From 06225de1291ab06417a425dddfaa1be43970d133 Mon Sep 17 00:00:00 2001 From: Juan Carlos Luciani Date: Tue, 13 Feb 2007 23:54:27 +0000 Subject: [PATCH] Made changes to deal with Greg's recommendations as a result of his code review. Fixed the problem that was preventing us from associating a PID file with the ATS service. Stopped deleting the "casaatsd" user during RPM un-install to avoid problems with orphaned files. Added code to protect against zero length passwords in the Pwd authentication mechanism. --- .../com/novell/casa/jaas/CasaLoginModule.java | 8 +- .../novell/casa/jaas/sample/SampleApp.java | 2 +- CASA-auth-token/server-java/Svc/linux/envvars | 2 +- .../server-java/Svc/linux/envvars.zen | 2 +- .../casa/authtoksvc/AuthMechConfig.java | 2 +- .../novell/casa/authtoksvc/AuthMechanism.java | 9 +- .../casa/authtoksvc/AuthPolicyEditor.java | 52 ++-- .../novell/casa/authtoksvc/AuthReqMsg.java | 16 +- .../casa/authtoksvc/AuthTokenConfig.java | 6 +- .../authtoksvc/AuthTokenSettingsEditor.java | 24 +- .../novell/casa/authtoksvc/Authenticate.java | 10 +- .../casa/authtoksvc/CasaIdentityToken.java | 34 +-- .../casa/authtoksvc/EnabledSvcsConfig.java | 5 +- .../casa/authtoksvc/GetAuthPolicyReqMsg.java | 12 +- .../casa/authtoksvc/GetAuthTokReqMsg.java | 16 +- .../casa/authtoksvc/IdenTokenConfig.java | 2 +- .../authtoksvc/IdenTokenSettingsEditor.java | 20 +- .../casa/authtoksvc/Krb5Authenticate.java | 6 +- .../casa/authtoksvc/PwdAuthenticate.java | 15 +- .../novell/casa/authtoksvc/RealmsInfo.java | 14 +- .../src/com/novell/casa/authtoksvc/Rpc.java | 4 +- .../authtoksvc/SettingsFileSAXHandler.java | 4 +- .../casa/authtoksvc/SettingsFileUtil.java | 13 +- .../com/novell/casa/authtoksvc/SvcConfig.java | 12 +- .../casa/authtoksvc/SvcSettingsEditor.java | 36 +-- .../Svc/tomcat5/conf/linux/server-ibm.xml | 222 +----------------- .../Svc/tomcat5/conf/linux/server-sun.xml | 222 +----------------- .../package/linux/CASA_auth_token_svc.changes | 15 ++ .../package/linux/CASA_auth_token_svc.spec.in | 2 +- .../linux/CASA_auth_token_svc_4zen.spec.in | 5 +- 30 files changed, 194 insertions(+), 598 deletions(-) diff --git a/CASA-auth-token/server-java/Jaas/src/com/novell/casa/jaas/CasaLoginModule.java b/CASA-auth-token/server-java/Jaas/src/com/novell/casa/jaas/CasaLoginModule.java index f2d61bb8..2a51d223 100644 --- a/CASA-auth-token/server-java/Jaas/src/com/novell/casa/jaas/CasaLoginModule.java +++ b/CASA-auth-token/server-java/Jaas/src/com/novell/casa/jaas/CasaLoginModule.java @@ -126,10 +126,10 @@ public final class CasaLoginModule implements LoginModule // Do not perform the username check unless configured to do it. boolean performUsernameCheck = false; if (m_options != null - && m_options.containsKey("PerformUsernameCheck") == true) + && m_options.containsKey("PerformUsernameCheck")) { String keyVal = (String) m_options.get("PerformUsernameCheck"); - if (keyVal != null && keyVal.equals("true")) + if (keyVal != null && keyVal.equalsIgnoreCase("true")) performUsernameCheck = true; } @@ -163,14 +163,14 @@ public final class CasaLoginModule implements LoginModule { // Save the retrieved username in the shared state and then check it. m_sharedState.put("javax.security.auth.login.name", username); - if (username.equals(casaUsername) == false) + if (username.equalsIgnoreCase(casaUsername) == false) return false; } } else { // Check the username - if (username.equals(casaUsername) == false) + if (username.equalsIgnoreCase(casaUsername) == false) return false; } } diff --git a/CASA-auth-token/server-java/Jaas/src/com/novell/casa/jaas/sample/SampleApp.java b/CASA-auth-token/server-java/Jaas/src/com/novell/casa/jaas/sample/SampleApp.java index f2292cce..9d9215c4 100644 --- a/CASA-auth-token/server-java/Jaas/src/com/novell/casa/jaas/sample/SampleApp.java +++ b/CASA-auth-token/server-java/Jaas/src/com/novell/casa/jaas/sample/SampleApp.java @@ -103,7 +103,7 @@ public final class SampleApp System.out.println(); System.out.println("Authenticated Identity Information"); System.out.println(); - while (principalIter.hasNext() == true) + while (principalIter.hasNext()) { CasaPrincipal principal = (CasaPrincipal) principalIter.next(); diff --git a/CASA-auth-token/server-java/Svc/linux/envvars b/CASA-auth-token/server-java/Svc/linux/envvars index 58769221..81d47f6a 100644 --- a/CASA-auth-token/server-java/Svc/linux/envvars +++ b/CASA-auth-token/server-java/Svc/linux/envvars @@ -19,5 +19,5 @@ CATALINA_BASE="/srv/www/casaats" CATALINA_HOME="/usr/share/tomcat5" CATALINA_PID="/var/lib/CASA/authtoken/svc/casaatsd.pid" JAVA_OPTS="-Dcom.novell.casa.authtoksvc.config=/etc/CASA/authtoken/svc" -export CATALINA_BASE CATALINA_HOME JAVA_HOME JAVA_OPTS +export CATALINA_BASE CATALINA_HOME CATALINA_PID JAVA_HOME JAVA_OPTS diff --git a/CASA-auth-token/server-java/Svc/linux/envvars.zen b/CASA-auth-token/server-java/Svc/linux/envvars.zen index e938a707..f811d233 100644 --- a/CASA-auth-token/server-java/Svc/linux/envvars.zen +++ b/CASA-auth-token/server-java/Svc/linux/envvars.zen @@ -13,5 +13,5 @@ CATALINA_BASE="/srv/www/casaats" CATALINA_HOME="/opt/novell/zenworks/share/tomcat" CATALINA_PID="/var/lib/CASA/authtoken/svc/casaatsd.pid" JAVA_OPTS="-Dcom.novell.casa.authtoksvc.config=/etc/CASA/authtoken/svc" -export CATALINA_BASE CATALINA_HOME JAVA_HOME JAVA_OPTS +export CATALINA_BASE CATALINA_HOME CATALINA_PID JAVA_HOME JAVA_OPTS diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/AuthMechConfig.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/AuthMechConfig.java index 99fe05ee..4184b23c 100644 --- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/AuthMechConfig.java +++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/AuthMechConfig.java @@ -144,7 +144,7 @@ public final class AuthMechConfig // The setting is not in our map, check if it is one to // which we have defaults. - if (settingName.equals(Krb5ServicePrincipalName) == true) + if (settingName.equals(Krb5ServicePrincipalName)) { value = m_defaultKrb5ServicePrincipalNameValue; System.err.println("AuthMechConfig.getSetting()- Assigning default value " + value); diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/AuthMechanism.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/AuthMechanism.java index c007a58b..7e7d07df 100644 --- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/AuthMechanism.java +++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/AuthMechanism.java @@ -24,16 +24,17 @@ package com.novell.casa.authtoksvc; +import java.io.Serializable; + /** * AuthMechanism Interface. *

* This is the interface implemented by Authentication Mechanisms. *

