geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Made changes to deal with Greg's recommendations as a result of his

Browse Source 
code review.

Fixed the problem that was preventing us from associating a PID file
with the ATS service.

Stopped deleting the "casaatsd" user during RPM un-install to avoid
problems with orphaned files.

Added code to protect against zero length passwords in the Pwd
authentication mechanism.
This commit is contained in:
Juan Carlos Luciani 2007-02-13 23:54:27 +00:00
parent d5f2ad902e
commit 06225de129
30 changed files with 194 additions and 598 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CASA-auth-token/server-java/Jaas/src/com/novell/casa/jaas/CasaLoginModule.java
View File

@ -126,10 +126,10 @@ public final class CasaLoginModule implements LoginModule
// Do not perform the username check unless configured to do it. // Do not perform the username check unless configured to do it.
boolean performUsernameCheck = false; boolean performUsernameCheck = false;
if (m_options != null if (m_options != null
&& m_options.containsKey("PerformUsernameCheck") == true) && m_options.containsKey("PerformUsernameCheck"))
{ {
String keyVal = (String) m_options.get("PerformUsernameCheck"); String keyVal = (String) m_options.get("PerformUsernameCheck");
if (keyVal != null && keyVal.equals("true")) if (keyVal != null && keyVal.equalsIgnoreCase("true"))
performUsernameCheck = true; performUsernameCheck = true;
} }
@ -163,14 +163,14 @@ public final class CasaLoginModule implements LoginModule
{ {
// Save the retrieved username in the shared state and then check it. // Save the retrieved username in the shared state and then check it.
m_sharedState.put("javax.security.auth.login.name", username); m_sharedState.put("javax.security.auth.login.name", username);
if (username.equals(casaUsername) == false) if (username.equalsIgnoreCase(casaUsername) == false)
return false; return false;
} }
} }
else else
{ {
// Check the username // Check the username
if (username.equals(casaUsername) == false) if (username.equalsIgnoreCase(casaUsername) == false)
return false; return false;
} }
} }

2
CASA-auth-token/server-java/Jaas/src/com/novell/casa/jaas/sample/SampleApp.java
View File

@ -103,7 +103,7 @@ public final class SampleApp
System.out.println(); System.out.println();
System.out.println("Authenticated Identity Information"); System.out.println("Authenticated Identity Information");
System.out.println(); System.out.println();
while (principalIter.hasNext() == true) while (principalIter.hasNext())
{ {
CasaPrincipal principal = (CasaPrincipal) principalIter.next(); CasaPrincipal principal = (CasaPrincipal) principalIter.next();

2
CASA-auth-token/server-java/Svc/linux/envvars
View File

@ -19,5 +19,5 @@ CATALINA_BASE="/srv/www/casaats"
CATALINA_HOME="/usr/share/tomcat5" CATALINA_HOME="/usr/share/tomcat5"
CATALINA_PID="/var/lib/CASA/authtoken/svc/casaatsd.pid" CATALINA_PID="/var/lib/CASA/authtoken/svc/casaatsd.pid"
JAVA_OPTS="-Dcom.novell.casa.authtoksvc.config=/etc/CASA/authtoken/svc" JAVA_OPTS="-Dcom.novell.casa.authtoksvc.config=/etc/CASA/authtoken/svc"
export CATALINA_BASE CATALINA_HOME JAVA_HOME JAVA_OPTS export CATALINA_BASE CATALINA_HOME CATALINA_PID JAVA_HOME JAVA_OPTS

2
CASA-auth-token/server-java/Svc/linux/envvars.zen
View File

@ -13,5 +13,5 @@ CATALINA_BASE="/srv/www/casaats"
CATALINA_HOME="/opt/novell/zenworks/share/tomcat" CATALINA_HOME="/opt/novell/zenworks/share/tomcat"
CATALINA_PID="/var/lib/CASA/authtoken/svc/casaatsd.pid" CATALINA_PID="/var/lib/CASA/authtoken/svc/casaatsd.pid"
JAVA_OPTS="-Dcom.novell.casa.authtoksvc.config=/etc/CASA/authtoken/svc" JAVA_OPTS="-Dcom.novell.casa.authtoksvc.config=/etc/CASA/authtoken/svc"
export CATALINA_BASE CATALINA_HOME JAVA_HOME JAVA_OPTS export CATALINA_BASE CATALINA_HOME CATALINA_PID JAVA_HOME JAVA_OPTS

2
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/AuthMechConfig.java
View File

@ -144,7 +144,7 @@ public final class AuthMechConfig
// The setting is not in our map, check if it is one to // The setting is not in our map, check if it is one to
// which we have defaults. // which we have defaults.
if (settingName.equals(Krb5ServicePrincipalName) == true) if (settingName.equals(Krb5ServicePrincipalName))
{ {
value = m_defaultKrb5ServicePrincipalNameValue; value = m_defaultKrb5ServicePrincipalNameValue;
System.err.println("AuthMechConfig.getSetting()- Assigning default value " + value); System.err.println("AuthMechConfig.getSetting()- Assigning default value " + value);

9
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/AuthMechanism.java
View File

@ -24,16 +24,17 @@
package com.novell.casa.authtoksvc; package com.novell.casa.authtoksvc;
import java.io.Serializable;
/** /**
* AuthMechanism Interface. * AuthMechanism Interface.
* <p> * <p>
* This is the interface implemented by Authentication Mechanisms. * This is the interface implemented by Authentication Mechanisms.
* <p> * <p>
* Please note that Authentication Machanisms must also implement the * Note: AuthMechanism classes need to be serializable so that they
* Serializable interface. * can be re-loaded with the appropriate class loader.
*
*/ */
public interface AuthMechanism public interface AuthMechanism extends Serializable
{ {
/** /**
* Initialize the authentication mechanism. * Initialize the authentication mechanism.

52
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/AuthPolicyEditor.java
View File

@ -83,9 +83,9 @@ public final class AuthPolicyEditor
{ {
String formalName; String formalName;
if (mechName.compareToIgnoreCase(Krb5Mechanism) == 0) if (mechName.equalsIgnoreCase(Krb5Mechanism))
formalName = Krb5Mechanism; formalName = Krb5Mechanism;
else if (mechName.compareToIgnoreCase(PwdMechanism) == 0) else if (mechName.equalsIgnoreCase(PwdMechanism))
formalName = PwdMechanism; formalName = PwdMechanism;
else else
formalName = mechName; formalName = mechName;
@ -279,7 +279,7 @@ public final class AuthPolicyEditor
{ {
next_auth_source_node = auth_source_node.getNextSibling(); next_auth_source_node = auth_source_node.getNextSibling();
if (auth_source_node.getNodeType() == Node.ELEMENT_NODE if (auth_source_node.getNodeType() == Node.ELEMENT_NODE
&& auth_source_node.getLocalName().compareToIgnoreCase("auth_source") == 0) && auth_source_node.getLocalName().equalsIgnoreCase("auth_source"))
{ {
System.out.println("Auth_Source: "); System.out.println("Auth_Source: ");
@ -291,15 +291,15 @@ public final class AuthPolicyEditor
next = child.getNextSibling(); next = child.getNextSibling();
if (child.getNodeType() == Node.ELEMENT_NODE) if (child.getNodeType() == Node.ELEMENT_NODE)
{ {
if (child.getLocalName().compareToIgnoreCase("realm") == 0) if (child.getLocalName().equalsIgnoreCase("realm"))
{ {
System.out.println(" Identity source: " + child.getTextContent()); System.out.println(" Identity source: " + child.getTextContent());
} }
else if (child.getLocalName().compareToIgnoreCase("mechanism") == 0) else if (child.getLocalName().equalsIgnoreCase("mechanism"))
{ {
System.out.println(" Authentication Mechanism: " + child.getTextContent()); System.out.println(" Authentication Mechanism: " + child.getTextContent());
} }
else if (child.getLocalName().compareToIgnoreCase("mechanism_info") == 0) else if (child.getLocalName().equalsIgnoreCase("mechanism_info"))
{ {
System.out.println(" Authentication Mechanism Info: " + child.getTextContent()); System.out.println(" Authentication Mechanism Info: " + child.getTextContent());
} }
@ -334,7 +334,7 @@ public final class AuthPolicyEditor
{ {
File f = new File(filePath); File f = new File(filePath);
boolean createStatus = f.createNewFile(); boolean createStatus = f.createNewFile();
if (createStatus == true) if (createStatus)
{ {
out = new FileOutputStream(f); out = new FileOutputStream(f);
OutputFormat format = new OutputFormat(doc); OutputFormat format = new OutputFormat(doc);
@ -535,7 +535,7 @@ public final class AuthPolicyEditor
{ {
next_auth_source_node = curr_auth_source_node.getNextSibling(); next_auth_source_node = curr_auth_source_node.getNextSibling();
if (curr_auth_source_node.getNodeType() == Node.ELEMENT_NODE if (curr_auth_source_node.getNodeType() == Node.ELEMENT_NODE
&& curr_auth_source_node.getLocalName().compareToIgnoreCase("auth_source") == 0) && curr_auth_source_node.getLocalName().equalsIgnoreCase("auth_source"))
{ {
// We are dealing with an auth_source, check if this is the // We are dealing with an auth_source, check if this is the
// reference entry. // reference entry.
@ -549,16 +549,16 @@ public final class AuthPolicyEditor
next = child.getNextSibling(); next = child.getNextSibling();
if (child.getNodeType() == Node.ELEMENT_NODE) if (child.getNodeType() == Node.ELEMENT_NODE)
{ {
if (child.getLocalName().compareToIgnoreCase(RealmElementName) == 0) if (child.getLocalName().equalsIgnoreCase(RealmElementName))
{ {
// Compare the realm name // Compare the realm name
if (child.getTextContent().compareToIgnoreCase(refEntryComponents[0]) == 0) if (child.getTextContent().equalsIgnoreCase(refEntryComponents[0]))
realmMatch = true; realmMatch = true;
} }
else if (child.getLocalName().compareToIgnoreCase(MechanismElementName) == 0) else if (child.getLocalName().equalsIgnoreCase(MechanismElementName))
{ {
// Compare the realm name // Compare the realm name
if (child.getTextContent().compareToIgnoreCase(mechFormalName(refEntryComponents[1])) == 0) if (child.getTextContent().equalsIgnoreCase(mechFormalName(refEntryComponents[1])))
mechanismMatch = true; mechanismMatch = true;
} }
} }
@ -644,7 +644,7 @@ public final class AuthPolicyEditor
{ {
next_auth_source_node = auth_source_node.getNextSibling(); next_auth_source_node = auth_source_node.getNextSibling();
if (auth_source_node.getNodeType() == Node.ELEMENT_NODE if (auth_source_node.getNodeType() == Node.ELEMENT_NODE
&& auth_source_node.getLocalName().compareToIgnoreCase("auth_source") == 0) && auth_source_node.getLocalName().equalsIgnoreCase("auth_source"))
{ {
// We are dealing with an auth_source, check if this is the entry // We are dealing with an auth_source, check if this is the entry
// that must be removed. // that must be removed.
@ -658,16 +658,16 @@ public final class AuthPolicyEditor
next = child.getNextSibling(); next = child.getNextSibling();
if (child.getNodeType() == Node.ELEMENT_NODE) if (child.getNodeType() == Node.ELEMENT_NODE)
{ {
if (child.getLocalName().compareToIgnoreCase(RealmElementName) == 0) if (child.getLocalName().equalsIgnoreCase(RealmElementName))
{ {
// Compare the realm name // Compare the realm name
if (child.getTextContent().compareToIgnoreCase(entryComponents[0]) == 0) if (child.getTextContent().equalsIgnoreCase(entryComponents[0]))
realmMatch = true; realmMatch = true;
} }
else if (child.getLocalName().compareToIgnoreCase(MechanismElementName) == 0) else if (child.getLocalName().equalsIgnoreCase(MechanismElementName))
{ {
// Compare the realm name // Compare the realm name
if (child.getTextContent().compareToIgnoreCase(mechFormalName(entryComponents[1])) == 0) if (child.getTextContent().equalsIgnoreCase(mechFormalName(entryComponents[1])))
mechanismMatch = true; mechanismMatch = true;
} }
} }
@ -713,7 +713,7 @@ public final class AuthPolicyEditor
for (int i = 0; i < args.length; i++) for (int i = 0; i < args.length; i++)
{ {
// Proceed based on the command // Proceed based on the command
if (args[i].compareToIgnoreCase("-list") == 0) if (args[i].equalsIgnoreCase("-list"))
{ {
// List operation requested // List operation requested
if (op == null) if (op == null)
@ -726,7 +726,7 @@ public final class AuthPolicyEditor
break; break;
} }
} }
else if (args[i].compareToIgnoreCase("-create") == 0) else if (args[i].equalsIgnoreCase("-create"))
{ {
// Create operation requested // Create operation requested
if (op == null) if (op == null)
@ -739,7 +739,7 @@ public final class AuthPolicyEditor
break; break;
} }
} }
else if (args[i].compareToIgnoreCase("-prepend") == 0) else if (args[i].equalsIgnoreCase("-prepend"))
{ {
// Prepend operation requested // Prepend operation requested
if (op == null) if (op == null)
@ -752,7 +752,7 @@ public final class AuthPolicyEditor
break; break;
} }
} }
else if (args[i].compareToIgnoreCase("-append") == 0) else if (args[i].equalsIgnoreCase("-append"))
{ {
// Append operation requested // Append operation requested
if (op == null) if (op == null)
@ -765,7 +765,7 @@ public final class AuthPolicyEditor
break; break;
} }
} }
else if (args[i].compareToIgnoreCase("-insert") == 0) else if (args[i].equalsIgnoreCase("-insert"))
{ {
// Insert operation requested // Insert operation requested
if (op == null) if (op == null)
@ -778,7 +778,7 @@ public final class AuthPolicyEditor
break; break;
} }
} }
else if (args[i].compareToIgnoreCase("-remove") == 0) else if (args[i].equalsIgnoreCase("-remove"))
{ {
// Remove operation requested // Remove operation requested
if (op == null) if (op == null)
@ -791,7 +791,7 @@ public final class AuthPolicyEditor
break; break;
} }
} }
else if (args[i].compareToIgnoreCase("-entry") == 0) else if (args[i].equalsIgnoreCase("-entry"))
{ {
// The next argument should contain the entry information // The next argument should contain the entry information
if (args.length > (i + 1)) if (args.length > (i + 1))
@ -805,7 +805,7 @@ public final class AuthPolicyEditor
break; break;
} }
} }
else if (args[i].compareToIgnoreCase("-refentry") == 0) else if (args[i].equalsIgnoreCase("-refentry"))
{ {
// The next argument should contain the reference entry information // The next argument should contain the reference entry information
if (args.length > (i + 1)) if (args.length > (i + 1))
@ -819,7 +819,7 @@ public final class AuthPolicyEditor
break; break;
} }
} }
else if (args[i].compareToIgnoreCase("-file") == 0) else if (args[i].equalsIgnoreCase("-file"))
{ {
// The next argument should contain the filepath // The next argument should contain the filepath
if (args.length > (i + 1)) if (args.length > (i + 1))

