Modifications due to continue development and re-structuring of

auth_token.
This commit is contained in:
Juan Carlos Luciani 2006-04-26 22:05:29 +00:00
parent 51da351af7
commit abacf42fa4
15 changed files with 79 additions and 65 deletions

View File

@ -1,8 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<classpath> <classpath>
<classpathentry kind="src" path="src"/> <classpathentry kind="src" path="src"/>
<classpathentry kind="con" path="org.eclipse.jst.j2ee.internal.web.container"/>
<classpathentry kind="lib" path="/usr/share/java/servletapi5.jar"/>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/> <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
<classpathentry kind="lib" path="/usr/share/java/servletapi5.jar"/>
<classpathentry kind="lib" path="identity-abstraction.jar"/>
<classpathentry kind="output" path="build/classes"/> <classpathentry kind="output" path="build/classes"/>
</classpath> </classpath>

View File

@ -32,4 +32,11 @@
<nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature> <nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
<nature>org.eclipse.jem.workbench.JavaEMFNature</nature> <nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
</natures> </natures>
<linkedResources>
<link>
<name>identity-abstraction.jar</name>
<type>1</type>
<location>/home/jluciani/dev-local/bandit/trunk/IdentityAbstraction/build/identity-abstraction.jar</location>
</link>
</linkedResources>
</projectDescription> </projectDescription>

View File

@ -1,9 +1,10 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<project-modules id="moduleCoreId"> <project-modules id="moduleCoreId">
<wb-module deploy-name="CasaAuthServer"> <wb-module deploy-name="CasaAuthServer">
<wb-resource source-path="/WebContent" deploy-path="/"/> <wb-resource deploy-path="/" source-path="/WebContent"/>
<property name="context-root" value="CasaAuthServer"/> <wb-resource deploy-path="/WEB-INF/classes" source-path="/build/classes"/>
<property name="java-output-path" value="/build/classes/"/> <wb-resource deploy-path="/WEB-INF/lib/identity-abstraction.jar" source-path="/identity-abstraction.jar"/>
</wb-module> <property name="context-root" value="CasaAuthServer"/>
<property name="java-output-path" value="/build/classes/"/>
</wb-module>
</project-modules> </project-modules>

View File

@ -1,11 +1,11 @@
#Tue Mar 21 11:49:00 MST 2006 #Tue Apr 11 11:04:50 MDT 2006
eclipse.preferences.version=1 eclipse.preferences.version=1
org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.2 org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
org.eclipse.jdt.core.compiler.compliance=1.4 org.eclipse.jdt.core.compiler.compliance=1.5
org.eclipse.jdt.core.compiler.problem.assertIdentifier=warning org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
org.eclipse.jdt.core.compiler.problem.enumIdentifier=warning org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
org.eclipse.jdt.core.compiler.source=1.3 org.eclipse.jdt.core.compiler.source=1.5
org.eclipse.jdt.core.formatter.align_type_members_on_columns=false org.eclipse.jdt.core.formatter.align_type_members_on_columns=false
org.eclipse.jdt.core.formatter.alignment_for_arguments_in_allocation_expression=16 org.eclipse.jdt.core.formatter.alignment_for_arguments_in_allocation_expression=16
org.eclipse.jdt.core.formatter.alignment_for_arguments_in_enum_constant=16 org.eclipse.jdt.core.formatter.alignment_for_arguments_in_enum_constant=16

View File

@ -1,3 +1,3 @@
#Thu Mar 09 09:05:25 MST 2006 #Tue Apr 11 11:50:34 MDT 2006
classpath.helper/org.eclipse.jdt.launching.JRE_CONTAINER\:\:org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType\:\:java-1.4.2-sun-1.4.2.10/owners=jst.java\:1.4 classpath.helper/org.eclipse.jdt.launching.JRE_CONTAINER\:\:org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType\:\:java-1.5.0-sun-1.5.0/owners=jst.java\:5.0
eclipse.preferences.version=1 eclipse.preferences.version=1

