Changes accomplish the following:
- Allow for binary identity attributes. - Simplify configuration of the svc.
This commit is contained in:
parent
47d8264272
commit
b1966cac5f
@ -96,7 +96,10 @@ $(BUILDDIR)/%.class: %.java
|
||||
|
||||
$(BUILDDIR)/$(WEBAPP): $(BUILDDIR) $(CLASSES)
|
||||
@echo [======== Creating Webapp $@ ========]
|
||||
cp src/com/novell/casa/authtoksvc/web.xml $(BUILDDIR)/webapp/WEB-INF/web.xml
|
||||
cp web.xml $(BUILDDIR)/webapp/WEB-INF/web.xml
|
||||
cp svc.settings $(BUILDDIR)/webapp/WEB-INF/conf/svc.settings
|
||||
cp authtoken.settings $(BUILDDIR)/webapp/WEB-INF/conf/authtoken.settings
|
||||
cp identoken.settings $(BUILDDIR)/webapp/WEB-INF/conf/identoken.settings
|
||||
cp src/com/novell/casa/authtoksvc/Krb5_mechanism.settings $(BUILDDIR)/webapp/WEB-INF/conf/installed_auth_mechanisms/Krb5Authenticate/mechanism.settings
|
||||
cp src/com/novell/casa/authtoksvc/Pwd_mechanism.settings $(BUILDDIR)/webapp/WEB-INF/conf/installed_auth_mechanisms/PwdAuthenticate/mechanism.settings
|
||||
cp $(IDENT_ABSTRACTION_DIR)/*.jar $(BUILDDIR)/webapp/WEB-INF/lib/
|
||||
|
4
auth_token/server/AuthTokenSvc/authtoken.settings
Normal file
4
auth_token/server/AuthTokenSvc/authtoken.settings
Normal file
@ -0,0 +1,4 @@
|
||||
<?xml version="1.0" encoding="ISO-8859-1"?>
|
||||
<settings>
|
||||
<TokenLifetime>3600</TokenLifetime>
|
||||
</settings>
|
6
auth_token/server/AuthTokenSvc/identoken.settings
Normal file
6
auth_token/server/AuthTokenSvc/identoken.settings
Normal file
@ -0,0 +1,6 @@
|
||||
<?xml version="1.0" encoding="ISO-8859-1"?>
|
||||
<settings>
|
||||
<EncryptAttributes>false</EncryptAttributes>
|
||||
<Attributes>sn</Attributes>
|
||||
</settings>
|
||||
|
@ -46,7 +46,7 @@ public class AuthTokenConfig
|
||||
public final static String IdentityTokenType = "IdentityTokenType";
|
||||
|
||||
// Default configuration values
|
||||
private String m_defaultTokenLifetimeValue = "360"; // Seconds
|
||||
private String m_defaultTokenLifetimeValue = "3600"; // Seconds
|
||||
private String m_defaultLifetimeShorterValue = "5"; // Seconds
|
||||
private String m_defaultIdentityTokenTypeValue = "CasaIdentityToken";
|
||||
|
||||
|
@ -45,8 +45,6 @@ import java.net.URLClassLoader;
|
||||
*/
|
||||
public class Authenticate implements RpcMethod
|
||||
{
|
||||
private static final String sessionTokenLifetime = "360"; // tbd - Obtain from configuration
|
||||
|
||||
private static final String m_mechanismSettingsFileName = "mechanism.settings";
|
||||
|
||||
private Map m_authMechanismMap;
|
||||
|
@ -121,7 +121,8 @@ public class CasaIdentityToken implements IdentityToken
|
||||
private final static int AWAITING_ATTRIBUTE_START = 18;
|
||||
private final static int AWAITING_ATTRIBUTE_END = 19;
|
||||
private final static int AWAITING_ATTRIBUTE_DATA = 20;
|
||||
private final static int DONE_PARSING = 21;
|
||||
private final static int AWAITING_BINARY_ATTRIBUTE_DATA = 21;
|
||||
private final static int DONE_PARSING = 22;
|
||||
|
||||
private CasaIdentityToken m_casaIdentToken;
|
||||
private int m_state;
|
||||
@ -266,8 +267,19 @@ public class CasaIdentityToken implements IdentityToken
|
||||
// Save the element name as the current attribute
|
||||
m_currAttribute = qName;
|
||||
|
||||
// Advance to the next state
|
||||
m_state = AWAITING_ATTRIBUTE_DATA;
|
||||
// Advance to the next state based on the attribute type
|
||||
String attrType = atts.getValue("type");
|
||||
if (attrType != null && attrType.equals("binary"))
|
||||
{
|
||||
// We are dealing with a binary attribute. We are going to
|
||||
// assume that binary attributes are always base64 encoded.