16
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/AuthReqMsg.java
View File

@ -121,7 +121,7 @@ public final class AuthReqMsg
{ {
case AWAITING_ROOT_ELEMENT_START: case AWAITING_ROOT_ELEMENT_START:
// Verify that we are processing the expected tag // Verify that we are processing the expected tag
if (ProtoDefs.authRequestElementName.equals(qName)) if (ProtoDefs.authRequestElementName.equalsIgnoreCase(qName))
{ {
// Advance to the next state // Advance to the next state
m_state = AWAITING_REALM_ELEMENT_START; m_state = AWAITING_REALM_ELEMENT_START;
@ -135,7 +135,7 @@ public final class AuthReqMsg
case AWAITING_REALM_ELEMENT_START: case AWAITING_REALM_ELEMENT_START:
// Verify that we are processing the expected tag // Verify that we are processing the expected tag
if (ProtoDefs.realmElementName.equals(qName)) if (ProtoDefs.realmElementName.equalsIgnoreCase(qName))
{ {
// Advance to the next state // Advance to the next state
m_state = AWAITING_REALM_DATA; m_state = AWAITING_REALM_DATA;
@ -149,7 +149,7 @@ public final class AuthReqMsg
case AWAITING_MECH_ELEMENT_START: case AWAITING_MECH_ELEMENT_START:
// Verify that we are processing the expected tag // Verify that we are processing the expected tag
if (ProtoDefs.mechanismElementName.equals(qName)) if (ProtoDefs.mechanismElementName.equalsIgnoreCase(qName))
{ {
// Advance to the next state // Advance to the next state
m_state = AWAITING_MECH_DATA; m_state = AWAITING_MECH_DATA;
@ -163,7 +163,7 @@ public final class AuthReqMsg
case AWAITING_AUTH_MECH_TOKEN_ELEMENT_START: case AWAITING_AUTH_MECH_TOKEN_ELEMENT_START:
// Verify that we are processing the expected tag // Verify that we are processing the expected tag
if (ProtoDefs.authMechTokenElementName.equals(qName)) if (ProtoDefs.authMechTokenElementName.equalsIgnoreCase(qName))
{ {
// Advance to the next state // Advance to the next state
m_state = AWAITING_AUTH_MECH_TOKEN_DATA; m_state = AWAITING_AUTH_MECH_TOKEN_DATA;
@ -196,7 +196,7 @@ public final class AuthReqMsg
{ {
case AWAITING_ROOT_ELEMENT_END: case AWAITING_ROOT_ELEMENT_END:
// Verify that we are processing the expected tag // Verify that we are processing the expected tag
if (ProtoDefs.authRequestElementName.equals(qName)) if (ProtoDefs.authRequestElementName.equalsIgnoreCase(qName))
{ {
// Advance to the next state // Advance to the next state
m_state = DONE_PARSING; m_state = DONE_PARSING;
@ -210,7 +210,7 @@ public final class AuthReqMsg
case AWAITING_REALM_ELEMENT_END: case AWAITING_REALM_ELEMENT_END:
// Verify that we are processing the expected tag // Verify that we are processing the expected tag
if (ProtoDefs.realmElementName.equals(qName)) if (ProtoDefs.realmElementName.equalsIgnoreCase(qName))
{ {
// Advance to the next state // Advance to the next state
m_state = AWAITING_MECH_ELEMENT_START; m_state = AWAITING_MECH_ELEMENT_START;
@ -224,7 +224,7 @@ public final class AuthReqMsg
case AWAITING_MECH_ELEMENT_END: case AWAITING_MECH_ELEMENT_END:
// Verify that we are processing the expected tag // Verify that we are processing the expected tag
if (ProtoDefs.mechanismElementName.equals(qName)) if (ProtoDefs.mechanismElementName.equalsIgnoreCase(qName))
{ {
// Advance to the next state // Advance to the next state
m_state = AWAITING_AUTH_MECH_TOKEN_ELEMENT_START; m_state = AWAITING_AUTH_MECH_TOKEN_ELEMENT_START;
@ -238,7 +238,7 @@ public final class AuthReqMsg
case AWAITING_AUTH_MECH_TOKEN_ELEMENT_END: case AWAITING_AUTH_MECH_TOKEN_ELEMENT_END:
// Verify that we are processing the expected tag // Verify that we are processing the expected tag
if (ProtoDefs.authMechTokenElementName.equals(qName)) if (ProtoDefs.authMechTokenElementName.equalsIgnoreCase(qName))
{ {
// Advance to the next state // Advance to the next state
m_state = AWAITING_ROOT_ELEMENT_END; m_state = AWAITING_ROOT_ELEMENT_END;

6
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/AuthTokenConfig.java
View File

@ -213,7 +213,7 @@ public final class AuthTokenConfig
// The setting is not in our map, check if it is one to // The setting is not in our map, check if it is one to
// which we have defaults. // which we have defaults.
if (settingName.equals(TokenLifetime) == true) if (settingName.equalsIgnoreCase(TokenLifetime))
{ {
value = m_defaultTokenLifetimeValue; value = m_defaultTokenLifetimeValue;
System.err.println("AuthTokenConfig.getSetting()- Assigning default value " + value); System.err.println("AuthTokenConfig.getSetting()- Assigning default value " + value);
@ -221,7 +221,7 @@ public final class AuthTokenConfig
// Add the key to the map so that it can be found quicker next time // Add the key to the map so that it can be found quicker next time
m_tokenSettingsMap.put(TokenLifetime, m_defaultTokenLifetimeValue); m_tokenSettingsMap.put(TokenLifetime, m_defaultTokenLifetimeValue);
} }
else if (settingName.equals(LifetimeShorter) == true) else if (settingName.equalsIgnoreCase(LifetimeShorter))
{ {
value = m_defaultLifetimeShorterValue; value = m_defaultLifetimeShorterValue;
System.err.println("AuthTokenConfig.getSetting()- Assigning default value " + value); System.err.println("AuthTokenConfig.getSetting()- Assigning default value " + value);
@ -229,7 +229,7 @@ public final class AuthTokenConfig
// Add the key to the map so that it can be found quicker next time // Add the key to the map so that it can be found quicker next time
m_tokenSettingsMap.put(LifetimeShorter, m_defaultLifetimeShorterValue); m_tokenSettingsMap.put(LifetimeShorter, m_defaultLifetimeShorterValue);
} }
else if (settingName.equals(IdentityTokenType) == true) else if (settingName.equalsIgnoreCase(IdentityTokenType))
{ {
value = m_defaultLifetimeShorterValue; value = m_defaultLifetimeShorterValue;
System.err.println("AuthTokenConfig.getSetting()- Assigning default value " + value); System.err.println("AuthTokenConfig.getSetting()- Assigning default value " + value);

24
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/AuthTokenSettingsEditor.java
View File

