From 5bec27ee662a4f3f8e7abc01758a8b4e0f4d13e8 Mon Sep 17 00:00:00 2001 From: Juan Carlos Luciani Date: Thu, 14 Sep 2006 16:03:57 +0000 Subject: [PATCH] Added support for the Validate AuthToken Service. Made necessary spec file changes to support our configuration. --- CASA-auth-token/java/configure.in | 6 +- .../package/linux/CASA_auth_token_svc.changes | 12 ++ .../package/linux/CASA_auth_token_svc.spec.in | 106 +++++++++++++----- .../com/novell/casa/jaas/CasaLoginModule.java | 2 +- CASA-auth-token/java/server/Svc/Makefile.am | 3 +- .../java/server/Svc/crypto.properties | 6 + CASA-auth-token/java/server/Svc/jaas.conf | 11 ++ .../com/novell/casa/authtoksvc/AuthToken.java | 27 ++++- 8 files changed, 137 insertions(+), 36 deletions(-) create mode 100644 CASA-auth-token/java/server/Svc/crypto.properties create mode 100644 CASA-auth-token/java/server/Svc/jaas.conf diff --git a/CASA-auth-token/java/configure.in b/CASA-auth-token/java/configure.in index ebaf0e9e..0974e23a 100644 --- a/CASA-auth-token/java/configure.in +++ b/CASA-auth-token/java/configure.in @@ -19,9 +19,11 @@ # ####################################################################### -AC_INIT(autogen.sh) +AC_INIT(CASA_auth_token_svc, 1.7.1,,CASA_auth_token_svc) +AC_CONFIG_SRCDIR(autogen.sh) AC_CANONICAL_SYSTEM -AM_INIT_AUTOMAKE(CASA_auth_token_svc, 1.7.1) +AM_INIT_AUTOMAKE(tar-pax) + RELEASE=`date +%Y%m%d_%H%M` AC_SUBST(RELEASE) AM_MAINTAINER_MODE diff --git a/CASA-auth-token/java/package/linux/CASA_auth_token_svc.changes b/CASA-auth-token/java/package/linux/CASA_auth_token_svc.changes index 86468b02..dee5e8d9 100644 --- a/CASA-auth-token/java/package/linux/CASA_auth_token_svc.changes +++ b/CASA-auth-token/java/package/linux/CASA_auth_token_svc.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Thu Sep 14 09:57:00 MDT 2006 - jluciani@novell.com + +- Made changes to support the Authtoken Validate Service. This now + fixes support of "C" services. + +- Switched to using IBMs java instead of SUNs. This was done in order to + gain better Kerberos support (IBMs Kerberos modul supports more + encryption types) and to get around a problem in SUN's Invocation API + that was not letting us consume our AuthToken class from a native thread + other than the thread which creates the JVM. + ------------------------------------------------------------------- Fri Aug 18 11:49:22 MDT 2006 - jluciani@novell.com diff --git a/CASA-auth-token/java/package/linux/CASA_auth_token_svc.spec.in b/CASA-auth-token/java/package/linux/CASA_auth_token_svc.spec.in index ad3bf19a..dd269a3a 100644 --- a/CASA-auth-token/java/package/linux/CASA_auth_token_svc.spec.in +++ b/CASA-auth-token/java/package/linux/CASA_auth_token_svc.spec.in @@ -17,7 +17,7 @@ Name: @PACKAGE@ URL: http://www.novell.com/products -BuildRequires: libstdc++ gcc-c++ glib2-devel libstdc++-devel pkgconfig java-1_5_0-sun java-1_5_0-sun-devel update-alternatives mono-devel servletapi5 identity-abstraction +BuildRequires: libstdc++ gcc-c++ glib2-devel libstdc++-devel pkgconfig java-1_5_0-ibm java-1_5_0-ibm-devel update-alternatives mono-devel servletapi5 identity-abstraction %define prefix /usr License: LGPL Group: Applications/System @@ -28,7 +28,7 @@ Release: 0 Summary: Novell Common Authentication Services Adapter Authentication Token Infrastructure "Java" (CASA_auth_token) Source: %{name}-%{version}.tar.bz2 BuildRoot: %{_tmppath}/%{name}-%{version}-build -Requires: java-1_5_0-sun servletapi5 tomcat5 +Requires: java-1_5_0-ibm servletapi5 tomcat5 PreReq: %fillup_prereq %insserv_prereq BuildArchitectures: noarch @@ -51,7 +51,7 @@ enabled. %package -n CASA_auth_token_jaas_support Summary: Libraries needed for JAAS applications development. Group: Applications/System -Requires: java-1_5_0-sun +Requires: java-1_5_0-ibm %description -n CASA_auth_token_jaas_support CASA_auth_token is an authentication token infrastructure with support for multiple @@ -93,29 +93,54 @@ make install -d %{buildroot}%{prefix} install -d %{buildroot}%{prefix}/share install -d %{buildroot}%{prefix}/share/java +install -d %{buildroot}%{prefix}/share/java/CASA +install -d %{buildroot}%{prefix}/share/java/CASA/authtoken +install -d %{buildroot}%{prefix}/share/java/CASA/authtoken/external install -d %{buildroot}/etc -install -d -m 777 %{buildroot}/etc/CASA -install -d -m 777 %{buildroot}/etc/CASA/authtoken +install -d -m 755 %{buildroot}/var/lib/CASA +install -d -m 755 %{buildroot}/var/lib/CASA/authtoken +install -d -m 755 %{buildroot}/var/lib/CASA/authtoken/svc +install -d -m 755 %{buildroot}/etc/CASA +install -d -m 755 %{buildroot}/etc/CASA/authtoken.d +install -d -m 755 %{buildroot}/etc/CASA/authtoken.d +install -d -m 755 %{buildroot}/etc/CASA/authtoken.d/svc.d +install -d -m 755 %{buildroot}/etc/CASA/authtoken.d/java-keys ## CASA_auth_token_svc ## # Libs -install -m 755 %{_lib}/java/CasaAuthTokenSvc.war %{buildroot}%{prefix}/share/java/CasaAuthTokenSvc-%{bldno}.war +install -m 755 %{_lib}/java/CasaAuthTokenSvc.war %{buildroot}%{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc-%{bldno}.war # Lib Symbolic Links -ln -sf CasaAuthTokenSvc-%{bldno}.war %{buildroot}%{prefix}/share/java/CasaAuthTokenSvc.war -ln -sf CasaAuthTokenSvc-%{bldno}.war %{buildroot}%{prefix}/share/java/CasaAuthTokenSvc.war.1 +ln -sf CasaAuthTokenSvc-%{bldno}.war %{buildroot}%{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc.war +ln -sf CasaAuthTokenSvc-%{bldno}.war %{buildroot}%{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc.war.1 ## CASA_auth_token_jaas_support ## # Libs -install -m 755 %{_lib}/java/CasaJaasSupport.jar %{buildroot}%{prefix}/share/java/CasaJaasSupport-%{bldno}.jar -install -m 755 %{_lib}/java/CasaAuthToken.jar %{buildroot}%{prefix}/share/java/CasaAuthToken-%{bldno}.jar -install -m 755 server/Svc/crypto.properties %{buildroot}/etc/CASA/authtoken/crypto.properties +install -m 755 %{_lib}/java/CasaJaasSupport.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/CasaJaasSupport-%{bldno}.jar +install -m 755 %{_lib}/java/CasaAuthToken.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/CasaAuthToken-%{bldno}.jar +install -m 755 server/Svc/external/axis.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/external/axis.jar +install -m 755 server/Svc/external/axis-ant.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/external/axis-ant.jar +install -m 755 server/Svc/external/commons-discovery-0.2.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/external/commons-discovery-0.2.jar +install -m 755 server/Svc/external/commons-logging-1.0.4.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/external/commons-logging-1.0.4.jar +install -m 755 server/Svc/external/commons-logging-api.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/external/commons-logging-api.jar +install -m 755 server/Svc/external/jaxrpc.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/external/jaxrpc.jar +install -m 755 server/Svc/external/log4j.properties %{buildroot}%{prefix}/share/java/CASA/authtoken/external/log4j.properties +install -m 755 server/Svc/external/log4j-1.2.8.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/external/log4j-1.2.8.jar +install -m 755 server/Svc/external/saaj.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/external/saaj.jar +install -m 755 server/Svc/external/wsdl4j-1.5.1.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/external/wsdl4j-1.5.1.jar +install -m 755 server/Svc/external/wss4j-1.5.0.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/external/wss4j-1.5.0.jar +install -m 755 server/Svc/external/xalan.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/external/xalan.jar +install -m 755 server/Svc/external/xercesImpl.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/external/xercesImpl.jar +install -m 755 server/Svc/external/xml-apis.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/external/xml-apis.jar +install -m 755 server/Svc/external/xmlsec-1.2.1.