[jboss-svn-commits] JBL Code SVN: r21285 - in labs/jbossesb/workspace/dbevenius/security/product: rosetta/src/org/jboss/internal/soa/esb/services/security/jaas and 1 other directories.
jboss-svn-commits at lists.jboss.org
jboss-svn-commits at lists.jboss.org
Tue Jul 29 17:32:33 EDT 2008
Author: beve
Date: 2008-07-29 17:32:32 -0400 (Tue, 29 Jul 2008)
New Revision: 21285
Modified:
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/internal/soa/esb/services/security/JaasSecurityService.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/internal/soa/esb/services/security/jaas/OpenSSOLoginModule.java
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-esb.xml
Log:
minor refactorings.
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/internal/soa/esb/services/security/JaasSecurityService.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/internal/soa/esb/services/security/JaasSecurityService.java 2008-07-29 19:55:11 UTC (rev 21284)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/internal/soa/esb/services/security/JaasSecurityService.java 2008-07-29 21:32:32 UTC (rev 21285)
@@ -56,12 +56,23 @@
{
public static final String LOGIN_CONFIG_URL_PREFIX = "login.config.url.";
- private Logger log = Logger.getLogger(JaasSecurityService.class);
+ private final Logger log = Logger.getLogger(JaasSecurityService.class);
- private javax.security.auth.login.Configuration configuration;
-
+ /*
+ * Callback handler implementation name
+ */
private String callbackHandlerClassName;
+ /*
+ * Original login configuration e.g JBoss AS login configuration
+ */
+ private javax.security.auth.login.Configuration orgConfiguration;
+
+ /*
+ * New loging configuration
+ */
+ private javax.security.auth.login.Configuration configuration;
+
/**
*
* @param context the security context to be used.
@@ -82,7 +93,16 @@
callbackHandler.setAuthenticationRequest(authRequest);
}
- loginContext = new LoginContext(config.getModuleName(), securityContext.getSubject(), callbackHandler, configuration);
+ try
+ {
+ // try to login with a specified login configuration
+ loginContext = new LoginContext(config.getModuleName(), securityContext.getSubject(), callbackHandler, configuration);
+ }
+ catch (final LoginException ignore)
+ {
+ // fall back and try using the orginal configuration
+ loginContext = new LoginContext(config.getModuleName(), securityContext.getSubject(), callbackHandler, orgConfiguration);
+ }
loginContext.login();
addRunAs(config, securityContext.getSubject());
}
@@ -132,6 +152,15 @@
public void configure() throws ConfigurationException
{
+ try
+ {
+ orgConfiguration = javax.security.auth.login.Configuration.getConfiguration();
+ }
+ catch(final SecurityException e)
+ {
+ log.warn("Could not locate a security configuration");
+ }
+
final Properties securityProperties = Configuration.getSecurityServiceProperies();
String loginConfigUrl = securityProperties.getProperty(Environment.SECURITY_SERVICE_CONFIG_URL);
if ( loginConfigUrl != null )
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/internal/soa/esb/services/security/jaas/OpenSSOLoginModule.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/internal/soa/esb/services/security/jaas/OpenSSOLoginModule.java 2008-07-29 19:55:11 UTC (rev 21284)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/internal/soa/esb/services/security/jaas/OpenSSOLoginModule.java 2008-07-29 21:32:32 UTC (rev 21285)
@@ -71,83 +71,12 @@
private AuthContext authContext;
- private boolean hasExistingSession;
-
- /* (non-Javadoc)
- * @see javax.security.auth.spi.LoginModule#abort()
- */
- public boolean abort() throws LoginException
- {
- if (this.succeeded = false)
- {
- return true;
- }
- succeeded = false;
- authContext.logout();
- commitSucceeded = false;
- return true;
- }
+ private boolean hasValidSession;
- /* (non-Javadoc)
- * @see javax.security.auth.spi.LoginModule#commit()
- */
- public boolean commit() throws LoginException
- {
- if (this.succeeded == false)
- {
- return false;
- }
-
- try
- {
- if ( !hasExistingSession )
- {
- SSOTokenManager tokenMgr = SSOTokenManager.getInstance();
- SSOToken ssoToken = authContext.getSSOToken();
-
- boolean validSession = tokenMgr.isValidToken(ssoToken);
- log.info("Is session valid: " + validSession);
-
- Principal principal = new SSOPrincipal(ssoToken.getTokenID().toString());
- log.info(principal);
- log.info(subject);
- log.info(subject.getPrincipals());
-
- subject.getPrincipals().add(principal);
- }
- commitSucceeded = true;
- }
- catch (final Exception ignore)
- {
- log.error("Exception in commit: ", ignore);
- commitSucceeded = false;
- }
-
- return commitSucceeded;
- }
+ private String orgName;
+
+ private String moduleName;
- /*
- * Will check if the passed in tokenId correlates with an existing
- * OpenSSO session.