@ -63,11 +63,11 @@ public final class AuthTokenSettingsEditor implements IVerifySetting
{ {
boolean result = false; boolean result = false;
if (setting.compareToIgnoreCase(AuthTokenConfig.TokenLifetime) == 0) if (setting.equalsIgnoreCase(AuthTokenConfig.TokenLifetime))
result = true; result = true;
else if (setting.compareToIgnoreCase(AuthTokenConfig.LifetimeShorter) == 0) else if (setting.equalsIgnoreCase(AuthTokenConfig.LifetimeShorter))
result = true; result = true;
else if (setting.compareToIgnoreCase(AuthTokenConfig.IdentityTokenType) == 0) else if (setting.equalsIgnoreCase(AuthTokenConfig.IdentityTokenType))
result = true; result = true;
else else
System.out.println("Invalid setting specified"); System.out.println("Invalid setting specified");
@ -88,7 +88,7 @@ public final class AuthTokenSettingsEditor implements IVerifySetting
{ {
String validSetting = null; String validSetting = null;
if (setting.compareToIgnoreCase(AuthTokenConfig.TokenLifetime) == 0) if (setting.equalsIgnoreCase(AuthTokenConfig.TokenLifetime))
{ {
// Verify that we are dealing with a numeric value // Verify that we are dealing with a numeric value
try try
@ -103,7 +103,7 @@ public final class AuthTokenSettingsEditor implements IVerifySetting
System.out.println("Invalid setting value specified"); System.out.println("Invalid setting value specified");
} }
} }
else if (setting.compareToIgnoreCase(AuthTokenConfig.LifetimeShorter) == 0) else if (setting.equalsIgnoreCase(AuthTokenConfig.LifetimeShorter))
{ {
// Verify that we are dealing with a numeric value // Verify that we are dealing with a numeric value
try try
@ -118,7 +118,7 @@ public final class AuthTokenSettingsEditor implements IVerifySetting
System.out.println("Invalid setting value specified"); System.out.println("Invalid setting value specified");
} }
} }
else if (setting.compareToIgnoreCase(AuthTokenConfig.IdentityTokenType) == 0) else if (setting.equalsIgnoreCase(AuthTokenConfig.IdentityTokenType))
{ {
// Always succeed // Always succeed
validSetting = AuthTokenConfig.IdentityTokenType; validSetting = AuthTokenConfig.IdentityTokenType;
@ -148,7 +148,7 @@ public final class AuthTokenSettingsEditor implements IVerifySetting
for (int i = 0; i < args.length; i++) for (int i = 0; i < args.length; i++)
{ {
// Proceed based on the command // Proceed based on the command
if (args[i].compareToIgnoreCase("-file") == 0) if (args[i].equalsIgnoreCase("-file"))
{ {
// The next argument should contain the filepath // The next argument should contain the filepath
if (args.length > (i + 1)) if (args.length > (i + 1))
@ -162,7 +162,7 @@ public final class AuthTokenSettingsEditor implements IVerifySetting
break; break;
} }
} }
else if (args[i].compareToIgnoreCase("-list") == 0) else if (args[i].equalsIgnoreCase("-list"))
{ {
// List operation requested // List operation requested
if (op == null) if (op == null)
@ -175,7 +175,7 @@ public final class AuthTokenSettingsEditor implements IVerifySetting
break; break;
} }
} }
else if (args[i].compareToIgnoreCase("-create") == 0) else if (args[i].equalsIgnoreCase("-create"))
{ {
// List operation requested // List operation requested
if (op == null) if (op == null)
@ -188,7 +188,7 @@ public final class AuthTokenSettingsEditor implements IVerifySetting
break; break;
} }
} }
else if (args[i].compareToIgnoreCase("-get") == 0) else if (args[i].equalsIgnoreCase("-get"))
{ {
// Get setting operation requested // Get setting operation requested
if (op == null) if (op == null)
@ -213,7 +213,7 @@ public final class AuthTokenSettingsEditor implements IVerifySetting
break; break;
} }
} }
else if (args[i].compareToIgnoreCase("-set") == 0) else if (args[i].equalsIgnoreCase("-set"))
{ {
// Set setting operation requested // Set setting operation requested
if (op == null) if (op == null)
@ -240,7 +240,7 @@ public final class AuthTokenSettingsEditor implements IVerifySetting
break; break;
} }
} }
else if (args[i].compareToIgnoreCase("-remove") == 0) else if (args[i].equalsIgnoreCase("-remove"))
{ {
// Remove setting operation requested // Remove setting operation requested
if (op == null) if (op == null)

10
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Authenticate.java
View File

@ -95,7 +95,7 @@ public final class Authenticate implements RpcMethod
File mechanismFolder = new File(mechanismsConfigFolder, mechanismsConfigFolderObjs[i]); File mechanismFolder = new File(mechanismsConfigFolder, mechanismsConfigFolderObjs[i]);
try try
{ {
if (mechanismFolder.isDirectory() == true) if (mechanismFolder.isDirectory())
{ {
System.err.println("Authenticate.init()- Mechanism folder " + mechanismFolder + " is directory"); System.err.println("Authenticate.init()- Mechanism folder " + mechanismFolder + " is directory");
@ -389,7 +389,15 @@ public final class Authenticate implements RpcMethod
// Make sure to invoke the cleanup method on the AuthReqMsg to // Make sure to invoke the cleanup method on the AuthReqMsg to
// deal with security sensitive data. // deal with security sensitive data.
if (authReqMsg != null) if (authReqMsg != null)
{
authReqMsg.cleanup(); authReqMsg.cleanup();
// Forget about the AuthReqMsg
authReqMsg = null;
}
// Invoke the garbage collector to flush sensitive data
System.gc();
} }
} }

34
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/CasaIdentityToken.java
View File

@ -176,7 +176,7 @@ public final class CasaIdentityToken implements IdentityToken
case AWAITING_ROOT_ELEMENT_START: case AWAITING_ROOT_ELEMENT_START:
// Verify that we are processing the expected tag // Verify that we are processing the expected tag
if (casaIdentTokElementName.equals(qName)) if (casaIdentTokElementName.equalsIgnoreCase(qName))
{ {
// Advance to the next state // Advance to the next state
m_state = AWAITING_ID_ELEMENT_START; m_state = AWAITING_ID_ELEMENT_START;
@ -190,7 +190,7 @@ public final class CasaIdentityToken implements IdentityToken
case AWAITING_ID_ELEMENT_START: case AWAITING_ID_ELEMENT_START:
// Verify that we are processing the expected tag // Verify that we are processing the expected tag
if (idElementName.equals(qName)) if (idElementName.equalsIgnoreCase(qName))
{ {
// Advance to the next state // Advance to the next state
m_state = AWAITING_ID_DATA; m_state = AWAITING_ID_DATA;
@ -204,7 +204,7 @@ public final class CasaIdentityToken implements IdentityToken
case AWAITING_SOURCE_NAME_ELEMENT_START: case AWAITING_SOURCE_NAME_ELEMENT_START:
// Verify that we are processing the expected tag // Verify that we are processing the expected tag
if (sourceNameElementName.equals(qName)) if (sourceNameElementName.equalsIgnoreCase(qName))
{ {
// Advance to the next state // Advance to the next state
m_state = AWAITING_SOURCE_NAME_DATA; m_state = AWAITING_SOURCE_NAME_DATA;
@ -219,7 +219,7 @@ public final class CasaIdentityToken implements IdentityToken
case AWAITING_SOURCE_URL_ELEMENT_START: case AWAITING_SOURCE_URL_ELEMENT_START:
// Verify that we are processing the expected tag // Verify that we are processing the expected tag
if (sourceUrlElementName.equals(qName)) if (sourceUrlElementName.equalsIgnoreCase(qName))
{ {
// Advance to the next state // Advance to the next state
m_state = AWAITING_SOURCE_URL_DATA; m_state = AWAITING_SOURCE_URL_DATA;
@ -233,7 +233,7 @@ public final class CasaIdentityToken implements IdentityToken
case AWAITING_TARGET_SERVICE_ELEMENT_START: case AWAITING_TARGET_SERVICE_ELEMENT_START:
// Verify that we are processing the expected tag // Verify that we are processing the expected tag
if (targetServiceElementName.equals(qName)) if (targetServiceElementName.equalsIgnoreCase(qName))
{ {
// Advance to the next state // Advance to the next state
m_state = AWAITING_TARGET_SERVICE_DATA; m_state = AWAITING_TARGET_SERVICE_DATA;
@ -247,7 +247,7 @@ public final class CasaIdentityToken implements IdentityToken
case AWAITING_TARGET_HOST_ELEMENT_START: case AWAITING_TARGET_HOST_ELEMENT_START:
// Verify that we are processing the expected tag // Verify that we are processing the expected tag
if (targetHostElementName.equals(qName)) if (targetHostElementName.equalsIgnoreCase(qName))
{ {
// Advance to the next state // Advance to the next state
m_state = AWAITING_TARGET_HOST_DATA; m_state = AWAITING_TARGET_HOST_DATA;
@ -261,7 +261,7 @@ public final class CasaIdentityToken implements IdentityToken
case AWAITING_ATTRIBUTES_ELEMENT_START: case AWAITING_ATTRIBUTES_ELEMENT_START:
// Verify that we are processing the expected tag // Verify that we are processing the expected tag
if (attributesElementName.equals(qName)) if (attributesElementName.equalsIgnoreCase(qName))
{ {
// Advance to the next state // Advance to the next state
m_state = AWAITING_ATTRIBUTE_START; m_state = AWAITING_ATTRIBUTE_START;
@ -279,7 +279,7 @@ public final class CasaIdentityToken implements IdentityToken
// Advance to the next state based on the attribute type // Advance to the next state based on the attribute type
String attrType = atts.getValue("type"); String attrType = atts.getValue("type");
if (attrType != null && attrType.equals("binary")) if (attrType != null && attrType.equalsIgnoreCase("binary"))
{ {
// We are dealing with a binary attribute. We are going to // We are dealing with a binary attribute. We are going to
// assume that binary attributes are always base64 encoded. // assume that binary attributes are always base64 encoded.
@ -314,7 +314,7 @@ public final class CasaIdentityToken implements IdentityToken
case AWAITING_ROOT_ELEMENT_END: case AWAITING_ROOT_ELEMENT_END:
// Verify that we are processing the expected tag // Verify that we are processing the expected tag
if (casaIdentTokElementName.equals(qName)) if (casaIdentTokElementName.equalsIgnoreCase(qName))
{ {
// Advance to the next state // Advance to the next state
m_state = DONE_PARSING; m_state = DONE_PARSING;
@ -328,7 +328,7 @@ public final class CasaIdentityToken implements IdentityToken
case AWAITING_ID_ELEMENT_END: case AWAITING_ID_ELEMENT_END:
// Verify that we are processing the expected tag // Verify that we are processing the expected tag
if (idElementName.equals(qName)) if (idElementName.equalsIgnoreCase(qName))
{ {
// Advance to the next state // Advance to the next state
m_state = AWAITING_SOURCE_NAME_ELEMENT_START; m_state = AWAITING_SOURCE_NAME_ELEMENT_START;
@ -342,7 +342,7 @@ public final class CasaIdentityToken implements IdentityToken
case AWAITING_SOURCE_NAME_ELEMENT_END: case AWAITING_SOURCE_NAME_ELEMENT_END:
// Verify that we are processing the expected tag // Verify that we are processing the expected tag
if (sourceNameElementName.equals(qName)) if (sourceNameElementName.equalsIgnoreCase(qName))
{ {
// Advance to the next state // Advance to the next state
m_state = AWAITING_SOURCE_URL_ELEMENT_START; m_state = AWAITING_SOURCE_URL_ELEMENT_START;
@ -356,7 +356,7 @@ public final class CasaIdentityToken implements IdentityToken
case AWAITING_SOURCE_URL_ELEMENT_END: case AWAITING_SOURCE_URL_ELEMENT_END:
// Verify that we are processing the expected tag // Verify that we are processing the expected tag
if (sourceUrlElementName.equals(qName)) if (sourceUrlElementName.equalsIgnoreCase(qName))
{ {
// Advance to the next state // Advance to the next state
m_state = AWAITING_TARGET_SERVICE_ELEMENT_START; m_state = AWAITING_TARGET_SERVICE_ELEMENT_START;
@ -370,7 +370,7 @@ public final class CasaIdentityToken implements IdentityToken
case AWAITING_TARGET_SERVICE_ELEMENT_END: case AWAITING_TARGET_SERVICE_ELEMENT_END:
// Verify that we are processing the expected tag // Verify that we are processing the expected tag
if (targetServiceElementName.equals(qName)) if (targetServiceElementName.equalsIgnoreCase(qName))
{ {
// Advance to the next state // Advance to the next state
m_state = AWAITING_TARGET_HOST_ELEMENT_START; m_state = AWAITING_TARGET_HOST_ELEMENT_START;
@ -384,7 +384,7 @@ public final class CasaIdentityToken implements IdentityToken
case AWAITING_TARGET_HOST_ELEMENT_END: case AWAITING_TARGET_HOST_ELEMENT_END:
// Verify that we are processing the expected tag // Verify that we are processing the expected tag
if (targetHostElementName.equals(qName)) if (targetHostElementName.equalsIgnoreCase(qName))
{ {
// Advance to the next state // Advance to the next state
m_state = AWAITING_ATTRIBUTES_ELEMENT_START; m_state = AWAITING_ATTRIBUTES_ELEMENT_START;
@ -437,7 +437,7 @@ public final class CasaIdentityToken implements IdentityToken
case AWAITING_ATTRIBUTE_START: case AWAITING_ATTRIBUTE_START:
// Verify that we are processing the expected tag // Verify that we are processing the expected tag
if (attributesElementName.equals(qName)) if (attributesElementName.equalsIgnoreCase(qName))
{ {
// Advance to the next state // Advance to the next state
m_state = AWAITING_ROOT_ELEMENT_END; m_state = AWAITING_ROOT_ELEMENT_END;
@ -728,7 +728,7 @@ public final class CasaIdentityToken implements IdentityToken
// Get the necessary attributes of the specified services in the identity token // Get the necessary attributes of the specified services in the identity token
String[] attributesNeeded = m_idenTokenConfig.getAttributes(); String[] attributesNeeded = m_idenTokenConfig.getAttributes();
boolean encryptAttributes = "true".equals(m_idenTokenConfig.getSetting(IdenTokenConfig.EncryptAttributes)); boolean encryptAttributes = "true".equalsIgnoreCase(m_idenTokenConfig.getSetting(IdenTokenConfig.EncryptAttributes));
Attributes attrs = ctx.getAttributes(identityId, attributesNeeded); Attributes attrs = ctx.getAttributes(identityId, attributesNeeded);
// Now append the attributes to the token // Now append the attributes to the token
@ -744,7 +744,7 @@ public final class CasaIdentityToken implements IdentityToken
System.err.println("CasaIdentityToken.initialize()- Including attribute " + attr.getID()); System.err.println("CasaIdentityToken.initialize()- Including attribute " + attr.getID());
// Encrypt the attribute if necessary // Encrypt the attribute if necessary
if (encryptAttributes == true) if (encryptAttributes)
{ {
// tbd - Encrypt the attributes using the services public key, let the mechanism // tbd - Encrypt the attributes using the services public key, let the mechanism
// be configurable. The service's certificate should be Base64 encoded as a setting // be configurable. The service's certificate should be Base64 encoded as a setting

