[jboss-svn-commits] JBL Code SVN: r21406 - in labs/jbossesb/workspace/dbevenius/security/product: lib/ext and 33 other directories.
jboss-svn-commits at lists.jboss.org
jboss-svn-commits at lists.jboss.org
Fri Aug 8 02:59:43 EDT 2008
Author: beve
Date: 2008-08-08 02:59:43 -0400 (Fri, 08 Aug 2008)
New Revision: 21406
Added:
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/build.xml
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/lib/
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/lib/ext/
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/lib/ext/build-time/
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/lib/ext/build-time/junit-4.1.jar
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/lib/ext/build-time/log4j.jar
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/lib/ext/openssoclientsdk.jar
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/lib/ext/servlet-api.jar
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/main/
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/main/java/
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/main/java/org/
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/main/java/org/jboss/
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/main/java/org/jboss/security/
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/main/java/org/jboss/security/opensso/
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/main/java/org/jboss/soa/
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/main/java/org/jboss/soa/security/
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/main/java/org/jboss/soa/security/opensso/
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/main/java/org/jboss/soa/security/opensso/OpenSSOLoginModule.java
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/main/java/org/jboss/soa/security/opensso/SSOPrincipal.java
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/main/resources/
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/main/resources/AMConfig.properties
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/main/resources/jaas.login
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/test/
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/test/java/
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/test/java/org/
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/test/java/org/jboss/
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/test/java/org/jboss/security/
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/test/java/org/jboss/security/opensso/
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/test/java/org/jboss/security/opensso/jaas.login
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/test/java/org/jboss/soa/
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/test/java/org/jboss/soa/esb/
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/test/java/org/jboss/soa/esb/actions/
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/test/java/org/jboss/soa/security/
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/test/java/org/jboss/soa/security/opensso/
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/test/java/org/jboss/soa/security/opensso/OpenSSOLoginModuleTest.java
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/test/resources/
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/test/resources/log4j.xml
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/lib/jboss-ejb3x.jar
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/src/org/jboss/soa/esb/samples/quickstart/opensso/EjbClientAction.java
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/src/org/jboss/soa/esb/samples/quickstart/opensso/Simple.java
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/src/org/jboss/soa/esb/samples/quickstart/opensso/SimpleRemote.java
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/src/org/jboss/soa/esb/samples/quickstart/opensso/SimpleSLSB.java
Removed:
labs/jbossesb/workspace/dbevenius/security/product/lib/ext/openssoclientsdk.jar
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/internal/soa/esb/services/security/jaas/OpenSSOLoginModule.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/principals/SSOPrincipal.java
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/lib/AMConfig.properties
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/lib/openssoclientsdk.jar
Modified:
labs/jbossesb/workspace/dbevenius/security/product/.classpath
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/internal/soa/esb/services/security/JaasSecurityService.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/internal/soa/esb/services/security/UserPassCallbackHandler.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityConfig.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/principals/Role.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/internal/soa/esb/services/security/JaasSecurityServiceUnitTest.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/internal/soa/esb/services/security/jaas.login
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/build.xml
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jaas.login
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-esb.xml
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/readme.txt
Log:
Security updates.
Modified: labs/jbossesb/workspace/dbevenius/security/product/.classpath
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/.classpath 2008-08-08 06:56:06 UTC (rev 21405)
+++ labs/jbossesb/workspace/dbevenius/security/product/.classpath 2008-08-08 06:59:43 UTC (rev 21406)
@@ -1,90 +1,70 @@
<?xml version="1.0" encoding="UTF-8"?>
<classpath>
- <classpathentry kind="lib" path="build/jbossesb/lib/jbossesb-config-model-1.0.1.jar"/>
<classpathentry excluding="**/.svn/" kind="src" path="rosetta/src"/>
- <classpathentry kind="src" path="services/jbossesb/src/main/java"/>
- <classpathentry kind="src" path="services/jbrules/src/main/java"/>
- <classpathentry kind="src" path="services/jbossesb/src/test/java"/>
- <classpathentry kind="src" path="services/jbpm/src/test/java"/>
- <classpathentry kind="src" path="services/jbrules/src/test/java"/>
- <classpathentry kind="src" path="services/jbpm/src/main/java"/>
- <classpathentry kind="src" path="services/smooks/src/test/java"/>
- <classpathentry kind="src" path="services/smooks/src/main/java"/>
- <classpathentry kind="src" path="services/slsb/src/main/java"/>
- <classpathentry kind="src" path="build/schema-model/src"/>
<classpathentry excluding="**/.svn/" kind="src" path="rosetta/tests/src"/>
- <classpathentry kind="src" path="services/soap/src/main/java"/>
- <classpathentry kind="src" path="services/soap/src/test/java"/>
- <classpathentry kind="lib" path="etc/test/resources/log4j/dev"/>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
<classpathentry kind="lib" path="lib/ext/activation.jar"/>
- <classpathentry kind="lib" path="lib/ext/antlr-2.7.6.jar"/>
+ <classpathentry kind="lib" path="lib/ext/antlr-2.7.7.jar"/>
+ <classpathentry kind="lib" path="lib/ext/asm.jar"/>
+ <classpathentry kind="lib" path="lib/ext/cache.jar"/>
+ <classpathentry kind="lib" path="lib/ext/cglib-2.1_3.jar"/>
+ <classpathentry kind="lib" path="lib/ext/commons-codec-1.3.jar"/>
<classpathentry kind="lib" path="lib/ext/commons-collections-3.2.jar"/>
+ <classpathentry kind="lib" path="lib/ext/commons-httpclient.jar"/>
+ <classpathentry kind="lib" path="lib/ext/commons-io-1.3.jar"/>
<classpathentry kind="lib" path="lib/ext/commons-lang-2.1.jar"/>
- <classpathentry kind="lib" path="lib/ext/commons-codec-1.3.jar"/>
- <classpathentry kind="lib" path="lib/ext/emma_ant.jar"/>
- <classpathentry kind="lib" path="lib/ext/emma.jar"/>
+ <classpathentry kind="lib" path="lib/ext/commons-logging-1.0.4.jar"/>
+ <classpathentry kind="lib" path="lib/ext/commons-net-2.0.0-652071.jar"/>
+ <classpathentry kind="lib" path="lib/ext/commons-ssl-0.3.4.jar"/>
<classpathentry kind="lib" path="lib/ext/groovy-all-1.0.jar"/>
- <classpathentry kind="lib" path="lib/ext/hsqldb.jar"/>
- <classpathentry kind="lib" path="lib/ext/jbossall-client.jar"/>
+ <classpathentry kind="lib" path="lib/ext/h2.jar"/>
+ <classpathentry kind="lib" path="lib/ext/hibernate3.jar"/>
+ <classpathentry kind="lib" path="lib/ext/javassist.jar"/>
+ <classpathentry kind="lib" path="lib/ext/jaxr-api-1.0rc1.jar"/>
+ <classpathentry kind="lib" path="lib/ext/jboss-aop-jdk50.jar"/>
+ <classpathentry kind="lib" path="lib/ext/jboss-messaging-client.jar"/>
<classpathentry kind="lib" path="lib/ext/jboss-system.jar"/>
+ <classpathentry kind="lib" path="lib/ext/jboss.jar"/>
+ <classpathentry kind="lib" path="lib/ext/jbossall-client.jar"/>
<classpathentry kind="lib" path="lib/ext/jbossts-common.jar"/>
- <classpathentry kind="lib" path="lib/ext/jsch-0.1.jar"/>
+ <classpathentry kind="lib" path="lib/ext/jgroups-all.jar"/>
+ <classpathentry kind="lib" path="lib/ext/jsch-0.1.38.jar"/>
+ <classpathentry kind="lib" path="lib/ext/jsr173_1.0_ri.jar"/>
<classpathentry kind="lib" path="lib/ext/juddi-2.0rc5.jar"/>
<classpathentry kind="lib" path="lib/ext/juddi-client-2.0rc5.jar"/>
- <classpathentry kind="lib" path="lib/ext/junit-4.1.jar"/>
<classpathentry kind="lib" path="lib/ext/log4j.jar"/>
<classpathentry kind="lib" path="lib/ext/mail.jar"/>
- <classpathentry kind="lib" path="lib/ext/mockejb.jar"/>
+ <classpathentry kind="lib" path="lib/ext/mvel-1.3.1-java1.4.jar"/>
<classpathentry kind="lib" path="lib/ext/ognl-2.6.9.jar"/>
- <classpathentry kind="lib" path="lib/ext/opencsv-1.6.jar"/>
- <classpathentry kind="lib" path="lib/ext/properties-plugin.jar"/>
+ <classpathentry kind="lib" path="lib/ext/quartz-1.5.2.jar"/>
+ <classpathentry kind="lib" path="lib/ext/scout-1.0rc1.jar"/>
+ <classpathentry kind="lib" path="lib/ext/servlet-api.jar"/>
<classpathentry kind="lib" path="lib/ext/stax-api-1.0.1.jar"/>
- <classpathentry kind="lib" path="lib/ext/xalan-2.7.0.jar"/>
+ <classpathentry kind="lib" path="lib/ext/stringtemplate-3.2.jar"/>
+ <classpathentry kind="lib" path="lib/ext/trove.jar"/>
+ <classpathentry kind="lib" path="lib/ext/wstx-lgpl-3.2.1.jar"/>
<classpathentry kind="lib" path="lib/ext/xbean.jar"/>
<classpathentry kind="lib" path="lib/ext/xercesImpl-2.7.1.jar"/>
<classpathentry kind="lib" path="lib/ext/xml-apis-1.3.02.jar"/>
<classpathentry kind="lib" path="lib/ext/xmlpublic.jar"/>
<classpathentry kind="lib" path="lib/ext/xstream-1.2.2.jar"/>
- <classpathentry kind="lib" path="lib/ext/jboss.jar"/>
- <classpathentry kind="lib" path="lib/ext/commons-io-1.3.jar"/>
- <classpathentry kind="lib" path="lib/ext/edtftpj-1.5.4.jar"/>
- <classpathentry kind="lib" path="ftp/lib/backport-util-concurrent-2.2.jar"/>
+ <classpathentry kind="lib" path="lib/ext/standalone/c3p0-0.9.1-pre9.jar"/>
+ <classpathentry kind="lib" path="build/jbossesb/lib/jbossesb-config-model-1.0.1.jar"/>
+ <classpathentry kind="lib" path="/opt/jboss/esb/security/testlib/emma.jar"/>
+ <classpathentry kind="lib" path="/opt/jboss/esb/security/testlib/emma_ant.jar"/>
+ <classpathentry kind="lib" path="/opt/jboss/esb/security/testlib/hsqldb.jar"/>
+ <classpathentry kind="lib" path="/opt/jboss/esb/security/testlib/jakarta-oro-2.0.8.jar"/>
+ <classpathentry kind="lib" path="/opt/jboss/esb/security/testlib/jboss-jaxb-intros.jar"/>
+ <classpathentry kind="lib" path="/opt/jboss/esb/security/testlib/jboss-remoting.jar"/>
+ <classpathentry kind="lib" path="/opt/jboss/esb/security/testlib/jbossweb.jar"/>
+ <classpathentry kind="lib" path="/opt/jboss/esb/security/testlib/junit-4.1.jar"/>
+ <classpathentry kind="lib" path="/opt/jboss/esb/security/testlib/mockejb.jar"/>
+ <classpathentry kind="lib" path="/opt/jboss/esb/security/testlib/opencsv-1.6.jar"/>
+ <classpathentry kind="lib" path="/opt/jboss/esb/security/testlib/properties-plugin.jar"/>
+ <classpathentry kind="lib" path="/opt/jboss/esb/security/testlib/wsdl4j-1.6.2.jar"/>
+ <classpathentry kind="lib" path="/opt/jboss/esb/security/testlib/xalan-2.7.0.jar"/>
+ <classpathentry kind="lib" path="ftp/lib/ftpserver-core-1.0-incubator-SNAPSHOT.jar"/>
<classpathentry kind="lib" path="ftp/lib/ftplet-api-1.0-incubator-SNAPSHOT.jar"/>
<classpathentry kind="lib" path="ftp/lib/ftpserver-admin-gui-1.0-incubator-SNAPSHOT.jar"/>
- <classpathentry kind="lib" path="ftp/lib/ftpserver-core-1.0-incubator-SNAPSHOT.jar"/>
- <classpathentry kind="lib" path="ftp/lib/mina-core-1.0.2.jar"/>
- <classpathentry kind="lib" path="ftp/lib/mina-filter-ssl-1.0.2.jar"/>
- <classpathentry kind="lib" path="ftp/lib/slf4j-api-1.3.0.jar"/>
- <classpathentry kind="lib" path="ftp/lib/slf4j-log4j12-1.3.0.jar"/>
- <classpathentry kind="lib" path="services/jbpm/lib/ext/asm.jar"/>
- <classpathentry kind="lib" path="services/jbpm/lib/ext/dom4j.jar"/>
- <classpathentry kind="lib" path="services/jbpm/lib/ext/jbpm-identity.jar"/>
- <classpathentry kind="lib" path="services/jbpm/lib/ext/jbpm-jpdl.jar"/>
- <classpathentry kind="lib" path="lib/ext/jgroups-all.jar"/>
- <classpathentry kind="lib" path="lib/ext/cache.jar"/>
- <classpathentry kind="lib" path="lib/ext/standalone/c3p0-0.9.1-pre9.jar"/>
- <classpathentry kind="lib" path="lib/ext/antlr-3.0b7.jar"/>
- <classpathentry kind="lib" path="lib/ext/asm.jar"/>
- <classpathentry kind="lib" path="lib/ext/cglib-2.1_3.jar"/>
- <classpathentry kind="lib" path="lib/ext/commons-httpclient.jar"/>
- <classpathentry kind="lib" path="lib/ext/commons-logging-1.0.4.jar"/>
- <classpathentry kind="lib" path="lib/ext/hibernate3.jar"/>
- <classpathentry kind="lib" path="lib/ext/javassist.jar"/>
- <classpathentry kind="lib" path="lib/ext/jboss-aop-jdk50.jar"/>
- <classpathentry kind="lib" path="lib/ext/jboss-messaging-client.jar"/>
- <classpathentry kind="lib" path="lib/ext/jboss-remoting.jar"/>
- <classpathentry kind="lib" path="lib/ext/jbossweb.jar"/>
- <classpathentry kind="lib" path="lib/ext/stringtemplate-3.0.jar"/>
- <classpathentry kind="lib" path="lib/ext/trove.jar"/>
- <classpathentry kind="lib" path="lib/ext/jakarta-oro-2.0.8.jar"/>
- <classpathentry kind="lib" path="lib/ext/commons-ssl-0.3.4.jar"/>
- <classpathentry kind="lib" path="services/jbrules/lib/ext/antlr-runtime-3.0.jar"/>
- <classpathentry kind="lib" path="lib/ext/mvel14-1.2rc4rv908.jar"/>
- <classpathentry kind="lib" path="lib/ext/quartz-1.5.2.jar"/>
- <classpathentry kind="lib" path="lib/ext/jaxr-api-1.0rc1.jar"/>
- <classpathentry kind="lib" path="lib/ext/jboss-jaxb-intros.jar"/>
- <classpathentry kind="lib" path="lib/ext/scout-1.0rc1.jar"/>
- <classpathentry kind="lib" path="services/soap/lib/ext/Wise-core.jar"/>
<classpathentry kind="output" path="bin"/>
</classpath>
Deleted: labs/jbossesb/workspace/dbevenius/security/product/lib/ext/openssoclientsdk.jar
===================================================================
(Binary files differ)
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/internal/soa/esb/services/security/JaasSecurityService.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/internal/soa/esb/services/security/JaasSecurityService.java 2008-08-08 06:56:06 UTC (rev 21405)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/internal/soa/esb/services/security/JaasSecurityService.java 2008-08-08 06:59:43 UTC (rev 21406)
@@ -24,6 +24,7 @@
import java.security.Principal;
import java.security.Security;
import java.util.Properties;
+import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
@@ -31,6 +32,7 @@
import org.apache.log4j.Logger;
import org.jboss.internal.soa.esb.assertion.AssertArgument;
+import org.jboss.security.SecurityAssociation;
import org.jboss.soa.esb.ConfigurationException;
import org.jboss.soa.esb.common.Configuration;
import org.jboss.soa.esb.common.Environment;
@@ -46,103 +48,99 @@
import com.sun.security.auth.login.ConfigFile;
/**
- * Concreate impl of a SecurityService in JBoss ESB that uses JAAS.
