Modifications due to continue development and re-structuring of

auth_token.

auth_token/server/CasaAuthServer/.classpath

@@ -1,8 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <classpath>
 	<classpathentry kind="src" path="src"/>
-	<classpathentry kind="con" path="org.eclipse.jst.j2ee.internal.web.container"/>
-	<classpathentry kind="lib" path="/usr/share/java/servletapi5.jar"/>
 	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+	<classpathentry kind="lib" path="/usr/share/java/servletapi5.jar"/>
+	<classpathentry kind="lib" path="identity-abstraction.jar"/>
 	<classpathentry kind="output" path="build/classes"/>
 </classpath>

auth_token/server/CasaAuthServer/.project

@@ -32,4 +32,11 @@
 		<nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
 		<nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
 	</natures>
+	<linkedResources>
+		<link>
+			<name>identity-abstraction.jar</name>
+			<type>1</type>
+			<location>/home/jluciani/dev-local/bandit/trunk/IdentityAbstraction/build/identity-abstraction.jar</location>
+		</link>
+	</linkedResources>
 </projectDescription>

auth_token/server/CasaAuthServer/.settings/.component

@@ -1,9 +1,10 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project-modules id="moduleCoreId">
-    <wb-module deploy-name="CasaAuthServer">
-        <wb-resource source-path="/WebContent" deploy-path="/"/>
-        <property name="context-root" value="CasaAuthServer"/>
-        <property name="java-output-path" value="/build/classes/"/>
-    </wb-module>
+<wb-module deploy-name="CasaAuthServer">
+<wb-resource deploy-path="/" source-path="/WebContent"/>
+<wb-resource deploy-path="/WEB-INF/classes" source-path="/build/classes"/>
+<wb-resource deploy-path="/WEB-INF/lib/identity-abstraction.jar" source-path="/identity-abstraction.jar"/>
+<property name="context-root" value="CasaAuthServer"/>
+<property name="java-output-path" value="/build/classes/"/>
+</wb-module>
 </project-modules>
-

auth_token/server/CasaAuthServer/.settings/org.eclipse.jdt.core.prefs

@@ -1,11 +1,11 @@
-#Tue Mar 21 11:49:00 MST 2006
+#Tue Apr 11 11:04:50 MDT 2006
 eclipse.preferences.version=1
 org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
-org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.2
-org.eclipse.jdt.core.compiler.compliance=1.4
-org.eclipse.jdt.core.compiler.problem.assertIdentifier=warning
-org.eclipse.jdt.core.compiler.problem.enumIdentifier=warning
-org.eclipse.jdt.core.compiler.source=1.3
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
+org.eclipse.jdt.core.compiler.compliance=1.5
+org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
+org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
+org.eclipse.jdt.core.compiler.source=1.5
 org.eclipse.jdt.core.formatter.align_type_members_on_columns=false
 org.eclipse.jdt.core.formatter.alignment_for_arguments_in_allocation_expression=16
 org.eclipse.jdt.core.formatter.alignment_for_arguments_in_enum_constant=16

auth_token/server/CasaAuthServer/.settings/org.eclipse.jst.common.project.facet.core.prefs

@@ -1,3 +1,3 @@
-#Thu Mar 09 09:05:25 MST 2006
-classpath.helper/org.eclipse.jdt.launching.JRE_CONTAINER\:\:org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType\:\:java-1.4.2-sun-1.4.2.10/owners=jst.java\:1.4
+#Tue Apr 11 11:50:34 MDT 2006
+classpath.helper/org.eclipse.jdt.launching.JRE_CONTAINER\:\:org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType\:\:java-1.5.0-sun-1.5.0/owners=jst.java\:5.0
 eclipse.preferences.version=1

auth_token/server/CasaAuthServer/.settings/org.eclipse.wst.common.project.facet.core.xml

@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <faceted-project>
-  <fixed facet="jst.web"/>
   <fixed facet="jst.java"/>
-  <installed facet="jst.java" version="1.4"/>
+  <fixed facet="jst.web"/>
   <installed facet="jst.web" version="2.4"/>
+  <installed facet="jst.java" version="5.0"/>
 </faceted-project>

auth_token/server/CasaAuthServer/src/com/novell/casa/authserver/AuthToken.java

@@ -350,7 +350,7 @@ public class AuthToken {
 			m_identityToken.append(identityToken.getEncodedToken());
 			m_identityTokenType = identityToken.getProviderType();
 			