5
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/EnabledSvcsConfig.java
View File

@ -34,7 +34,6 @@ import java.util.*;
* the services enabled to use Authentication Tokens. * the services enabled to use Authentication Tokens.
* *
*/ */
@SuppressWarnings({"ALL"})
public final class EnabledSvcsConfig public final class EnabledSvcsConfig
{ {
private static final String m_authPolicyFileName = "auth.policy"; private static final String m_authPolicyFileName = "auth.policy";
@ -186,7 +185,7 @@ public final class EnabledSvcsConfig
File hostFolder = new File(servicesConfigFolder, servicesConfigFolderObjs[i]); File hostFolder = new File(servicesConfigFolder, servicesConfigFolderObjs[i]);
try try
{ {
if (hostFolder.isDirectory() == true) if (hostFolder.isDirectory())
{ {
System.err.println("EnabledSvcsConfig()- Host folder " + hostFolder + " is directory"); System.err.println("EnabledSvcsConfig()- Host folder " + hostFolder + " is directory");
@ -204,7 +203,7 @@ public final class EnabledSvcsConfig
System.err.println("EnabledSvcsConfig()- Service folder " + serviceFolder); System.err.println("EnabledSvcsConfig()- Service folder " + serviceFolder);
try try
{ {
if (serviceFolder.isDirectory() == true) if (serviceFolder.isDirectory())
{ {
System.err.println("EnabledSvcsConfig()- Service folder " + serviceFolder + " is directory"); System.err.println("EnabledSvcsConfig()- Service folder " + serviceFolder + " is directory");

12
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/GetAuthPolicyReqMsg.java
View File

@ -114,7 +114,7 @@ public final class GetAuthPolicyReqMsg
{ {
case AWAITING_ROOT_ELEMENT_START: case AWAITING_ROOT_ELEMENT_START:
// Verify that we are processing the expected tag // Verify that we are processing the expected tag
if (ProtoDefs.getAuthPolicyRequestElementName.equals(qName)) if (ProtoDefs.getAuthPolicyRequestElementName.equalsIgnoreCase(qName))
{ {
// Advance to the next state // Advance to the next state
m_state = AWAITING_SERVICE_ELEMENT_START; m_state = AWAITING_SERVICE_ELEMENT_START;
@ -128,7 +128,7 @@ public final class GetAuthPolicyReqMsg
case AWAITING_SERVICE_ELEMENT_START: case AWAITING_SERVICE_ELEMENT_START:
// Verify that we are processing the expected tag // Verify that we are processing the expected tag
if (ProtoDefs.serviceElementName.equals(qName)) if (ProtoDefs.serviceElementName.equalsIgnoreCase(qName))
{ {
// Advance to the next state // Advance to the next state
m_state = AWAITING_SERVICE_DATA; m_state = AWAITING_SERVICE_DATA;
@ -142,7 +142,7 @@ public final class GetAuthPolicyReqMsg
case AWAITING_HOST_ELEMENT_START: case AWAITING_HOST_ELEMENT_START:
// Verify that we are processing the expected tag // Verify that we are processing the expected tag
if (ProtoDefs.hostElementName.equals(qName)) if (ProtoDefs.hostElementName.equalsIgnoreCase(qName))
{ {
// Advance to the next state // Advance to the next state
m_state = AWAITING_HOST_DATA; m_state = AWAITING_HOST_DATA;
@ -176,7 +176,7 @@ public final class GetAuthPolicyReqMsg
{ {
case AWAITING_ROOT_ELEMENT_END: case AWAITING_ROOT_ELEMENT_END:
// Verify that we are processing the expected tag // Verify that we are processing the expected tag
if (ProtoDefs.getAuthPolicyRequestElementName.equals(qName)) if (ProtoDefs.getAuthPolicyRequestElementName.equalsIgnoreCase(qName))
{ {
// Advance to the next state // Advance to the next state
m_state = DONE_PARSING; m_state = DONE_PARSING;
@ -190,7 +190,7 @@ public final class GetAuthPolicyReqMsg
case AWAITING_SERVICE_ELEMENT_END: case AWAITING_SERVICE_ELEMENT_END:
// Verify that we are processing the expected tag // Verify that we are processing the expected tag
if (ProtoDefs.serviceElementName.equals(qName)) if (ProtoDefs.serviceElementName.equalsIgnoreCase(qName))
{ {
// Advance to the next state // Advance to the next state
m_state = AWAITING_HOST_ELEMENT_START; m_state = AWAITING_HOST_ELEMENT_START;
@ -204,7 +204,7 @@ public final class GetAuthPolicyReqMsg
case AWAITING_HOST_ELEMENT_END: case AWAITING_HOST_ELEMENT_END:
// Verify that we are processing the expected tag // Verify that we are processing the expected tag
if (ProtoDefs.hostElementName.equals(qName)) if (ProtoDefs.hostElementName.equalsIgnoreCase(qName))
{ {
// Advance to the next state // Advance to the next state
m_state = AWAITING_ROOT_ELEMENT_END; m_state = AWAITING_ROOT_ELEMENT_END;

16
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/GetAuthTokReqMsg.java
View File