- * Please note that Authentication Machanisms must also implement the - * Serializable interface. - * + * Note: AuthMechanism classes need to be serializable so that they + * can be re-loaded with the appropriate class loader. */ -public interface AuthMechanism +public interface AuthMechanism extends Serializable { /** * Initialize the authentication mechanism. diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/AuthPolicyEditor.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/AuthPolicyEditor.java index 7a6f7ad2..4508b617 100644 --- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/AuthPolicyEditor.java +++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/AuthPolicyEditor.java @@ -83,9 +83,9 @@ public final class AuthPolicyEditor { String formalName; - if (mechName.compareToIgnoreCase(Krb5Mechanism) == 0) + if (mechName.equalsIgnoreCase(Krb5Mechanism)) formalName = Krb5Mechanism; - else if (mechName.compareToIgnoreCase(PwdMechanism) == 0) + else if (mechName.equalsIgnoreCase(PwdMechanism)) formalName = PwdMechanism; else formalName = mechName; @@ -279,7 +279,7 @@ public final class AuthPolicyEditor { next_auth_source_node = auth_source_node.getNextSibling(); if (auth_source_node.getNodeType() == Node.ELEMENT_NODE - && auth_source_node.getLocalName().compareToIgnoreCase("auth_source") == 0) + && auth_source_node.getLocalName().equalsIgnoreCase("auth_source")) { System.out.println("Auth_Source: "); @@ -291,15 +291,15 @@ public final class AuthPolicyEditor next = child.getNextSibling(); if (child.getNodeType() == Node.ELEMENT_NODE) { - if (child.getLocalName().compareToIgnoreCase("realm") == 0) + if (child.getLocalName().equalsIgnoreCase("realm")) { System.out.println(" Identity source: " + child.getTextContent()); } - else if (child.getLocalName().compareToIgnoreCase("mechanism") == 0) + else if (child.getLocalName().equalsIgnoreCase("mechanism")) { System.out.println(" Authentication Mechanism: " + child.getTextContent()); } - else if (child.getLocalName().compareToIgnoreCase("mechanism_info") == 0) + else if (child.getLocalName().equalsIgnoreCase("mechanism_info")) { System.out.println(" Authentication Mechanism Info: " + child.getTextContent()); } @@ -334,7 +334,7 @@ public final class AuthPolicyEditor { File f = new File(filePath); boolean createStatus = f.createNewFile(); - if (createStatus == true) + if (createStatus) { out = new FileOutputStream(f); OutputFormat format = new OutputFormat(doc); @@ -535,7 +535,7 @@ public final class AuthPolicyEditor { next_auth_source_node = curr_auth_source_node.getNextSibling(); if (curr_auth_source_node.getNodeType() == Node.ELEMENT_NODE - && curr_auth_source_node.getLocalName().compareToIgnoreCase("auth_source") == 0) + && curr_auth_source_node.getLocalName().equalsIgnoreCase("auth_source")) { // We are dealing with an auth_source, check if this is the // reference entry. @@ -549,16 +549,16 @@ public final class AuthPolicyEditor next = child.getNextSibling(); if (child.getNodeType() == Node.ELEMENT_NODE) { - if (child.getLocalName().compareToIgnoreCase(RealmElementName) == 0) + if (child.getLocalName().equalsIgnoreCase(RealmElementName)) { // Compare the realm name - if (child.getTextContent().compareToIgnoreCase(refEntryComponents[0]) == 0) + if (child.getTextContent().equalsIgnoreCase(refEntryComponents[0])) realmMatch = true; } - else if (child.getLocalName().compareToIgnoreCase(MechanismElementName) == 0) + else if (child.getLocalName().equalsIgnoreCase(MechanismElementName)) { // Compare the realm name - if (child.getTextContent().compareToIgnoreCase(mechFormalName(refEntryComponents[1])) == 0) + if (child.getTextContent().equalsIgnoreCase(mechFormalName(refEntryComponents[1]))) mechanismMatch = true; } } @@ -644,7 +644,7 @@ public final class AuthPolicyEditor { next_auth_source_node = auth_source_node.getNextSibling(); if (auth_source_node.getNodeType() == Node.ELEMENT_NODE - && auth_source_node.getLocalName().compareToIgnoreCase("auth_source") == 0) + && auth_source_node.getLocalName().equalsIgnoreCase("auth_source")) { // We are dealing with an auth_source, check if this is the entry // that must be removed. @@ -658,16 +658,16 @@ public final class AuthPolicyEditor next = child.getNextSibling(); if (child.getNodeType() == Node.ELEMENT_NODE) { - if (child.getLocalName().compareToIgnoreCase(RealmElementName) == 0) + if (child.getLocalName().equalsIgnoreCase(RealmElementName)) { // Compare the realm name - if (child.getTextContent().compareToIgnoreCase(entryComponents[0]) == 0) + if (child.getTextContent().equalsIgnoreCase(entryComponents[0])) realmMatch = true; } - else if (child.getLocalName().compareToIgnoreCase(MechanismElementName) == 0) + else if (child.getLocalName().equalsIgnoreCase(MechanismElementName)) { // Compare the realm name - if (child.getTextContent().compareToIgnoreCase(mechFormalName(entryComponents[1])) == 0) + if (child.getTextContent().equalsIgnoreCase(mechFormalName(entryComponents[1]))) mechanismMatch = true; } } @@ -713,7 +713,7 @@ public final class AuthPolicyEditor for (int i = 0; i < args.length; i++) { // Proceed based on the command - if (args[i].compareToIgnoreCase("-list") == 0) + if (args[i].equalsIgnoreCase("-list")) { // List operation requested if (op == null) @@ -726,7 +726,7 @@ public final class AuthPolicyEditor break; } } - else if (args[i].compareToIgnoreCase("-create") == 0) + else if (args[i].equalsIgnoreCase("-create")) { // Create operation requested if (op == null) @@ -739,7 +739,7 @@ public final class AuthPolicyEditor break; } } - else if (args[i].compareToIgnoreCase("-prepend") == 0) + else if (args[i].equalsIgnoreCase("-prepend")) { // Prepend operation requested if (op == null) @@ -752,7 +752,7 @@ public final class AuthPolicyEditor break; } } - else if (args[i].compareToIgnoreCase("-append") == 0) + else if (args[i].equalsIgnoreCase("-append")) { // Append operation requested if (op == null) @@ -765,7 +765,7 @@ public final class AuthPolicyEditor break; } } - else if (args[i].compareToIgnoreCase("-insert") == 0) + else if (args[i].equalsIgnoreCase("-insert")) { // Insert operation requested if (op == null) @@ -778,7 +778,7 @@ public final class AuthPolicyEditor break; } } - else if (args[i].compareToIgnoreCase("-remove") == 0) + else if (args[i].equalsIgnoreCase("-remove")) { // Remove operation requested if (op == null) @@ -791,7 +791,7 @@ public final class AuthPolicyEditor break; } } - else if (args[i].compareToIgnoreCase("-entry") == 0) + else if (args[i].equalsIgnoreCase("-entry")) { // The next argument should contain the entry information if (args.length > (i + 1)) @@ -805,7 +805,7 @@ public final class AuthPolicyEditor break; } } - else if (args[i].compareToIgnoreCase("-refentry") == 0) + else if (args[i].equalsIgnoreCase("-refentry")) { // The next argument should contain the reference entry information if (args.length > (i + 1)) @@ -819,7 +819,7 @@ public final class AuthPolicyEditor break; } } - else if (args[i].compareToIgnoreCase("-file") == 0) + else if (args[i].equalsIgnoreCase("-file")) { // The next argument should contain the filepath if (args.length > (i + 1)) diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/AuthReqMsg.