+ * Concrete impl of a SecurityService in JBoss ESB that uses JAAS.
* <p/>
+ * This class is indented to be specified as the security implementation
+ * to be used with JBoss ESB. <br>
+ * This would be specified in jbossesb-properties.xml:
+ * <pre>
+ * {@literal
+ * <properties name="security">
+ * <property name="org.jboss.soa.esb.services.security.implementationClass" value="org.jboss.internal.soa.esb.services.security.JaasSecurityService"/>
+ * <property name="org.jboss.soa.esb.services.security.callbackHandler" value="org.jboss.internal.soa.esb.services.security.UserPassCallbackHandler"/>
+ * <property name="org.jboss.soa.esb.services.security.configUrl" value="/jaas.login"/>
+ * </properties>
+ * </pre>}
*
- * @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
+ * @author <a href="mailto:dbevenius at jboss.com">Daniel Bevenius</a>
* @Since 4.4
*/
public final class JaasSecurityService implements SecurityService
{
- public static final String LOGIN_CONFIG_URL_PREFIX = "login.config.url.";
+ /*
+ * Property name for login config urls.
+ */
+ private static final String LOGIN_CONFIG_URL_PREFIX = "login.config.url.";
- private final Logger log = Logger.getLogger(JaasSecurityService.class);
-
/*
- * Callback handler implementation name
+ * Callback handler implementation name
*/
private String callbackHandlerClassName;
/*
- * Original login configuration e.g JBoss AS login configuration
+ * Original login configuration e.g JBoss AS login configuration
*/
private javax.security.auth.login.Configuration orgConfiguration;
/*
- * New loging configuration
+ * Custom login configuration
*/
private javax.security.auth.login.Configuration configuration;
+
+ private final Logger log = Logger.getLogger(JaasSecurityService.class);
/**
+ * Performs authentication of the passed in SecurityContext.
+ * </p>
+ * This method will first try to authenticate the authRequest by using a custom <br>
+ * javax.security.auth.login.Configuration, which would be the case where the <br>
+ * login module name specified exists in a jaas.login file. <br>
+ * If the login module name cannot be found in jaas.login then this method will <br>
+ * fall back and try to authenticate using a an underlying Configuration. This would <br>
+ * be the case when running in an appserver for instance.
*
- * @param context the security context to be used.
+ * @param config - the security configuration. Properties from jboss-esb.xml
+ * @param securityContext - the security context to be used.
+ * @param authRequest - the authentication request to be processed.
* @throws SecurityServiceException
* @throws LoginException if the authentication fails
*/
public void authenticate(final SecurityConfig config, SecurityContext securityContext, final AuthenticationRequest authRequest) throws SecurityServiceException
{
- AssertArgument.isNotNull(securityContext, "subject");
+ AssertArgument.isNotNull(securityContext, "securityContext");
AssertArgument.isNotNull(config, "config");
LoginContext loginContext;
try
{
- EsbCallbackHandler callbackHandler = getCallbackHandler(config);
- if ( callbackHandler != null )
- {
- callbackHandler.setAuthenticationRequest(authRequest);
- }
-
+ final EsbCallbackHandler callbackHandler = createCallbackHandler(config, authRequest);
try
{
- // try to login with a specified login configuration
+ // try to login with a standalone jaas login configuration file(for example jaas.login file)
loginContext = new LoginContext(config.getModuleName(), securityContext.getSubject(), callbackHandler, configuration);
}
catch (final LoginException ignore)
{
- // fall back and try using the orginal configuration
+ // fall back and try using the orginal configuration(for example jboss login-config.xml)
loginContext = new LoginContext(config.getModuleName(), securityContext.getSubject(), callbackHandler, orgConfiguration);
}
+
+ // invoke the login process
loginContext.login();
+
+ // add a runAs group if specified
addRunAs(config, securityContext.getSubject());
}
catch (final LoginException e)
{
throw new SecurityServiceException("Exception while trying to login:", e);
}
- catch (ConfigurationException e)
- {
- throw new SecurityServiceException("Exception while trying to login:", e);
- }
- }
-
- /**
- * If a callbackHandler was specified in the config object instance use it.
- * Otherwise use the one that was globally configured, if any.
- *
- * @param config
- * @return
- * @throws ConfigurationException
- */
- private EsbCallbackHandler getCallbackHandler( final SecurityConfig config ) throws ConfigurationException
- {
- EsbCallbackHandler callbackHandler = null;
- String fromConfig = config.getCallbackHandler();
- if ( fromConfig != null )
- {
- callbackHandler = getInstance(fromConfig);
- }
- else if ( callbackHandlerClassName != null )
- {
- callbackHandler = getInstance(callbackHandlerClassName);
- }
- return callbackHandler;
-
+ SecurityAssociation.setPrincipal(securityContext.getSubject().getPrincipals().iterator().next());
}
/**
- * Determines if the passed in Subjects has the role specified in the context.
+ * Determines if the passed in Subject has the role specified in the context.
* @return true - if the callers has the role
*/
public boolean isCallerInRole( final Subject subject, final Principal role)
@@ -150,13 +148,16 @@
return subject.getPrincipals().contains(role);
}
+ /**
+ *
+ */
public void configure() throws ConfigurationException
{
try
{
orgConfiguration = javax.security.auth.login.Configuration.getConfiguration();
}
- catch(final SecurityException e)
+ catch(final SecurityException ignore)
{
log.warn("Could not locate a security configuration");
}
@@ -176,13 +177,57 @@
addLoginConfig(loginUrl);
}
- // get a javax.security.auth.callback.CallbackHandler if one is configured
+ // get a EsbCallbackHandler if one is configured in jbossesb-properties.xml
callbackHandlerClassName = securityProperties.getProperty(Environment.SECURITY_SERVICE_CALLBACK_HANLDER_CLASS);
-
}
- public void addLoginConfig(final URL loginConfigUrl) throws ConfigurationException
+ public void logout(SecurityConfig config)
{
+ throw new UnsupportedOperationException("Logout is not implemented for " + getClass().getName());
+ }
+
+ /**
+ * Creates an instance of EsbCallbackHandler specified in either jboss-esb.xml:
+ * <pre>
+ * {@literal
+ * <security moduleName="OpenSSOLogin" runAs="adminRole" callbackHandler="org.jboss.internal.soa.esb.services.security.UserPassCallbackHandler"/>
+ * }</pre><br>
+ * or if one was not specified in jboss-esb.xml but one has been specified in jbossesb-properties.xml:
+ * <pre>
+ * {@literal
+ * <property name="org.jboss.soa.esb.services.security.callbackHandler" value="org.jboss.internal.soa.esb.services.security.UserPassCallbackHandler"/>
+ * }</pre><br>
+ * After an instance has been created its {@link EsbCallbackHandler#setAuthenticationRequest(AuthenticationRequest)} method is called
+ * which gives the callback handler access to the authentication information.
+ *
+ * @param config - the security configuration information(from jboss-esb.xml)
+ * @param authRequest - the authentication request information
+ * @return EsbCallbackHandler - new instance with authReqeust set or null if no callback handler has been specified in either jboss-esb.xml or jbossesb-properties.xml
+ * @throws SecurityServiceException - if an EsbCallbackHandler has specified in the configuration but the implementation cannot be created.
+ */
+ private EsbCallbackHandler createCallbackHandler( final SecurityConfig config, final AuthenticationRequest authRequest ) throws SecurityServiceException
+ {
+ EsbCallbackHandler callbackHandler = null;
+
+ // check if a callbackhandler was specified in jboss-esb.xml
+ String callbackImpl = config.getCallbackHandler();
+ if ( callbackImpl == null )
+ {
+ // use the global callbackhandler that can be specified in jbossesb-properties.xml(optional)
+ callbackImpl = callbackHandlerClassName;
+ }
+
+ if ( callbackImpl != null )
+ {
+ callbackHandler = createNewInstance(callbackImpl);
+ // set the authReqeust so that the callback handler has access to the authentication information(Principals, Credentials)
+ callbackHandler.setAuthenticationRequest(authRequest);
+ }
+ return callbackHandler;
+ }
+
+ private void addLoginConfig(final URL loginConfigUrl) throws ConfigurationException
+ {
if (loginConfigUrl == null)
{
throw new ConfigurationException("Could not locate the login config file at Url [" + loginConfigUrl + "]");
@@ -212,23 +257,33 @@
}
}
- public void logout(SecurityConfig config)
- {
- throw new UnsupportedOperationException("Logout is not implemented for " + getClass().getName());
- }
-
private void addRunAs( final SecurityConfig config, final Subject subject )
{
final String runAs = config.getRunAs();
if ( runAs != null )
{
- Group group = new Group("Roles");
- group.addMember( new Role(runAs));
- subject.getPrincipals().add(group);
+ final Role runAsRole = new Role(runAs);
+ Set<Group> principals = subject.getPrincipals(Group.class);
+ if ( principals.isEmpty() )
+ {
+ final Group group = new Group("Roles");
+ group.addMember(runAsRole);
+ subject.getPrincipals().add(group);
+ }
+ else
+ {
+ for (Group groups : principals)
+ {
+ if ( "Roles".equals(groups.getName()) )
+ {
+ groups.addMember(runAsRole);
+ }
+ }
+ }
}
}
- private <T extends EsbCallbackHandler> T getInstance( final String className ) throws ConfigurationException
+ private <T extends EsbCallbackHandler> T createNewInstance( final String className ) throws SecurityServiceException
{
try
{
@@ -238,15 +293,15 @@
}
catch (final ClassNotFoundException e)
{
- throw new ConfigurationException(e.getMessage(), e);
+ throw new SecurityServiceException("ClassNotFoundException while trying to create an impl of [" + className + "]", e);
}
catch (final InstantiationException e)
{
- throw new ConfigurationException(e.getMessage(), e);
+ throw new SecurityServiceException("InstantiationException while trying to create an impl of [" + className + "]", e);
}
catch (final IllegalAccessException e)
{
- throw new ConfigurationException(e.getMessage(), e);
+ throw new SecurityServiceException("IllegalAccess while trying to create an impl of [" + className + "]", e);
}
}
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/internal/soa/esb/services/security/UserPassCallbackHandler.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/internal/soa/esb/services/security/UserPassCallbackHandler.java 2008-08-08 06:56:06 UTC (rev 21405)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/internal/soa/esb/services/security/UserPassCallbackHandler.java 2008-08-08 06:59:43 UTC (rev 21406)
@@ -61,6 +61,10 @@
{
pc.setPassword((char[]) object);
}
+ else if ( object instanceof String )
+ {
+ pc.setPassword( ((String) object).toCharArray() );
+ }
}
}
else
Deleted: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/internal/soa/esb/services/security/jaas/OpenSSOLoginModule.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/internal/soa/esb/services/security/jaas/OpenSSOLoginModule.java 2008-08-08 06:56:06 UTC (rev 21405)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/internal/soa/esb/services/security/jaas/OpenSSOLoginModule.java 2008-08-08 06:59:43 UTC (rev 21406)
@@ -1,272 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2008, JBoss Inc., and others contributors as indicated
- * by the @authors tag. All rights reserved.
- * See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- * This copyrighted material is made available to anyone wishing to use,
- * modify, copy, or redistribute it subject to the terms and conditions
- * of the GNU Lesser General Public License, v. 2.1.