@ -119,7 +119,7 @@ public final class GetAuthTokReqMsg
{ {
case AWAITING_ROOT_ELEMENT_START: case AWAITING_ROOT_ELEMENT_START:
// Verify that we are processing the expected tag // Verify that we are processing the expected tag
if (ProtoDefs.getAuthTokRequestElementName.equals(qName)) if (ProtoDefs.getAuthTokRequestElementName.equalsIgnoreCase(qName))
{ {
// Advance to the next state // Advance to the next state
m_state = AWAITING_SERVICE_ELEMENT_START; m_state = AWAITING_SERVICE_ELEMENT_START;
@ -133,7 +133,7 @@ public final class GetAuthTokReqMsg
case AWAITING_SERVICE_ELEMENT_START: case AWAITING_SERVICE_ELEMENT_START:
// Verify that we are processing the expected tag // Verify that we are processing the expected tag
if (ProtoDefs.serviceElementName.equals(qName)) if (ProtoDefs.serviceElementName.equalsIgnoreCase(qName))
{ {
// Advance to the next state // Advance to the next state
m_state = AWAITING_SERVICE_DATA; m_state = AWAITING_SERVICE_DATA;
@ -147,7 +147,7 @@ public final class GetAuthTokReqMsg
case AWAITING_HOST_ELEMENT_START: case AWAITING_HOST_ELEMENT_START:
// Verify that we are processing the expected tag // Verify that we are processing the expected tag
if (ProtoDefs.hostElementName.equals(qName)) if (ProtoDefs.hostElementName.equalsIgnoreCase(qName))
{ {
// Advance to the next state // Advance to the next state
m_state = AWAITING_HOST_DATA; m_state = AWAITING_HOST_DATA;
@ -162,7 +162,7 @@ public final class GetAuthTokReqMsg
case AWAITING_SESSION_TOKEN_ELEMENT_START: case AWAITING_SESSION_TOKEN_ELEMENT_START:
// Verify that we are processing the expected tag // Verify that we are processing the expected tag
if (ProtoDefs.sessionTokenElementName.equals(qName)) if (ProtoDefs.sessionTokenElementName.equalsIgnoreCase(qName))
{ {
// Advance to the next state // Advance to the next state
m_state = AWAITING_SESSION_TOKEN_DATA; m_state = AWAITING_SESSION_TOKEN_DATA;
@ -195,7 +195,7 @@ public final class GetAuthTokReqMsg
{ {
case AWAITING_ROOT_ELEMENT_END: case AWAITING_ROOT_ELEMENT_END:
// Verify that we are processing the expected tag // Verify that we are processing the expected tag
if (ProtoDefs.getAuthTokRequestElementName.equals(qName)) if (ProtoDefs.getAuthTokRequestElementName.equalsIgnoreCase(qName))
{ {
// Advance to the next state // Advance to the next state
m_state = DONE_PARSING; m_state = DONE_PARSING;
@ -209,7 +209,7 @@ public final class GetAuthTokReqMsg
case AWAITING_SERVICE_ELEMENT_END: case AWAITING_SERVICE_ELEMENT_END:
// Verify that we are processing the expected tag // Verify that we are processing the expected tag
if (ProtoDefs.serviceElementName.equals(qName)) if (ProtoDefs.serviceElementName.equalsIgnoreCase(qName))
{ {
// Advance to the next state // Advance to the next state
m_state = AWAITING_HOST_ELEMENT_START; m_state = AWAITING_HOST_ELEMENT_START;
@ -223,7 +223,7 @@ public final class GetAuthTokReqMsg
case AWAITING_HOST_ELEMENT_END: case AWAITING_HOST_ELEMENT_END:
// Verify that we are processing the expected tag // Verify that we are processing the expected tag
if (ProtoDefs.hostElementName.equals(qName)) if (ProtoDefs.hostElementName.equalsIgnoreCase(qName))
{ {
// Advance to the next state // Advance to the next state
m_state = AWAITING_SESSION_TOKEN_ELEMENT_START; m_state = AWAITING_SESSION_TOKEN_ELEMENT_START;
@ -237,7 +237,7 @@ public final class GetAuthTokReqMsg
case AWAITING_SESSION_TOKEN_ELEMENT_END: case AWAITING_SESSION_TOKEN_ELEMENT_END:
// Verify that we are processing the expected tag // Verify that we are processing the expected tag
if (ProtoDefs.sessionTokenElementName.equals(qName)) if (ProtoDefs.sessionTokenElementName.equalsIgnoreCase(qName))
{ {
// Advance to the next state // Advance to the next state
m_state = AWAITING_ROOT_ELEMENT_END; m_state = AWAITING_ROOT_ELEMENT_END;

2
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/IdenTokenConfig.java
View File

@ -155,7 +155,7 @@ public final class IdenTokenConfig
// The setting is not in our map, check if it is one to // The setting is not in our map, check if it is one to
// which we have defaults. // which we have defaults.
if (settingName.equals(EncryptAttributes) == true) if (settingName.equalsIgnoreCase(EncryptAttributes))
{ {
value = m_defaultEncryptAttributesValue; value = m_defaultEncryptAttributesValue;
System.err.println("AuthTokenConfig.getSetting()- Assigning default value " + value); System.err.println("AuthTokenConfig.getSetting()- Assigning default value " + value);

20
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/IdenTokenSettingsEditor.java
View File

@ -62,9 +62,9 @@ public final class IdenTokenSettingsEditor implements IVerifySetting
{ {
boolean result = false; boolean result = false;
if (setting.compareToIgnoreCase(IdenTokenConfig.EncryptAttributes) == 0) if (setting.equalsIgnoreCase(IdenTokenConfig.EncryptAttributes))
result = true; result = true;
else if (setting.compareToIgnoreCase(IdenTokenConfig.Attributes) == 0) else if (setting.equalsIgnoreCase(IdenTokenConfig.Attributes))
result = true; result = true;
else else
System.out.println("Invalid setting specified"); System.out.println("Invalid setting specified");
@ -85,12 +85,12 @@ public final class IdenTokenSettingsEditor implements IVerifySetting
{ {
String validSetting = null; String validSetting = null;
if (setting.compareToIgnoreCase(IdenTokenConfig.EncryptAttributes) == 0) if (setting.equalsIgnoreCase(IdenTokenConfig.EncryptAttributes))
{ {
// Always succeed // Always succeed
validSetting = IdenTokenConfig.EncryptAttributes; validSetting = IdenTokenConfig.EncryptAttributes;
} }
else if (setting.compareToIgnoreCase(IdenTokenConfig.Attributes) == 0) else if (setting.equalsIgnoreCase(IdenTokenConfig.Attributes))
{ {
// Always succeed // Always succeed
validSetting = IdenTokenConfig.Attributes; validSetting = IdenTokenConfig.Attributes;
@ -121,7 +121,7 @@ public final class IdenTokenSettingsEditor implements IVerifySetting
for (int i = 0; i < args.length; i++) for (int i = 0; i < args.length; i++)
{ {
// Proceed based on the command // Proceed based on the command
if (args[i].compareToIgnoreCase("-file") == 0) if (args[i].equalsIgnoreCase("-file"))
{ {
// The next argument should contain the filepath // The next argument should contain the filepath
if (args.length > (i + 1)) if (args.length > (i + 1))
@ -135,7 +135,7 @@ public final class IdenTokenSettingsEditor implements IVerifySetting
break; break;
} }
} }
else if (args[i].compareToIgnoreCase("-list") == 0) else if (args[i].equalsIgnoreCase("-list"))
{ {
// List operation requested // List operation requested
if (op == null) if (op == null)
@ -148,7 +148,7 @@ public final class IdenTokenSettingsEditor implements IVerifySetting
break; break;
} }
} }
else if (args[i].compareToIgnoreCase("-create") == 0) else if (args[i].equalsIgnoreCase("-create"))
{ {
// List operation requested // List operation requested
if (op == null) if (op == null)
@ -161,7 +161,7 @@ public final class IdenTokenSettingsEditor implements IVerifySetting
break; break;
} }
} }
else if (args[i].compareToIgnoreCase("-get") == 0) else if (args[i].equalsIgnoreCase("-get"))
{ {
// Get setting operation requested // Get setting operation requested
if (op == null) if (op == null)
@ -186,7 +186,7 @@ public final class IdenTokenSettingsEditor implements IVerifySetting
break; break;
} }
} }
else if (args[i].compareToIgnoreCase("-set") == 0) else if (args[i].equalsIgnoreCase("-set"))
{ {
// Set setting operation requested // Set setting operation requested
if (op == null) if (op == null)
@ -213,7 +213,7 @@ public final class IdenTokenSettingsEditor implements IVerifySetting
break; break;
} }
} }
else if (args[i].compareToIgnoreCase("-remove") == 0) else if (args[i].equalsIgnoreCase("-remove"))
{ {
// Remove setting operation requested // Remove setting operation requested
if (op == null) if (op == null)

6
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Krb5Authenticate.java
View File

@ -229,9 +229,9 @@ public final class Krb5Authenticate implements AuthMechanism, Serializable
String realmType = m_svcConfig.m_realmsInfo.getType(authReqMsg.getRealm()); String realmType = m_svcConfig.m_realmsInfo.getType(authReqMsg.getRealm());
if (realmType != null) if (realmType != null)
{ {
if (realmType.compareToIgnoreCase(RealmsInfo.eDirectoryRealm) == 0) if (realmType.equalsIgnoreCase(RealmsInfo.eDirectoryRealm))
searchString = "(krbPrincipalName={0})"; searchString = "(krbPrincipalName={0})";
else if (realmType.compareToIgnoreCase(RealmsInfo.ActiveDirectoryRealm) == 0) else if (realmType.equalsIgnoreCase(RealmsInfo.ActiveDirectoryRealm))
searchString = "(userPrincipalName={0})"; searchString = "(userPrincipalName={0})";
else else
{ {
@ -277,7 +277,7 @@ public final class Krb5Authenticate implements AuthMechanism, Serializable
catch (NamingException e) catch (NamingException e)
{ {
// Log the error // Log the error
System.err.println("Krb5Authenticate.invoke()- NamingException: " + e.getExplanation()); System.err.println("Krb5Authenticate.invoke()- NamingException: " + e.toString());
} }
catch (Exception e) catch (Exception e)
{ {

15
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/PwdAuthenticate.java
View File

@ -73,7 +73,7 @@ public final class PwdAuthenticate implements AuthMechanism, Serializable
* @param encodedToken Base64 encoded password token. * @param encodedToken Base64 encoded password token.
* @throws IOException * @throws IOException
*/ */
public PwToken(char[] encodedToken) throws IOException public PwToken(char[] encodedToken) throws IOException, Exception
{ {
BufferedReader tokenReader = null; BufferedReader tokenReader = null;
@ -92,6 +92,13 @@ public final class PwdAuthenticate implements AuthMechanism, Serializable
// The second line contains the "password" // The second line contains the "password"
m_password = tokenReader.readLine(); m_password = tokenReader.readLine();
// Check against zero length passwords
if (m_password.equals(""))
{
System.err.println("PwToken()- Zero length password diss-allowed");
throw new Exception("Zero length password");
}
} }
finally finally
{ {
@ -201,9 +208,9 @@ public final class PwdAuthenticate implements AuthMechanism, Serializable
String realmType = m_svcConfig.m_realmsInfo.getType(authReqMsg.getRealm()); String realmType = m_svcConfig.m_realmsInfo.getType(authReqMsg.getRealm());
if (realmType != null) if (realmType != null)
{ {
if (realmType.compareToIgnoreCase(RealmsInfo.eDirectoryRealm) == 0) if (realmType.equalsIgnoreCase(RealmsInfo.eDirectoryRealm))
searchString = "(cn={0})"; searchString = "(cn={0})";
else if (realmType.compareToIgnoreCase(RealmsInfo.ActiveDirectoryRealm) == 0) else if (realmType.equalsIgnoreCase(RealmsInfo.ActiveDirectoryRealm))
searchString = "(sAMAccountName={0})"; searchString = "(sAMAccountName={0})";
else else
{ {
@ -273,7 +280,7 @@ public final class PwdAuthenticate implements AuthMechanism, Serializable
catch (NamingException e) catch (NamingException e)
{ {
// Log the error // Log the error
System.err.println("PwdAuthenticate.invoke()- NamingException on Proxy User: " + e.getExplanation()); System.err.println("PwdAuthenticate.invoke()- NamingException on Proxy User: " + e.toString());
} }
catch (Exception e) catch (Exception e)
{ {