- * If a session does exist this method returns true,false otherwise.
- */
- private boolean hasExistingSession( final String tokenId )
- {
- boolean hasSession;
- try
- {
- SSOTokenManager tokenMgr = SSOTokenManager.getInstance();
- SSOToken ssoToken = tokenMgr.createSSOToken(tokenId);
- hasSession = tokenMgr.isValidToken(ssoToken);
- log.info("Has valid session : " + hasSession);
- }
- catch (final SSOException ignore)
- {
- hasSession = false;
- }
- return hasSession;
- }
-
public void initialize(
final Subject subject,
final CallbackHandler callbackHandler,
@@ -163,8 +92,10 @@
}
catch (final ConfigurationException e)
{
- throw new IllegalStateException("Could not configure OpenSSOLoginModuel: ", e);
+ throw new IllegalStateException("Could not configure OpenSSOLoginModule: ", e);
}
+ orgName = (String)this.options.get("orgName");
+ moduleName = (String)this.options.get("dataStoreModule");
}
/* (non-Javadoc)
@@ -172,27 +103,52 @@
*/
public boolean login() throws LoginException
{
- Set<SSOPrincipal> principals = subject.getPrincipals(SSOPrincipal.class);
- log.info("SSOPrincipals : " + principals);
+ final Set<SSOPrincipal> principals = subject.getPrincipals(SSOPrincipal.class);
+ // we have an existing SSOToken, see if it is valid
if ( !principals.isEmpty() )
{
SSOPrincipal ssoPrincipal = principals.iterator().next();
- hasExistingSession = hasExistingSession(ssoPrincipal.getToken());
- if ( hasExistingSession )
+ hasValidSession = hasExistingSession(ssoPrincipal.getToken());
+ if ( hasValidSession )
{
- succeeded = true;
+ succeeded = true;
return succeeded;
}
}
- final String orgName = (String)options.get("orgName");
- final String dataStoreModule = (String)options.get("dataStoreModule");
authContext = new AuthContext(orgName);
- AuthContext.IndexType indexType = AuthContext.IndexType.MODULE_INSTANCE;
- authContext.login(indexType, dataStoreModule);
- Callback[] requirements = authContext.getRequirements();
+ // login using the module authentication type
+ authContext.login(AuthContext.IndexType.MODULE_INSTANCE, moduleName);
+
+ // get the callbacks that need to be populated the authentication plugin.
+ Callback[] callbacks = authContext.getRequirements();
+
+ // populate the callbacks.
+ handleCallbacks(callbacks);
+
+ // now submit the populated callbacks to plugin-modules.
+ authContext.submitRequirements(callbacks);
+
+ // check the retured status
+ if (authContext.getStatus() == AuthContext.Status.SUCCESS)
+ {
+ log.info("Login succeeded.");
+ succeeded = true;
+ }
+ else if (authContext.getStatus() == AuthContext.Status.FAILED)
+ {
+ log.info("Login failed.");
+ }
+ else
+ {
+ log.info("Unknown status: " + authContext.getStatus());
+ }
+ return succeeded;
+ }
+ private void handleCallbacks(Callback[] requirements) throws LoginException
+ {
try
{
callbackHandler.handle(requirements);
@@ -205,40 +161,90 @@
{
throw new LoginException(e.getMessage());
}
-
- authContext.submitRequirements(requirements);
+ }
- if (authContext.getStatus() == AuthContext.Status.SUCCESS)
+ /* (non-Javadoc)
+ * @see javax.security.auth.spi.LoginModule#commit()
+ */
+ public boolean commit() throws LoginException
+ {
+ if (succeeded == false)
{
- log.info("Login succeeded.");
- this.succeeded = true;
- }
- else if (authContext.getStatus() == AuthContext.Status.FAILED)
+ return false;
+ }
+
+ try
{
- log.info("Login failed.");
+ if ( !hasValidSession )
+ {
+ // this means that this was a new authentication so create a new SSOPrincipal
+ SSOToken ssoToken = authContext.getSSOToken();
+ Principal principal = new SSOPrincipal(ssoToken.getTokenID().toString());
+ subject.getPrincipals().add(principal);
+ }
+ commitSucceeded = true;
}
- else
+ catch (final Exception ignore)
{
- log.info("Unknown status: " + authContext.getStatus());
+ log.error("Exception in commit: ", ignore);
+ commitSucceeded = false;
}
- return this.succeeded;
+
+ return commitSucceeded;
}
-
+
+ /* (non-Javadoc)
+ * @see javax.security.auth.spi.LoginModule#abort()
+ */
+ public boolean abort() throws LoginException
+ {
+ if (succeeded = false)
+ {
+ return true;
+ }
+ succeeded = false;
+ authContext.logout();
+ commitSucceeded = false;
+ return true;
+ }
+
public boolean logout() throws LoginException
{
subject.getPrincipals().clear();
- this.succeeded = false;
- this.commitSucceeded = false;
+ succeeded = false;
+ commitSucceeded = false;
authContext.logout();
return true;
}
+ /*
+ * Will check if the passed in tokenId correlates with an existing
+ * OpenSSO session.