- * This program is distributed in the hope that it will be useful, but WITHOUT A
- * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
- * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
- * You should have received a copy of the GNU Lesser General Public License,
- * v.2.1 along with this distribution; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
- * MA 02110-1301, USA.
- *
- * (C) 2008,
- */
-package org.jboss.internal.soa.esb.services.security.jaas;
-
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.Principal;
-import java.util.Map;
-import java.util.Properties;
-import java.util.Set;
-
-import javax.security.auth.Subject;
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.UnsupportedCallbackException;
-import javax.security.auth.login.LoginException;
-import javax.security.auth.spi.LoginModule;
-
-import org.apache.log4j.Logger;
-import org.jboss.soa.esb.ConfigurationException;
-import org.jboss.soa.esb.services.security.principals.SSOPrincipal;
-import org.jboss.soa.esb.util.ClassUtil;
-
-import com.iplanet.am.util.SystemProperties;
-import com.iplanet.sso.SSOException;
-import com.iplanet.sso.SSOToken;
-import com.iplanet.sso.SSOTokenManager;
-import com.sun.identity.authentication.AuthContext;
-
-/**
- * OpenSSOLoginModule is a JAAS Login module implementation.
- * <p/>
- *
- * @author jeffyu
- * @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
- * @since 4.4
- *
- */
-public class OpenSSOLoginModule implements LoginModule
-{
- private Logger log = Logger.getLogger(OpenSSOLoginModule.class);
-
- private Subject subject;
-
- private CallbackHandler callbackHandler;
-
- private Map<String, ?> options;
-
- // the authentication status
- private boolean succeeded = false;
-
- private boolean commitSucceeded = false;
-
- private AuthContext authContext;
-
- private boolean hasValidSession;
-
- private String orgName;
-
- private String moduleName;
-
- public void initialize(
- final Subject subject,
- final CallbackHandler callbackHandler,
- final Map<String, ?> sharedState,
- final Map<String, ?> options)
- {
- this.subject = subject;
- this.callbackHandler = callbackHandler;
- this.options = options;
- try
- {
- configure((String) options.get("amPropertiesFile"));
- }
- catch (final ConfigurationException e)
- {
- throw new IllegalStateException("Could not configure OpenSSOLoginModule: ", e);
- }
- orgName = (String)this.options.get("orgName");
- moduleName = (String)this.options.get("dataStoreModule");
- }
-
- /* (non-Javadoc)
- * @see javax.security.auth.spi.LoginModule#login()
- */
- public boolean login() throws LoginException
- {
- final Set<SSOPrincipal> principals = subject.getPrincipals(SSOPrincipal.class);
- // we have an existing SSOToken, see if it is valid
- if ( !principals.isEmpty() )
- {
- SSOPrincipal ssoPrincipal = principals.iterator().next();
- hasValidSession = hasExistingSession(ssoPrincipal.getToken());
- if ( hasValidSession )
- {
- succeeded = true;
- return succeeded;
- }
- }
-
- authContext = new AuthContext(orgName);
-
- // login using the module authentication type
- authContext.login(AuthContext.IndexType.MODULE_INSTANCE, moduleName);
-
- // get the callbacks that need to be populated the authentication plugin.
- Callback[] callbacks = authContext.getRequirements();
-
- // populate the callbacks.
- handleCallbacks(callbacks);
-
- // now submit the populated callbacks to plugin-modules.
- authContext.submitRequirements(callbacks);
-
- // check the retured status
- if (authContext.getStatus() == AuthContext.Status.SUCCESS)
- {
- log.info("Login succeeded.");
- succeeded = true;
- }
- else if (authContext.getStatus() == AuthContext.Status.FAILED)
- {
- log.info("Login failed.");
- }
- else
- {
- log.info("Unknown status: " + authContext.getStatus());
- }
- return succeeded;
- }
-
- private void handleCallbacks(Callback[] requirements) throws LoginException
- {
- try
- {
- callbackHandler.handle(requirements);
- }
- catch (IOException e)
- {
- throw new LoginException(e.getMessage());
- }
- catch (UnsupportedCallbackException e)
- {
- throw new LoginException(e.getMessage());
- }
- }
-
- /* (non-Javadoc)
- * @see javax.security.auth.spi.LoginModule#commit()
- */
- public boolean commit() throws LoginException
- {
- if (succeeded == false)
- {
- return false;
- }
-
- try
- {
- if ( !hasValidSession )
- {
- // this means that this was a new authentication so create a new SSOPrincipal
- SSOToken ssoToken = authContext.getSSOToken();
- Principal principal = new SSOPrincipal(ssoToken.getTokenID().toString());
- subject.getPrincipals().add(principal);
- }
- commitSucceeded = true;
- }
- catch (final Exception ignore)
- {
- log.error("Exception in commit: ", ignore);
- commitSucceeded = false;
- }
-
- return commitSucceeded;
- }
-
- /* (non-Javadoc)
- * @see javax.security.auth.spi.LoginModule#abort()
- */
- public boolean abort() throws LoginException
- {
- if (succeeded = false)
- {
- return true;
- }
- succeeded = false;
- authContext.logout();
- commitSucceeded = false;
- return true;
- }
-
- public boolean logout() throws LoginException
- {
- subject.getPrincipals().clear();
- succeeded = false;
- commitSucceeded = false;
- authContext.logout();
- return true;
- }
-
- /*
- * Will check if the passed in tokenId correlates with an existing
- * OpenSSO session.
- * If a session does exist this method returns true,false otherwise.
- */
- private boolean hasExistingSession( final String tokenId )
- {
- boolean hasSession;
- try
- {
- SSOTokenManager tokenMgr = SSOTokenManager.getInstance();
- SSOToken ssoToken = tokenMgr.createSSOToken(tokenId);
- hasSession = tokenMgr.isValidToken(ssoToken);
- log.debug("Has valid session : " + hasSession);
- }
- catch (final SSOException ignore)
- {
- hasSession = false;
- }
- return hasSession;
- }
-
- /**
- * Will configure OpenSSO.
- */
- private void configure(final String amProperties) throws ConfigurationException
- {
- log.debug("Access Manager(AM) configuration properties file : " + amProperties);
- if ( amProperties != null )
- {
- Properties props = new Properties();
- try
- {
- InputStream inputStream = ClassUtil.getResourceAsStream(amProperties, getClass());
- if ( inputStream != null )
- {
- props.load(inputStream);
- }
- else
- throw new ConfigurationException("Could not locate Access Manager(AM) configuration properties file: " + amProperties);
- }
- catch (FileNotFoundException e)
- {
- throw new ConfigurationException("Could not locate Access Manager(AM) configuration properties file: " + amProperties, e );
- }
- catch (IOException e)
- {
- throw new ConfigurationException("Could not locate Access Manager(AM) configuration properties file: " + amProperties, e );
- }
- SystemProperties.initializeProperties(props);
- }
- }
-}
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityConfig.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityConfig.java 2008-08-08 06:56:06 UTC (rev 21405)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityConfig.java 2008-08-08 06:59:43 UTC (rev 21406)
@@ -30,11 +30,6 @@
public class SecurityConfig
{
private String runAs;
- public String getCallbackHandler()
- {
- return callbackHandler;
- }
-
private String useCallerIdentity;
private String moduleName;
private final String callbackHandler;
@@ -67,6 +62,11 @@
return new SecurityConfig(runAs, useCallerIdentity, moduleName, callbackHandler);
}
+ public String getCallbackHandler()
+ {
+ return callbackHandler;
+ }
+
public String getRunAs()
{
return runAs;
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/principals/Role.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/principals/Role.java 2008-08-08 06:56:06 UTC (rev 21405)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/principals/Role.java 2008-08-08 06:59:43 UTC (rev 21406)
@@ -50,7 +50,7 @@
public String toString()
{
- return "Role [roleName=" + roleName + "]";
+ return "[roleName=" + roleName + "]";
}
@Override
Deleted: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/principals/SSOPrincipal.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/principals/SSOPrincipal.java 2008-08-08 06:56:06 UTC (rev 21405)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/principals/SSOPrincipal.java 2008-08-08 06:59:43 UTC (rev 21406)
@@ -1,93 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
- * LLC, and individual contributors by the @authors tag. See the copyright.txt
- * in the distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 2.1 of the License, or (at your option)
- * any later version.
- *
- * This software is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
- * details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this software; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
- * site: http://www.fsf.org.
- */
-package org.jboss.soa.esb.services.security.principals;
-
-import java.io.Serializable;
-import java.security.Principal;
-
-/**
- * A SSOPrincipal represents a caller that has been authenticated by
- * a Single Sign On system.
- * <p/>
- *
- * @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
- *
- */
-public class SSOPrincipal implements Principal, Serializable
-{
- private static final long serialVersionUID = 1L;
-
- private final String ssoToken;
-
- public SSOPrincipal(final String ssoToken)
- {
- if ( ssoToken == null )
- throw new NullPointerException("ssoToken argument must not be null");
-
- this.ssoToken = ssoToken;
- }
-
- /**
- * Returns the name of this Principal.
- * @return String - will always return "SSOToken".
- */
- public String getName()
- {
- return "SSOToken";
- }
-
- /**
- * Returns a String representation of the token used to identify
- * an authenticated user/system.
- *
- * @return String - the SSO systems token.
- */
- public String getToken()
- {
- return ssoToken;
- }
-
- public String toString()
- {
- return "SSOToken [ssoToken=" + ssoToken + "]";
- }
-
- @Override
- public boolean equals(Object obj)
- {
- if (this == obj)
- return true;
- if(!(obj instanceof SSOPrincipal))
- return false;
-
- SSOPrincipal other = (SSOPrincipal) obj;
- return this.ssoToken.equals(other.ssoToken);
- }
-
- @Override
- public int hashCode()
- {
- int hash = 17;
- hash = 31 * hash + ssoToken == null ? 0 : ssoToken.hashCode();
- return hash;
- }
-
-}
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/internal/soa/esb/services/security/JaasSecurityServiceUnitTest.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/internal/soa/esb/services/security/JaasSecurityServiceUnitTest.java 2008-08-08 06:56:06 UTC (rev 21405)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/internal/soa/esb/services/security/JaasSecurityServiceUnitTest.java 2008-08-08 06:59:43 UTC (rev 21406)
@@ -41,12 +41,12 @@
import org.jboss.soa.esb.services.security.TestPrincipal;
import org.jboss.soa.esb.services.security.auth.AuthenticationRequest;
import org.jboss.soa.esb.services.security.auth.AuthenticationRequestImpl;
+import org.jboss.soa.esb.services.security.principals.Group;
import org.jboss.soa.esb.services.security.principals.Role;
-import org.jboss.soa.esb.services.security.principals.SSOPrincipal;
+//import org.jboss.soa.esb.services.security.principals.SSOPrincipal;
import org.jboss.soa.esb.util.ClassUtil;
import org.junit.After;
import org.junit.Before;
-import org.junit.Ignore;
import org.junit.Test;
/**
@@ -83,47 +83,31 @@
}
@Test
- @Ignore
- /*
- * Ignored as this is really a functional test/integration test.