14
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/RealmsInfo.java
View File

@ -90,7 +90,7 @@ public class RealmsInfo
{ {
RealmsTypeItem realmsTypeItem = realmsType.getRealmsTypeItem(i); RealmsTypeItem realmsTypeItem = realmsType.getRealmsTypeItem(i);
org.bandit.util.config.gen.Realm realm = realmsTypeItem.getRealm(); org.bandit.util.config.gen.Realm realm = realmsTypeItem.getRealm();
if (realm.getDesc().compareToIgnoreCase("Directory") == 0) if (realm.getDesc().equalsIgnoreCase("Directory"))
{ {
// We are dealing with a directory realm // We are dealing with a directory realm
RealmInfo realmInfo = new RealmInfo(); RealmInfo realmInfo = new RealmInfo();
@ -107,12 +107,12 @@ public class RealmsInfo
{ {
for (int iii = 0; iii < env.length; iii++) for (int iii = 0; iii < env.length; iii++)
{ {
if (env[iii].getProp().compareToIgnoreCase("java.naming.security.principal") == 0) if (env[iii].getProp().equalsIgnoreCase("java.naming.security.principal"))
{ {
// We found the proxy user name. Save it in case it is needed later. // We found the proxy user name. Save it in case it is needed later.
principalName = env[iii].getValue(); principalName = env[iii].getValue();
} }
else if (env[iii].getProp().compareToIgnoreCase("com.novell.casa.authtoksvc.searchroot") == 0) else if (env[iii].getProp().equalsIgnoreCase("com.novell.casa.authtoksvc.searchroot"))
{ {
// We are dealing with a search root, keep track of it. Make sure to preserve the order // We are dealing with a search root, keep track of it. Make sure to preserve the order
// in which they are found. // in which they are found.
@ -129,15 +129,15 @@ public class RealmsInfo
realmInfo.m_searchRoots = newSearchRoots; realmInfo.m_searchRoots = newSearchRoots;
} }
} }
else if (env[iii].getProp().compareToIgnoreCase("com.novell.casa.authtoksvc.directory_type") == 0) else if (env[iii].getProp().equalsIgnoreCase("com.novell.casa.authtoksvc.directory_type"))
{ {
// We are dealing with a directory type, decode it and record the result. // We are dealing with a directory type, decode it and record the result.
String realmDirectoryType = env[iii].getValue();; String realmDirectoryType = env[iii].getValue();;
if (realmDirectoryType.compareToIgnoreCase("eDir") == 0) if (realmDirectoryType.equalsIgnoreCase("eDir"))
{ {
realmInfo.m_keyValueMap.put(RealmType, eDirectoryRealm); realmInfo.m_keyValueMap.put(RealmType, eDirectoryRealm);
} }
else if (realmDirectoryType.compareToIgnoreCase("ActiveDirectory") == 0) else if (realmDirectoryType.equalsIgnoreCase("ActiveDirectory"))
{ {
realmInfo.m_keyValueMap.put(RealmType, ActiveDirectoryRealm); realmInfo.m_keyValueMap.put(RealmType, ActiveDirectoryRealm);
} }
@ -147,7 +147,7 @@ public class RealmsInfo
System.err.println("RealmsInfo: Unknown directory type"); System.err.println("RealmsInfo: Unknown directory type");
} }
} }
else if (env[iii].getProp().compareToIgnoreCase("com.novell.casa.authtoksvc.contextless_search_string") == 0) else if (env[iii].getProp().equalsIgnoreCase("com.novell.casa.authtoksvc.contextless_search_string"))
{ {
// We are dealing with the contextless search string, keep track of it. // We are dealing with the contextless search string, keep track of it.
realmInfo.m_keyValueMap.put(CntxtlessSearchString, env[iii].getValue()); realmInfo.m_keyValueMap.put(CntxtlessSearchString, env[iii].getValue());

4
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Rpc.java
View File

@ -210,7 +210,7 @@ public final class Rpc extends javax.servlet.http.HttpServlet implements javax.s
// Check if we support services that are not explicitedly enabled // Check if we support services that are not explicitedly enabled
String enabledSvcsOnly = System.getProperty("com.novell.casa.authtoksvc.enabled_svcs_only"); String enabledSvcsOnly = System.getProperty("com.novell.casa.authtoksvc.enabled_svcs_only");
if (enabledSvcsOnly != null if (enabledSvcsOnly != null
&& enabledSvcsOnly.compareToIgnoreCase("true") == 0) && enabledSvcsOnly.equalsIgnoreCase("true"))
{ {
m_enabledSvcsOnly = true; m_enabledSvcsOnly = true;
} }
@ -237,7 +237,7 @@ public final class Rpc extends javax.servlet.http.HttpServlet implements javax.s
{ {
System.err.println("Rpc.init()- Error caught: " + e.toString()); System.err.println("Rpc.init()- Error caught: " + e.toString());
e.printStackTrace(); e.printStackTrace();
throw new ServletException("Exception caught while instantiating Rpc methods", e); throw new Error("Error caught while instantiating Rpc methods", e);
} }
} }

4
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/SettingsFileSAXHandler.java
View File

@ -93,7 +93,7 @@ public final class SettingsFileSAXHandler extends org.xml.sax.helpers.DefaultHan
{ {
case AWAITING_ROOT_ELEMENT_START: case AWAITING_ROOT_ELEMENT_START:
// Verify that we are processing the expected tag // Verify that we are processing the expected tag
if (m_rootElementName.equals(qName)) if (m_rootElementName.equalsIgnoreCase(qName))
{ {
// Advance to the next state // Advance to the next state
m_state = AWAITING_SETTING_ELEMENT_START; m_state = AWAITING_SETTING_ELEMENT_START;
@ -140,7 +140,7 @@ public final class SettingsFileSAXHandler extends org.xml.sax.helpers.DefaultHan
case AWAITING_SETTING_ELEMENT_START: case AWAITING_SETTING_ELEMENT_START:
// Verify that we are processing the expected tag // Verify that we are processing the expected tag
if (m_rootElementName.equals(qName)) if (m_rootElementName.equalsIgnoreCase(qName))
{ {
// Advance to the next state // Advance to the next state
m_state = DONE_PARSING; m_state = DONE_PARSING;

13
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/SettingsFileUtil.java
View File

@ -86,6 +86,11 @@ public final class SettingsFileUtil
System.err.println("Settings file " + filePath + " format error"); System.err.println("Settings file " + filePath + " format error");
doc = null; doc = null;
} }
catch (Exception e)
{
System.err.println("Settings file " + filePath + " Exception=" + e.toString());
doc = null;
}
finally finally
{ {
if (inStream != null) if (inStream != null)
@ -201,7 +206,7 @@ public final class SettingsFileUtil
{ {
File f = new File(filePath); File f = new File(filePath);
boolean createStatus = f.createNewFile(); boolean createStatus = f.createNewFile();
if (createStatus == true) if (createStatus)
{ {
out = new FileOutputStream(f); out = new FileOutputStream(f);
OutputFormat format = new OutputFormat(doc); OutputFormat format = new OutputFormat(doc);
@ -275,7 +280,7 @@ public final class SettingsFileUtil
{ {
next = child.getNextSibling(); next = child.getNextSibling();
if (child.getNodeType() == Node.ELEMENT_NODE if (child.getNodeType() == Node.ELEMENT_NODE
&& child.getLocalName().compareToIgnoreCase(setting) == 0) && child.getLocalName().equalsIgnoreCase(setting))
{ {
System.out.println(child.getLocalName() + "=" + child.getTextContent()); System.out.println(child.getLocalName() + "=" + child.getTextContent());
settingFound = true; settingFound = true;
@ -327,7 +332,7 @@ public final class SettingsFileUtil
{ {
next = child.getNextSibling(); next = child.getNextSibling();
if (child.getNodeType() == Node.ELEMENT_NODE if (child.getNodeType() == Node.ELEMENT_NODE
&& child.getLocalName().compareToIgnoreCase(setting) == 0) && child.getLocalName().equalsIgnoreCase(setting))
{ {
// Change the value of the setting // Change the value of the setting
child.setTextContent(value); child.setTextContent(value);
@ -435,7 +440,7 @@ public final class SettingsFileUtil
{ {
next = child.getNextSibling(); next = child.getNextSibling();
if (child.getNodeType() == Node.ELEMENT_NODE if (child.getNodeType() == Node.ELEMENT_NODE
&& child.getLocalName().compareToIgnoreCase(setting) == 0) && child.getLocalName().equalsIgnoreCase(setting))
{ {
// Remove the element from the document // Remove the element from the document
root.removeChild(child); root.removeChild(child);

12
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/SvcConfig.java
View File