+ * If a session does exist this method returns true,false otherwise.
+ */
+ private boolean hasExistingSession( final String tokenId )
+ {
+ boolean hasSession;
+ try
+ {
+ SSOTokenManager tokenMgr = SSOTokenManager.getInstance();
+ SSOToken ssoToken = tokenMgr.createSSOToken(tokenId);
+ hasSession = tokenMgr.isValidToken(ssoToken);
+ log.debug("Has valid session : " + hasSession);
+ }
+ catch (final SSOException ignore)
+ {
+ hasSession = false;
+ }
+ return hasSession;
+ }
+
/**
* Will configure OpenSSO.
*/
private void configure(final String amProperties) throws ConfigurationException
{
- log.info("Access Manager(AM) configuration properties file : " + amProperties);
+ log.debug("Access Manager(AM) configuration properties file : " + amProperties);
if ( amProperties != null )
{
Properties props = new Properties();
Modified: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-esb.xml
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-esb.xml 2008-07-29 19:55:11 UTC (rev 21284)
+++ labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/opensso/jboss-esb.xml 2008-07-29 21:32:32 UTC (rev 21285)
@@ -4,16 +4,10 @@
<providers>
<jms-provider name="JBossMQ" connection-factory="ConnectionFactory">
<jms-bus busid="quickstartGwChannel">
- <jms-message-filter
- dest-type="QUEUE"
- dest-name="queue/quickstart_opensso_Request_gw"
- />
+ <jms-message-filter dest-type="QUEUE" dest-name="queue/quickstart_opensso_Request_gw" />
</jms-bus>
<jms-bus busid="quickstartEsbChannel">
- <jms-message-filter
- dest-type="QUEUE"
- dest-name="queue/quickstart_opensso_Request_esb"
- />
+ <jms-message-filter dest-type="QUEUE" dest-name="queue/quickstart_opensso_Request_esb" />
</jms-bus>
</jms-provider>
@@ -23,10 +17,7 @@
</providers>
<services>
- <service
- category="OpenSSO"
- name="SimpleListenerSecured"
- description="Hello World">
+ <service category="OpenSSO" name="SimpleListenerSecured" description="Hello World">
<security moduleName="OpenSSOLogin" runAs="adminRole"/>
<listeners>
@@ -58,17 +49,34 @@
<service category="OpenSSO" name="Service2" description="Service 2" invmScope="GLOBAL">
<security moduleName="OpenSSOLogin" runAs="adminRole" callbackHandler="org.jboss.internal.soa.esb.services.security.UserPassCallbackHandler"/>
<actions mep="OneWay">
- <action name="action2" class="org.jboss.soa.esb.actions.SystemPrintln">
+ <action name="action1" class="org.jboss.soa.esb.actions.SystemPrintln">
<property name="printfull" value="false"/>
<property name="message" value="In Service2"/>
</action>
- <action name="action1"
- class="org.jboss.soa.esb.samples.quickstart.opensso.MyJMSListenerAction"
- process="displayMessage">
- </action>
+ <action name="action2" class="org.jboss.soa.esb.samples.quickstart.opensso.MyJMSListenerAction" process="displayMessage"/>
+
+ <!-- Route to the "Service 3" -->
+ <action name="routeAction" class="org.jboss.soa.esb.actions.StaticRouter">
+ <property name="destinations">
+ <route-to service-category="OpenSSO" service-name="Service3"/>
+ </property>
+ </action>
</actions>
</service>
+ <service category="OpenSSO" name="Service3" description="Service 3" invmScope="GLOBAL">
+ <security moduleName="JmsXARealm" runAs="adminRole"/>
+ <actions mep="OneWay">
+ <action name="action1" class="org.jboss.soa.esb.actions.SystemPrintln">
+ <property name="printfull" value="false"/>
+ <property name="message" value="In Service3"/>
+ </action>
+ <action name="action2" class="org.jboss.soa.esb.samples.quickstart.opensso.MyJMSListenerAction" process="displayMessage"/>
+ </actions>
+
+ </service>
+
+
</services>
</jbossesb>
More information about the jboss-svn-commits
mailing list