- */
- public void opensso() throws ConfigurationException, SecurityServiceException
+ public void configureWithRole() throws ConfigurationException, SecurityServiceException
{
- final String userName = "amAdmin";
- final String password = "adminpass";
- SecurityConfig configInfo = SecurityConfig.createSecurityInfo(null, null, "OpenSSOLogin", null);
- TestPrincipal principal = new TestPrincipal(userName);
- Set<String> credentials = new HashSet<String>();
- credentials.add(password);
+ SecurityConfig configInfo = SecurityConfig.createSecurityInfo("adminRole", null, "SuccessfulLogin", null);
- AuthenticationRequest authRequest = new AuthenticationRequestImpl.Builder(principal, credentials).bulid();
SecurityContext context = new SecurityContext(subject);
- service.configure();
- service.authenticate(configInfo, context, authRequest);
+ service.authenticate(configInfo, context, null);
- Set<?> principals = subject.getPrincipals();
- assertEquals( 1, principals.size() );
- assertTrue( principals.iterator().next() instanceof SSOPrincipal );
-
- service.authenticate(configInfo, context, authRequest);
- service.authenticate(configInfo, context, authRequest);
- service.authenticate(configInfo, context, authRequest);
- service.authenticate(configInfo, context, authRequest);
- principals = subject.getPrincipals();
- assertEquals( 1, principals.size() );
- assertTrue( principals.iterator().next() instanceof SSOPrincipal );
-
+ Set<Principal> principals = subject.getPrincipals( Principal.class );
+ assertEquals( 2, principals.size() );
}
@Test
- public void configureWithRole() throws ConfigurationException, SecurityServiceException
+ public void configureWithExistingRole() throws ConfigurationException, SecurityServiceException
{
SecurityConfig configInfo = SecurityConfig.createSecurityInfo("adminRole", null, "SuccessfulLogin", null);
+ Group group = new Group("Roles");
+ group.addMember(new Role("adminRole1"));
+ subject.getPrincipals().add(group);
+
SecurityContext context = new SecurityContext(subject);
service.authenticate(configInfo, context, null);
Set<Principal> principals = subject.getPrincipals( Principal.class );
+ System.out.println(principals);
assertEquals( 2, principals.size() );
}
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/internal/soa/esb/services/security/jaas.login
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/internal/soa/esb/services/security/jaas.login 2008-08-08 06:56:06 UTC (rev 21405)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/internal/soa/esb/services/security/jaas.login 2008-08-08 06:59:43 UTC (rev 21406)
@@ -6,7 +6,4 @@
};
UserPassLogin {
org.jboss.soa.esb.services.security.UserPassLoginModule required;
-};
-OpenSSOLogin {
- org.jboss.internal.soa.esb.services.security.jaas.OpenSSOLoginModule required orgName=opensso dataStoreModule=DataStore amPropertiesFile=AMConfig.properties;
-};
+};
\ No newline at end of file
Modified: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/build.xml
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/build.xml 2008-08-08 06:56:06 UTC (rev 21405)
+++ labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/build.xml 2008-08-08 06:59:43 UTC (rev 21406)
@@ -8,24 +8,24 @@
<property name="opensso.username" value="amAdmin" />
<property name="opensso.password" value="adminpass" />
-
<!--property name="deploy.exploded.requested" value="true" /-->
+ <target name="quickstart-specific-dependencies">
+ <path id="quickstart-lib-classpath">
+ <fileset dir="${basedir}/lib">
+ <include name="*.jar"/>
+ </fileset>
+ <fileset dir="${basedir}/jboss-opensso/build">
+ <include name="jboss-opensso.jar"/>
+ </fileset>
+ </path>
+ </target>
+
<!-- Import the base Ant build script... -->
<import file="../conf/base-build.xml"/>
<target name="runtest" depends="compile"
description="sends a JMS message to queue/quickstart_opensso_Request_gw">
- <!--echo>OpenSSO Login</echo>
- <java fork="yes" classname="org.jboss.soa.esb.samples.quickstart.opensso.Login" failonerror="true">
- <arg value="opensso"/>
- <arg value="DataStore"/>
- <arg value="en_US"/>
- <arg value="${opensso.username}"/>
- <arg value="${opensso.password}"/>
- <classpath refid="exec-classpath"/>
- <classpath path="${basedir}/lib"/>
- </java-->
<echo>Http Client</echo>
<java fork="yes" classname="org.jboss.soa.esb.samples.quickstart.opensso.HttpClient" failonerror="true">
<arg value="http"/>
@@ -35,40 +35,11 @@
<arg value="${opensso.password}"/>
<classpath refid="exec-classpath"/>
</java>
- <!--
- <java fork="yes" classname="org.jboss.soa.esb.samples.quickstart.opensso.test.SendJMSMessage" failonerror="true">
- <arg value="Hello World, OpenSSO quickstart"/>
- <classpath refid="exec-classpath"/>
- </java>
- -->
</target>
- <target name="sendesb" depends="compile"
- description="Will send an esb Message">
- <echo>Runs Test ESB Message Sender</echo>
- <java fork="yes" classname="org.jboss.soa.esb.samples.quickstart.opensso.test.SendEsbMessage" failonerror="true">
- <arg value="FirstServiceESB"/> <!-- service category -->
- <arg value="SimpleListenerSecured"/> <!-- service name -->
- <arg value="Hello World, OpenSSO quickstart - Straight to ESB listener - no Gateway"/> <!-- Message text -->
- <classpath refid="exec-classpath"/>
- </java>
- </target>
-
<target name="deploy-opensso" depends="compile" description="will unpack openesb.war to the deploy directory">
<echo message="Copy opensso.war directory to jboss deploy directory" />
<unzip src="${basedir}/opensso.war" dest="${org.jboss.esb.server.deploy.dir}/opensso.war"/>
-
- <!--
- <copy
- todir="${org.jboss.esb.server.deploy.dir}/opensso.war/WEB-INF/classes"
- overwrite="true"
- filtering="true"
- file="${basedir}/opensso-config/bootstrap.properties">
- <filterset>
- <filter token="opensso.config.dir" value="${opensso.config.dir}"/>
- </filterset>
- </copy>
- -->
</target>
<target name="quickstart-specific-deploys" depends="compile">
@@ -76,7 +47,16 @@
<copy tofile="${org.jboss.esb.server.deploy.dir}/jbossesb.sar/jbossesb-properties.xml" overwrite="true" file="${basedir}/server-jbossesb-properties.xml"/>
<copy tofile="${org.jboss.esb.server.deploy.dir}/jbossesb.sar/AMConfig.properties" overwrite="true" file="${basedir}/AMConfig.properties"/>
<copy tofile="${org.jboss.esb.server.deploy.dir}/jbossesb.sar/jaas.login" overwrite="true" file="${basedir}/jaas.login"/>
+ <ant dir="${basedir}/jboss-opensso"/>
+ <copy todir="${org.jboss.esb.server.deploy.dir}/jbossesb.sar/" overwrite="true" file="${basedir}/jboss-opensso/build/jboss-opensso.jar"/>
</target>
+
+ <target name="build-ejb-jar" depends="compile" description="Packages the EJB files into a EJB JAR file">
+ <jar destfile="${build.dir}/SimpleSLSB.jar" basedir="${classes}" includes="org/jboss/soa/esb/samples/quickstart/opensso/Simple*.class"/>
+ </target>
+
+ <target name="deploy-ejb" depends="build-ejb-jar" description="deploy ejb">
+ <copy file="${build.dir}/SimpleSLSB.jar" todir="${org.jboss.esb.server.deploy.dir}" overwrite="true"/>
+ </target>
-
</project>
Modified: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jaas.login
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jaas.login 2008-08-08 06:56:06 UTC (rev 21405)
+++ labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jaas.login 2008-08-08 06:59:43 UTC (rev 21406)
@@ -5,5 +5,5 @@
org.jboss.soa.esb.services.security.TestLoginModule required forceLogin=false;
};
OpenSSOLogin {
- org.jboss.internal.soa.esb.services.security.jaas.OpenSSOLoginModule required orgName=opensso dataStoreModule=DataStore amPropertiesFile="/AMConfig.properties";
+ org.jboss.soa.security.opensso.OpenSSOLoginModule required orgName=opensso moduleName=DataStore amPropertiesFile="/AMConfig.properties";
};
Modified: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-esb.xml
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-esb.xml 2008-08-08 06:56:06 UTC (rev 21405)
+++ labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-esb.xml 2008-08-08 06:59:43 UTC (rev 21406)
@@ -65,13 +65,16 @@
</service>
<service category="OpenSSO" name="Service3" description="Service 3" invmScope="GLOBAL">
- <security moduleName="JmsXARealm" runAs="adminRole"/>
+ <security moduleName="OpenSSOLogin" runAs="adminRole"/>
<actions mep="OneWay">
<action name="action1" class="org.jboss.soa.esb.actions.SystemPrintln">
<property name="printfull" value="false"/>
<property name="message" value="In Service3"/>
</action>
<action name="action2" class="org.jboss.soa.esb.samples.quickstart.opensso.MyJMSListenerAction" process="displayMessage"/>
+
+ <action name="callEjb" class="org.jboss.soa.esb.samples.quickstart.opensso.EjbClientAction"/>
+
</actions>
</service>
Added: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/build.xml
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/build.xml (rev 0)
+++ labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/build.xml 2008-08-08 06:59:43 UTC (rev 21406)
@@ -0,0 +1,91 @@
+<project name="jboss-opensso" default="jar" basedir=".">
+
+ <description>
+ The project is indented for users interested in using the OpenSSOLoginModule in
+ their project.
+ </description>
+
+ <dirname property="pwd.dir" file="${ant.file.jboss-opensso}"/>
+ <echo message="${pwd.dir}"/>
+
+ <property name="this.build.dir" value="${pwd.dir}/build"/>
+
+ <property name="src.dir" value="${pwd.dir}/src/main/java"/>
+ <property name="resources.dir" value="${pwd.dir}/src/main/resources"/>
+ <property name="classes.dir" value="${this.build.dir}/classes"/>
+ <property name="lib.dir" value="${pwd.dir}/lib/ext"/>
+
+ <!-- test properties -->
+ <property name="test.classes.dir" value="${this.build.dir}/tests/classes"/>
+ <property name="test.src.dir" value="${pwd.dir}/src/test/java"/>
+ <property name="test.resources.dir" value="${pwd.dir}/test/src/resources"/>
+ <property name="test.reports.dir" value="${this.build.dir}/tests/reports"/>
+
+ <path id="classpath">
+ <fileset dir="${lib.dir}" includes="*.jar"/>
+ <fileset dir="${lib.dir}/build-time" includes="*.jar"/>
+ </path>
+
+ <target name="compile" description="Compiles java sources">
+ <mkdir dir="${classes.dir}"/>
+ <javac srcdir="${src.dir}" destdir="${classes.dir}" debug="true" deprecation="true">
+ <classpath refid="classpath" />
+ </javac>
+ </target>
+
+ <target name="jar" depends="compile" description="builds jar">
+ <jar basedir="${classes.dir}" destfile="${this.build.dir}/${ant.project.name}.jar">
+ <fileset dir="${classes.dir}">
+ <include name="org"/>
+ </fileset>
+ <fileset dir="${lib.dir}">
+ <include name="openssoclientsdk.jar"/>
+ <include name="servlet-api.jar"/>
+ </fileset>
+ <!--
+ <fileset dir="${resources.dir}">
+ <include name="AMConfig.properties"/>
+ </fileset>
+ -->
+ </jar>
+ </target>
+
+ <target name="compile-test" depends="compile" description="Compiles java test sources">
+ <mkdir dir="${test.classes.dir}"/>
+ <javac srcdir="${test.src.dir}" destdir="${test.classes.dir}" debug="on" >
+ <classpath refid="classpath"/>
+ <classpath>
+ <pathelement location="${classes.dir}"/>
+ </classpath>
+ </javac>
+ </target>
+
+ <target name="test" depends="compile-test" description="Run all unit test">
+ <mkdir dir="${test.reports.dir}"/>
+
+ <copy file="${resources.dir}/AMConfig.properties" todir="${test.classes.dir}"/>
+ <copy file="${resources.dir}/jaas.login" todir="${test.classes.dir}/org/jboss/soa/security/opensso/"/>
+
+ <junit printsummary="yes" haltonerror="yes" haltonfailure="yes" showoutput="no" fork="true">
+ <formatter type="plain" usefile="false"/>
+ <formatter type="xml"/>
+ <batchtest todir="${test.reports.dir}">
+ <fileset dir="${test.src.dir}">
+ <include name="**/*Test.java"/>
+ </fileset>
+ </batchtest>
+ <classpath refid="classpath"/>
+ <classpath>
+ <!-- log4j location -->
+ <pathelement location="${resources.dir}"/>
+ <pathelement location="${test.classes.dir}"/>
+ <pathelement location="${classes.dir}"/>
+ </classpath>
+ </junit>
+ </target>
+
+ <target name="clean">
+ <delete dir="${this.build.dir}"/>
+ </target>
+
+</project>
Added: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/lib/ext/build-time/junit-4.1.jar
===================================================================
(Binary files differ)
Property changes on: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/lib/ext/build-time/junit-4.1.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/lib/ext/build-time/log4j.jar
===================================================================
(Binary files differ)
Property changes on: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/lib/ext/build-time/log4j.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/lib/ext/openssoclientsdk.jar
===================================================================
(Binary files differ)
Property changes on: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/lib/ext/openssoclientsdk.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/lib/ext/servlet-api.jar
===================================================================
(Binary files differ)
Property changes on: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/lib/ext/servlet-api.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/main/java/org/jboss/soa/security/opensso/OpenSSOLoginModule.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/main/java/org/jboss/soa/security/opensso/OpenSSOLoginModule.java (rev 0)
+++ labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/main/java/org/jboss/soa/security/opensso/OpenSSOLoginModule.java 2008-08-08 06:59:43 UTC (rev 21406)
@@ -0,0 +1,363 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.soa.security.opensso;
+
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.Principal;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
+
+import org.apache.log4j.Logger;
+
+import com.iplanet.am.util.SystemProperties;
+import com.iplanet.sso.SSOException;
+import com.iplanet.sso.SSOToken;
+import com.iplanet.sso.SSOTokenManager;
+import com.sun.identity.authentication.AuthContext;
+
+/**
+ * OpenSSOLoginModule is a JAAS Login module implementation for OpenSSO.
+ * <p/>
+ * This implemenation will check if the calling Subject has an existing
+ * SSOPrincipal and check if that principal has an existing OpenSSO session.
+ * A SSOPrincipal is just a Principal with an OpenSSO TokenID, which identifies
+ * an OpenSSO session.
+ * <p/>
+ *
+ * <br>
+ * <pre>
+ * {@literal
+ * Example of standalone JAAS login configuration:
+ * OpenSSOLogin {
+ * org.jboss.security.opensso.OpenSSOLoginModule required orgName=opensso moduleName=DataStore amPropertiesFile=AMConfig.properties;
+ * };
+ * }</pre>
+ * <br>
+ * <pre>
+ * {@literal
+ * Example of JBossAS login-config.xml:
+ * <application-policy name="OpenSSO">
+ * <authentication>
+ * <login-module code="org.jboss.security.opensso.OpenSSOLoginModule" flag="required">
+ * <module-option name="orgName">opensso</module-option>
+ * <module-option name="moduleName">DataStore</module-option>
+ * <module-option name="amPropertiesFile">/AMConfig.properties</module-option>
+ * </login-module>
+ * </authentication>
+ * </application-policy>
+ *
+ * }</pre>
+ *
+ * @author <a href="mailto:dbevenius at jboss.com">Daniel Bevenius</a>
+ * @author jeffyu
+ *
+ */
+public final class OpenSSOLoginModule implements LoginModule
+{
+ // option property names
+ private static final String MODULE_NAME = "moduleName";
+ private static final String AM_PROPERTIES_FILE = "amPropertiesFile";
+ private static final String ORG_NAME = "orgName";
+
+ // the subject to be authenticated
+ private Subject subject;
+
+ // callback handler to be used
+ private CallbackHandler callbackHandler;
+
+ // options from the login module configuration
+ private Map<String, ?> options;
+
+ // OpenSSO implementation for authenticating a user
+ private AuthContext authContext;
+
+ // the opensso organization name passed to AuthContext upon creation
+ private String orgName;
+
+ // the jaas configuration module index name
+ private String moduleName;
+
+ // the authentication status
+ private boolean succeeded = false;
+
+ // the commit phase status
+ private boolean commitSucceeded = false;
+
+ // flag which indicates if the subject as a pre-existing opensso session
+ private boolean hasExistingSSOSession;
+
+ private Logger log = Logger.getLogger(OpenSSOLoginModule.class);
+
+ /**
+ * Initializes the login module.