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/AuthReqMsg.java index f3bbcceb..f30bf2c8 100644 --- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/AuthReqMsg.java +++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/AuthReqMsg.java @@ -121,7 +121,7 @@ public final class AuthReqMsg { case AWAITING_ROOT_ELEMENT_START: // Verify that we are processing the expected tag - if (ProtoDefs.authRequestElementName.equals(qName)) + if (ProtoDefs.authRequestElementName.equalsIgnoreCase(qName)) { // Advance to the next state m_state = AWAITING_REALM_ELEMENT_START; @@ -135,7 +135,7 @@ public final class AuthReqMsg case AWAITING_REALM_ELEMENT_START: // Verify that we are processing the expected tag - if (ProtoDefs.realmElementName.equals(qName)) + if (ProtoDefs.realmElementName.equalsIgnoreCase(qName)) { // Advance to the next state m_state = AWAITING_REALM_DATA; @@ -149,7 +149,7 @@ public final class AuthReqMsg case AWAITING_MECH_ELEMENT_START: // Verify that we are processing the expected tag - if (ProtoDefs.mechanismElementName.equals(qName)) + if (ProtoDefs.mechanismElementName.equalsIgnoreCase(qName)) { // Advance to the next state m_state = AWAITING_MECH_DATA; @@ -163,7 +163,7 @@ public final class AuthReqMsg case AWAITING_AUTH_MECH_TOKEN_ELEMENT_START: // Verify that we are processing the expected tag - if (ProtoDefs.authMechTokenElementName.equals(qName)) + if (ProtoDefs.authMechTokenElementName.equalsIgnoreCase(qName)) { // Advance to the next state m_state = AWAITING_AUTH_MECH_TOKEN_DATA; @@ -196,7 +196,7 @@ public final class AuthReqMsg { case AWAITING_ROOT_ELEMENT_END: // Verify that we are processing the expected tag - if (ProtoDefs.authRequestElementName.equals(qName)) + if (ProtoDefs.authRequestElementName.equalsIgnoreCase(qName)) { // Advance to the next state m_state = DONE_PARSING; @@ -210,7 +210,7 @@ public final class AuthReqMsg case AWAITING_REALM_ELEMENT_END: // Verify that we are processing the expected tag - if (ProtoDefs.realmElementName.equals(qName)) + if (ProtoDefs.realmElementName.equalsIgnoreCase(qName)) { // Advance to the next state m_state = AWAITING_MECH_ELEMENT_START; @@ -224,7 +224,7 @@ public final class AuthReqMsg case AWAITING_MECH_ELEMENT_END: // Verify that we are processing the expected tag - if (ProtoDefs.mechanismElementName.equals(qName)) + if (ProtoDefs.mechanismElementName.equalsIgnoreCase(qName)) { // Advance to the next state m_state = AWAITING_AUTH_MECH_TOKEN_ELEMENT_START; @@ -238,7 +238,7 @@ public final class AuthReqMsg case AWAITING_AUTH_MECH_TOKEN_ELEMENT_END: // Verify that we are processing the expected tag - if (ProtoDefs.authMechTokenElementName.equals(qName)) + if (ProtoDefs.authMechTokenElementName.equalsIgnoreCase(qName)) { // Advance to the next state m_state = AWAITING_ROOT_ELEMENT_END; diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/AuthTokenConfig.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/AuthTokenConfig.java index 01dfcd68..9e03e75b 100644 --- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/AuthTokenConfig.java +++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/AuthTokenConfig.java @@ -213,7 +213,7 @@ public final class AuthTokenConfig // The setting is not in our map, check if it is one to // which we have defaults. - if (settingName.equals(TokenLifetime) == true) + if (settingName.equalsIgnoreCase(TokenLifetime)) { value = m_defaultTokenLifetimeValue; System.err.println("AuthTokenConfig.getSetting()- Assigning default value " + value); @@ -221,7 +221,7 @@ public final class AuthTokenConfig // Add the key to the map so that it can be found quicker next time m_tokenSettingsMap.put(TokenLifetime, m_defaultTokenLifetimeValue); } - else if (settingName.equals(LifetimeShorter) == true) + else if (settingName.equalsIgnoreCase(LifetimeShorter)) { value = m_defaultLifetimeShorterValue; System.err.println("AuthTokenConfig.getSetting()- Assigning default value " + value); @@ -229,7 +229,7 @@ public final class AuthTokenConfig // Add the key to the map so that it can be found quicker next time m_tokenSettingsMap.put(LifetimeShorter, m_defaultLifetimeShorterValue); } - else if (settingName.equals(IdentityTokenType) == true) + else if (settingName.equalsIgnoreCase(IdentityTokenType)) { value = m_defaultLifetimeShorterValue; System.err.println("AuthTokenConfig.getSetting()- Assigning default value " + value); diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/AuthTokenSettingsEditor.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/AuthTokenSettingsEditor.java index 068012a8..ab80b211 100644 --- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/AuthTokenSettingsEditor.java +++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/AuthTokenSettingsEditor.java @@ -63,11 +63,11 @@ public final class AuthTokenSettingsEditor implements IVerifySetting { boolean result = false; - if (setting.compareToIgnoreCase(AuthTokenConfig.TokenLifetime) == 0) + if (setting.equalsIgnoreCase(AuthTokenConfig.TokenLifetime)) result = true; - else if (setting.compareToIgnoreCase(AuthTokenConfig.LifetimeShorter) == 0) + else if (setting.equalsIgnoreCase(AuthTokenConfig.LifetimeShorter)) result = true; - else if (setting.compareToIgnoreCase(AuthTokenConfig.IdentityTokenType) == 0) + else if (setting.equalsIgnoreCase(AuthTokenConfig.IdentityTokenType)) result = true; else System.out.println("Invalid setting specified"); @@ -88,7 +88,7 @@ public final class AuthTokenSettingsEditor implements IVerifySetting { String validSetting = null; - if (setting.compareToIgnoreCase(AuthTokenConfig.TokenLifetime) == 0) + if (setting.equalsIgnoreCase(AuthTokenConfig.TokenLifetime)) { // Verify that we are dealing with a numeric value try @@ -103,7 +103,7 @@ public final class AuthTokenSettingsEditor implements IVerifySetting System.out.println("Invalid setting value specified"); } } - else if (setting.compareToIgnoreCase(AuthTokenConfig.LifetimeShorter) == 0) + else if (setting.equalsIgnoreCase(AuthTokenConfig.LifetimeShorter)) { // Verify that we are dealing with a numeric value try @@ -118,7 +118,7 @@ public final class AuthTokenSettingsEditor implements IVerifySetting System.out.println("Invalid setting value specified"); } } - else if (setting.compareToIgnoreCase(AuthTokenConfig.IdentityTokenType) == 0) + else if (setting.equalsIgnoreCase(AuthTokenConfig.IdentityTokenType)) { // Always succeed validSetting = AuthTokenConfig.IdentityTokenType; @@ -148,7 +148,7 @@ public final class AuthTokenSettingsEditor implements IVerifySetting for (int i = 0; i < args.length; i++) { // Proceed based on the command - if (args[i].compareToIgnoreCase("-file") == 0) + if (args[i].equalsIgnoreCase("-file")) { // The next argument should contain the filepath if (args.length > (i + 1)) @@ -162,7 +162,7 @@ public final class AuthTokenSettingsEditor implements IVerifySetting break; } } - else if (args[i].compareToIgnoreCase("-list") == 0) + else if (args[i].equalsIgnoreCase("-list")) { // List operation requested if (op == null) @@ -175,7 +175,7 @@ public final class AuthTokenSettingsEditor implements IVerifySetting break; } } - else if (args[i].compareToIgnoreCase("-create") == 0) + else if (args[i].equalsIgnoreCase("-create")) { // List operation requested if (op == null) @@ -188,7 +188,7 @@ public final class AuthTokenSettingsEditor implements IVerifySetting break; } } - else if (args[i].compareToIgnoreCase("-get") == 0) + else if (args[i].equalsIgnoreCase("-get")) { // Get setting operation requested if (op == null) @@ -213,7 +213,7 @@ public final class AuthTokenSettingsEditor implements IVerifySetting break; } } - else if (args[i].compareToIgnoreCase("-set") == 0) + else if (args[i].equalsIgnoreCase("-set")) { // Set setting operation requested if (op == null) @@ -240,7 +240,7 @@ public final class AuthTokenSettingsEditor implements IVerifySetting break; } } - else if (args[i].compareToIgnoreCase("-remove") == 0) + else if (args[i].equalsIgnoreCase("-remove")) { // Remove setting operation requested if (op == null) diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Authenticate.