[jboss-cvs] Picketbox SVN: r464 - in trunk: security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/auth and 3 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Oct 22 21:09:39 EDT 2013
Author: sguilhen at redhat.com
Date: 2013-10-22 21:09:39 -0400 (Tue, 22 Oct 2013)
New Revision: 464
Modified:
trunk/security-jboss-sx/jbosssx/pom.xml
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/auth/JASPIServerAuthenticationManager.java
trunk/security-jboss-sx/parent/pom.xml
trunk/security-spi/common/src/main/java/org/jboss/security/PicketBoxLogger.java
trunk/security-spi/parent/pom.xml
Log:
SECURITY-759 Configuration problems that can result in an AuthException when getting the ServerAuthConfig or ServerAuthContext are now logged at ERROR level
Modified: trunk/security-jboss-sx/jbosssx/pom.xml
===================================================================
--- trunk/security-jboss-sx/jbosssx/pom.xml 2013-10-22 13:23:23 UTC (rev 463)
+++ trunk/security-jboss-sx/jbosssx/pom.xml 2013-10-23 01:09:39 UTC (rev 464)
@@ -164,8 +164,7 @@
</dependency>
<dependency>
<groupId>org.jboss.spec.javax.security.jacc</groupId>
- <artifactId>jboss-jacc-api_1.4_spec</artifactId>
- <version>1.0.1.Final</version>
+ <artifactId>jboss-jacc-api_1.5_spec</artifactId>
<scope>compile</scope>
<exclusions>
<exclusion>
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/auth/JASPIServerAuthenticationManager.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/auth/JASPIServerAuthenticationManager.java 2013-10-22 13:23:23 UTC (rev 463)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/auth/JASPIServerAuthenticationManager.java 2013-10-23 01:09:39 UTC (rev 464)
@@ -72,26 +72,47 @@
public boolean isValid(MessageInfo messageInfo, Subject clientSubject, String layer, String appContext,
CallbackHandler callbackHandler)
{
- AuthStatus status = AuthStatus.FAILURE;
-
+
+ AuthConfigFactory factory = AuthConfigFactory.getFactory();
+ AuthConfigProvider provider = factory.getConfigProvider(layer,appContext,null);
+ if(provider == null)
+ throw PicketBoxMessages.MESSAGES.invalidNullAuthConfigProviderForLayer(layer, appContext);
+
+ ServerAuthConfig serverConfig = null;
try
{
- AuthConfigFactory factory = AuthConfigFactory.getFactory();
- AuthConfigProvider provider = factory.getConfigProvider(layer,appContext,null);
- if(provider == null)
- throw PicketBoxMessages.MESSAGES.invalidNullAuthConfigProviderForLayer(layer, appContext);
+ serverConfig = provider.getServerAuthConfig(layer,appContext,callbackHandler);
+ }
+ catch (AuthException ae)
+ {
+ SecurityContextAssociation.getSecurityContext().getData().put(AuthException.class.getName(), ae);
+ PicketBoxLogger.LOGGER.errorGettingServerAuthConfig(layer, appContext, ae);
+ return false;
+ }
+ String authContextId = serverConfig.getAuthContextID(messageInfo);
+ Properties properties = new Properties();
+ properties.setProperty("security-domain", super.getSecurityDomain());
- ServerAuthConfig serverConfig = provider.getServerAuthConfig(layer,appContext,callbackHandler);
- String authContextId = serverConfig.getAuthContextID(messageInfo);
+ ServerAuthContext sctx = null;
+ try
+ {
+ sctx = serverConfig.getAuthContext(authContextId, new Subject(), properties);
+ }
+ catch (AuthException ae)
+ {
+ SecurityContextAssociation.getSecurityContext().getData().put(AuthException.class.getName(), ae);
+ PicketBoxLogger.LOGGER.errorGettingServerAuthContext(authContextId, super.getSecurityDomain(), ae);
+ return false;
+ }
- Properties properties = new Properties();
- properties.setProperty("security-domain", super.getSecurityDomain());
- ServerAuthContext sctx = serverConfig.getAuthContext(authContextId, new Subject(), properties);
-
- if(clientSubject == null)
- clientSubject = new Subject();
- Subject serviceSubject = new Subject();
- status = sctx.validateRequest(messageInfo, clientSubject, serviceSubject);
+ if(clientSubject == null)
+ clientSubject = new Subject();
+ Subject serviceSubject = new Subject();
+
+ AuthStatus status = AuthStatus.FAILURE;
+ try
+ {
+ status = sctx.validateRequest(messageInfo, clientSubject, serviceSubject);
//TODO: Add caching
}
catch(AuthException ae)
@@ -109,23 +130,44 @@
public void secureResponse(MessageInfo messageInfo, Subject serviceSubject, String layer, String appContext,
CallbackHandler handler)
{
+ AuthConfigFactory factory = AuthConfigFactory.getFactory();
+ AuthConfigProvider provider = factory.getConfigProvider(layer, appContext, null);
+ if(provider == null)