+ */
+ public void initialize(
+ final Subject subject,
+ final CallbackHandler callbackHandler,
+ final Map<String, ?> sharedState,
+ final Map<String, ?> options)
+ {
+ this.subject = subject;
+ this.callbackHandler = callbackHandler;
+
+ if ( options == null )
+ throw new NullPointerException("options map cannot be null");
+ this.options = options;
+
+ orgName = (String)this.options.get(ORG_NAME);
+ assertOptionNotNull(orgName, ORG_NAME);
+
+ moduleName = (String)this.options.get(MODULE_NAME);
+ assertOptionNotNull(moduleName, MODULE_NAME);
+
+ final String configFileName = (String) options.get(AM_PROPERTIES_FILE);
+ assertOptionNotNull(configFileName, AM_PROPERTIES_FILE);
+ configure(configFileName);
+ }
+
+ /**
+ * Peforms authentication of the Subject.
+ * <p/>
+ * This method will check in the Subject contains an SSOPrincipal, and if so, use
+ * that principals SSOTokenID to check if the Subject has a valid session within the
+ * OpenSSO system.<br>
+ * If the Subject does not have an existing session a normal login process will occur and
+ * an SSOPrincipal will be created and added to the Subject principals.
+ *
+ * @return true if the authentication succeeded, or false if this LoginModule should be ignored.
+ * @throws LoginException if the authentication fails
+ */
+ public boolean login() throws LoginException
+ {
+ hasExistingSSOSession = checkValidSSOSession( subject.getPrincipals(SSOPrincipal.class) ) ;
+
+ if ( hasExistingSSOSession )
+ {
+ succeeded = true;
+ return succeeded;
+ }
+
+ authContext = new AuthContext(orgName);
+
+ // login using the module authentication type
+ authContext.login(AuthContext.IndexType.MODULE_INSTANCE, moduleName);
+
+ // get the callbacks that need to be populated the authentication plugin.
+ Callback[] callbacks = authContext.getRequirements();
+
+ // populate the callbacks.
+ handleCallbacks(callbacks);
+
+ // now submit the populated callbacks to plugin-modules.
+ authContext.submitRequirements(callbacks);
+
+ // check the retured status
+ if (authContext.getStatus() == AuthContext.Status.SUCCESS)
+ {
+ log.info("Login succeeded.");
+ succeeded = true;
+ }
+ return succeeded;
+ }
+
+ public boolean commit() throws LoginException
+ {
+ if (succeeded == false)
+ {
+ return false;
+ }
+
+ try
+ {
+ if ( !hasExistingSSOSession )
+ {
+ // this means that this was a new authentication so create a new SSOPrincipal
+ SSOToken ssoToken = authContext.getSSOToken();
+ Principal principal = new SSOPrincipal(ssoToken.getTokenID().toString());
+ subject.getPrincipals().add(principal);
+ }
+ commitSucceeded = true;
+ }
+ catch (final Exception ignore)
+ {
+ log.error("Exception in commit: ", ignore);
+ commitSucceeded = false;
+ }
+
+ return commitSucceeded;
+ }
+
+ /**
+ *
+ */
+ public boolean abort() throws LoginException
+ {
+ if (succeeded = false)
+ {
+ return true;
+ }
+ succeeded = false;
+ commitSucceeded = false;
+ authContext.logout();
+ return true;
+ }
+
+ /**
+ * Perform clean up operations.
+ * Will clear all principals, logout from the AuthenticationContext,
+ * and reset all internal flags.
+ */
+ public boolean logout() throws LoginException
+ {
+ subject.getPrincipals().clear();
+ succeeded = false;
+ commitSucceeded = false;
+ authContext.logout();
+ return true;
+ }
+
+ private boolean checkValidSSOSession(final Set<SSOPrincipal> principals )
+ {
+ boolean hasSession = false;
+ if ( !principals.isEmpty() )
+ {
+ SSOPrincipal ssoPrincipal = principals.iterator().next();
+ try
+ {
+ SSOTokenManager tokenMgr = SSOTokenManager.getInstance();
+ SSOToken ssoToken = tokenMgr.createSSOToken(ssoPrincipal.getToken());
+ hasSession = tokenMgr.isValidToken(ssoToken);
+ log.debug("Has valid session : " + hasSession);
+ }
+ catch (final SSOException ignore)
+ {
+ hasSession = false;
+ }
+ }
+ return hasSession;
+ }
+
+ private void handleCallbacks(Callback[] requirements) throws LoginException
+ {
+ try
+ {
+ callbackHandler.handle(requirements);
+ }
+ catch (IOException e)
+ {
+ log.error("IOException while handling callbacks : ", e);
+ throw new LoginException(e.getMessage());
+ }
+ catch (UnsupportedCallbackException e)
+ {
+ log.error("UnsupportedCallbackException while handling callbacks : ", e);
+ throw new LoginException(e.getMessage());
+ }
+ }
+
+ /**
+ * Will configure OpenSSO.
+ */
+ private void configure(final String amProperties)
+ {
+ log.debug("Access Manager(AM) configuration properties file : " + amProperties);
+ if ( amProperties != null )
+ {
+ Properties props = new Properties();
+ try
+ {
+ InputStream inputStream = getResourceAsStream(amProperties, getClass());
+ if ( inputStream != null )
+ {
+ props.load(inputStream);
+ }
+ else
+ throw new IllegalStateException("Could not locate Access Manager(AM) configuration properties file: " + amProperties);
+ }
+ catch (FileNotFoundException e)
+ {
+ throw new IllegalStateException("Could not locate Access Manager(AM) configuration properties file: " + amProperties, e );
+ }
+ catch (IOException e)
+ {
+ throw new IllegalStateException("Could not locate Access Manager(AM) configuration properties file: " + amProperties, e );
+ }
+ SystemProperties.initializeProperties(props);
+ }
+ }
+
+ private InputStream getResourceAsStream(final String resourceName, final Class<?> caller)
+ {
+ final String resource ;
+ if (resourceName.startsWith("/"))
+ {
+ resource = resourceName.substring(1) ;
+ }
+ else
+ {
+ final Package callerPackage = caller.getPackage() ;
+ if (callerPackage != null)
+ {
+ resource = callerPackage.getName().replace('.', '/') + '/' + resourceName ;
+ }
+ else
+ {
+ resource = resourceName ;
+ }
+ }
+ final ClassLoader threadClassLoader = Thread.currentThread().getContextClassLoader() ;
+ if (threadClassLoader != null)
+ {
+ final InputStream is = threadClassLoader.getResourceAsStream(resource) ;
+ if (is != null)
+ {
+ return is ;
+ }
+ }
+
+ final ClassLoader classLoader = caller.getClassLoader() ;
+ if (classLoader != null)
+ {
+ final InputStream is = classLoader.getResourceAsStream(resource) ;
+ if (is != null)
+ {
+ return is ;
+ }
+ }
+ return ClassLoader.getSystemResourceAsStream(resource) ;
+ }
+
+ private void assertOptionNotNull(final Object variable, final String variableName)
+ {
+ if ( variable == null )
+ throw new NullPointerException("options map must contain the required property '" + variableName + "'.");
+ }
+}
Added: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/main/java/org/jboss/soa/security/opensso/SSOPrincipal.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/main/java/org/jboss/soa/security/opensso/SSOPrincipal.java (rev 0)
+++ labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/main/java/org/jboss/soa/security/opensso/SSOPrincipal.java 2008-08-08 06:59:43 UTC (rev 21406)
@@ -0,0 +1,93 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.soa.security.opensso;
+
+import java.io.Serializable;
+import java.security.Principal;
+
+/**
+ * A SSOPrincipal represents a caller that has been authenticated by
+ * a Single Sign On system.
+ * <p/>
+ *
+ * @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
+ *
+ */
+public class SSOPrincipal implements Principal, Serializable
+{
+ private static final long serialVersionUID = 1L;
+
+ private final String ssoToken;
+
+ public SSOPrincipal(final String ssoToken)
+ {
+ if ( ssoToken == null )
+ throw new NullPointerException("ssoToken argument must not be null");
+
+ this.ssoToken = ssoToken;
+ }
+
+ /**
+ * Returns the name of this Principal.
+ * @return String - will always return "SSOToken".
+ */
+ public String getName()
+ {
+ return "SSOToken";
+ }
+
+ /**
+ * Returns a String representation of the token used to identify
+ * an authenticated user/system.
+ *
+ * @return String - the SSO systems token.
+ */
+ public String getToken()
+ {
+ return ssoToken;
+ }
+
+ public String toString()
+ {
+ return "SSOToken [ssoToken=" + ssoToken + "]";
+ }
+
+ @Override
+ public boolean equals(Object obj)
+ {
+ if (this == obj)
+ return true;
+ if(!(obj instanceof SSOPrincipal))
+ return false;
+
+ SSOPrincipal other = (SSOPrincipal) obj;
+ return this.ssoToken.equals(other.ssoToken);
+ }
+
+ @Override
+ public int hashCode()
+ {
+ int hash = 17;
+ hash = 31 * hash + ssoToken == null ? 0 : ssoToken.hashCode();
+ return hash;
+ }
+
+}
Added: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/main/resources/AMConfig.properties
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/main/resources/AMConfig.properties (rev 0)
+++ labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/main/resources/AMConfig.properties 2008-08-08 06:59:43 UTC (rev 21406)
@@ -0,0 +1,429 @@
+#
+# The contents of this file are subject to the terms
+# of the Common Development and Distribution License
+# (the License). You may not use this file except in
+# compliance with the License.
+#
+# You can obtain a copy of the License at
+# https://opensso.dev.java.net/public/CDDLv1.0.html or
+# opensso/legal/CDDLv1.0.txt
+# See the License for the specific language governing
+# permission and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL
+# Header Notice in each file and include the License file
+# at opensso/legal/CDDLv1.0.txt.
+# If applicable, add the following below the CDDL Header,
+# with the fields enclosed by brackets [] replaced by
+# your own identifying information:
+# "Portions Copyrighted [year] [name of copyright owner]"
+#
+# $Id: AMClient.properties,v 1.12 2008/03/04 00:25:12 beomsuk Exp $
+#
+# Copyright 2006 Sun Microsystems Inc. All Rights Reserved
+#
+
+/* The following keys are used to configure the Debug service.
+ * Possible values for the key 'level' are: off | error | warning | message.
+ * The key 'directory' specifies the output directory where the debug files
+ * will be created.
+ * Trailing spaces are significant.
+ * Windows: Use forward slashes "/" separate directories, not backslash "\".
+ * Windows: Spaces in the file name are allowed for Windows.
+ */
+com.iplanet.services.debug.level=message
+com.iplanet.services.debug.directory=/tmp
+
+/*
+ * Server mode should be 'false'
+ */
+com.iplanet.am.serverMode=false
+
+/*
+ * Cache enable / disable properties
+ */
+com.iplanet.am.sdk.caching.enabled=false
+com.sun.identity.idm.cache.enabled=false
+com.sun.identity.sm.cache.enabled=true
+
+/*
+ * Configure remote plugin classes for configuration (SMS)
+ */
+com.sun.identity.sm.sms_object_class_name=com.sun.identity.sm.jaxrpc.SMSJAXRPCObject
+
+/*
+ * Naming URL
+ */
+com.iplanet.am.naming.url=http://localhost:8080/opensso/namingservice
+
+/*
+ * Notification URL
+ */
+com.iplanet.am.notification.url=
+
+/*
+ * Security Credentails to read the configuration data
+ */
+com.sun.identity.agents.app.username=UrlAccessAgent
+com.iplanet.am.service.password=
+com.iplanet.am.service.secret=AQIC24u86rq9RRbx13mx0nb0uAGpxLdxGBY9
+
+/*
+ * Encryption key that will be used to encrypt and decypt
+ * data to communicate with the server.
+ * This key is needed to decrypt passwords stored
+ * in the SMS configuration.
+ */
+am.encryption.pwd=SAMPLE_RAND
+
+/*
+ * Encryption key that will be used to encrypt and decypt
+ * data used locally within the client.
+ */
+com.sun.identity.client.encryptionKey=SAMPLE_RAND
+
+/*
+ * Encryption: The key "com.iplanet.security.encryptor" specifies
+ * the encrypting class implementation.
+ * Available classes are:
+ * com.iplanet.services.util.JCEEncryption
+ * com.iplanet.services.util.JSSEncryption
+ */
+com.iplanet.security.encryptor=com.iplanet.services.util.JCEEncryption
+
+/*
+ * Property to enable/disable the notifications for am.sdk and IdRepo Caches.
+ * If set to "true" notifications are enabled and disabled if set to "false".
+ */
+com.sun.identity.idm.remote.notification.enabled=true
+
+/*
+ * Cache update time (in minutes) for am.sdk & IdRepo Caches
+ * if notification URL is not provided or if notifications are disabled.
+ * Note:
+ * 1. This property is applicable only if 'com.iplanet.am.notification.url'
+ * is not provided or if 'com.sun.identity.idm.remote.notification.enabled'
+ * is set to 'false'.
+ * 2. If the polling time is set as 0, then polling is disabled.
+ */
+com.iplanet.am.sdk.remote.pollingTime=1
+
+/*
+ * Property to enable/disable the notifications for service management caches.
+ * If set to "true" notifications are enabled and disabled if set to "false".
+ */
+com.sun.identity.sm.notification.enabled=true
+
+/*
+ * Cache update time (in minutes) for service configutation data,
+ * if notification URL is not provided or if notifications are disabled.
+ * Note:
+ * 1. This property is applicable only if 'com.iplanet.am.notification.url'
+ * is not provided or if 'com.sun.identity.sm.notification.enabled' is
+ * set to 'false'.
+ * 2. If the cache time is set as 0, then no cache updates will occur.