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Authenticate.java index 87dd5486..1b2dd216 100644 --- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Authenticate.java +++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Authenticate.java @@ -95,7 +95,7 @@ public final class Authenticate implements RpcMethod File mechanismFolder = new File(mechanismsConfigFolder, mechanismsConfigFolderObjs[i]); try { - if (mechanismFolder.isDirectory() == true) + if (mechanismFolder.isDirectory()) { System.err.println("Authenticate.init()- Mechanism folder " + mechanismFolder + " is directory"); @@ -389,7 +389,15 @@ public final class Authenticate implements RpcMethod // Make sure to invoke the cleanup method on the AuthReqMsg to // deal with security sensitive data. if (authReqMsg != null) + { authReqMsg.cleanup(); + + // Forget about the AuthReqMsg + authReqMsg = null; + } + + // Invoke the garbage collector to flush sensitive data + System.gc(); } } diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/CasaIdentityToken.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/CasaIdentityToken.java index 15bba38c..97a4fbd0 100644 --- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/CasaIdentityToken.java +++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/CasaIdentityToken.java @@ -176,7 +176,7 @@ public final class CasaIdentityToken implements IdentityToken case AWAITING_ROOT_ELEMENT_START: // Verify that we are processing the expected tag - if (casaIdentTokElementName.equals(qName)) + if (casaIdentTokElementName.equalsIgnoreCase(qName)) { // Advance to the next state m_state = AWAITING_ID_ELEMENT_START; @@ -190,7 +190,7 @@ public final class CasaIdentityToken implements IdentityToken case AWAITING_ID_ELEMENT_START: // Verify that we are processing the expected tag - if (idElementName.equals(qName)) + if (idElementName.equalsIgnoreCase(qName)) { // Advance to the next state m_state = AWAITING_ID_DATA; @@ -204,7 +204,7 @@ public final class CasaIdentityToken implements IdentityToken case AWAITING_SOURCE_NAME_ELEMENT_START: // Verify that we are processing the expected tag - if (sourceNameElementName.equals(qName)) + if (sourceNameElementName.equalsIgnoreCase(qName)) { // Advance to the next state m_state = AWAITING_SOURCE_NAME_DATA; @@ -219,7 +219,7 @@ public final class CasaIdentityToken implements IdentityToken case AWAITING_SOURCE_URL_ELEMENT_START: // Verify that we are processing the expected tag - if (sourceUrlElementName.equals(qName)) + if (sourceUrlElementName.equalsIgnoreCase(qName)) { // Advance to the next state m_state = AWAITING_SOURCE_URL_DATA; @@ -233,7 +233,7 @@ public final class CasaIdentityToken implements IdentityToken case AWAITING_TARGET_SERVICE_ELEMENT_START: // Verify that we are processing the expected tag - if (targetServiceElementName.equals(qName)) + if (targetServiceElementName.equalsIgnoreCase(qName)) { // Advance to the next state m_state = AWAITING_TARGET_SERVICE_DATA; @@ -247,7 +247,7 @@ public final class CasaIdentityToken implements IdentityToken case AWAITING_TARGET_HOST_ELEMENT_START: // Verify that we are processing the expected tag - if (targetHostElementName.equals(qName)) + if (targetHostElementName.equalsIgnoreCase(qName)) { // Advance to the next state m_state = AWAITING_TARGET_HOST_DATA; @@ -261,7 +261,7 @@ public final class CasaIdentityToken implements IdentityToken case AWAITING_ATTRIBUTES_ELEMENT_START: // Verify that we are processing the expected tag - if (attributesElementName.equals(qName)) + if (attributesElementName.equalsIgnoreCase(qName)) { // Advance to the next state m_state = AWAITING_ATTRIBUTE_START; @@ -279,7 +279,7 @@ public final class CasaIdentityToken implements IdentityToken // Advance to the next state based on the attribute type String attrType = atts.getValue("type"); - if (attrType != null && attrType.equals("binary")) + if (attrType != null && attrType.equalsIgnoreCase("binary")) { // We are dealing with a binary attribute. We are going to // assume that binary attributes are always base64 encoded. @@ -314,7 +314,7 @@ public final class CasaIdentityToken implements IdentityToken case AWAITING_ROOT_ELEMENT_END: // Verify that we are processing the expected tag - if (casaIdentTokElementName.equals(qName)) + if (casaIdentTokElementName.equalsIgnoreCase(qName)) { // Advance to the next state m_state = DONE_PARSING; @@ -328,7 +328,7 @@ public final class CasaIdentityToken implements IdentityToken case AWAITING_ID_ELEMENT_END: // Verify that we are processing the expected tag - if (idElementName.equals(qName)) + if (idElementName.equalsIgnoreCase(qName)) { // Advance to the next state m_state = AWAITING_SOURCE_NAME_ELEMENT_START; @@ -342,7 +342,7 @@ public final class CasaIdentityToken implements IdentityToken case AWAITING_SOURCE_NAME_ELEMENT_END: // Verify that we are processing the expected tag - if (sourceNameElementName.equals(qName)) + if (sourceNameElementName.equalsIgnoreCase(qName)) { // Advance to the next state m_state = AWAITING_SOURCE_URL_ELEMENT_START; @@ -356,7 +356,7 @@ public final class CasaIdentityToken implements IdentityToken case AWAITING_SOURCE_URL_ELEMENT_END: // Verify that we are processing the expected tag - if (sourceUrlElementName.equals(qName)) + if (sourceUrlElementName.equalsIgnoreCase(qName)) { // Advance to the next state m_state = AWAITING_TARGET_SERVICE_ELEMENT_START; @@ -370,7 +370,7 @@ public final class CasaIdentityToken implements IdentityToken case AWAITING_TARGET_SERVICE_ELEMENT_END: // Verify that we are processing the expected tag - if (targetServiceElementName.equals(qName)) + if (targetServiceElementName.equalsIgnoreCase(qName)) { // Advance to the next state m_state = AWAITING_TARGET_HOST_ELEMENT_START; @@ -384,7 +384,7 @@ public final class CasaIdentityToken implements IdentityToken case AWAITING_TARGET_HOST_ELEMENT_END: // Verify that we are processing the expected tag - if (targetHostElementName.equals(qName)) + if (targetHostElementName.equalsIgnoreCase(qName)) { // Advance to the next state m_state = AWAITING_ATTRIBUTES_ELEMENT_START; @@ -437,7 +437,7 @@ public final class CasaIdentityToken implements IdentityToken case AWAITING_ATTRIBUTE_START: // Verify that we are processing the expected tag - if (attributesElementName.equals(qName)) + if (attributesElementName.equalsIgnoreCase(qName)) { // Advance to the next state m_state = AWAITING_ROOT_ELEMENT_END; @@ -728,7 +728,7 @@ public final class CasaIdentityToken implements IdentityToken // Get the necessary attributes of the specified services in the identity token String[] attributesNeeded = m_idenTokenConfig.getAttributes(); - boolean encryptAttributes = "true".equals(m_idenTokenConfig.getSetting(IdenTokenConfig.EncryptAttributes)); + boolean encryptAttributes = "true".equalsIgnoreCase(m_idenTokenConfig.getSetting(IdenTokenConfig.EncryptAttributes)); Attributes attrs = ctx.getAttributes(identityId, attributesNeeded); // Now append the attributes to the token @@ -744,7 +744,7 @@ public final class CasaIdentityToken implements IdentityToken System.err.println("CasaIdentityToken.initialize()- Including attribute " + attr.getID()); // Encrypt the attribute if necessary - if (encryptAttributes == true) + if (encryptAttributes) { // tbd - Encrypt the attributes using the services public key, let the mechanism // be configurable. The service's certificate should be Base64 encoded as a setting diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/EnabledSvcsConfig.