|
||||
m_state = AWAITING_BINARY_ATTRIBUTE_DATA;
|
||||
}
|
||||
else
|
||||
{
|
||||
// Assume we are dealing with an attribute of type string
|
||||
m_state = AWAITING_ATTRIBUTE_DATA;
|
||||
}
|
||||
break;
|
||||
|
||||
default:
|
||||
@ -459,7 +471,6 @@ public class CasaIdentityToken implements IdentityToken
|
||||
{
|
||||
// tbd - Decrypt the attribute key and value with the private key of the service
|
||||
// using the configured mechanism.
|
||||
m_casaIdentToken.m_attributes.put(m_currAttribute, new String(ch, start, length));
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -470,6 +481,30 @@ public class CasaIdentityToken implements IdentityToken
|
||||
m_state = AWAITING_ATTRIBUTE_END;
|
||||
break;
|
||||
|
||||
case AWAITING_BINARY_ATTRIBUTE_DATA:
|
||||
// Consume the data
|
||||
//
|
||||
// Decrypt the attribute data if necessary
|
||||
if (m_encryptedAttrs)
|
||||
{
|
||||
// tbd - Decrypt the attribute key and value with the private key of the service
|
||||
// using the configured mechanism.
|
||||
}
|
||||
else
|
||||
{
|
||||
// The data is base64 encoded
|
||||
System.err.println("CasaIdentityToken SAXHandler.characters()- encodedChars = " + length);
|
||||
char[] encodedChars = new char[length];
|
||||
System.arraycopy(ch, start, encodedChars, 0, length);
|
||||
System.err.println("CasaIdentityToken SAXHandler.characters()- encodedChars copied to new array");
|
||||
m_casaIdentToken.m_attributes.put(m_currAttribute, Base64Coder.decode(encodedChars));
|
||||
System.err.println("CasaIdentityToken SAXHandler.characters()- encodedChars decoded");
|
||||
}
|
||||
|
||||
// Advance to the next state
|
||||
m_state = AWAITING_ATTRIBUTE_END;
|
||||
break;
|
||||
|
||||
default:
|
||||
// Do nothing
|
||||
break;
|
||||
@ -480,7 +515,7 @@ public class CasaIdentityToken implements IdentityToken
|
||||
/*
|
||||
* Constructor.
|
||||
*/
|
||||
public CasaIdentityToken(IdenTokenConfig idenTokenConfig)
|
||||
public CasaIdentityToken (IdenTokenConfig idenTokenConfig)
|
||||
{
|
||||
// Initialize our members
|
||||
m_token = null;
|
||||
@ -491,7 +526,7 @@ public class CasaIdentityToken implements IdentityToken
|
||||
/*
|
||||
* Constructor.
|
||||
*/
|
||||
public CasaIdentityToken()
|
||||
public CasaIdentityToken ()
|
||||
{
|
||||
// Initialize our members
|
||||
m_token = null;
|
||||
@ -502,11 +537,11 @@ public class CasaIdentityToken implements IdentityToken
|
||||
/*
|
||||
* Initialize with parameters.
|
||||
*/
|
||||
public void initialize(String identityId,
|
||||
String sourceName,
|
||||
String targetService,
|
||||
String targetHost,
|
||||
SvcConfig svcConfig) throws Exception
|
||||
public void initialize (String identityId,
|
||||
String sourceName,
|
||||
String targetService,
|
||||
String targetHost,
|
||||
SvcConfig svcConfig) throws Exception
|
||||
{
|
||||
// Save input parameters
|
||||
m_identityId = identityId;
|
||||
@ -517,12 +552,11 @@ public class CasaIdentityToken implements IdentityToken
|
||||
|
||||
try
|
||||
{
|
||||
// tbd - Read parameters from configuration and leverage Higgins.
|
||||
//
|
||||
// Open a directory context and use it to read the identity attributes.