+ */
+com.sun.identity.sm.cacheTime=1
+
+/*
+ * Server protocol, host and port to be used by Client Services
+ */
+com.iplanet.am.server.protocol=http
+com.iplanet.am.server.host=localhost
+com.iplanet.am.server.port=8080
+com.iplanet.am.services.deploymentDescriptor=opensso
+com.iplanet.am.console.protocol=@CONSOLE_PROTOCOL@
+com.iplanet.am.console.host=@CONSOLE_HOST@
+com.iplanet.am.console.port=@CONSOLE_PORT@
+com.iplanet.am.console.deploymentDescriptor=@CONSOLE_DEPLOY_URI@
+com.iplanet.am.console.remote=@CONSOLE_REMOTE@
+
+com.iplanet.am.cookie.name=iPlanetDirectoryPro
+
+/*
+ * Session related properties.
+ */
+com.iplanet.am.session.client.polling.enable=true
+com.iplanet.am.session.client.polling.period=180
+
+/*
+ * Identify cert db directory path, prefix and password file
+ * to initialize JSS Socket Factory when Web Container is configured SSL
+ */
+com.iplanet.am.admin.cli.certdb.dir=
+com.iplanet.am.admin.cli.certdb.prefix=
+com.iplanet.am.admin.cli.certdb.passfile=//config/.wtpass
+
+/*
+ * Identify property value for SSL ApprovalCallback / HostnameVerifier
+ * If com.iplanet.services.comm is configured as protocol handler
+ * and the checkSubjectAltName or resolveIPAddress feature is enabled,
+ * cert8.db and key3.db with the prefix value of
+ * com.iplanet.am.admin.cli.certdb.prefix will have to be created under
+ * the directory of com.iplanet.am.admin.cli.certdb.dir before server is
+ * restarted.
+ */
+com.iplanet.am.jssproxy.trustAllServerCerts=false
+com.iplanet.am.jssproxy.checkSubjectAltName=false
+com.iplanet.am.jssproxy.resolveIPAddress=false
+com.iplanet.am.jssproxy.SSLTrustHostList=false
+
+/**************************************************************
+ * Policy Client parameters
+ **************************************************************/
+/* Policy decision log parameters. Possible values for logging.level
+ * are NONE, ALLOW, DENY, BOTH, and DECISION */
+com.sun.identity.agents.server.log.file.name=amRemotePolicyLog
+com.sun.identity.agents.logging.level=NONE
+
+/* Notification URL for updating cache */
+com.sun.identity.agents.notification.enabled=false
+com.sun.identity.agents.notification.url=
+
+/* Cache time in minutes */
+com.sun.identity.agents.polling.interval=3
+
+/* Information to cache. Possible value are "subtree" or "self" */
+com.sun.identity.policy.client.cacheMode=subtree
+
+/* Policy client clock skew value in seconds */
+com.sun.identity.policy.client.clockSkew=10
+
+/*
+* Explicitly disable monitoring services in the client applications.
+*/
+com.sun.identity.monitoring=off
+
+/*
+* Specify if allow to use cached data for HttpURLConnection
+*/
+com.sun.identity.urlconnection.useCache=false
+
+#
+# Specify implementation class for
+# com.sun.identity.plugin.configuration.ConfigurationInstance interface.
+com.sun.identity.plugin.configuration.class=com.sun.identity.plugin.configuration.impl.ConfigurationInstanceImpl
+
+#
+# Specify implementation class for
+# com.sun.identity.plugin.datastore.DataStoreProvider interface.
+# This property defines the default datastore provider.
+com.sun.identity.plugin.datastore.class.default=com.sun.identity.plugin.datastore.impl.IdRepoDataStoreProvider
+
+#
+# Specify implementation class for
+# com.sun.identity.plugin.session.SessionProvider interface.
+com.sun.identity.plugin.session.class=com.sun.identity.plugin.session.impl.FMSessionProvider
+
+#
+# Specify XML signature provider class
+com.sun.identity.saml.xmlsig.signatureprovider.class=com.sun.identity.saml.xmlsig.AMSignatureProvider
+
+#
+# Specify XML key provider implementation class
+com.sun.identity.saml.xmlsig.keyprovider.class=com.sun.identity.saml.xmlsig.JKSKeyProvider
+
+#
+# Identify SAML XML signature keystore file, keystore password file
+# and key password file
+com.sun.identity.saml.xmlsig.keystore=@BASE_DIR@/keystore.jks
+com.sun.identity.saml.xmlsig.storepass=@BASE_DIR@/.storepass
+com.sun.identity.saml.xmlsig.keypass=@BASE_DIR@/.keypass
+com.sun.identity.saml.xmlsig.certalias=test
+
+#
+# Specify type of KeyStore used for saml xml signature. Default is JKS.
+# com.sun.identity.saml.xmlsig.storetype=JKS
+
+#
+# Flag for checking the Certificate which is embedded in the
+# KeyInfo against the certificates in the keystore (specified
+# by the "com.sun.identity.saml.xmlsig.keystore" property).
+# Possible values for the key are: on|off. If the flag is "on",
+# the certification must be presented in the keystore for
+# XML signature validation. If the flag is "off", skip
+# the presence checking.
+com.sun.identity.saml.checkcert=on
+
+#
+# XML cannonicalization algorithm. Used for SAML XML signature generation
+# and verification. When not specified, or value is empty, default value
+# will be used. The following is the list of supported algorithms:
+# http://www.w3.org/2001/10/xml-exc-c14n# (default)
+# http://www.w3.org/2001/10/xml-exc-c14n#WithComments
+# http://www.w3.org/TR/2001/REC-xml-c14n-20010315
+# http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
+com.sun.identity.saml.xmlsig.c14nMethod=http://www.w3.org/2001/10/xml-exc-c14n#
+
+#
+# XML signature algorithm. Used for SAML XML Signature generation and
+# verification. When not specified, or value is empty, default value will be
+# used. The following is the list of supported algorithms:
+# http://www.w3.org/2000/09/xmldsig#rsa-sha1 (default)
+# http://www.w3.org/2000/09/xmldsig#hmac-sha1
+# http://www.w3.org/2000/09/xmldsig#dsa-sha1
+# http://www.w3.org/2001/04/xmldsig-more#rsa-md5
+# http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160
+# http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
+# http://www.w3.org/2001/04/xmldsig-more#rsa-sha384
+# http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
+# http://www.w3.org/2001/04/xmldsig-more#hmac-md5
+# http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160
+# http://www.w3.org/2001/04/xmldsig-more#hmac-sha256
+# http://www.w3.org/2001/04/xmldsig-more#hmac-sha384
+# http://www.w3.org/2001/04/xmldsig-more#hmac-sha512
+com.sun.identity.saml.xmlsig.xmlSigAlgorithm=
+
+#
+# XML transformation algorithm. Used for SAML XML signature generation
+# and verification. When not specified, or value is empty, default value
+# will be used. The following is the list of supported algorithms:
+# http://www.w3.org/2001/10/xml-exc-c14n# (default)
+# http://www.w3.org/2001/10/xml-exc-c14n#WithComments
+# http://www.w3.org/TR/2001/REC-xml-c14n-20010315
+# http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
+# http://www.w3.org/TR/1999/REC-xslt-19991116
+# http://www.w3.org/2000/09/xmldsig#base64
+# http://www.w3.org/TR/1999/REC-xpath-19991116
+# http://www.w3.org/2000/09/xmldsig#enveloped-signature
+# http://www.w3.org/TR/2001/WD-xptr-20010108
+# http://www.w3.org/2002/04/xmldsig-filter2
+# http://www.w3.org/2002/06/xmldsig-filter2
+# http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter
+com.sun.identity.saml.xmlsig.transformAlg=http://www.w3.org/2001/10/xml-exc-c14n#
+
+
+#
+# SAML2 XML Encryption Provider Implementation class
+com.sun.identity.saml2.xmlenc.EncryptionProvider=com.sun.identity.saml2.xmlenc.FMEncProvider
+
+
+#
+# SAML2 XML Signing Provider Implementation class.
+com.sun.identity.saml2.xmlsig.SignatureProvider=com.sun.identity.saml2.xmlsig.FMSigProvider
+
+#
+# SAML2 XML Signing Certificate Validation.
+com.sun.identity.saml2.crl.check=false
+
+#
+# SAML2 XML Signing Certificate Validation.
+com.sun.identity.saml2.crl.check.ca=false
+
+#
+# Client ceritificate alias that will be used in SSL connection for Liberty
+# SOAP Binding
+com.sun.identity.liberty.ws.soap.certalias=
+
+#
+# If the message timestamp is before current timestamp by this amount
+# (millisec), it is considered a stale message.
+com.sun.identity.liberty.ws.soap.staleTimeLimit=300000
+
+#
+# All the messageID of a valid message will be stored in a cache with the it
+# is received to avoid duplicate messages. If the current time minus the
+# received time is greater than the above staleTimeLimit, it should be removed
+# from the cache. The is property specify the interval(millisec) that a
+# cleanup thread should check the cache and remove those messageID.
+com.sun.identity.liberty.ws.soap.messageIDCacheCleanupInterval=60000
+
+#
+# Supported SOAP actors. Each actor must be seperated by '|'
+com.sun.identity.liberty.ws.soap.supportedActors=http://schemas.xmlsoap.org/soap/actor/next
+
+#
+# Namespace prefix mapping used when marshalling a JAXB content tree to a
+# DOM tree. The syntax is
+# <prefix>=<namespace>|<prefix>=<namespace>|..........
+com.sun.identity.liberty.ws.jaxb.namespacePrefixMappingList=S=http://schemas.xmlsoap.org/soap/envelope/|sb=urn:liberty:sb:2003-08|pp=urn:liberty:id-sis-pp:2003-08|ispp=http://www.sun.com/identity/liberty/pp|is=urn:liberty:is:2003-08
+
+#
+# JAXB package list used when constructing JAXBContext. Each package must be
+# seperated by ':'.
+com.sun.identity.liberty.ws.jaxb.packageList=
+
+#
+# Liberty ID-WSF security profile,
+# com.sun.identity.liberty.ws.wsc.certalias specifies default certificate
+# alias for issuing web service security token for this web service client
+# com.sun.identity.liberty.ws.ta.certalias specifies certificate
+# alias for trusted authority that will be used to sign SAML or SAML
+# BEARER token of response message.
+# com.sun.identity.liberty.ws.trustedca.certaliases specifies certificate
+# aliases for trusted CA. SAML or SAML BEARER token of incoming request
+# message needs to be signed by a trusted CA in this list. The syntax is
+# <cert alias 1>[:<issuer 1>]|<cert alias 2>[:<issuer 2>]|.....
+# For example, 'myalias1:myissuer1|myalias2|myalias3:myissuer3
+# 'issuer' is used when the token doesn't have a KeyInfo inside the
+# signature. The 'issuer' of the token needs to be in this list and the
+# corresponding cert alias will be used to verify signature. If KeyInfo
+# exists, the keystore needs to contain a cert alias that matches the
+# KeyInfo and the cert alias needs to be in this list.
+# com.sun.identity.liberty.ws.security.TokenProviderImpl specifies
+# implementation for security token provider
+com.sun.identity.liberty.ws.wsc.certalias=
+com.sun.identity.liberty.ws.ta.certalias=
+com.sun.identity.liberty.ws.trustedca.certaliases=
+com.sun.identity.liberty.ws.security.TokenProviderImpl=com.sun.identity.liberty.ws.security.LibSecurityTokenProvider
+
+
+#
+# URL for WSPRedirectHandlerServlet to handle Liberty WSF WSP-resource owner
+# interactions based on user agent redirects. This should be running in
+# the same JVM where Liberty SP is running
+com.sun.identity.liberty.interaction.wspRedirectHandler=http://localhost:8080/opensso/WSPRedirectHandler
+
+
+#
+# indicates whether WSC would participate in interaction
+# valid values are interactIfNeeded | doNotInteract | doNotInteractForData
+# default value:interactIfNeeded
+# value used if an invalid value is specified:interactIfNeeded
+com.sun.identity.liberty.interaction.wscSpecifiedInteractionChoice=interactIfNeeded
+
+
+#
+# indicates whether WSC would include userInteractionHeader
+# valid values are yes|no (case ignored)
+# default value:yes
+# value used if no value is specified:yes
+com.sun.identity.liberty.interaction.wscWillInlcudeUserInteractionHeader=yes
+
+
+#
+# indicates whether WSC would redirect user for interaction
+# valid values are yes|no
+# default value:yes
+# value used if no value is specified:yes
+com.sun.identity.liberty.interaction.wscWillRedirect=yes
+
+
+#
+# WSC's preference on the acceptable duration for interaction(in seconds)
+# default value if the value is not specified or a non integer value is
+# specified : 60
+com.sun.identity.liberty.interaction.wscSpecifiedMaxInteractionTime=80
+
+
+#
+# indicates whether WSC would enforce that redirected to URL is https
+# valid values are yes|no (case ignored)
+# liberty specification require the value to be yes
+# default value:yes
+# value used if no value is specified:yes
+com.sun.identity.liberty.interaction.wscWillEnforceHttpsCheck=no
+
+
+#
+# This property is used to determine the Liberty identity web services framework
+# to be used when the framework can not determine from the in-bound message or
+# from the resource offering when AM is acting as the WSC.