View File

@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<faceted-project> <faceted-project>
<fixed facet="jst.web"/>
<fixed facet="jst.java"/> <fixed facet="jst.java"/>
<installed facet="jst.java" version="1.4"/> <fixed facet="jst.web"/>
<installed facet="jst.web" version="2.4"/> <installed facet="jst.web" version="2.4"/>
<installed facet="jst.java" version="5.0"/>
</faceted-project> </faceted-project>

View File

@ -350,7 +350,7 @@ public class AuthToken {
m_identityToken.append(identityToken.getEncodedToken()); m_identityToken.append(identityToken.getEncodedToken());
m_identityTokenType = identityToken.getProviderType(); m_identityTokenType = identityToken.getProviderType();
m_lifetime = "tbd"; m_lifetime = "56"; // tbd
// Generate a signature // Generate a signature
// tbd - Over identToken, identToken type, and lifetime data. // tbd - Over identToken, identToken type, and lifetime data.
@ -364,9 +364,9 @@ public class AuthToken {
sb.append("<" + ProtoDefs.authTokenElementName + ">" + "\r\n"); sb.append("<" + ProtoDefs.authTokenElementName + ">" + "\r\n");
sb.append("<" + ProtoDefs.signatureElementName + ">" + m_signature + "</" + ProtoDefs.signatureElementName + ">" + "\r\n"); sb.append("<" + ProtoDefs.signatureElementName + ">" + m_signature + "</" + ProtoDefs.signatureElementName + ">" + "\r\n");
sb.append("<" + ProtoDefs.lifetimeElementName + ">" + m_lifetime + "</" + ProtoDefs.lifetimeElementName + ">" + "\r\n"); sb.append("<" + ProtoDefs.lifetimeElementName + ">" + m_lifetime + "</" + ProtoDefs.lifetimeElementName + ">" + "\r\n");
sb.append("<" + ProtoDefs.identTokenElementName + " mode=\"escaped\">" sb.append("<" + ProtoDefs.identTokenElementName + ">"
+ "<" + ProtoDefs.typeElementName + ">" + m_identityTokenType + "</" + ProtoDefs.typeElementName + ">" + "<" + ProtoDefs.typeElementName + ">" + m_identityTokenType + "</" + ProtoDefs.typeElementName + ">"
+ "<![CDATA["+ m_identityToken + "]]>" + "</" + ProtoDefs.identTokenElementName + ">" + "\r\n"); + m_identityToken + "</" + ProtoDefs.identTokenElementName + ">" + "\r\n");
sb.append("</" + ProtoDefs.authTokenElementName + ">" + "\r\n"); sb.append("</" + ProtoDefs.authTokenElementName + ">" + "\r\n");
// Save the token // Save the token
@ -441,10 +441,11 @@ public class AuthToken {
{ {
return m_identityToken.toString(); return m_identityToken.toString();
} }
/* /*
* Returns the identity token provider type. * Returns the identity token type.
*/ */
public String getIdentityTokenProviderType() public String getIdentityTokenType()
{ {
return m_identityTokenType; return m_identityTokenType;
} }