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/EnabledSvcsConfig.java index b6031843..55a1ce0f 100644 --- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/EnabledSvcsConfig.java +++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/EnabledSvcsConfig.java @@ -34,7 +34,6 @@ import java.util.*; * the services enabled to use Authentication Tokens. * */ -@SuppressWarnings({"ALL"}) public final class EnabledSvcsConfig { private static final String m_authPolicyFileName = "auth.policy"; @@ -186,7 +185,7 @@ public final class EnabledSvcsConfig File hostFolder = new File(servicesConfigFolder, servicesConfigFolderObjs[i]); try { - if (hostFolder.isDirectory() == true) + if (hostFolder.isDirectory()) { System.err.println("EnabledSvcsConfig()- Host folder " + hostFolder + " is directory"); @@ -204,7 +203,7 @@ public final class EnabledSvcsConfig System.err.println("EnabledSvcsConfig()- Service folder " + serviceFolder); try { - if (serviceFolder.isDirectory() == true) + if (serviceFolder.isDirectory()) { System.err.println("EnabledSvcsConfig()- Service folder " + serviceFolder + " is directory"); diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/GetAuthPolicyReqMsg.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/GetAuthPolicyReqMsg.java index eaa6e072..2aefa836 100644 --- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/GetAuthPolicyReqMsg.java +++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/GetAuthPolicyReqMsg.java @@ -114,7 +114,7 @@ public final class GetAuthPolicyReqMsg { case AWAITING_ROOT_ELEMENT_START: // Verify that we are processing the expected tag - if (ProtoDefs.getAuthPolicyRequestElementName.equals(qName)) + if (ProtoDefs.getAuthPolicyRequestElementName.equalsIgnoreCase(qName)) { // Advance to the next state m_state = AWAITING_SERVICE_ELEMENT_START; @@ -128,7 +128,7 @@ public final class GetAuthPolicyReqMsg case AWAITING_SERVICE_ELEMENT_START: // Verify that we are processing the expected tag - if (ProtoDefs.serviceElementName.equals(qName)) + if (ProtoDefs.serviceElementName.equalsIgnoreCase(qName)) { // Advance to the next state m_state = AWAITING_SERVICE_DATA; @@ -142,7 +142,7 @@ public final class GetAuthPolicyReqMsg case AWAITING_HOST_ELEMENT_START: // Verify that we are processing the expected tag - if (ProtoDefs.hostElementName.equals(qName)) + if (ProtoDefs.hostElementName.equalsIgnoreCase(qName)) { // Advance to the next state m_state = AWAITING_HOST_DATA; @@ -176,7 +176,7 @@ public final class GetAuthPolicyReqMsg { case AWAITING_ROOT_ELEMENT_END: // Verify that we are processing the expected tag - if (ProtoDefs.getAuthPolicyRequestElementName.equals(qName)) + if (ProtoDefs.getAuthPolicyRequestElementName.equalsIgnoreCase(qName)) { // Advance to the next state m_state = DONE_PARSING; @@ -190,7 +190,7 @@ public final class GetAuthPolicyReqMsg case AWAITING_SERVICE_ELEMENT_END: // Verify that we are processing the expected tag - if (ProtoDefs.serviceElementName.equals(qName)) + if (ProtoDefs.serviceElementName.equalsIgnoreCase(qName)) { // Advance to the next state m_state = AWAITING_HOST_ELEMENT_START; @@ -204,7 +204,7 @@ public final class GetAuthPolicyReqMsg case AWAITING_HOST_ELEMENT_END: // Verify that we are processing the expected tag - if (ProtoDefs.hostElementName.equals(qName)) + if (ProtoDefs.hostElementName.equalsIgnoreCase(qName)) { // Advance to the next state m_state = AWAITING_ROOT_ELEMENT_END; diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/GetAuthTokReqMsg.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/GetAuthTokReqMsg.java index 1d38971f..b96736e3 100644 --- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/GetAuthTokReqMsg.java +++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/GetAuthTokReqMsg.java @@ -119,7 +119,7 @@ public final class GetAuthTokReqMsg { case AWAITING_ROOT_ELEMENT_START: // Verify that we are processing the expected tag - if (ProtoDefs.getAuthTokRequestElementName.equals(qName)) + if (ProtoDefs.getAuthTokRequestElementName.equalsIgnoreCase(qName)) { // Advance to the next state m_state = AWAITING_SERVICE_ELEMENT_START; @@ -133,7 +133,7 @@ public final class GetAuthTokReqMsg case AWAITING_SERVICE_ELEMENT_START: // Verify that we are processing the expected tag - if (ProtoDefs.serviceElementName.equals(qName)) + if (ProtoDefs.serviceElementName.equalsIgnoreCase(qName)) { // Advance to the next state m_state = AWAITING_SERVICE_DATA; @@ -147,7 +147,7 @@ public final class GetAuthTokReqMsg case AWAITING_HOST_ELEMENT_START: // Verify that we are processing the expected tag - if (ProtoDefs.hostElementName.equals(qName)) + if (ProtoDefs.hostElementName.equalsIgnoreCase(qName)) { // Advance to the next state m_state = AWAITING_HOST_DATA; @@ -162,7 +162,7 @@ public final class GetAuthTokReqMsg case AWAITING_SESSION_TOKEN_ELEMENT_START: // Verify that we are processing the expected tag - if (ProtoDefs.sessionTokenElementName.equals(qName)) + if (ProtoDefs.sessionTokenElementName.equalsIgnoreCase(qName)) { // Advance to the next state m_state = AWAITING_SESSION_TOKEN_DATA; @@ -195,7 +195,7 @@ public final class GetAuthTokReqMsg { case AWAITING_ROOT_ELEMENT_END: // Verify that we are processing the expected tag - if (ProtoDefs.getAuthTokRequestElementName.equals(qName)) + if (ProtoDefs.getAuthTokRequestElementName.equalsIgnoreCase(qName)) { // Advance to the next state m_state = DONE_PARSING; @@ -209,7 +209,7 @@ public final class GetAuthTokReqMsg case AWAITING_SERVICE_ELEMENT_END: // Verify that we are processing the expected tag - if (ProtoDefs.serviceElementName.equals(qName)) + if (ProtoDefs.serviceElementName.equalsIgnoreCase(qName)) { // Advance to the next state m_state = AWAITING_HOST_ELEMENT_START; @@ -223,7 +223,7 @@ public final class GetAuthTokReqMsg case AWAITING_HOST_ELEMENT_END: // Verify that we are processing the expected tag - if (ProtoDefs.hostElementName.equals(qName)) + if (ProtoDefs.hostElementName.equalsIgnoreCase(qName)) { // Advance to the next state m_state = AWAITING_SESSION_TOKEN_ELEMENT_START; @@ -237,7 +237,7 @@ public final class GetAuthTokReqMsg case AWAITING_SESSION_TOKEN_ELEMENT_END: // Verify that we are processing the expected tag - if (ProtoDefs.sessionTokenElementName.equals(qName)) + if (ProtoDefs.sessionTokenElementName.equalsIgnoreCase(qName)) { // Advance to the next state m_state = AWAITING_ROOT_ELEMENT_END; diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/IdenTokenConfig.