@ -250,7 +250,7 @@ public final class SvcConfig
// The setting is not in our map, check if it is one to // The setting is not in our map, check if it is one to
// which we have defaults. // which we have defaults.
if (settingName.equals(SessionTokenLifetime) == true) if (settingName.equalsIgnoreCase(SessionTokenLifetime))
{ {
value = DefaultSessionTokenLifetimeValue; value = DefaultSessionTokenLifetimeValue;
System.err.println("SvcConfig.getSetting()- Assigning default value " + value); System.err.println("SvcConfig.getSetting()- Assigning default value " + value);
@ -258,7 +258,7 @@ public final class SvcConfig
// Add the key to the map so that it can be found quicker next time // Add the key to the map so that it can be found quicker next time
m_svcSettingsMap.put(SessionTokenLifetime, DefaultSessionTokenLifetimeValue); m_svcSettingsMap.put(SessionTokenLifetime, DefaultSessionTokenLifetimeValue);
} }
else if (settingName.equals(LifetimeShorter) == true) else if (settingName.equalsIgnoreCase(LifetimeShorter))
{ {
value = DefaultLifetimeShorterValue; value = DefaultLifetimeShorterValue;
System.err.println("SvcConfig.getSetting()- Assigning default value " + value); System.err.println("SvcConfig.getSetting()- Assigning default value " + value);
@ -266,7 +266,7 @@ public final class SvcConfig
// Add the key to the map so that it can be found quicker next time // Add the key to the map so that it can be found quicker next time
m_svcSettingsMap.put(LifetimeShorter, DefaultLifetimeShorterValue); m_svcSettingsMap.put(LifetimeShorter, DefaultLifetimeShorterValue);
} }
else if (settingName.equals(ReconfigureInterval) == true) else if (settingName.equalsIgnoreCase(ReconfigureInterval))
{ {
value = DefaultReconfigureIntervalValue; value = DefaultReconfigureIntervalValue;
System.err.println("SvcConfig.getSetting()- Assigning default value " + value); System.err.println("SvcConfig.getSetting()- Assigning default value " + value);
@ -274,7 +274,7 @@ public final class SvcConfig
// Add the key to the map so that it can be found quicker next time // Add the key to the map so that it can be found quicker next time
m_svcSettingsMap.put(ReconfigureInterval, DefaultReconfigureIntervalValue); m_svcSettingsMap.put(ReconfigureInterval, DefaultReconfigureIntervalValue);
} }
else if (settingName.equals(SigningKeyAliasName) == true) else if (settingName.equalsIgnoreCase(SigningKeyAliasName))
{ {
value = DefaultSigningKeyAliasNameValue; value = DefaultSigningKeyAliasNameValue;
System.err.println("SvcConfig.getSetting()- Assigning default value " + value); System.err.println("SvcConfig.getSetting()- Assigning default value " + value);
@ -282,7 +282,7 @@ public final class SvcConfig
// Add the key to the map so that it can be found quicker next time // Add the key to the map so that it can be found quicker next time
m_svcSettingsMap.put(SigningKeyAliasName, DefaultSigningKeyAliasNameValue); m_svcSettingsMap.put(SigningKeyAliasName, DefaultSigningKeyAliasNameValue);
} }
else if (settingName.equals(SigningKeyPassword) == true) else if (settingName.equalsIgnoreCase(SigningKeyPassword))
{ {
value = DefaultSigningKeyPasswordValue; value = DefaultSigningKeyPasswordValue;
System.err.println("SvcConfig.getSetting()- Assigning default value " + value); System.err.println("SvcConfig.getSetting()- Assigning default value " + value);
@ -290,7 +290,7 @@ public final class SvcConfig
// Add the key to the map so that it can be found quicker next time // Add the key to the map so that it can be found quicker next time
m_svcSettingsMap.put(SigningKeyPassword, DefaultSigningKeyPasswordValue); m_svcSettingsMap.put(SigningKeyPassword, DefaultSigningKeyPasswordValue);
} }
else if (settingName.equals(IdentityAbstractionConfigFile) == true) else if (settingName.equalsIgnoreCase(IdentityAbstractionConfigFile))
{ {
System.err.println("SvcConfig.getSetting()- Mandatory setting " + IdentityAbstractionConfigFile + " not set"); System.err.println("SvcConfig.getSetting()- Mandatory setting " + IdentityAbstractionConfigFile + " not set");
throw new Exception("Missing mandatory configuration setting"); throw new Exception("Missing mandatory configuration setting");

36
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/SvcSettingsEditor.java
View File

@ -70,17 +70,17 @@ public final class SvcSettingsEditor implements IVerifySetting
{ {
boolean result = false; boolean result = false;
if (setting.compareToIgnoreCase(SvcConfig.SessionTokenLifetime) == 0) if (setting.equalsIgnoreCase(SvcConfig.SessionTokenLifetime))
result = true; result = true;
else if (setting.compareToIgnoreCase(SvcConfig.LifetimeShorter) == 0) else if (setting.equalsIgnoreCase(SvcConfig.LifetimeShorter))
result = true; result = true;
else if (setting.compareToIgnoreCase(SvcConfig.IdentityAbstractionConfigFile) == 0) else if (setting.equalsIgnoreCase(SvcConfig.IdentityAbstractionConfigFile))
result = true; result = true;
else if (setting.compareToIgnoreCase(SvcConfig.ReconfigureInterval) == 0) else if (setting.equalsIgnoreCase(SvcConfig.ReconfigureInterval))
result = true; result = true;
else if (setting.compareToIgnoreCase(SvcConfig.SigningKeyAliasName) == 0) else if (setting.equalsIgnoreCase(SvcConfig.SigningKeyAliasName))
result = true; result = true;
else if (setting.compareToIgnoreCase(SvcConfig.SigningKeyPassword) == 0) else if (setting.equalsIgnoreCase(SvcConfig.SigningKeyPassword))
result = true; result = true;
else else
System.out.println("Invalid setting specified"); System.out.println("Invalid setting specified");
@ -101,7 +101,7 @@ public final class SvcSettingsEditor implements IVerifySetting
{ {
String validSetting = null; String validSetting = null;
if (setting.compareToIgnoreCase(SvcConfig.SessionTokenLifetime) == 0) if (setting.equalsIgnoreCase(SvcConfig.SessionTokenLifetime))
{ {
// Verify that we are dealing with a numeric value // Verify that we are dealing with a numeric value
try try
@ -116,7 +116,7 @@ public final class SvcSettingsEditor implements IVerifySetting
System.out.println("Invalid setting value specified"); System.out.println("Invalid setting value specified");
} }
} }
else if (setting.compareToIgnoreCase(SvcConfig.LifetimeShorter) == 0) else if (setting.equalsIgnoreCase(SvcConfig.LifetimeShorter))
{ {
// Verify that we are dealing with a numeric value // Verify that we are dealing with a numeric value
try try
@ -131,7 +131,7 @@ public final class SvcSettingsEditor implements IVerifySetting
System.out.println("Invalid setting value specified"); System.out.println("Invalid setting value specified");
} }
} }
else if (setting.compareToIgnoreCase(SvcConfig.IdentityAbstractionConfigFile) == 0) else if (setting.equalsIgnoreCase(SvcConfig.IdentityAbstractionConfigFile))
{ {
// Output a warning if the specified file does not exist // Output a warning if the specified file does not exist
try try
@ -150,7 +150,7 @@ public final class SvcSettingsEditor implements IVerifySetting
// Always succeed // Always succeed
validSetting = SvcConfig.IdentityAbstractionConfigFile; validSetting = SvcConfig.IdentityAbstractionConfigFile;
} }
else if (setting.compareToIgnoreCase(SvcConfig.ReconfigureInterval) == 0) else if (setting.equalsIgnoreCase(SvcConfig.ReconfigureInterval))
{ {
// Verify that we are dealing with a numeric value // Verify that we are dealing with a numeric value
try try
@ -165,11 +165,11 @@ public final class SvcSettingsEditor implements IVerifySetting
System.out.println("Invalid setting value specified"); System.out.println("Invalid setting value specified");
} }
} }
else if (setting.compareToIgnoreCase(SvcConfig.SigningKeyAliasName) == 0) else if (setting.equalsIgnoreCase(SvcConfig.SigningKeyAliasName))
{ {
validSetting = SvcConfig.SigningKeyAliasName; validSetting = SvcConfig.SigningKeyAliasName;
} }
else if (setting.compareToIgnoreCase(SvcConfig.SigningKeyPassword) == 0) else if (setting.equalsIgnoreCase(SvcConfig.SigningKeyPassword))
{ {
validSetting = SvcConfig.SigningKeyPassword; validSetting = SvcConfig.SigningKeyPassword;
} }
@ -198,7 +198,7 @@ public final class SvcSettingsEditor implements IVerifySetting
for (int i = 0; i < args.length; i++) for (int i = 0; i < args.length; i++)
{ {
// Proceed based on the command // Proceed based on the command
if (args[i].compareToIgnoreCase("-file") == 0) if (args[i].equalsIgnoreCase("-file"))
{ {
// The next argument should contain the filepath // The next argument should contain the filepath
if (args.length > (i + 1)) if (args.length > (i + 1))
@ -212,7 +212,7 @@ public final class SvcSettingsEditor implements IVerifySetting
break; break;
} }
} }
else if (args[i].compareToIgnoreCase("-list") == 0) else if (args[i].equalsIgnoreCase("-list"))
{ {
// List operation requested // List operation requested
if (op == null) if (op == null)
@ -225,7 +225,7 @@ public final class SvcSettingsEditor implements IVerifySetting
break; break;
} }
} }
else if (args[i].compareToIgnoreCase("-create") == 0) else if (args[i].equalsIgnoreCase("-create"))
{ {
// List operation requested // List operation requested
if (op == null) if (op == null)
@ -238,7 +238,7 @@ public final class SvcSettingsEditor implements IVerifySetting
break; break;
} }
} }
else if (args[i].compareToIgnoreCase("-get") == 0) else if (args[i].equalsIgnoreCase("-get"))
{ {
// Get setting operation requested // Get setting operation requested
if (op == null) if (op == null)
@ -263,7 +263,7 @@ public final class SvcSettingsEditor implements IVerifySetting
break; break;
} }
} }
else if (args[i].compareToIgnoreCase("-set") == 0) else if (args[i].equalsIgnoreCase("-set"))
{ {
// Set setting operation requested // Set setting operation requested
if (op == null) if (op == null)
@ -290,7 +290,7 @@ public final class SvcSettingsEditor implements IVerifySetting
break; break;
} }
} }
else if (args[i].compareToIgnoreCase("-remove") == 0) else if (args[i].equalsIgnoreCase("-remove"))
{ {
// Remove setting operation requested // Remove setting operation requested
if (op == null) if (op == null)