-			m_lifetime = "tbd";
+			m_lifetime = "56"; // tbd
 			
 			// Generate a signature
 			// tbd - Over identToken, identToken type, and lifetime data.
@@ -364,9 +364,9 @@ public class AuthToken {
 	 		sb.append("<" + ProtoDefs.authTokenElementName + ">" + "\r\n");
 	 		sb.append("<" + ProtoDefs.signatureElementName + ">" + m_signature + "</" + ProtoDefs.signatureElementName + ">" + "\r\n");
 	 		sb.append("<" + ProtoDefs.lifetimeElementName + ">" + m_lifetime + "</" + ProtoDefs.lifetimeElementName + ">" + "\r\n");
-	 		sb.append("<" + ProtoDefs.identTokenElementName + " mode=\"escaped\">"
+	 		sb.append("<" + ProtoDefs.identTokenElementName + ">"
 	 				  + "<" + ProtoDefs.typeElementName + ">" + m_identityTokenType + "</" + ProtoDefs.typeElementName + ">"
-	 				  + "<![CDATA["+ m_identityToken + "]]>" + "</" + ProtoDefs.identTokenElementName + ">" + "\r\n");
+	 				  + m_identityToken + "</" + ProtoDefs.identTokenElementName + ">" + "\r\n");
 	 		sb.append("</" + ProtoDefs.authTokenElementName + ">" + "\r\n");
 	 		
 	 		// Save the token
@@ -441,10 +441,11 @@ public class AuthToken {
 	{
 		return m_identityToken.toString();
 	}
+	
 	/*
-	 * Returns the identity token provider type.
+	 * Returns the identity token type.
 	 */
-	public String getIdentityTokenProviderType()
+	public String getIdentityTokenType()
 	{
 		return m_identityTokenType;
 	}

auth_token/server/CasaAuthServer/src/com/novell/casa/authserver/CasaIdentityToken.java

@@ -41,6 +41,7 @@ import org.xml.sax.SAXException;
 import org.xml.sax.XMLReader;
 import org.xml.sax.helpers.XMLReaderFactory;
 
+import org.bandit.ia.IAContext;
 
 /*
  * CasaIdentityToken Class.
@@ -494,21 +495,19 @@ public class CasaIdentityToken implements IdentityToken
 		m_sourceUrl = "ldap://jcserver.provo.novell.com:389"; // tbd - Obtain from config or Higgins
 		m_service = targetService;
 		m_host = targetHost;
-		
+
 		try
 		{
 			// tbd - Read parameters from configuration and leverage Higgins.
 			//
 			// Open a directory context and use it to read the identity attributes.
 	 		Hashtable env = new Hashtable();
-	 		env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
-	 		env.put(Context.PROVIDER_URL, "ldap://jcserver.provo.novell.com:389");
-	 		env.put(Context.SECURITY_AUTHENTICATION, "simple");
-	 		env.put(Context.SECURITY_PRINCIPAL, "cn=admin,o=novell");
-	 		env.put(Context.SECURITY_CREDENTIALS, "novell");
-	
+			env.put(Context.INITIAL_CONTEXT_FACTORY, "org.bandit.ia.IAInitialCtxFactory");
+			env.put(IAContext.IA_REALM_CONFIG_LOCATION, "/home/jluciani/workspace/IdentityAbstraction/realms.xml");
+//			env.put(IAContext.IA_REALM_SELECTOR, "");
+
 	 		DirContext ctx = new InitialDirContext(env);
-	 		
+
 	 		// Setup a string buffer for building the IdentityToken, notice for now
 	 		// we are not going to wrap the identity token.
 	 		StringBuffer sb = new StringBuffer();
@@ -561,7 +560,7 @@ public class CasaIdentityToken implements IdentityToken
 		catch (NamingException e)
 		{
 			// tbd - Log the event???
-			System.err.println("CasaIdentityToken.initialize()- Naming Exception on Proxy User: " + e.getExplanation());
+			System.err.println("CasaIdentityToken.initialize()- Exception: " + e.getExplanation());
 		}
 		catch (Exception e)
 		{

auth_token/server/CasaAuthServer/src/com/novell/casa/authserver/Krb5Authenticate.java

@@ -49,6 +49,7 @@ import org.ietf.jgss.GSSManager;
 import org.ietf.jgss.GSSName;
 import org.ietf.jgss.Oid;
 
+import org.bandit.ia.IAContext;
 