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/IdenTokenConfig.java index 28285363..5c9028ac 100644 --- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/IdenTokenConfig.java +++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/IdenTokenConfig.java @@ -155,7 +155,7 @@ public final class IdenTokenConfig // The setting is not in our map, check if it is one to // which we have defaults. - if (settingName.equals(EncryptAttributes) == true) + if (settingName.equalsIgnoreCase(EncryptAttributes)) { value = m_defaultEncryptAttributesValue; System.err.println("AuthTokenConfig.getSetting()- Assigning default value " + value); diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/IdenTokenSettingsEditor.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/IdenTokenSettingsEditor.java index 18ba1aa3..d2741ef6 100644 --- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/IdenTokenSettingsEditor.java +++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/IdenTokenSettingsEditor.java @@ -62,9 +62,9 @@ public final class IdenTokenSettingsEditor implements IVerifySetting { boolean result = false; - if (setting.compareToIgnoreCase(IdenTokenConfig.EncryptAttributes) == 0) + if (setting.equalsIgnoreCase(IdenTokenConfig.EncryptAttributes)) result = true; - else if (setting.compareToIgnoreCase(IdenTokenConfig.Attributes) == 0) + else if (setting.equalsIgnoreCase(IdenTokenConfig.Attributes)) result = true; else System.out.println("Invalid setting specified"); @@ -85,12 +85,12 @@ public final class IdenTokenSettingsEditor implements IVerifySetting { String validSetting = null; - if (setting.compareToIgnoreCase(IdenTokenConfig.EncryptAttributes) == 0) + if (setting.equalsIgnoreCase(IdenTokenConfig.EncryptAttributes)) { // Always succeed validSetting = IdenTokenConfig.EncryptAttributes; } - else if (setting.compareToIgnoreCase(IdenTokenConfig.Attributes) == 0) + else if (setting.equalsIgnoreCase(IdenTokenConfig.Attributes)) { // Always succeed validSetting = IdenTokenConfig.Attributes; @@ -121,7 +121,7 @@ public final class IdenTokenSettingsEditor implements IVerifySetting for (int i = 0; i < args.length; i++) { // Proceed based on the command - if (args[i].compareToIgnoreCase("-file") == 0) + if (args[i].equalsIgnoreCase("-file")) { // The next argument should contain the filepath if (args.length > (i + 1)) @@ -135,7 +135,7 @@ public final class IdenTokenSettingsEditor implements IVerifySetting break; } } - else if (args[i].compareToIgnoreCase("-list") == 0) + else if (args[i].equalsIgnoreCase("-list")) { // List operation requested if (op == null) @@ -148,7 +148,7 @@ public final class IdenTokenSettingsEditor implements IVerifySetting break; } } - else if (args[i].compareToIgnoreCase("-create") == 0) + else if (args[i].equalsIgnoreCase("-create")) { // List operation requested if (op == null) @@ -161,7 +161,7 @@ public final class IdenTokenSettingsEditor implements IVerifySetting break; } } - else if (args[i].compareToIgnoreCase("-get") == 0) + else if (args[i].equalsIgnoreCase("-get")) { // Get setting operation requested if (op == null) @@ -186,7 +186,7 @@ public final class IdenTokenSettingsEditor implements IVerifySetting break; } } - else if (args[i].compareToIgnoreCase("-set") == 0) + else if (args[i].equalsIgnoreCase("-set")) { // Set setting operation requested if (op == null) @@ -213,7 +213,7 @@ public final class IdenTokenSettingsEditor implements IVerifySetting break; } } - else if (args[i].compareToIgnoreCase("-remove") == 0) + else if (args[i].equalsIgnoreCase("-remove")) { // Remove setting operation requested if (op == null) diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Krb5Authenticate.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Krb5Authenticate.java index fcbecb81..1fec4df4 100644 --- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Krb5Authenticate.java +++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Krb5Authenticate.java @@ -229,9 +229,9 @@ public final class Krb5Authenticate implements AuthMechanism, Serializable String realmType = m_svcConfig.m_realmsInfo.getType(authReqMsg.getRealm()); if (realmType != null) { - if (realmType.compareToIgnoreCase(RealmsInfo.eDirectoryRealm) == 0) + if (realmType.equalsIgnoreCase(RealmsInfo.eDirectoryRealm)) searchString = "(krbPrincipalName={0})"; - else if (realmType.compareToIgnoreCase(RealmsInfo.ActiveDirectoryRealm) == 0) + else if (realmType.equalsIgnoreCase(RealmsInfo.ActiveDirectoryRealm)) searchString = "(userPrincipalName={0})"; else { @@ -277,7 +277,7 @@ public final class Krb5Authenticate implements AuthMechanism, Serializable catch (NamingException e) { // Log the error - System.err.println("Krb5Authenticate.invoke()- NamingException: " + e.getExplanation()); + System.err.println("Krb5Authenticate.invoke()- NamingException: " + e.toString()); } catch (Exception e) { diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/PwdAuthenticate.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/PwdAuthenticate.java index 256aaa58..9654dfe9 100644 --- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/PwdAuthenticate.java +++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/PwdAuthenticate.java @@ -73,7 +73,7 @@ public final class PwdAuthenticate implements AuthMechanism, Serializable * @param encodedToken Base64 encoded password token. * @throws IOException */ - public PwToken(char[] encodedToken) throws IOException + public PwToken(char[] encodedToken) throws IOException, Exception { BufferedReader tokenReader = null; @@ -92,6 +92,13 @@ public final class PwdAuthenticate implements AuthMechanism, Serializable // The second line contains the "password" m_password = tokenReader.readLine(); + + // Check against zero length passwords + if (m_password.equals("")) + { + System.err.println("PwToken()- Zero length password diss-allowed"); + throw new Exception("Zero length password"); + } } finally { @@ -201,9 +208,9 @@ public final class PwdAuthenticate implements AuthMechanism, Serializable String realmType = m_svcConfig.m_realmsInfo.getType(authReqMsg.getRealm()); if (realmType != null) { - if (realmType.compareToIgnoreCase(RealmsInfo.eDirectoryRealm) == 0) + if (realmType.equalsIgnoreCase(RealmsInfo.eDirectoryRealm)) searchString = "(cn={0})"; - else if (realmType.compareToIgnoreCase(RealmsInfo.ActiveDirectoryRealm) == 0) + else if (realmType.equalsIgnoreCase(RealmsInfo.ActiveDirectoryRealm)) searchString = "(sAMAccountName={0})"; else { @@ -273,7 +280,7 @@ public final class PwdAuthenticate implements AuthMechanism, Serializable catch (NamingException e) { // Log the error - System.err.println("PwdAuthenticate.invoke()- NamingException on Proxy User: " + e.getExplanation()); + System.err.println("PwdAuthenticate.invoke()- NamingException on Proxy User: " + e.toString()); } catch (Exception e) { diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/RealmsInfo.