Changes accomplish the following:

- Allow for binary identity attributes.
 - Simplify configuration of the svc.
This commit is contained in:
Juan Carlos Luciani 2006-05-31 15:24:01 +00:00
parent 47d8264272
commit b1966cac5f
9 changed files with 99 additions and 61 deletions

View File

@ -96,7 +96,10 @@ $(BUILDDIR)/%.class: %.java
$(BUILDDIR)/$(WEBAPP): $(BUILDDIR) $(CLASSES)
@echo [======== Creating Webapp $@ ========]
cp src/com/novell/casa/authtoksvc/web.xml $(BUILDDIR)/webapp/WEB-INF/web.xml
cp web.xml $(BUILDDIR)/webapp/WEB-INF/web.xml
cp svc.settings $(BUILDDIR)/webapp/WEB-INF/conf/svc.settings
cp authtoken.settings $(BUILDDIR)/webapp/WEB-INF/conf/authtoken.settings
cp identoken.settings $(BUILDDIR)/webapp/WEB-INF/conf/identoken.settings
cp src/com/novell/casa/authtoksvc/Krb5_mechanism.settings $(BUILDDIR)/webapp/WEB-INF/conf/installed_auth_mechanisms/Krb5Authenticate/mechanism.settings
cp src/com/novell/casa/authtoksvc/Pwd_mechanism.settings $(BUILDDIR)/webapp/WEB-INF/conf/installed_auth_mechanisms/PwdAuthenticate/mechanism.settings
cp $(IDENT_ABSTRACTION_DIR)/*.jar $(BUILDDIR)/webapp/WEB-INF/lib/

View File

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
<settings>
<TokenLifetime>3600</TokenLifetime>
</settings>

View File

@ -0,0 +1,6 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
<settings>
<EncryptAttributes>false</EncryptAttributes>
<Attributes>sn</Attributes>
</settings>

View File

@ -46,7 +46,7 @@ public class AuthTokenConfig
public final static String IdentityTokenType = "IdentityTokenType";
// Default configuration values
private String m_defaultTokenLifetimeValue = "360"; // Seconds
private String m_defaultTokenLifetimeValue = "3600"; // Seconds
private String m_defaultLifetimeShorterValue = "5"; // Seconds
private String m_defaultIdentityTokenTypeValue = "CasaIdentityToken";

View File

@ -45,8 +45,6 @@ import java.net.URLClassLoader;
*/
public class Authenticate implements RpcMethod
{
private static final String sessionTokenLifetime = "360"; // tbd - Obtain from configuration
private static final String m_mechanismSettingsFileName = "mechanism.settings";
private Map m_authMechanismMap;