 /**
  * Krb5Authenticate Servlet Class.
@@ -192,18 +193,16 @@ import org.ietf.jgss.Oid;
  			// Open a directory context and use it to identify the users
  			// associated with the specified surname.
  	 		Hashtable env = new Hashtable();
- 	 		env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
- 	 		env.put(Context.PROVIDER_URL, "ldap://jcserver.provo.novell.com:389");
- 	 		env.put(Context.SECURITY_AUTHENTICATION, "simple");
- 	 		env.put(Context.SECURITY_PRINCIPAL, "cn=admin,o=novell");
- 	 		env.put(Context.SECURITY_CREDENTIALS, "novell");
+			env.put(Context.INITIAL_CONTEXT_FACTORY, "org.bandit.ia.IAInitialCtxFactory");
+			env.put(IAContext.IA_REALM_CONFIG_LOCATION, "/home/jluciani/workspace/IdentityAbstraction/realms.xml");
+//			env.put(IAContext.IA_REALM_SELECTOR, "");
 
  	 		DirContext ctx = new InitialDirContext(env);
 
  	 		// Now search for a user with a matching kerberos principal name
  	 		Attributes matchAttrs = new BasicAttributes(true); // ignore attribute name case
  	 		matchAttrs.put(new BasicAttribute("krbPrincipalName", krb5Token.getPrincipalName()));
- 	 		
+
  	 		NamingEnumeration answer = ctx.search("o=novell", matchAttrs);
 
  	 		// Proceed based on the result of the search
@@ -241,7 +240,7 @@ import org.ietf.jgss.Oid;
 		{
  			// tbd
  			// Log the error
-			System.err.println("Krb5Authenticate.doPost()- Naming Exception on Proxy User: " + e.getExplanation());
+			System.err.println("Krb5Authenticate.doPost()- Exception caught: " + e.getExplanation());
 			
  			// Write out the response
 			try
@@ -258,7 +257,7 @@ import org.ietf.jgss.Oid;
 		catch (Exception e)
 		{
 			// tbd
-		    System.err.println("Krb5Authenticate.doPost()- Exception caught: " + e.toString()); 
+		    System.err.println("Krb5Authenticate.doPost()- Exception: " + e.toString()); 
 			
  			// Write out the response
 			try

auth_token/server/CasaAuthServer/src/com/novell/casa/authserver/PwdAuthenticate.java

@@ -45,6 +45,8 @@ import javax.naming.directory.Attributes;
 import javax.naming.directory.SearchResult;
 import javax.naming.NamingException;
 
+import org.bandit.ia.IAContext;
+
 
 /**
  * PwdAuthenticate Servlet Class.
@@ -142,25 +144,23 @@ import javax.naming.NamingException;
 			// Read and parse the AuthReqMsg sent from the client
 			InputStream inStream = request.getInputStream();
 			AuthReqMsg authReqMsg = new AuthReqMsg(inStream);
-			
+
 			// Now parse the PW Token
 			PwToken pwToken = new PwToken(authReqMsg.getAuthMechToken());
 
  			// Open a directory context and use it to identify the users
  			// associated with the specified surname.
  	 		Hashtable env = new Hashtable();
- 	 		env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
- 	 		env.put(Context.PROVIDER_URL, "ldap://jcserver.provo.novell.com:389");
- 	 		env.put(Context.SECURITY_AUTHENTICATION, "simple");
- 	 		env.put(Context.SECURITY_PRINCIPAL, "cn=admin,o=novell");
- 	 		env.put(Context.SECURITY_CREDENTIALS, "novell");
+			env.put(Context.INITIAL_CONTEXT_FACTORY, "org.bandit.ia.IAInitialCtxFactory");
+			env.put(IAContext.IA_REALM_CONFIG_LOCATION, "/home/jluciani/workspace/IdentityAbstraction/realms.xml");
+//			env.put(IAContext.IA_REALM_SELECTOR, "");
 
  	 		DirContext ctx = new InitialDirContext(env);
 
  	 		// Now search for a user with a matching surname
  	 		Attributes matchAttrs = new BasicAttributes(true); // ignore attribute name case
  	 		matchAttrs.put(new BasicAttribute("cn", pwToken.getUsername()));
- 	 		
+
  	 		NamingEnumeration answer = ctx.search("o=novell", matchAttrs);
 
  	 		// Enumerate through the users returned checking the password
@@ -170,16 +170,20 @@ import javax.naming.NamingException;
  	 		    SearchResult sr = (SearchResult)answer.next();
  	 		    