View File

@ -41,6 +41,7 @@ import org.xml.sax.SAXException;
import org.xml.sax.XMLReader; import org.xml.sax.XMLReader;
import org.xml.sax.helpers.XMLReaderFactory; import org.xml.sax.helpers.XMLReaderFactory;
import org.bandit.ia.IAContext;
/* /*
* CasaIdentityToken Class. * CasaIdentityToken Class.
@ -494,21 +495,19 @@ public class CasaIdentityToken implements IdentityToken
m_sourceUrl = "ldap://jcserver.provo.novell.com:389"; // tbd - Obtain from config or Higgins m_sourceUrl = "ldap://jcserver.provo.novell.com:389"; // tbd - Obtain from config or Higgins
m_service = targetService; m_service = targetService;
m_host = targetHost; m_host = targetHost;
try try
{ {
// tbd - Read parameters from configuration and leverage Higgins. // tbd - Read parameters from configuration and leverage Higgins.
// //
// Open a directory context and use it to read the identity attributes. // Open a directory context and use it to read the identity attributes.
Hashtable env = new Hashtable(); Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.INITIAL_CONTEXT_FACTORY, "org.bandit.ia.IAInitialCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://jcserver.provo.novell.com:389"); env.put(IAContext.IA_REALM_CONFIG_LOCATION, "/home/jluciani/workspace/IdentityAbstraction/realms.xml");
env.put(Context.SECURITY_AUTHENTICATION, "simple"); // env.put(IAContext.IA_REALM_SELECTOR, "");
env.put(Context.SECURITY_PRINCIPAL, "cn=admin,o=novell");
env.put(Context.SECURITY_CREDENTIALS, "novell");
DirContext ctx = new InitialDirContext(env); DirContext ctx = new InitialDirContext(env);
// Setup a string buffer for building the IdentityToken, notice for now // Setup a string buffer for building the IdentityToken, notice for now
// we are not going to wrap the identity token. // we are not going to wrap the identity token.
StringBuffer sb = new StringBuffer(); StringBuffer sb = new StringBuffer();
@ -561,7 +560,7 @@ public class CasaIdentityToken implements IdentityToken
catch (NamingException e) catch (NamingException e)
{ {
// tbd - Log the event??? // tbd - Log the event???
System.err.println("CasaIdentityToken.initialize()- Naming Exception on Proxy User: " + e.getExplanation()); System.err.println("CasaIdentityToken.initialize()- Exception: " + e.getExplanation());
} }
catch (Exception e) catch (Exception e)
{ {

View File

@ -49,6 +49,7 @@ import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName; import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid; import org.ietf.jgss.Oid;
import org.bandit.ia.IAContext;
/** /**
* Krb5Authenticate Servlet Class. * Krb5Authenticate Servlet Class.
@ -192,18 +193,16 @@ import org.ietf.jgss.Oid;
// Open a directory context and use it to identify the users // Open a directory context and use it to identify the users
// associated with the specified surname. // associated with the specified surname.
Hashtable env = new Hashtable(); Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.INITIAL_CONTEXT_FACTORY, "org.bandit.ia.IAInitialCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://jcserver.provo.novell.com:389"); env.put(IAContext.IA_REALM_CONFIG_LOCATION, "/home/jluciani/workspace/IdentityAbstraction/realms.xml");
env.put(Context.SECURITY_AUTHENTICATION, "simple"); // env.put(IAContext.IA_REALM_SELECTOR, "");
env.put(Context.SECURITY_PRINCIPAL, "cn=admin,o=novell");
env.put(Context.SECURITY_CREDENTIALS, "novell");
DirContext ctx = new InitialDirContext(env); DirContext ctx = new InitialDirContext(env);
// Now search for a user with a matching kerberos principal name // Now search for a user with a matching kerberos principal name
Attributes matchAttrs = new BasicAttributes(true); // ignore attribute name case Attributes matchAttrs = new BasicAttributes(true); // ignore attribute name case
matchAttrs.put(new BasicAttribute("krbPrincipalName", krb5Token.getPrincipalName())); matchAttrs.put(new BasicAttribute("krbPrincipalName", krb5Token.getPrincipalName()));
NamingEnumeration answer = ctx.search("o=novell", matchAttrs); NamingEnumeration answer = ctx.search("o=novell", matchAttrs);
// Proceed based on the result of the search // Proceed based on the result of the search
@ -241,7 +240,7 @@ import org.ietf.jgss.Oid;
{ {
// tbd // tbd
// Log the error // Log the error
System.err.println("Krb5Authenticate.doPost()- Naming Exception on Proxy User: " + e.getExplanation()); System.err.println("Krb5Authenticate.doPost()- Exception caught: " + e.getExplanation());
// Write out the response // Write out the response
try try
@ -258,7 +257,7 @@ import org.ietf.jgss.Oid;
catch (Exception e) catch (Exception e)
{ {
// tbd // tbd
System.err.println("Krb5Authenticate.doPost()- Exception caught: " + e.toString()); System.err.println("Krb5Authenticate.doPost()- Exception: " + e.toString());
// Write out the response // Write out the response
try try