|
||||
Hashtable env = new Hashtable();
|
||||
env.put(Context.INITIAL_CONTEXT_FACTORY, "org.bandit.ia.IAInitialCtxFactory");
|
||||
env.put(IAContext.IA_REALM_CONFIG_LOCATION, svcConfig.getSetting(SvcConfig.IdentityAbstractionConfigFile));
|
||||
env.put("java.naming.ldap.attributes.binary", "guid");
|
||||
env.put(IAContext.IA_REALM_SELECTOR, sourceName);
|
||||
|
||||
DirContext ctx = new InitialDirContext(env);
|
||||
@ -552,45 +586,31 @@ public class CasaIdentityToken implements IdentityToken
|
||||
NamingEnumeration enumeration = attr.getAll();
|
||||
while (enumeration.hasMore())
|
||||
{
|
||||
String attrValue = null;
|
||||
Object o = enumeration.next();
|
||||
if (o == null)
|
||||
{
|
||||
System.err.println("CasaIdentityToken.initialize()- null");
|
||||
}
|
||||
if (o instanceof java.lang.String)
|
||||
{
|
||||
System.err.println("CasaIdentityToken.initialize()- Type string");
|
||||
attrValue = (String) o;
|
||||
}
|
||||
else if (o instanceof java.lang.Byte)
|
||||
{
|
||||
System.err.println("CasaIdentityToken.initialize()- Type byte[]");
|
||||
attrValue = ((byte[]) o).toString();
|
||||
}
|
||||
Object attrValue = enumeration.next();
|
||||
m_attributes.put(attr.getID(), attrValue);
|
||||
System.err.println("CasaIdentityToken.initialize()- Including attribute " + attr.getID());
|
||||
|
||||
// Proceed if we were able to get the attribute value in String form
|
||||
if (attrValue != null)
|
||||
// Encrypt the attribute if necessary
|
||||
if (encryptAttributes == true)
|
||||
{
|
||||
m_attributes.put(attr.getID(), attrValue);
|
||||
System.err.println("CasaIdentityToken.initialize()- Including attribute " + attr.getID() + " of value " + attrValue);
|
||||
|
||||
// Encrypt the attribute if necessary
|
||||
if (encryptAttributes == true)
|
||||
{
|
||||
// tbd - Encrypt the attributes using the services public key, let the mechanism
|
||||
// be configurable. The services certificate should be Base64 encoded as a setting
|
||||
// of the identoken.settings file.
|
||||
sb.append("<" + attr.getID() + ">" + attrValue + "</" + attr.getID() + ">" + "\r\n");
|
||||
}
|
||||
else
|
||||
{
|
||||
sb.append("<" + attr.getID() + ">" + attrValue + "</" + attr.getID() + ">" + "\r\n");
|
||||
}
|
||||
// tbd - Encrypt the attributes using the services public key, let the mechanism
|
||||
// be configurable. The service's certificate should be Base64 encoded as a setting
|
||||
// of the identoken.settings file.
|
||||
}
|
||||
else
|
||||
{
|
||||
System.err.println("CasaIdentityToken.initialize()- Unrecognized object type for attribute " + attr.getID());
|
||||
// Proceed based on the attribute value type
|
||||
if (attrValue instanceof byte[])
|
||||
{
|
||||
// The attribute value is of type byte[], we need to encode it.
|
||||
sb.append("<" + attr.getID() + " type=\"binary\" encoding=\"base64\">" + new String(Base64Coder.encode((byte[]) attrValue)) + "</" + attr.getID() + ">" + "\r\n");
|
||||
System.err.println("Attribute " + attr.getID() + "included as " + new String(Base64Coder.encode((byte[]) attrValue)));
|
||||
}
|
||||
else
|
||||
{
|
||||
// Assume the attribute value is of type String
|
||||
sb.append("<" + attr.getID() + ">" + (String) attrValue + "</" + attr.getID() + ">" + "\r\n");
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -647,7 +667,7 @@ public class CasaIdentityToken implements IdentityToken
|
||||
* IMPORTANT: The token string can not contain the substring "]]>"
|
||||
* within it.
|
||||
*/
|
||||
public String getEncodedToken() throws Exception
|
||||
public String getEncodedToken () throws Exception
|
||||
{
|
||||
if (m_token != null)
|
||||
{
|
||||
@ -663,7 +683,7 @@ public class CasaIdentityToken implements IdentityToken
|
||||
/*
|
||||
* Returns a string containing our type of identity token provider.