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/RealmsInfo.java index 9349be69..08d5131c 100644 --- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/RealmsInfo.java +++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/RealmsInfo.java @@ -90,7 +90,7 @@ public class RealmsInfo { RealmsTypeItem realmsTypeItem = realmsType.getRealmsTypeItem(i); org.bandit.util.config.gen.Realm realm = realmsTypeItem.getRealm(); - if (realm.getDesc().compareToIgnoreCase("Directory") == 0) + if (realm.getDesc().equalsIgnoreCase("Directory")) { // We are dealing with a directory realm RealmInfo realmInfo = new RealmInfo(); @@ -107,12 +107,12 @@ public class RealmsInfo { for (int iii = 0; iii < env.length; iii++) { - if (env[iii].getProp().compareToIgnoreCase("java.naming.security.principal") == 0) + if (env[iii].getProp().equalsIgnoreCase("java.naming.security.principal")) { // We found the proxy user name. Save it in case it is needed later. principalName = env[iii].getValue(); } - else if (env[iii].getProp().compareToIgnoreCase("com.novell.casa.authtoksvc.searchroot") == 0) + else if (env[iii].getProp().equalsIgnoreCase("com.novell.casa.authtoksvc.searchroot")) { // We are dealing with a search root, keep track of it. Make sure to preserve the order // in which they are found. @@ -129,15 +129,15 @@ public class RealmsInfo realmInfo.m_searchRoots = newSearchRoots; } } - else if (env[iii].getProp().compareToIgnoreCase("com.novell.casa.authtoksvc.directory_type") == 0) + else if (env[iii].getProp().equalsIgnoreCase("com.novell.casa.authtoksvc.directory_type")) { // We are dealing with a directory type, decode it and record the result. String realmDirectoryType = env[iii].getValue();; - if (realmDirectoryType.compareToIgnoreCase("eDir") == 0) + if (realmDirectoryType.equalsIgnoreCase("eDir")) { realmInfo.m_keyValueMap.put(RealmType, eDirectoryRealm); } - else if (realmDirectoryType.compareToIgnoreCase("ActiveDirectory") == 0) + else if (realmDirectoryType.equalsIgnoreCase("ActiveDirectory")) { realmInfo.m_keyValueMap.put(RealmType, ActiveDirectoryRealm); } @@ -147,7 +147,7 @@ public class RealmsInfo System.err.println("RealmsInfo: Unknown directory type"); } } - else if (env[iii].getProp().compareToIgnoreCase("com.novell.casa.authtoksvc.contextless_search_string") == 0) + else if (env[iii].getProp().equalsIgnoreCase("com.novell.casa.authtoksvc.contextless_search_string")) { // We are dealing with the contextless search string, keep track of it. realmInfo.m_keyValueMap.put(CntxtlessSearchString, env[iii].getValue()); diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Rpc.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Rpc.java index e2a9ef57..41d25a65 100644 --- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Rpc.java +++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Rpc.java @@ -210,7 +210,7 @@ public final class Rpc extends javax.servlet.http.HttpServlet implements javax.s // Check if we support services that are not explicitedly enabled String enabledSvcsOnly = System.getProperty("com.novell.casa.authtoksvc.enabled_svcs_only"); if (enabledSvcsOnly != null - && enabledSvcsOnly.compareToIgnoreCase("true") == 0) + && enabledSvcsOnly.equalsIgnoreCase("true")) { m_enabledSvcsOnly = true; } @@ -237,7 +237,7 @@ public final class Rpc extends javax.servlet.http.HttpServlet implements javax.s { System.err.println("Rpc.init()- Error caught: " + e.toString()); e.printStackTrace(); - throw new ServletException("Exception caught while instantiating Rpc methods", e); + throw new Error("Error caught while instantiating Rpc methods", e); } } diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/SettingsFileSAXHandler.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/SettingsFileSAXHandler.java index 97984b0f..fdf1fc85 100644 --- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/SettingsFileSAXHandler.java +++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/SettingsFileSAXHandler.java @@ -93,7 +93,7 @@ public final class SettingsFileSAXHandler extends org.xml.sax.helpers.DefaultHan { case AWAITING_ROOT_ELEMENT_START: // Verify that we are processing the expected tag - if (m_rootElementName.equals(qName)) + if (m_rootElementName.equalsIgnoreCase(qName)) { // Advance to the next state m_state = AWAITING_SETTING_ELEMENT_START; @@ -140,7 +140,7 @@ public final class SettingsFileSAXHandler extends org.xml.sax.helpers.DefaultHan case AWAITING_SETTING_ELEMENT_START: // Verify that we are processing the expected tag - if (m_rootElementName.equals(qName)) + if (m_rootElementName.equalsIgnoreCase(qName)) { // Advance to the next state m_state = DONE_PARSING; diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/SettingsFileUtil.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/SettingsFileUtil.java index 03574ed7..acef64a1 100644 --- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/SettingsFileUtil.java +++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/SettingsFileUtil.java @@ -86,6 +86,11 @@ public final class SettingsFileUtil System.err.println("Settings file " + filePath + " format error"); doc = null; } + catch (Exception e) + { + System.err.println("Settings file " + filePath + " Exception=" + e.toString()); + doc = null; + } finally { if (inStream != null) @@ -201,7 +206,7 @@ public final class SettingsFileUtil { File f = new File(filePath); boolean createStatus = f.createNewFile(); - if (createStatus == true) + if (createStatus) { out = new FileOutputStream(f); OutputFormat format = new OutputFormat(doc); @@ -275,7 +280,7 @@ public final class SettingsFileUtil { next = child.getNextSibling(); if (child.getNodeType() == Node.ELEMENT_NODE - && child.getLocalName().compareToIgnoreCase(setting) == 0) + && child.getLocalName().equalsIgnoreCase(setting)) { System.out.println(child.getLocalName() + "=" + child.getTextContent()); settingFound = true; @@ -327,7 +332,7 @@ public final class SettingsFileUtil { next = child.getNextSibling(); if (child.getNodeType() == Node.ELEMENT_NODE - && child.getLocalName().compareToIgnoreCase(setting) == 0) + && child.getLocalName().equalsIgnoreCase(setting)) { // Change the value of the setting child.setTextContent(value); @@ -435,7 +440,7 @@ public final class SettingsFileUtil { next = child.getNextSibling(); if (child.getNodeType() == Node.ELEMENT_NODE - && child.getLocalName().compareToIgnoreCase(setting) == 0) + && child.getLocalName().equalsIgnoreCase(setting)) { // Remove the element from the document root.removeChild(child); diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/SvcConfig.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/SvcConfig.java index ea962956..a6351209 100644 --- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/SvcConfig.java +++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/SvcConfig.java @@ -250,7 +250,7 @@ public final class SvcConfig // The setting is not in our map, check if it is one to // which we have defaults. - if (settingName.equals(SessionTokenLifetime) == true) + if (settingName.equalsIgnoreCase(SessionTokenLifetime)) { value = DefaultSessionTokenLifetimeValue; System.err.println("SvcConfig.getSetting()- Assigning default value " + value); @@ -258,7 +258,7 @@ public final class SvcConfig // Add the key to the map so that it can be found quicker next time m_svcSettingsMap.put(SessionTokenLifetime, DefaultSessionTokenLifetimeValue); } - else if (settingName.equals(LifetimeShorter) == true) + else if (settingName.equalsIgnoreCase(LifetimeShorter)) { value = DefaultLifetimeShorterValue; System.err.println("SvcConfig.getSetting()- Assigning default value " + value); @@ -266,7 +266,7 @@ public final class SvcConfig // Add the key to the map so that it can be found quicker next time m_svcSettingsMap.put(LifetimeShorter, DefaultLifetimeShorterValue); } - else if (settingName.equals(ReconfigureInterval) == true) + else if (settingName.equalsIgnoreCase(ReconfigureInterval)) { value = DefaultReconfigureIntervalValue; System.err.println("SvcConfig.getSetting()- Assigning default value " + value); @@ -274,7 +274,7 @@ public final class SvcConfig // Add the key to the map so that it can be found quicker next time m_svcSettingsMap.put(ReconfigureInterval, DefaultReconfigureIntervalValue); } - else if (settingName.equals(SigningKeyAliasName) == true) + else if (settingName.equalsIgnoreCase(SigningKeyAliasName)) { value = DefaultSigningKeyAliasNameValue; System.err.println("SvcConfig.getSetting()- Assigning default value " + value); @@ -282,7 +282,7 @@ public final class SvcConfig // Add the key to the map so that it can be found quicker next time m_svcSettingsMap.put(SigningKeyAliasName, DefaultSigningKeyAliasNameValue); } - else if (settingName.equals(SigningKeyPassword) == true) + else if (settingName.equalsIgnoreCase(SigningKeyPassword)) { value = DefaultSigningKeyPasswordValue; System.err.println("SvcConfig.getSetting()- Assigning default value " + value); @@ -290,7 +290,7 @@ public final class SvcConfig // Add the key to the map so that it can be found quicker next time m_svcSettingsMap.put(SigningKeyPassword, DefaultSigningKeyPasswordValue); } - else if (settingName.equals(IdentityAbstractionConfigFile) == true) + else if (settingName.equalsIgnoreCase(IdentityAbstractionConfigFile)) { System.err.println("SvcConfig.getSetting()- Mandatory setting " + IdentityAbstractionConfigFile + " not set"); throw new Exception("Missing mandatory configuration setting"); diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/SvcSettingsEditor.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/SvcSettingsEditor.java index 77b40eec..8cab4ad3 100644 --- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/SvcSettingsEditor.java +++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/SvcSettingsEditor.java @@ -70,17 +70,17 @@ public final class SvcSettingsEditor implements IVerifySetting { boolean result = false; - if (setting.compareToIgnoreCase(SvcConfig.SessionTokenLifetime) == 0) + if (setting.equalsIgnoreCase(SvcConfig.SessionTokenLifetime)) result = true; - else if (setting.compareToIgnoreCase(SvcConfig.LifetimeShorter) == 0) + else if (setting.equalsIgnoreCase(SvcConfig.LifetimeShorter)) result = true; - else if (setting.compareToIgnoreCase(SvcConfig.IdentityAbstractionConfigFile) == 0) + else if (setting.equalsIgnoreCase(SvcConfig.IdentityAbstractionConfigFile)) result = true; - else if (setting.compareToIgnoreCase(SvcConfig.ReconfigureInterval) == 0) + else if (setting.equalsIgnoreCase(SvcConfig.ReconfigureInterval)) result = true; - else if (setting.compareToIgnoreCase(SvcConfig.SigningKeyAliasName) == 0) + else if (setting.equalsIgnoreCase(SvcConfig.SigningKeyAliasName)) result = true; - else if (setting.compareToIgnoreCase(SvcConfig.SigningKeyPassword) == 0) + else if (setting.equalsIgnoreCase(SvcConfig.SigningKeyPassword)) result = true; else System.out.println("Invalid setting specified"); @@ -101,7 +101,7 @@ public final class SvcSettingsEditor implements IVerifySetting { String validSetting = null; - if (setting.compareToIgnoreCase(SvcConfig.SessionTokenLifetime) == 0) + if (setting.equalsIgnoreCase(SvcConfig.SessionTokenLifetime)) { // Verify that we are dealing with a numeric value try @@ -116,7 +116,7 @@ public final class SvcSettingsEditor implements IVerifySetting System.out.println("Invalid setting value specified"); } } - else if (setting.compareToIgnoreCase(SvcConfig.LifetimeShorter) == 0) + else if (setting.equalsIgnoreCase(SvcConfig.LifetimeShorter)) { // Verify that we are dealing with a numeric value try @@ -131,7 +131,7 @@ public final class SvcSettingsEditor implements IVerifySetting System.out.println("Invalid setting value specified"); } } - else if (setting.compareToIgnoreCase(SvcConfig.IdentityAbstractionConfigFile) == 0) + else if (setting.equalsIgnoreCase(SvcConfig.IdentityAbstractionConfigFile)) { // Output a warning if the specified file does not exist try @@ -150,7 +150,7 @@ public final class SvcSettingsEditor implements IVerifySetting // Always succeed validSetting = SvcConfig.IdentityAbstractionConfigFile; } - else if (setting.compareToIgnoreCase(SvcConfig.ReconfigureInterval) == 0) + else if (setting.equalsIgnoreCase(SvcConfig.ReconfigureInterval)) { // Verify that we are dealing with a numeric value try @@ -165,11 +165,11 @@ public final class SvcSettingsEditor implements IVerifySetting System.out.println("Invalid setting value specified"); } } - else if (setting.compareToIgnoreCase(SvcConfig.SigningKeyAliasName) == 0) + else if (setting.equalsIgnoreCase(SvcConfig.SigningKeyAliasName)) { validSetting = SvcConfig.SigningKeyAliasName; } - else if (setting.compareToIgnoreCase(SvcConfig.SigningKeyPassword) == 0) + else if (setting.equalsIgnoreCase(SvcConfig.SigningKeyPassword)) { validSetting = SvcConfig.SigningKeyPassword; } @@ -198,7 +198,7 @@ public final class SvcSettingsEditor implements IVerifySetting for (int i = 0; i < args.length; i++) { // Proceed based on the command - if (args[i].compareToIgnoreCase("-file") == 0) + if (args[i].equalsIgnoreCase("-file")) { // The next argument should contain the filepath if (args.length > (i + 1)) @@ -212,7 +212,7 @@ public final class SvcSettingsEditor implements IVerifySetting break; } } - else if (args[i].compareToIgnoreCase("-list") == 0) + else if (args[i].equalsIgnoreCase("-list")) { // List operation requested if (op == null) @@ -225,7 +225,7 @@ public final class SvcSettingsEditor implements IVerifySetting break; } } - else if (args[i].compareToIgnoreCase("-create") == 0) + else if (args[i].equalsIgnoreCase("-create")) { // List operation requested if (op == null) @@ -238,7 +238,7 @@ public final class SvcSettingsEditor implements IVerifySetting break; } } - else if (args[i].compareToIgnoreCase("-get") == 0) + else if (args[i].equalsIgnoreCase("-get")) { // Get setting operation requested if (op == null) @@ -263,7 +263,7 @@ public final class SvcSettingsEditor implements IVerifySetting break; } } - else if (args[i].compareToIgnoreCase("-set") == 0) + else if (args[i].equalsIgnoreCase("-set")) { // Set setting operation requested if (op == null) @@ -290,7 +290,7 @@ public final class SvcSettingsEditor implements IVerifySetting break; } } - else if (args[i].compareToIgnoreCase("-remove") == 0) + else if (args[i].equalsIgnoreCase("-remove")) { // Remove setting operation requested if (op == null) diff --git a/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/server-ibm.xml b/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/server-ibm.xml index d66a1e99..d8f0b0f6 100644 --- a/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/server-ibm.xml +++ b/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/server-ibm.xml @@ -1,6 +1,4 @@ - - + - - - - @@ -88,51 +74,19 @@ IP address of the remote client. --> - - - - - - - - - - - - - - - - - - - - - @@ -219,143 +138,6 @@ unpackWARs="true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false"> - - - - - - - - - - - + - - - - @@ -88,51 +74,19 @@ IP address of the remote client. --> - - - - - - - - - - - - - - - - - - - - - @@ -219,143 +138,6 @@ unpackWARs="true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false"> - - - - - - - - - -