View File

@ -45,6 +45,8 @@ import javax.naming.directory.Attributes;
import javax.naming.directory.SearchResult; import javax.naming.directory.SearchResult;
import javax.naming.NamingException; import javax.naming.NamingException;
import org.bandit.ia.IAContext;
/** /**
* PwdAuthenticate Servlet Class. * PwdAuthenticate Servlet Class.
@ -142,25 +144,23 @@ import javax.naming.NamingException;
// Read and parse the AuthReqMsg sent from the client // Read and parse the AuthReqMsg sent from the client
InputStream inStream = request.getInputStream(); InputStream inStream = request.getInputStream();
AuthReqMsg authReqMsg = new AuthReqMsg(inStream); AuthReqMsg authReqMsg = new AuthReqMsg(inStream);
// Now parse the PW Token // Now parse the PW Token
PwToken pwToken = new PwToken(authReqMsg.getAuthMechToken()); PwToken pwToken = new PwToken(authReqMsg.getAuthMechToken());
// Open a directory context and use it to identify the users // Open a directory context and use it to identify the users
// associated with the specified surname. // associated with the specified surname.
Hashtable env = new Hashtable(); Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.INITIAL_CONTEXT_FACTORY, "org.bandit.ia.IAInitialCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://jcserver.provo.novell.com:389"); env.put(IAContext.IA_REALM_CONFIG_LOCATION, "/home/jluciani/workspace/IdentityAbstraction/realms.xml");
env.put(Context.SECURITY_AUTHENTICATION, "simple"); // env.put(IAContext.IA_REALM_SELECTOR, "");
env.put(Context.SECURITY_PRINCIPAL, "cn=admin,o=novell");
env.put(Context.SECURITY_CREDENTIALS, "novell");
DirContext ctx = new InitialDirContext(env); DirContext ctx = new InitialDirContext(env);
// Now search for a user with a matching surname // Now search for a user with a matching surname
Attributes matchAttrs = new BasicAttributes(true); // ignore attribute name case Attributes matchAttrs = new BasicAttributes(true); // ignore attribute name case
matchAttrs.put(new BasicAttribute("cn", pwToken.getUsername())); matchAttrs.put(new BasicAttribute("cn", pwToken.getUsername()));
NamingEnumeration answer = ctx.search("o=novell", matchAttrs); NamingEnumeration answer = ctx.search("o=novell", matchAttrs);
// Enumerate through the users returned checking the password // Enumerate through the users returned checking the password
@ -170,16 +170,20 @@ import javax.naming.NamingException;
SearchResult sr = (SearchResult)answer.next(); SearchResult sr = (SearchResult)answer.next();
System.err.println(sr.getName()); System.err.println(sr.getName());
// Open a directory context for the user as a way of verifying its password // Open a directory context for the user as a way of verifying its password
try try
{ {
Hashtable env2 = new Hashtable(); Hashtable env2 = new Hashtable();
env2.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env2.put(Context.INITIAL_CONTEXT_FACTORY, "org.bandit.ia.IAInitialCtxFactory");
env2.put(Context.PROVIDER_URL, "ldap://jcserver.provo.novell.com:389"); env2.put(IAContext.IA_REALM_CONFIG_LOCATION, "/home/jluciani/workspace/IdentityAbstraction/realms.xml");
env2.put(Context.SECURITY_AUTHENTICATION, "simple"); // env2.put(IAContext.IA_REALM_SELECTOR, "");
env2.put(Context.SECURITY_PRINCIPAL, sr.getName() + ",o=novell");
env2.put(Context.SECURITY_CREDENTIALS, pwToken.getPassword()); // env2.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
// env2.put(Context.PROVIDER_URL, "ldap://jcserver.provo.novell.com:389");
// env2.put(Context.SECURITY_AUTHENTICATION, "simple");
// env2.put(Context.SECURITY_PRINCIPAL, sr.getName() + ",o=novell");
// env2.put(Context.SECURITY_CREDENTIALS, pwToken.getPassword());
if ((new InitialDirContext(env2)) != null) if ((new InitialDirContext(env2)) != null)
{ {