+# The default version is 1.1, but the possible values are 1.0 or 1.1
+# com.sun.identity.liberty.wsf.version=1.1
+
+#
+# Login URL and Authentication web service URL for Liberty use cases
+com.sun.identity.loginurl=http://localhost:8080/opensso/UI/Login
+com.sun.identity.liberty.authnsvc.url=http://localhost:8080/opensso/Liberty/authnsvc
+
Added: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/main/resources/jaas.login
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/main/resources/jaas.login (rev 0)
+++ labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/main/resources/jaas.login 2008-08-08 06:59:43 UTC (rev 21406)
@@ -0,0 +1,3 @@
+OpenSSOLogin {
+ org.jboss.security.opensso.OpenSSOLoginModule required orgName=opensso moduleName=DataStore amPropertiesFile=AMConfig.properties;
+};
Added: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/test/java/org/jboss/security/opensso/jaas.login
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/test/java/org/jboss/security/opensso/jaas.login (rev 0)
+++ labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/test/java/org/jboss/security/opensso/jaas.login 2008-08-08 06:59:43 UTC (rev 21406)
@@ -0,0 +1,3 @@
+OpenSSOLogin {
+ org.jboss.security.opensso.OpenSSOLoginModule required orgName=opensso moduleName=DataStore amPropertiesFile=AMConfig.properties;
+};
Added: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/test/java/org/jboss/soa/security/opensso/OpenSSOLoginModuleTest.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/test/java/org/jboss/soa/security/opensso/OpenSSOLoginModuleTest.java (rev 0)
+++ labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/test/java/org/jboss/soa/security/opensso/OpenSSOLoginModuleTest.java 2008-08-08 06:59:43 UTC (rev 21406)
@@ -0,0 +1,64 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.soa.security.opensso;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+
+import junit.framework.JUnit4TestAdapter;
+
+import org.jboss.soa.security.opensso.OpenSSOLoginModule;
+import org.junit.Test;
+
+
+/**
+ * Unit test for {@link OpenSSOLoginModule}
+ *
+ * @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
+ *
+ */
+public class OpenSSOLoginModuleTest
+{
+ private Subject subject = new Subject();
+
+ @Test ( expected = NullPointerException.class )
+ public void initializeNullOptionsMap()
+ {
+ OpenSSOLoginModule loginModule = new OpenSSOLoginModule();
+ loginModule.initialize(subject, null, null, null);
+ }
+
+ @Test
+ public void initialize()
+ {
+ final Map<String,Object> options = new HashMap<String,Object>();
+ OpenSSOLoginModule loginModule = new OpenSSOLoginModule();
+ loginModule.initialize(subject, null, null, options);
+ }
+
+ public static junit.framework.Test suite()
+ {
+ return new JUnit4TestAdapter(OpenSSOLoginModuleTest.class);
+ }
+
+}
Added: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/test/resources/log4j.xml
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/test/resources/log4j.xml (rev 0)
+++ labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-opensso/src/test/resources/log4j.xml 2008-08-08 06:59:43 UTC (rev 21406)
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
+
+<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/" debug="false">
+
+ <appender name="CONSOLE" class="org.apache.log4j.ConsoleAppender">
+ <param name="Target" value="System.out"/>
+
+ <layout class="org.apache.log4j.PatternLayout">
+ <param name="ConversionPattern" value="%d{ABSOLUTE} %-5p [%t][%c{1}] %m%n"/>
+ </layout>
+ </appender>
+
+ <!-- ================ -->
+ <!-- Limit categories -->
+ <!-- ================ -->
+
+ <category name="org.jbpm">
+ <priority value="INFO"/>
+ </category>
+ <category name="org.hibernate">
+ <priority value="ERROR"/>
+ </category>
+ <category name="org.jboss">
+ <priority value="WARN"/>
+ </category>
+
+ <category name="org.jboss.internal.soa.esb">
+ <priority value="ERROR"/>
+ </category>
+
+ <category name="org.jboss.soa.esb">
+ <priority value="ERROR"/>
+ </category>
+
+ <!-- ======================= -->
+ <!-- Setup the Root category -->
+ <!-- ======================= -->
+
+ <root>
+ <appender-ref ref="CONSOLE"/>
+ </root>
+
+</log4j:configuration>
Deleted: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/lib/AMConfig.properties
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/lib/AMConfig.properties 2008-08-08 06:56:06 UTC (rev 21405)
+++ labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/lib/AMConfig.properties 2008-08-08 06:59:43 UTC (rev 21406)
@@ -1,429 +0,0 @@
-#
-# The contents of this file are subject to the terms
-# of the Common Development and Distribution License
-# (the License). You may not use this file except in
-# compliance with the License.
-#
-# You can obtain a copy of the License at
-# https://opensso.dev.java.net/public/CDDLv1.0.html or
-# opensso/legal/CDDLv1.0.txt
-# See the License for the specific language governing
-# permission and limitations under the License.
-#
-# When distributing Covered Code, include this CDDL
-# Header Notice in each file and include the License file
-# at opensso/legal/CDDLv1.0.txt.
-# If applicable, add the following below the CDDL Header,
-# with the fields enclosed by brackets [] replaced by
-# your own identifying information:
-# "Portions Copyrighted [year] [name of copyright owner]"
-#
-# $Id: AMClient.properties,v 1.12 2008/03/04 00:25:12 beomsuk Exp $
-#
-# Copyright 2006 Sun Microsystems Inc. All Rights Reserved
-#
-
-/* The following keys are used to configure the Debug service.
- * Possible values for the key 'level' are: off | error | warning | message.
- * The key 'directory' specifies the output directory where the debug files
- * will be created.
- * Trailing spaces are significant.
- * Windows: Use forward slashes "/" separate directories, not backslash "\".
- * Windows: Spaces in the file name are allowed for Windows.
- */
-com.iplanet.services.debug.level=message
-com.iplanet.services.debug.directory=/tmp
-
-/*
- * Server mode should be 'false'
- */
-com.iplanet.am.serverMode=false
-
-/*
- * Cache enable / disable properties
- */
-com.iplanet.am.sdk.caching.enabled=false
-com.sun.identity.idm.cache.enabled=false
-com.sun.identity.sm.cache.enabled=true
-
-/*
- * Configure remote plugin classes for configuration (SMS)
- */
-com.sun.identity.sm.sms_object_class_name=com.sun.identity.sm.jaxrpc.SMSJAXRPCObject
-
-/*
- * Naming URL
- */
-com.iplanet.am.naming.url=http://localhost:8080/opensso/namingservice
-
-/*
- * Notification URL
- */
-com.iplanet.am.notification.url=
-
-/*
- * Security Credentails to read the configuration data
- */
-com.sun.identity.agents.app.username=UrlAccessAgent
-com.iplanet.am.service.password=
-com.iplanet.am.service.secret=AQIC24u86rq9RRbx13mx0nb0uAGpxLdxGBY9
-
-/*
- * Encryption key that will be used to encrypt and decypt
- * data to communicate with the server.
- * This key is needed to decrypt passwords stored
- * in the SMS configuration.
- */
-am.encryption.pwd=SAMPLE_RAND
-
-/*
- * Encryption key that will be used to encrypt and decypt
- * data used locally within the client.
- */
-com.sun.identity.client.encryptionKey=SAMPLE_RAND
-
-/*
- * Encryption: The key "com.iplanet.security.encryptor" specifies
- * the encrypting class implementation.
- * Available classes are:
- * com.iplanet.services.util.JCEEncryption
- * com.iplanet.services.util.JSSEncryption
- */
-com.iplanet.security.encryptor=com.iplanet.services.util.JCEEncryption
-
-/*
- * Property to enable/disable the notifications for am.sdk and IdRepo Caches.
- * If set to "true" notifications are enabled and disabled if set to "false".
- */
-com.sun.identity.idm.remote.notification.enabled=true
-
-/*
- * Cache update time (in minutes) for am.sdk & IdRepo Caches
- * if notification URL is not provided or if notifications are disabled.
- * Note:
- * 1. This property is applicable only if 'com.iplanet.am.notification.url'
- * is not provided or if 'com.sun.identity.idm.remote.notification.enabled'
- * is set to 'false'.
- * 2. If the polling time is set as 0, then polling is disabled.
- */
-com.iplanet.am.sdk.remote.pollingTime=1
-
-/*
- * Property to enable/disable the notifications for service management caches.
- * If set to "true" notifications are enabled and disabled if set to "false".
- */
-com.sun.identity.sm.notification.enabled=true
-
-/*
- * Cache update time (in minutes) for service configutation data,
- * if notification URL is not provided or if notifications are disabled.
- * Note:
- * 1. This property is applicable only if 'com.iplanet.am.notification.url'
- * is not provided or if 'com.sun.identity.sm.notification.enabled' is
- * set to 'false'.
- * 2. If the cache time is set as 0, then no cache updates will occur.
- */
-com.sun.identity.sm.cacheTime=1
-
-/*
- * Server protocol, host and port to be used by Client Services
- */
-com.iplanet.am.server.protocol=http
-com.iplanet.am.server.host=localhost
-com.iplanet.am.server.port=8080
-com.iplanet.am.services.deploymentDescriptor=opensso
-com.iplanet.am.console.protocol=@CONSOLE_PROTOCOL@
-com.iplanet.am.console.host=@CONSOLE_HOST@
-com.iplanet.am.console.port=@CONSOLE_PORT@
-com.iplanet.am.console.deploymentDescriptor=@CONSOLE_DEPLOY_URI@
-com.iplanet.am.console.remote=@CONSOLE_REMOTE@
-
-com.iplanet.am.cookie.name=iPlanetDirectoryPro
-
-/*
- * Session related properties.
- */
-com.iplanet.am.session.client.polling.enable=true
-com.iplanet.am.session.client.polling.period=180
-
-/*
- * Identify cert db directory path, prefix and password file
- * to initialize JSS Socket Factory when Web Container is configured SSL
- */
-com.iplanet.am.admin.cli.certdb.dir=
-com.iplanet.am.admin.cli.certdb.prefix=
-com.iplanet.am.admin.cli.certdb.passfile=//config/.wtpass
-
-/*
- * Identify property value for SSL ApprovalCallback / HostnameVerifier
- * If com.iplanet.services.comm is configured as protocol handler
- * and the checkSubjectAltName or resolveIPAddress feature is enabled,
- * cert8.db and key3.db with the prefix value of
- * com.iplanet.am.admin.cli.certdb.prefix will have to be created under
- * the directory of com.iplanet.am.admin.cli.certdb.dir before server is
- * restarted.
- */
-com.iplanet.am.jssproxy.trustAllServerCerts=false
-com.iplanet.am.jssproxy.checkSubjectAltName=false
-com.iplanet.am.jssproxy.resolveIPAddress=false
-com.iplanet.am.jssproxy.SSLTrustHostList=false
-
-/**************************************************************
- * Policy Client parameters
- **************************************************************/
-/* Policy decision log parameters. Possible values for logging.level
- * are NONE, ALLOW, DENY, BOTH, and DECISION */
-com.sun.identity.agents.server.log.file.name=amRemotePolicyLog
-com.sun.identity.agents.logging.level=NONE
-
-/* Notification URL for updating cache */
-com.sun.identity.agents.notification.enabled=false
-com.sun.identity.agents.notification.url=
-
-/* Cache time in minutes */
-com.sun.identity.agents.polling.interval=3
-
-/* Information to cache. Possible value are "subtree" or "self" */
-com.sun.identity.policy.client.cacheMode=subtree
-
-/* Policy client clock skew value in seconds */
-com.sun.identity.policy.client.clockSkew=10
-
-/*
-* Explicitly disable monitoring services in the client applications.
-*/
-com.sun.identity.monitoring=off
-
-/*
-* Specify if allow to use cached data for HttpURLConnection
-*/
-com.sun.identity.urlconnection.useCache=false
-
-#
-# Specify implementation class for
-# com.sun.identity.plugin.configuration.ConfigurationInstance interface.
-com.sun.identity.plugin.configuration.class=com.sun.identity.plugin.configuration.impl.ConfigurationInstanceImpl
-
-#
-# Specify implementation class for
-# com.sun.identity.plugin.datastore.DataStoreProvider interface.
-# This property defines the default datastore provider.
-com.sun.identity.plugin.datastore.class.default=com.sun.identity.plugin.datastore.impl.IdRepoDataStoreProvider
-
-#
-# Specify implementation class for
-# com.sun.identity.plugin.session.SessionProvider interface.
-com.sun.identity.plugin.session.class=com.sun.identity.plugin.session.impl.FMSessionProvider
-
-#
-# Specify XML signature provider class
-com.sun.identity.saml.xmlsig.signatureprovider.class=com.sun.identity.saml.xmlsig.AMSignatureProvider
-
-#
-# Specify XML key provider implementation class
-com.sun.identity.saml.xmlsig.keyprovider.class=com.sun.identity.saml.xmlsig.JKSKeyProvider
-
-#
-# Identify SAML XML signature keystore file, keystore password file
-# and key password file
-com.sun.identity.saml.xmlsig.keystore=@BASE_DIR@/keystore.jks
-com.sun.identity.saml.xmlsig.storepass=@BASE_DIR@/.storepass
-com.sun.identity.saml.xmlsig.keypass=@BASE_DIR@/.keypass
-com.sun.identity.saml.xmlsig.certalias=test
-
-#
-# Specify type of KeyStore used for saml xml signature. Default is JKS.
-# com.sun.identity.saml.xmlsig.storetype=JKS
-
-#
-# Flag for checking the Certificate which is embedded in the
-# KeyInfo against the certificates in the keystore (specified
-# by the "com.sun.identity.saml.xmlsig.keystore" property).
-# Possible values for the key are: on|off. If the flag is "on",
-# the certification must be presented in the keystore for
-# XML signature validation. If the flag is "off", skip
-# the presence checking.