+ throw PicketBoxMessages.MESSAGES.invalidNullAuthConfigProviderForLayer(layer, appContext);
+
+ ServerAuthConfig serverConfig = null;
try
{
- AuthConfigFactory factory = AuthConfigFactory.getFactory();
- AuthConfigProvider provider = factory.getConfigProvider(layer, appContext, null);
- if(provider == null)
- throw PicketBoxMessages.MESSAGES.invalidNullAuthConfigProviderForLayer(layer, appContext);
+ serverConfig = provider.getServerAuthConfig(layer, appContext, handler);
+ }
+ catch (AuthException ae)
+ {
+ SecurityContextAssociation.getSecurityContext().getData().put(AuthException.class.getName(), ae);
+ PicketBoxLogger.LOGGER.errorGettingServerAuthConfig(layer, appContext, ae);
+ return;
+ }
- ServerAuthConfig serverConfig = provider.getServerAuthConfig(layer, appContext, handler);
- String authContextId = serverConfig.getAuthContextID(messageInfo);
-
- Properties properties = new Properties();
- properties.setProperty("security-domain", super.getSecurityDomain());
- if (serviceSubject == null)
- serviceSubject = new Subject();
- ServerAuthContext sctx = serverConfig.getAuthContext(authContextId, serviceSubject, properties);
- sctx.secureResponse(messageInfo, serviceSubject);
+ String authContextId = serverConfig.getAuthContextID(messageInfo);
+ Properties properties = new Properties();
+ properties.setProperty("security-domain", super.getSecurityDomain());
+ if (serviceSubject == null)
+ serviceSubject = new Subject();
+ ServerAuthContext sctx = null;
+ try
+ {
+ sctx = serverConfig.getAuthContext(authContextId, serviceSubject, properties);
}
+ catch (AuthException ae)
+ {
+ SecurityContextAssociation.getSecurityContext().getData().put(AuthException.class.getName(), ae);
+ PicketBoxLogger.LOGGER.errorGettingServerAuthContext(authContextId, super.getSecurityDomain(), ae);
+ return;
+ }
+
+ try
+ {
+ sctx.secureResponse(messageInfo, serviceSubject);
+ }
catch(AuthException ae)
{
SecurityContextAssociation.getSecurityContext().getData().put(AuthException.class.getName(), ae);
Modified: trunk/security-jboss-sx/parent/pom.xml
===================================================================
--- trunk/security-jboss-sx/parent/pom.xml 2013-10-22 13:23:23 UTC (rev 463)
+++ trunk/security-jboss-sx/parent/pom.xml 2013-10-23 01:09:39 UTC (rev 464)
@@ -121,14 +121,14 @@
</dependency>
<dependency>
<groupId>org.jboss.spec.javax.security.jacc</groupId>
- <artifactId>jboss-jacc-api_1.4_spec</artifactId>
- <version>1.0.1.Final</version>
+ <artifactId>jboss-jacc-api_1.5_spec</artifactId>
+ <version>1.0.0.Beta1</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.jboss.spec.javax.security.auth.message</groupId>
<artifactId>jboss-jaspi-api_1.1_spec</artifactId>
- <version>1.0.0.Alpha1</version>
+ <version>1.0.0.Beta1</version>
<scope>compile</scope>
</dependency>
<dependency>
Modified: trunk/security-spi/common/src/main/java/org/jboss/security/PicketBoxLogger.java
===================================================================
--- trunk/security-spi/common/src/main/java/org/jboss/security/PicketBoxLogger.java 2013-10-22 13:23:23 UTC (rev 463)
+++ trunk/security-spi/common/src/main/java/org/jboss/security/PicketBoxLogger.java 2013-10-23 01:09:39 UTC (rev 464)
@@ -712,4 +712,11 @@
@Message(id = 372, value = "Security Vault key store successfuly converted to JCEKS type (%s). From now on use JCEKS as KEYSTORE_TYPE in Security Vault configuration.")
void keyStoreConvertedToJCEKS(String keyStoreFile);
+ @LogMessage(level = Logger.Level.ERROR)
+ @Message(id = 373, value = "Error getting ServerAuthConfig for layer %s and appContext %s")
+ void errorGettingServerAuthConfig(String layer, String appContext, @Cause Throwable cause);
+
+ @LogMessage(level = Logger.Level.ERROR)
+ @Message(id = 374, value = "Error getting ServerAuthContext for authContextId %s and security domain %s")
+ void errorGettingServerAuthContext(String authContextId, String securityDomain, @Cause Throwable cause);
}
\ No newline at end of file
Modified: trunk/security-spi/parent/pom.xml
===================================================================
--- trunk/security-spi/parent/pom.xml 2013-10-22 13:23:23 UTC (rev 463)
+++ trunk/security-spi/parent/pom.xml 2013-10-23 01:09:39 UTC (rev 464)
@@ -86,7 +86,7 @@
<dependency>
<groupId>org.jboss.spec.javax.security.auth.message</groupId>
<artifactId>jboss-jaspi-api_1.1_spec</artifactId>
- <version>1.0.0.Alpha1</version>
+ <version>1.0.0.Beta1</version>
<scope>compile</scope>
</dependency>
<dependency>
More information about the jboss-cvs-commits
mailing list