCH_TIME_LIMIT_DEFAULT = 10000;
@@ -161,6 +165,7 @@
this.adminDN = storeMD.getOptionSingleValue(ADMIN_DN);
this.authenticationMethod = storeMD.getOptionSingleValue(AUTHENTICATION_METHOD);
this.adminPassword = storeMD.getOptionSingleValue(ADMIN_PASSWORD);
+ this.jaasSecurityDomain = storeMD.getOptionSingleValue(SECURITY_DOMAIN_OPT);
this.externalJNDIContext = storeMD.getOptionSingleValue(EXTERNAL_JNDI_CONTEXT);
this.membershipToRelationshipTypeMapping = storeMD.getOptionSingleValue(MEMBERSHIP_TO_RELATIONSHIP_TYPE_MAPPING);
this.relationshipNameSearchFilter = storeMD.getOptionSingleValue(RELATIONSHIP_NAME_SEARCH_FILTER);
@@ -425,6 +430,11 @@
return adminPassword;
}
+ public String getJaasSecurityDomain()
+ {
+ return jaasSecurityDomain;
+ }
+
public int getSearchTimeLimit()
{
return searchTimeLimit;
More information about the jboss-cvs-commits
mailing list