-com.sun.identity.saml.checkcert=on
-
-#
-# XML cannonicalization algorithm. Used for SAML XML signature generation
-# and verification. When not specified, or value is empty, default value
-# will be used. The following is the list of supported algorithms:
-# http://www.w3.org/2001/10/xml-exc-c14n# (default)
-# http://www.w3.org/2001/10/xml-exc-c14n#WithComments
-# http://www.w3.org/TR/2001/REC-xml-c14n-20010315
-# http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
-com.sun.identity.saml.xmlsig.c14nMethod=http://www.w3.org/2001/10/xml-exc-c14n#
-
-#
-# XML signature algorithm. Used for SAML XML Signature generation and
-# verification. When not specified, or value is empty, default value will be
-# used. The following is the list of supported algorithms:
-# http://www.w3.org/2000/09/xmldsig#rsa-sha1 (default)
-# http://www.w3.org/2000/09/xmldsig#hmac-sha1
-# http://www.w3.org/2000/09/xmldsig#dsa-sha1
-# http://www.w3.org/2001/04/xmldsig-more#rsa-md5
-# http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160
-# http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
-# http://www.w3.org/2001/04/xmldsig-more#rsa-sha384
-# http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
-# http://www.w3.org/2001/04/xmldsig-more#hmac-md5
-# http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160
-# http://www.w3.org/2001/04/xmldsig-more#hmac-sha256
-# http://www.w3.org/2001/04/xmldsig-more#hmac-sha384
-# http://www.w3.org/2001/04/xmldsig-more#hmac-sha512
-com.sun.identity.saml.xmlsig.xmlSigAlgorithm=
-
-#
-# XML transformation algorithm. Used for SAML XML signature generation
-# and verification. When not specified, or value is empty, default value
-# will be used. The following is the list of supported algorithms:
-# http://www.w3.org/2001/10/xml-exc-c14n# (default)
-# http://www.w3.org/2001/10/xml-exc-c14n#WithComments
-# http://www.w3.org/TR/2001/REC-xml-c14n-20010315
-# http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
-# http://www.w3.org/TR/1999/REC-xslt-19991116
-# http://www.w3.org/2000/09/xmldsig#base64
-# http://www.w3.org/TR/1999/REC-xpath-19991116
-# http://www.w3.org/2000/09/xmldsig#enveloped-signature
-# http://www.w3.org/TR/2001/WD-xptr-20010108
-# http://www.w3.org/2002/04/xmldsig-filter2
-# http://www.w3.org/2002/06/xmldsig-filter2
-# http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter
-com.sun.identity.saml.xmlsig.transformAlg=http://www.w3.org/2001/10/xml-exc-c14n#
-
-
-#
-# SAML2 XML Encryption Provider Implementation class
-com.sun.identity.saml2.xmlenc.EncryptionProvider=com.sun.identity.saml2.xmlenc.FMEncProvider
-
-
-#
-# SAML2 XML Signing Provider Implementation class.
-com.sun.identity.saml2.xmlsig.SignatureProvider=com.sun.identity.saml2.xmlsig.FMSigProvider
-
-#
-# SAML2 XML Signing Certificate Validation.
-com.sun.identity.saml2.crl.check=false
-
-#
-# SAML2 XML Signing Certificate Validation.
-com.sun.identity.saml2.crl.check.ca=false
-
-#
-# Client ceritificate alias that will be used in SSL connection for Liberty
-# SOAP Binding
-com.sun.identity.liberty.ws.soap.certalias=
-
-#
-# If the message timestamp is before current timestamp by this amount
-# (millisec), it is considered a stale message.
-com.sun.identity.liberty.ws.soap.staleTimeLimit=300000
-
-#
-# All the messageID of a valid message will be stored in a cache with the it
-# is received to avoid duplicate messages. If the current time minus the
-# received time is greater than the above staleTimeLimit, it should be removed
-# from the cache. The is property specify the interval(millisec) that a
-# cleanup thread should check the cache and remove those messageID.
-com.sun.identity.liberty.ws.soap.messageIDCacheCleanupInterval=60000
-
-#
-# Supported SOAP actors. Each actor must be seperated by '|'
-com.sun.identity.liberty.ws.soap.supportedActors=http://schemas.xmlsoap.org/soap/actor/next
-
-#
-# Namespace prefix mapping used when marshalling a JAXB content tree to a
-# DOM tree. The syntax is
-# <prefix>=<namespace>|<prefix>=<namespace>|..........
-com.sun.identity.liberty.ws.jaxb.namespacePrefixMappingList=S=http://schemas.xmlsoap.org/soap/envelope/|sb=urn:liberty:sb:2003-08|pp=urn:liberty:id-sis-pp:2003-08|ispp=http://www.sun.com/identity/liberty/pp|is=urn:liberty:is:2003-08
-
-#
-# JAXB package list used when constructing JAXBContext. Each package must be
-# seperated by ':'.
-com.sun.identity.liberty.ws.jaxb.packageList=
-
-#
-# Liberty ID-WSF security profile,
-# com.sun.identity.liberty.ws.wsc.certalias specifies default certificate
-# alias for issuing web service security token for this web service client
-# com.sun.identity.liberty.ws.ta.certalias specifies certificate
-# alias for trusted authority that will be used to sign SAML or SAML
-# BEARER token of response message.
-# com.sun.identity.liberty.ws.trustedca.certaliases specifies certificate
-# aliases for trusted CA. SAML or SAML BEARER token of incoming request
-# message needs to be signed by a trusted CA in this list. The syntax is
-# <cert alias 1>[:<issuer 1>]|<cert alias 2>[:<issuer 2>]|.....
-# For example, 'myalias1:myissuer1|myalias2|myalias3:myissuer3
-# 'issuer' is used when the token doesn't have a KeyInfo inside the
-# signature. The 'issuer' of the token needs to be in this list and the
-# corresponding cert alias will be used to verify signature. If KeyInfo
-# exists, the keystore needs to contain a cert alias that matches the
-# KeyInfo and the cert alias needs to be in this list.
-# com.sun.identity.liberty.ws.security.TokenProviderImpl specifies
-# implementation for security token provider
-com.sun.identity.liberty.ws.wsc.certalias=
-com.sun.identity.liberty.ws.ta.certalias=
-com.sun.identity.liberty.ws.trustedca.certaliases=
-com.sun.identity.liberty.ws.security.TokenProviderImpl=com.sun.identity.liberty.ws.security.LibSecurityTokenProvider
-
-
-#
-# URL for WSPRedirectHandlerServlet to handle Liberty WSF WSP-resource owner
-# interactions based on user agent redirects. This should be running in
-# the same JVM where Liberty SP is running
-com.sun.identity.liberty.interaction.wspRedirectHandler=http://localhost:8080/opensso/WSPRedirectHandler
-
-
-#
-# indicates whether WSC would participate in interaction
-# valid values are interactIfNeeded | doNotInteract | doNotInteractForData
-# default value:interactIfNeeded
-# value used if an invalid value is specified:interactIfNeeded
-com.sun.identity.liberty.interaction.wscSpecifiedInteractionChoice=interactIfNeeded
-
-
-#
-# indicates whether WSC would include userInteractionHeader
-# valid values are yes|no (case ignored)
-# default value:yes
-# value used if no value is specified:yes
-com.sun.identity.liberty.interaction.wscWillInlcudeUserInteractionHeader=yes
-
-
-#
-# indicates whether WSC would redirect user for interaction
-# valid values are yes|no
-# default value:yes
-# value used if no value is specified:yes
-com.sun.identity.liberty.interaction.wscWillRedirect=yes
-
-
-#
-# WSC's preference on the acceptable duration for interaction(in seconds)
-# default value if the value is not specified or a non integer value is
-# specified : 60
-com.sun.identity.liberty.interaction.wscSpecifiedMaxInteractionTime=80
-
-
-#
-# indicates whether WSC would enforce that redirected to URL is https
-# valid values are yes|no (case ignored)
-# liberty specification require the value to be yes
-# default value:yes
-# value used if no value is specified:yes
-com.sun.identity.liberty.interaction.wscWillEnforceHttpsCheck=no
-
-
-#
-# This property is used to determine the Liberty identity web services framework
-# to be used when the framework can not determine from the in-bound message or
-# from the resource offering when AM is acting as the WSC.
-# The default version is 1.1, but the possible values are 1.0 or 1.1
-# com.sun.identity.liberty.wsf.version=1.1
-
-#
-# Login URL and Authentication web service URL for Liberty use cases
-com.sun.identity.loginurl=http://localhost:8080/opensso/UI/Login
-com.sun.identity.liberty.authnsvc.url=http://localhost:8080/opensso/Liberty/authnsvc
-
Added: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/lib/jboss-ejb3x.jar
===================================================================
(Binary files differ)
Property changes on: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/lib/jboss-ejb3x.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Deleted: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/lib/openssoclientsdk.jar
===================================================================
(Binary files differ)
Modified: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/readme.txt
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/readme.txt 2008-08-08 06:56:06 UTC (rev 21405)
+++ labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/readme.txt 2008-08-08 06:59:43 UTC (rev 21406)
@@ -25,12 +25,23 @@
Note: that if you switch JBoss server you will need to re-configure OpenSSO. Simple delete the
opensso folder that OpenSSO created in your users home directory.
-To Run '.esb' archive mode:
+To Run '.esb' archive mode with jbossesb-server:
===========================
1. Type 'ant deploy'.
2. Start the server.
2. Type 'ant runtest'
+ Note:
+ When running with jbossesb-server the last action will fail as this requires an EJB to be deployed.
+ Since the jbossesb-server does not have ejb-deployer the last message printed will be:
+
+To Run '.esb' archive mode with JBossAS-server:
+===========================
+ 1. Type 'ant deploy'.
+ 1. Type 'ant deploy-ejb'.
+ 2. Start the server.
+ 2. Type 'ant runtest'
+
What to look for in this quickstart
===================================
ant deploy-opensso:
@@ -44,3 +55,7 @@
The OpenSSO username and password are specified in build.xml. Try changing the username
and/or password to see how an unsuccessful login attemt in handled.
+ jboss-opensso:
+ This is a subproject that might be of use for users wishin to use the OpenSSOLoginModule used in this quickstart.
+ This project can be built separate from the quickstart if needed.
+
Added: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/src/org/jboss/soa/esb/samples/quickstart/opensso/EjbClientAction.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/src/org/jboss/soa/esb/samples/quickstart/opensso/EjbClientAction.java (rev 0)
+++ labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/src/org/jboss/soa/esb/samples/quickstart/opensso/EjbClientAction.java 2008-08-08 06:59:43 UTC (rev 21406)
@@ -0,0 +1,66 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2006, JBoss Inc., and others contributors as indicated
+ * by the @authors tag. All rights reserved.
+ * See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ * This copyrighted material is made available to anyone wishing to use,
+ * modify, copy, or redistribute it subject to the terms and conditions
+ * of the GNU Lesser General Public License, v. 2.1.
+ * This program is distributed in the hope that it will be useful, but WITHOUT A
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ * You should have received a copy of the GNU Lesser General Public License,
+ * v.2.1 along with this distribution; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02110-1301, USA.
+ *
+ * (C) 2005-2006,
+ * @author JBoss Inc.
+ */
+package org.jboss.soa.esb.samples.quickstart.opensso;
+
+import java.net.URL;
+import java.io.File;
+import java.io.FilePermission;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.CodeSource;
+import java.security.Permissions;
+import java.security.PermissionCollection;
+import java.security.Policy;
+
+import javax.security.auth.Subject;
+
+import org.jboss.security.SecurityAssociation;
+import org.jboss.soa.esb.ConfigurationException;
+import org.jboss.soa.esb.actions.AbstractActionLifecycle;
+import org.jboss.soa.esb.helpers.ConfigTree;
+import org.jboss.soa.esb.message.Message;
+import javax.naming.Context;
+import javax.naming.InitialContext;
+import javax.naming.NamingException;
+
+public class EjbClientAction extends AbstractActionLifecycle
+{
+ public EjbClientAction(final ConfigTree config) throws ConfigurationException { }
+
+ public Message process(Message message) throws Exception
+ {
+ Subject subject = Subject.getSubject(AccessController.getContext());
+ System.out.println("Subject in EjbClientAction : " + Subject.getSubject(AccessController.getContext()));
+
+ try
+ {
+ Context context = new InitialContext();
+ SimpleRemote simpleRemote = (SimpleRemote) context.lookup(SimpleSLSB.RemoteJNDIName);
+ simpleRemote.printMessage("from ESB");
+ }
+ catch (final NamingException e)
+ {
+ System.out.println("Could not lookup " + SimpleSLSB.RemoteJNDIName + ". Please make sure the the EJB has been deployed by running 'ant deploy-ejb'");
+ }
+ return message;
+ }
+
+}
Added: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/src/org/jboss/soa/esb/samples/quickstart/opensso/Simple.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/src/org/jboss/soa/esb/samples/quickstart/opensso/Simple.java (rev 0)
+++ labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/src/org/jboss/soa/esb/samples/quickstart/opensso/Simple.java 2008-08-08 06:59:43 UTC (rev 21406)
@@ -0,0 +1,30 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.soa.esb.samples.quickstart.opensso;
+
+import javax.ejb.Local;
+
+ at Local
+public interface Simple
+{
+ void printMessage(final String message);
+}
+
Added: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/src/org/jboss/soa/esb/samples/quickstart/opensso/SimpleRemote.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/src/org/jboss/soa/esb/samples/quickstart/opensso/SimpleRemote.java (rev 0)
+++ labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/src/org/jboss/soa/esb/samples/quickstart/opensso/SimpleRemote.java 2008-08-08 06:59:43 UTC (rev 21406)
@@ -0,0 +1,30 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.soa.esb.samples.quickstart.opensso;
+
+import javax.ejb.Remote;
+
+ at Remote
+public interface SimpleRemote
+{
+ void printMessage(final String message);
+}
+
Added: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/src/org/jboss/soa/esb/samples/quickstart/opensso/SimpleSLSB.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/src/org/jboss/soa/esb/samples/quickstart/opensso/SimpleSLSB.java (rev 0)
+++ labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/src/org/jboss/soa/esb/samples/quickstart/opensso/SimpleSLSB.java 2008-08-08 06:59:43 UTC (rev 21406)
@@ -0,0 +1,43 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.soa.esb.samples.quickstart.opensso;
+
+import java.security.Principal;
+
+import javax.ejb.*;
+import javax.annotation.*;
+import javax.annotation.security.*;
+
+ at Stateless
+public class SimpleSLSB implements SimpleRemote
+{
+ @Resource SessionContext ctx;
+
+ public static final String RemoteJNDIName = SimpleSLSB.class.getSimpleName() + "/remote";
+
+ public void printMessage(final String message)
+ {
+ System.out.println("SimpleSLSB printMessage : " + message);
+ Principal principal = ctx.getCallerPrincipal();
+ System.out.println("SimpleSLSB Caller principal: " + principal );
+ }
+}
+
More information about the jboss-svn-commits
mailing list