|
||||
*/
|
||||
public String getProviderType() throws Exception
|
||||
public String getProviderType () throws Exception
|
||||
{
|
||||
// tbd - Change to a GUID
|
||||
return "CasaIdentityToken";
|
||||
@ -672,7 +692,7 @@ public class CasaIdentityToken implements IdentityToken
|
||||
/*
|
||||
* Returns a string containing the identity id.
|
||||
*/
|
||||
public String getIdentityId() throws Exception
|
||||
public String getIdentityId () throws Exception
|
||||
{
|
||||
if (m_identityId != null)
|
||||
return m_identityId;
|
||||
@ -687,7 +707,7 @@ public class CasaIdentityToken implements IdentityToken
|
||||
* Returns a string containing the name associated with the
|
||||
* identity source.
|
||||
*/
|
||||
public String getSourceName() throws Exception
|
||||
public String getSourceName () throws Exception
|
||||
{
|
||||
if (m_sourceName != null)
|
||||
return m_sourceName;
|
||||
@ -702,7 +722,7 @@ public class CasaIdentityToken implements IdentityToken
|
||||
* Returns a string containing the url associated with the
|
||||
* identity source.
|
||||
*/
|
||||
public String getSourceUrl() throws Exception
|
||||
public String getSourceUrl () throws Exception
|
||||
{
|
||||
if (m_sourceUrl != null)
|
||||
return m_sourceUrl;
|
||||
@ -716,7 +736,7 @@ public class CasaIdentityToken implements IdentityToken
|
||||
/*
|
||||
* Returns a string containing the name of the targeted service.
|
||||
*/
|
||||
public String getTargetService() throws Exception
|
||||
public String getTargetService () throws Exception
|
||||
{
|
||||
if (m_service != null)
|
||||
return m_service;
|
||||
@ -731,7 +751,7 @@ public class CasaIdentityToken implements IdentityToken
|
||||
* Returns a string containig the name of the host where the
|
||||
* targeted service resides.
|
||||
*/
|
||||
public String getTargetHost() throws Exception
|
||||
public String getTargetHost () throws Exception
|
||||
{
|
||||
if (m_host != null)
|
||||
return m_host;
|
||||
@ -745,7 +765,7 @@ public class CasaIdentityToken implements IdentityToken
|
||||
/*
|
||||
* Returns the attributes of the identity.
|
||||
*/
|
||||
public javax.naming.directory.Attributes getAttributes() throws Exception
|
||||
public javax.naming.directory.Attributes getAttributes () throws Exception
|
||||
{
|
||||
if (m_attributes != null)
|
||||
return m_attributes;
|
||||
|
@ -54,8 +54,8 @@ public class SvcConfig
|
||||
public final static String AppRootPath = "AppRootPath";
|
||||
|
||||
// Default configuration values
|
||||
private String m_defaultSessionTokenLifetimeValue = "360"; // Seconds
|
||||
private String m_defaultLifetimeShorterValue = "5"; // Seconds
|
||||
private String m_defaultSessionTokenLifetimeValue = "43200"; // Seconds
|
||||
private String m_defaultLifetimeShorterValue = "5"; // Seconds
|
||||
|
||||
private static final String m_svcSettingsFileName = "svc.settings";
|
||||
private Map m_svcSettingsMap;
|
||||
|
6
auth_token/server/AuthTokenSvc/svc.settings
Normal file
6
auth_token/server/AuthTokenSvc/svc.settings
Normal file
@ -0,0 +1,6 @@
|
||||
<?xml version="1.0" encoding="ISO-8859-1"?>
|
||||
<settings>
|
||||
<IAConfigFile>Replace with path to the Identity Abstraction Realms Configuration File.</IAConfigFile>
|
||||
<startSearchContext>Replace with the Context from where to start searches, do not specify to start at the root.</startSearchContext>
|
||||
<SessionTokenLifetime>43200</SessionTokenLifetime>
|
||||
</settings>
|
@ -4,6 +4,7 @@
|
||||
CasaAuthTokenSvc</display-name>
|
||||
<servlet>
|
||||
<description>
|
||||
The CasaAuthTokenSvc provides authentication tokens.
|
||||
</description>
|
||||
<display-name>
|
||||
Rpc</display-name>
|
Loading…
Reference in New Issue
Block a user