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/external/xmlsec-1.2.1.jar +install -m 644 server/Svc/crypto.properties %{buildroot}/etc/CASA/authtoken.d/crypto.properties +install -m 644 server/Svc/jaas.conf %{buildroot}/etc/CASA/authtoken.d/svc.d/jaas.conf # Lib Symbolic Links -ln -sf CasaJaasSupport-%{bldno}.jar %{buildroot}%{prefix}/share/java/CasaJaasSupport.jar -ln -sf CasaJaasSupport-%{bldno}.jar %{buildroot}%{prefix}/share/java/CasaJaasSupport.jar.1 -ln -sf CasaAuthToken-%{bldno}.jar %{buildroot}%{prefix}/share/java/CasaAuthToken.jar -ln -sf CasaAuthToken-%{bldno}.jar %{buildroot}%{prefix}/share/java/CasaAuthToken.jar.1 +ln -sf CasaJaasSupport-%{bldno}.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/CasaJaasSupport.jar +ln -sf CasaJaasSupport-%{bldno}.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/CasaJaasSupport.jar.1 +ln -sf CasaAuthToken-%{bldno}.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/CasaAuthToken.jar +ln -sf CasaAuthToken-%{bldno}.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/CasaAuthToken.jar.1 %clean rm -rf $RPM_BUILD_ROOT @@ -136,11 +161,18 @@ rm -rf $RPM_BUILD_ROOT %files %defattr(-,root,root) +%dir %{prefix}/share/java/CASA +%dir %{prefix}/share/java/CASA/authtoken +%dir /var/lib/CASA +%dir /var/lib/CASA/authtoken +%dir /var/lib/CASA/authtoken/svc %dir /etc/CASA -%dir /etc/CASA/authtoken -%{prefix}/share/java/CasaAuthTokenSvc-%{bldno}.war -%{prefix}/share/java/CasaAuthTokenSvc.war -%{prefix}/share/java/CasaAuthTokenSvc.war.1 +%dir /etc/CASA/authtoken.d +%dir /etc/CASA/authtoken.d/svc.d +%dir /etc/CASA/authtoken.d/java-keys +%{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc-%{bldno}.war +%{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc.war +%{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc.war.1 ## CASA_auth_token_jaas_support ## @@ -158,15 +190,35 @@ rm -rf $RPM_BUILD_ROOT %files -n CASA_auth_token_jaas_support %defattr(-,root,root) +%dir %{prefix}/share/java/CASA +%dir %{prefix}/share/java/CASA/authtoken +%dir %{prefix}/share/java/CASA/authtoken/external %dir /etc/CASA -%dir /etc/CASA/authtoken -%{prefix}/share/java/CasaJaasSupport-%{bldno}.jar -%{prefix}/share/java/CasaJaasSupport.jar -%{prefix}/share/java/CasaJaasSupport.jar.1 -%{prefix}/share/java/CasaAuthToken-%{bldno}.jar -%{prefix}/share/java/CasaAuthToken.jar -%{prefix}/share/java/CasaAuthToken.jar.1 -/etc/CASA/authtoken/crypto.properties +%dir /etc/CASA/authtoken.d +%dir /etc/CASA/authtoken.d/java-keys +%{prefix}/share/java/CASA/authtoken/CasaJaasSupport-%{bldno}.jar +%{prefix}/share/java/CASA/authtoken/CasaJaasSupport.jar +%{prefix}/share/java/CASA/authtoken/CasaJaasSupport.jar.1 +%{prefix}/share/java/CASA/authtoken/CasaAuthToken-%{bldno}.jar +%{prefix}/share/java/CASA/authtoken/CasaAuthToken.jar +%{prefix}/share/java/CASA/authtoken/CasaAuthToken.jar.1 +%{prefix}/share/java/CASA/authtoken/external/axis.jar +%{prefix}/share/java/CASA/authtoken/external/axis-ant.jar +%{prefix}/share/java/CASA/authtoken/external/commons-discovery-0.2.jar +%{prefix}/share/java/CASA/authtoken/external/commons-logging-1.0.4.jar +%{prefix}/share/java/CASA/authtoken/external/commons-logging-api.jar +%{prefix}/share/java/CASA/authtoken/external/jaxrpc.jar +%{prefix}/share/java/CASA/authtoken/external/log4j.properties +%{prefix}/share/java/CASA/authtoken/external/log4j-1.2.8.jar +%{prefix}/share/java/CASA/authtoken/external/saaj.jar +%{prefix}/share/java/CASA/authtoken/external/wsdl4j-1.5.1.jar +%{prefix}/share/java/CASA/authtoken/external/wss4j-1.5.0.jar +%{prefix}/share/java/CASA/authtoken/external/xalan.jar +%{prefix}/share/java/CASA/authtoken/external/xercesImpl.jar +%{prefix}/share/java/CASA/authtoken/external/xml-apis.jar +%{prefix}/share/java/CASA/authtoken/external/xmlsec-1.2.1.jar +/etc/CASA/authtoken.d/crypto.properties +/etc/CASA/authtoken.d/svc.d/jaas.conf %changelog -n CASA_auth_token_svc diff --git a/CASA-auth-token/java/server/Jaas/src/com/novell/casa/jaas/CasaLoginModule.java b/CASA-auth-token/java/server/Jaas/src/com/novell/casa/jaas/CasaLoginModule.java index 51db3a0d..8b3c5377 100644 --- a/CASA-auth-token/java/server/Jaas/src/com/novell/casa/jaas/CasaLoginModule.java +++ b/CASA-auth-token/java/server/Jaas/src/com/novell/casa/jaas/CasaLoginModule.java @@ -190,7 +190,7 @@ public class CasaLoginModule implements LoginModule // Instantiate the AuthToken, this validates the token itself. try { - AuthToken authToken = new AuthToken(new String(authTokenChars)); + AuthToken authToken = new AuthToken(new String(authTokenChars), true); // Instantiate the appropriate IdentityToken based on the IdentityTokenProvider type // tbd - For now use the CasaIdentityToken diff --git a/CASA-auth-token/java/server/Svc/Makefile.am b/CASA-auth-token/java/server/Svc/Makefile.am index 724b4d23..86d6161b 100644 --- a/CASA-auth-token/java/server/Svc/Makefile.am +++ b/CASA-auth-token/java/server/Svc/Makefile.am @@ -28,7 +28,8 @@ EXTRA_DIST = authtoken.settings \ svc.settings \ TODO \ web.xml \ - crypto.properties + crypto.properties \ + jaas.conf ROOT = ../.. diff --git a/CASA-auth-token/java/server/Svc/crypto.properties b/CASA-auth-token/java/server/Svc/crypto.properties new file mode 100644 index 00000000..a927242a --- /dev/null +++ b/CASA-auth-token/java/server/Svc/crypto.properties @@ -0,0 +1,6 @@ +org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin +org.apache.ws.security.crypto.merlin.keystore.type=jks +org.apache.ws.security.crypto.merlin.keystore.password=foobar +org.apache.ws.security.crypto.merlin.keystore.alias=privkey +org.apache.ws.security.crypto.merlin.alias.password=foobar +org.apache.ws.security.crypto.merlin.file=/etc/CASA/authtoken.d/java-keys/privkeystore diff --git a/CASA-auth-token/java/server/Svc/jaas.conf b/CASA-auth-token/java/server/Svc/jaas.conf new file mode 100644 index 00000000..1abeb22d --- /dev/null +++ b/CASA-auth-token/java/server/Svc/jaas.conf @@ -0,0 +1,11 @@ +other { +com.sun.security.auth.module.Krb5LoginModule required + useTicketCache=true + ticketCache="/var/lib/CASA/authtoken/svc/ticket.cache" + useKeyTab=true + principal="host/jcserver2.provo.novell.com" + doNotPrompt=true + storeKey=true + keyTab="/etc/krb5.keytab" + debug=true; +}; diff --git a/CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/AuthToken.java b/CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/AuthToken.java index 270d0db4..5fa51ea9 100644 --- a/CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/AuthToken.java +++ b/CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/AuthToken.java @@ -135,14 +135,27 @@ public class AuthToken * Constructor given an authentication token string. The constructor * validates the token as part of its processing. */ - public AuthToken(String token) throws Exception + public AuthToken(String token, + boolean encodedToken) throws Exception { - // Decode the token string - m_token = Base64Coder.decode(token); + // Decode the token string if necessary + if (encodedToken) + m_token = Base64Coder.decode(token); + else + m_token = token; // Now instantiate a SOAP message with the string InputStream inStream = new ByteArrayInputStream(m_token.getBytes()); - Message message = new Message(inStream); + org.apache.axis.Message message; + try + { + message = new Message(inStream); + + } catch (Exception e) + { + System.err.println("AuthToken()- Exception caught creating message, msg: " + e.getMessage()); + throw new Exception("Invalid Authentication Token"); + } // Get access to the SOAP Envelope SOAPEnvelope envelope = message.getSOAPEnvelope(); @@ -284,16 +297,20 @@ public class AuthToken * Validates an authentication token. If successful it * returns a string containing the identity token associated * with the authentication token; otherwise it returns NULL; + * + * Note, the routine assumes that the token is not encoded. */ public static String validate(String authTokenString) { + System.err.println("AuthToken.validate()- Start"); // Instantiate the AuthToken, this validates the token itself. try { - AuthToken authToken = new AuthToken(authTokenString); + AuthToken authToken = new AuthToken(authTokenString, false); // If we are here is because the token validation succeeded, // return the identity token string. + System.err.println("AuthToken.validate()- Returning identity token"); return authToken.getIdentityToken(); }