  	 		    System.err.println(sr.getName());
- 	 		    
+
  	 			// Open a directory context for the user as a way of verifying its password
  	 		    try
  	 		    {
  	 		    	Hashtable env2 = new Hashtable();
- 	 		    	env2.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
- 	 		    	env2.put(Context.PROVIDER_URL, "ldap://jcserver.provo.novell.com:389");
- 	 		    	env2.put(Context.SECURITY_AUTHENTICATION, "simple");
- 	 		    	env2.put(Context.SECURITY_PRINCIPAL, sr.getName() + ",o=novell");
- 	 		    	env2.put(Context.SECURITY_CREDENTIALS, pwToken.getPassword());
+ 	 				env2.put(Context.INITIAL_CONTEXT_FACTORY, "org.bandit.ia.IAInitialCtxFactory");
+ 	 				env2.put(IAContext.IA_REALM_CONFIG_LOCATION, "/home/jluciani/workspace/IdentityAbstraction/realms.xml");
+// 	 				env2.put(IAContext.IA_REALM_SELECTOR, ""); 	 		    	
+
+// 	 		    	env2.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
+// 	 		    	env2.put(Context.PROVIDER_URL, "ldap://jcserver.provo.novell.com:389");
+// 	 		    	env2.put(Context.SECURITY_AUTHENTICATION, "simple");
+// 	 		    	env2.put(Context.SECURITY_PRINCIPAL, sr.getName() + ",o=novell");
+// 	 		    	env2.put(Context.SECURITY_CREDENTIALS, pwToken.getPassword());
 
  	 		    	if ((new InitialDirContext(env2)) != null)
  	 		    	{

auth_token/server/CasaJaasSupport/.classpath

@@ -3,5 +3,6 @@
 	<classpathentry kind="src" path="src"/>
 	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
 	<classpathentry combineaccessrules="false" kind="src" path="/CasaAuthServer"/>
+	<classpathentry kind="lib" path="/usr/share/java/xerces-j2.jar"/>
 	<classpathentry kind="output" path="build/classes"/>
 </classpath>

auth_token/server/CasaJaasSupport/src/com/novell/casa/jaas/CasaLoginModule.java

@@ -117,16 +117,17 @@ public class CasaLoginModule implements LoginModule
 		    throw new LoginException("Null CallbackHandler");
 		}
 		
-		// Perform the username check unless configured to skip it.
-		boolean skipUsernameCheck = false;
+		// Do not perform the username check unless configured to do it.
+		boolean performUsernameCheck = false;
 		if (m_options != null
-		    && m_options.containsKey((String) "skipUsernameCheck") == true)
+		    && m_options.containsKey((String) "performUsernameCheck") == true)
 	    {
-			String keyVal = (String) m_options.get("skipUsernameCheck");
-			if (keyVal == null || keyVal.equals("true"))
-				skipUsernameCheck = true;
+			String keyVal = (String) m_options.get("performUsernameCheck");
+			if (keyVal != null && keyVal.equals("true"))
+				performUsernameCheck = true;
 	    }
-		if (!skipUsernameCheck)
+		
+		if (performUsernameCheck)
 		{
 			// Verify that the username is CasaIdentityUser, for this
 			// we first need to obtain it.
@@ -155,7 +156,7 @@ public class CasaLoginModule implements LoginModule
 				else
 				{
 					// Save the retrieved username in the shared state and then check it.
-					m_sharedState.put("javax.security.auth.login.name" , username);
+					m_sharedState.put("javax.security.auth.login.name", username);
 					if (username.equals(casaUsername) == false)
 						return false;
 				}

auth_token/server/CasaJaasSupport/src/com/novell/casa/jaas/sample/SampleApp.java

@@ -22,7 +22,7 @@
  *  
  ***********************************************************************/
 
-package com.novell.casa.jaas;
+package com.novell.casa.jaas.sample;
 
 import java.io.BufferedReader;
 import java.io.IOException;
@@ -37,6 +37,8 @@ import javax.security.auth.Subject;
 import javax.security.auth.login.LoginContext;
 import javax.security.auth.login.LoginException;
 
+import com.novell.casa.jaas.CasaPrincipal;
+
 
 /*
  * This is a sample application which demonstrates the use of
@@ -81,10 +83,9 @@ public class SampleApp
 					
 					// Authenticate the token and print out the information available to our service
 					// about the authenticated identity.
-					
 					try
 					{
-						LoginContext lc = new LoginContext("SampleApp", new SampleAppCallbackHandler(authToken));
+						LoginContext lc = new LoginContext("testService", new SampleAppCallbackHandler(authToken));
 						System.out.println("Authenticating the user");
 						lc.login();
 						

auth_token/server/CasaJaasSupport/src/com/novell/casa/jaas/sample/SampleAppCallbackHandler.java

@@ -22,7 +22,7 @@
  *  
  ***********************************************************************/
 
-package com.novell.casa.jaas;
+package com.novell.casa.jaas.sample;
 
 import java.io.IOException;