View File

@ -3,5 +3,6 @@
<classpathentry kind="src" path="src"/> <classpathentry kind="src" path="src"/>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/> <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
<classpathentry combineaccessrules="false" kind="src" path="/CasaAuthServer"/> <classpathentry combineaccessrules="false" kind="src" path="/CasaAuthServer"/>
<classpathentry kind="lib" path="/usr/share/java/xerces-j2.jar"/>
<classpathentry kind="output" path="build/classes"/> <classpathentry kind="output" path="build/classes"/>
</classpath> </classpath>

View File

@ -117,16 +117,17 @@ public class CasaLoginModule implements LoginModule
throw new LoginException("Null CallbackHandler"); throw new LoginException("Null CallbackHandler");
} }
// Perform the username check unless configured to skip it. // Do not perform the username check unless configured to do it.
boolean skipUsernameCheck = false; boolean performUsernameCheck = false;
if (m_options != null if (m_options != null
&& m_options.containsKey((String) "skipUsernameCheck") == true) && m_options.containsKey((String) "performUsernameCheck") == true)
{ {
String keyVal = (String) m_options.get("skipUsernameCheck"); String keyVal = (String) m_options.get("performUsernameCheck");
if (keyVal == null || keyVal.equals("true")) if (keyVal != null && keyVal.equals("true"))
skipUsernameCheck = true; performUsernameCheck = true;
} }
if (!skipUsernameCheck)
if (performUsernameCheck)
{ {
// Verify that the username is CasaIdentityUser, for this // Verify that the username is CasaIdentityUser, for this
// we first need to obtain it. // we first need to obtain it.
@ -155,7 +156,7 @@ public class CasaLoginModule implements LoginModule
else else
{ {
// Save the retrieved username in the shared state and then check it. // Save the retrieved username in the shared state and then check it.
m_sharedState.put("javax.security.auth.login.name" , username); m_sharedState.put("javax.security.auth.login.name", username);
if (username.equals(casaUsername) == false) if (username.equals(casaUsername) == false)
return false; return false;
} }

View File

@ -22,7 +22,7 @@
* *
***********************************************************************/ ***********************************************************************/
package com.novell.casa.jaas; package com.novell.casa.jaas.sample;
import java.io.BufferedReader; import java.io.BufferedReader;
import java.io.IOException; import java.io.IOException;
@ -37,6 +37,8 @@ import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException; import javax.security.auth.login.LoginException;
import com.novell.casa.jaas.CasaPrincipal;
/* /*
* This is a sample application which demonstrates the use of * This is a sample application which demonstrates the use of
@ -81,10 +83,9 @@ public class SampleApp
// Authenticate the token and print out the information available to our service // Authenticate the token and print out the information available to our service
// about the authenticated identity. // about the authenticated identity.
try try
{ {
LoginContext lc = new LoginContext("SampleApp", new SampleAppCallbackHandler(authToken)); LoginContext lc = new LoginContext("testService", new SampleAppCallbackHandler(authToken));
System.out.println("Authenticating the user"); System.out.println("Authenticating the user");
lc.login(); lc.login();

View File

@ -22,7 +22,7 @@
* *
***********************************************************************/ ***********************************************************************/
package com.novell.casa.jaas; package com.novell.casa.jaas.sample;
import java.io.IOException; import java.io.IOException;