View File

@ -121,7 +121,8 @@ public class CasaIdentityToken implements IdentityToken
private final static int AWAITING_ATTRIBUTE_START = 18;
private final static int AWAITING_ATTRIBUTE_END = 19;
private final static int AWAITING_ATTRIBUTE_DATA = 20;
private final static int DONE_PARSING = 21;
private final static int AWAITING_BINARY_ATTRIBUTE_DATA = 21;
private final static int DONE_PARSING = 22;
private CasaIdentityToken m_casaIdentToken;
private int m_state;
@ -266,8 +267,19 @@ public class CasaIdentityToken implements IdentityToken
// Save the element name as the current attribute
m_currAttribute = qName;
// Advance to the next state
// Advance to the next state based on the attribute type
String attrType = atts.getValue("type");
if (attrType != null && attrType.equals("binary"))
{
// We are dealing with a binary attribute. We are going to
// assume that binary attributes are always base64 encoded.
m_state = AWAITING_BINARY_ATTRIBUTE_DATA;
}
else
{
// Assume we are dealing with an attribute of type string
m_state = AWAITING_ATTRIBUTE_DATA;
}
break;
default:
@ -459,7 +471,6 @@ public class CasaIdentityToken implements IdentityToken
{
// tbd - Decrypt the attribute key and value with the private key of the service
// using the configured mechanism.
m_casaIdentToken.m_attributes.put(m_currAttribute, new String(ch, start, length));
}
else
{
@ -470,6 +481,30 @@ public class CasaIdentityToken implements IdentityToken
m_state = AWAITING_ATTRIBUTE_END;
break;
case AWAITING_BINARY_ATTRIBUTE_DATA:
// Consume the data
//
// Decrypt the attribute data if necessary
if (m_encryptedAttrs)
{
// tbd - Decrypt the attribute key and value with the private key of the service
// using the configured mechanism.
}
else
{
// The data is base64 encoded
System.err.println("CasaIdentityToken SAXHandler.characters()- encodedChars = " + length);
char[] encodedChars = new char[length];
System.arraycopy(ch, start, encodedChars, 0, length);
System.err.println("CasaIdentityToken SAXHandler.characters()- encodedChars copied to new array");
m_casaIdentToken.m_attributes.put(m_currAttribute, Base64Coder.decode(encodedChars));
System.err.println("CasaIdentityToken SAXHandler.characters()- encodedChars decoded");
}
// Advance to the next state
m_state = AWAITING_ATTRIBUTE_END;
break;
default:
// Do nothing
break;
@ -517,12 +552,11 @@ public class CasaIdentityToken implements IdentityToken
try
{
// tbd - Read parameters from configuration and leverage Higgins.
//
// Open a directory context and use it to read the identity attributes.
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "org.bandit.ia.IAInitialCtxFactory");
env.put(IAContext.IA_REALM_CONFIG_LOCATION, svcConfig.getSetting(SvcConfig.IdentityAbstractionConfigFile));
env.put("java.naming.ldap.attributes.binary", "guid");
env.put(IAContext.IA_REALM_SELECTOR, sourceName);
DirContext ctx = new InitialDirContext(env);
@ -552,45 +586,31 @@ public class CasaIdentityToken implements IdentityToken
NamingEnumeration enumeration = attr.getAll();
while (enumeration.hasMore())
{
String attrValue = null;
Object o = enumeration.next();
if (o == null)
{
System.err.println("CasaIdentityToken.initialize()- null");
}
if (o instanceof java.lang.String)
{
System.err.println("CasaIdentityToken.initialize()- Type string");
attrValue = (String) o;
}
else if (o instanceof java.lang.Byte)
{
System.err.println("CasaIdentityToken.initialize()- Type byte[]");
attrValue = ((byte[]) o).toString();
}
// Proceed if we were able to get the attribute value in String form
if (attrValue != null)
{
Object attrValue = enumeration.next();
m_attributes.put(attr.getID(), attrValue);
System.err.println("CasaIdentityToken.initialize()- Including attribute " + attr.getID() + " of value " + attrValue);
System.err.println("CasaIdentityToken.initialize()- Including attribute " + attr.getID());
// Encrypt the attribute if necessary
if (encryptAttributes == true)
{
// tbd - Encrypt the attributes using the services public key, let the mechanism
// be configurable. The services certificate should be Base64 encoded as a setting
// be configurable. The service's certificate should be Base64 encoded as a setting
// of the identoken.settings file.
sb.append("<" + attr.getID() + ">" + attrValue + "</" + attr.getID() + ">" + "\r\n");
}
else
{
sb.append("<" + attr.getID() + ">" + attrValue + "</" + attr.getID() + ">" + "\r\n");
}
// Proceed based on the attribute value type
if (attrValue instanceof byte[])
{
// The attribute value is of type byte[], we need to encode it.
sb.append("<" + attr.getID() + " type=\"binary\" encoding=\"base64\">" + new String(Base64Coder.encode((byte[]) attrValue)) + "</" + attr.getID() + ">" + "\r\n");
System.err.println("Attribute " + attr.getID() + "included as " + new String(Base64Coder.encode((byte[]) attrValue)));
}
else
{
System.err.println("CasaIdentityToken.initialize()- Unrecognized object type for attribute " + attr.getID());
// Assume the attribute value is of type String
sb.append("<" + attr.getID() + ">" + (String) attrValue + "</" + attr.getID() + ">" + "\r\n");
}
}
}
}

View File

@ -54,7 +54,7 @@ public class SvcConfig
public final static String AppRootPath = "AppRootPath";
// Default configuration values
private String m_defaultSessionTokenLifetimeValue = "360"; // Seconds
private String m_defaultSessionTokenLifetimeValue = "43200"; // Seconds
private String m_defaultLifetimeShorterValue = "5"; // Seconds
private static final String m_svcSettingsFileName = "svc.settings";

View File

@ -0,0 +1,6 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
<settings>
<IAConfigFile>Replace with path to the Identity Abstraction Realms Configuration File.</IAConfigFile>
<startSearchContext>Replace with the Context from where to start searches, do not specify to start at the root.</startSearchContext>
<SessionTokenLifetime>43200</SessionTokenLifetime>
</settings>

View File

@ -4,6 +4,7 @@
CasaAuthTokenSvc</display-name>
<servlet>
<description>
The CasaAuthTokenSvc provides authentication tokens.
</description>
<display-name>
Rpc</display-name>