222
CASA-auth-token/server-java/Svc/tomcat5/conf/linux/server-ibm.xml
View File

@ -1,6 +1,4 @@
<!-- Example Server Configuration File --> <!-- CASA ATS Server Configuration File -->
<!-- Note that component elements are nested corresponding to their
parent-child relationships with each other -->
<!-- A "Server" is a singleton element that represents the entire JVM, <!-- A "Server" is a singleton element that represents the entire JVM,
which may contain one or more "Service" instances. The Server which may contain one or more "Service" instances. The Server
@ -13,18 +11,6 @@
<Server port="8585" shutdown="SHUTDOWN" debug="0"> <Server port="8585" shutdown="SHUTDOWN" debug="0">
<!-- Comment these entries out to disable JMX MBeans support -->
<!-- You may also configure custom components (e.g. Valves/Realms) by
including your own mbean-descriptor file(s), and setting the
"descriptors" attribute to point to a ';' seperated list of paths
(in the ClassLoader sense) of files to add to the default list.
e.g. descriptors="/com/myfirm/mypackage/mbean-descriptor.xml"
-->
<Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
debug="0"/>
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"
debug="0"/>
<!-- Global JNDI resources --> <!-- Global JNDI resources -->
<GlobalNamingResources> <GlobalNamingResources>
@ -88,51 +74,19 @@
IP address of the remote client. IP address of the remote client.
--> -->
<!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -->
<!--
<Connector port="8080"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
debug="0" connectionTimeout="20000"
disableUploadTimeout="true" />
-->
<!-- Note : To disable connection timeouts, set connectionTimeout value <!-- Note : To disable connection timeouts, set connectionTimeout value
to 0 --> to 0 -->
<!-- Note : To use gzip compression you could set the following properties :
compression="on"
compressionMinSize="2048"
noCompressionUserAgents="gozilla, traviata"
compressableMimeType="text/html,text/xml"
-->
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 2645 --> <!-- Define a SSL Coyote HTTP/1.1 Connector on port 2645 -->
<Connector port="2645" <Connector port="2645"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true" enableLookups="false" disableUploadTimeout="true"
maxPostSize="16384" connectionTimeout="10000"
acceptCount="100" debug="0" scheme="https" secure="true" acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" clientAuth="false" sslProtocol="TLS"
keystoreFile="/etc/CASA/authtoken/keys/server/jks-store" keystoreFile="/etc/CASA/authtoken/keys/server/jks-store"
keystorePass="secret" algorithm="IbmX509" /> keystorePass="secret" algorithm="IbmX509" />
<!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -->
<!--
<Connector port="8009"
enableLookups="false" redirectPort="8443" debug="0"
protocol="AJP/1.3" />
-->
<!-- Define a Proxied HTTP/1.1 Connector on port 8082 -->
<!-- See proxy documentation for more information about using this. -->
<!--
<Connector port="8082"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false"
acceptCount="100" debug="0" connectionTimeout="20000"
proxyPort="80" disableUploadTimeout="true" />
-->
<!-- An Engine represents the entry point (within Catalina) that processes <!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them analyzes the HTTP headers included with the request, and passes them
@ -177,41 +131,6 @@
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
debug="0" resourceName="UserDatabase"/> debug="0" resourceName="UserDatabase"/>
<!-- Comment out the old realm but leave here for now in case we
need to go back quickly -->
<!--
<Realm className="org.apache.catalina.realm.MemoryRealm" />
-->
<!-- Replace the above Realm with one of the following to get a Realm
stored in a database and accessed via JDBC -->
<!--
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="org.gjt.mm.mysql.Driver"
connectionURL="jdbc:mysql://localhost/authority"
connectionName="test" connectionPassword="test"
userTable="users" userNameCol="user_name" userCredCol="user_pass"
userRoleTable="user_roles" roleNameCol="role_name" />
-->
<!--
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="oracle.jdbc.driver.OracleDriver"
connectionURL="jdbc:oracle:thin:@ntserver:1521:ORCL"
connectionName="scott" connectionPassword="tiger"
userTable="users" userNameCol="user_name" userCredCol="user_pass"
userRoleTable="user_roles" roleNameCol="role_name" />
-->
<!--
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="sun.jdbc.odbc.JdbcOdbcDriver"
connectionURL="jdbc:odbc:CATALINA"
userTable="users" userNameCol="user_name" userCredCol="user_pass"
userRoleTable="user_roles" roleNameCol="role_name" />
-->
<!-- Define the default virtual host <!-- Define the default virtual host
Note: XML Schema validation will not work with Xerces 2.2. Note: XML Schema validation will not work with Xerces 2.2.
--> -->
@ -219,143 +138,6 @@
unpackWARs="true" autoDeploy="true" unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false"> xmlValidation="false" xmlNamespaceAware="false">
<!-- Defines a cluster for this node,
By defining this element, means that every manager will be changed.
So when running a cluster, only make sure that you have webapps in there
that need to be clustered and remove the other ones.
A cluster has the following parameters:
className = the fully qualified name of the cluster class
name = a descriptive name for your cluster, can be anything
debug = the debug level, higher means more output
mcastAddr = the multicast address, has to be the same for all the nodes
mcastPort = the multicast port, has to be the same for all the nodes
mcastBindAddr = bind the multicast socket to a specific address
mcastTTL = the multicast TTL if you want to limit your broadcast
mcastSoTimeout = the multicast readtimeout
mcastFrequency = the number of milliseconds in between sending a "I'm alive" heartbeat
mcastDropTime = the number a milliseconds before a node is considered "dead" if no heartbeat is received
tcpThreadCount = the number of threads to handle incoming replication requests, optimal would be the same amount of threads as nodes
tcpListenAddress = the listen address (bind address) for TCP cluster request on this host,
in case of multiple ethernet cards.
auto means that address becomes
InetAddress.getLocalHost().getHostAddress()
tcpListenPort = the tcp listen port
tcpSelectorTimeout = the timeout (ms) for the Selector.select() method in case the OS
has a wakup bug in java.nio. Set to 0 for no timeout
printToScreen = true means that managers will also print to std.out
expireSessionsOnShutdown = true means that
useDirtyFlag = true means that we only replicate a session after setAttribute,removeAttribute has been called.
false means to replicate the session after each request.
false means that replication would work for the following piece of code:
<%
HashMap map = (HashMap)session.getAttribute("map");
map.put("key","value");
%>
replicationMode = can be either 'pooled', 'synchronous' or 'asynchronous'.
* Pooled means that the replication happens using several sockets in a synchronous way. Ie, the data gets replicated, then the request return. This is the same as the 'synchronous' setting except it uses a pool of sockets, hence it is multithreaded. This is the fastest and safest configuration. To use this, also increase the nr of tcp threads that you have dealing with replication.
* Synchronous means that the thread that executes the request, is also the
thread the replicates the data to the other nodes, and will not return until all
nodes have received the information.
* Asynchronous means that there is a specific 'sender' thread for each cluster node,
so the request thread will queue the replication request into a "smart" queue,
and then return to the client.
The "smart" queue is a queue where when a session is added to the queue, and the same session
already exists in the queue from a previous request, that session will be replaced
in the queue instead of replicating two requests. This almost never happens, unless there is a
large network delay.
-->
<!--
When configuring for clustering, you also add in a valve to catch all the requests
coming in, at the end of the request, the session may or may not be replicated.
A session is replicated if and only if all the conditions are met:
1. useDirtyFlag is true or setAttribute or removeAttribute has been called AND
2. a session exists (has been created)
3. the request is not trapped by the "filter" attribute
The filter attribute is to filter out requests that could not modify the session,
hence we don't replicate the session after the end of this request.
The filter is negative, ie, anything you put in the filter, you mean to filter out,
ie, no replication will be done on requests that match one of the filters.
The filter attribute is delimited by ;, so you can't escape out ; even if you wanted to.
filter=".*\.gif;.*\.js;" means that we will not replicate the session after requests with the URI
ending with .gif and .js are intercepted.
The deployer element can be used to deploy apps cluster wide.
Currently the deployment only deploys/undeploys to working members in the cluster
so no WARs are copied upons startup of a broken node.
The deployer watches a directory (watchDir) for WAR files when watchEnabled="true"
When a new war file is added the war gets deployed to the local instance,
and then deployed to the other instances in the cluster.
When a war file is deleted from the watchDir the war is undeployed locally
and cluster wide
-->
<!--
<Cluster className="org.apache.catalina.cluster.tcp.SimpleTcpCluster"
managerClassName="org.apache.catalina.cluster.session.DeltaManager"
expireSessionsOnShutdown="false"
useDirtyFlag="true">
<Membership
className="org.apache.catalina.cluster.mcast.McastService"
mcastAddr="228.0.0.4"
mcastPort="45564"
mcastFrequency="500"
mcastDropTime="3000"/>
<Receiver
className="org.apache.catalina.cluster.tcp.ReplicationListener"
tcpListenAddress="auto"
tcpListenPort="4001"
tcpSelectorTimeout="100"
tcpThreadCount="6"/>
<Sender
className="org.apache.catalina.cluster.tcp.ReplicationTransmitter"
replicationMode="pooled"/>
<Valve className="org.apache.catalina.cluster.tcp.ReplicationValve"
filter=".*\.gif;.*\.js;.*\.jpg;.*\.htm;.*\.html;.*\.txt;"/>
<Deployer className="org.apache.catalina.cluster.deploy.FarmWarDeployer"
tempDir="/tmp/war-temp/"
deployDir="/tmp/war-deploy/"
watchDir="/tmp/war-listen/"
watchEnabled="false"/>
</Cluster>
-->
<!-- Normally, users must authenticate themselves to each web app
individually. Uncomment the following entry if you would like
a user to be authenticated the first time they encounter a
resource protected by a security constraint, and then have that
user identity maintained across *all* web applications contained
in this virtual host. -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn"
debug="0"/>
-->
<!-- Access log processes all requests for this virtual host. By <!-- Access log processes all requests for this virtual host. By
default, log files are created in the "logs" directory relative to default, log files are created in the "logs" directory relative to
$CATALINA_HOME. If you wish, you can specify a different $CATALINA_HOME. If you wish, you can specify a different

222
CASA-auth-token/server-java/Svc/tomcat5/conf/linux/server-sun.xml
View File

@ -1,6 +1,4 @@
<!-- Example Server Configuration File --> <!-- CASA ATS Server Configuration File -->
<!-- Note that component elements are nested corresponding to their
parent-child relationships with each other -->
<!-- A "Server" is a singleton element that represents the entire JVM, <!-- A "Server" is a singleton element that represents the entire JVM,
which may contain one or more "Service" instances. The Server which may contain one or more "Service" instances. The Server
@ -13,18 +11,6 @@
<Server port="8585" shutdown="SHUTDOWN" debug="0"> <Server port="8585" shutdown="SHUTDOWN" debug="0">
<!-- Comment these entries out to disable JMX MBeans support -->
<!-- You may also configure custom components (e.g. Valves/Realms) by
including your own mbean-descriptor file(s), and setting the
"descriptors" attribute to point to a ';' seperated list of paths
(in the ClassLoader sense) of files to add to the default list.
e.g. descriptors="/com/myfirm/mypackage/mbean-descriptor.xml"
-->
<Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
debug="0"/>
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"
debug="0"/>
<!-- Global JNDI resources --> <!-- Global JNDI resources -->
<GlobalNamingResources> <GlobalNamingResources>
@ -88,51 +74,19 @@
IP address of the remote client. IP address of the remote client.
--> -->
<!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -->
<!--
<Connector port="8080"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
debug="0" connectionTimeout="20000"
disableUploadTimeout="true" />
-->
<!-- Note : To disable connection timeouts, set connectionTimeout value <!-- Note : To disable connection timeouts, set connectionTimeout value
to 0 --> to 0 -->
<!-- Note : To use gzip compression you could set the following properties :
compression="on"
compressionMinSize="2048"
noCompressionUserAgents="gozilla, traviata"
compressableMimeType="text/html,text/xml"
-->
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 2645 --> <!-- Define a SSL Coyote HTTP/1.1 Connector on port 2645 -->
<Connector port="2645" <Connector port="2645"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true" enableLookups="false" disableUploadTimeout="true"
maxPostSize="16384" connectionTimeout="10000"
acceptCount="100" debug="0" scheme="https" secure="true" acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" clientAuth="false" sslProtocol="TLS"
keystoreFile="/etc/CASA/authtoken/keys/server/jks-store" keystoreFile="/etc/CASA/authtoken/keys/server/jks-store"
keystorePass="secret" algorithm="SunX509" /> keystorePass="secret" algorithm="SunX509" />
<!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -->
<!--
<Connector port="8009"
enableLookups="false" redirectPort="8443" debug="0"
protocol="AJP/1.3" />
-->
<!-- Define a Proxied HTTP/1.1 Connector on port 8082 -->
<!-- See proxy documentation for more information about using this. -->
<!--
<Connector port="8082"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false"
acceptCount="100" debug="0" connectionTimeout="20000"
proxyPort="80" disableUploadTimeout="true" />
-->
<!-- An Engine represents the entry point (within Catalina) that processes <!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them analyzes the HTTP headers included with the request, and passes them
@ -177,41 +131,6 @@
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
debug="0" resourceName="UserDatabase"/> debug="0" resourceName="UserDatabase"/>
<!-- Comment out the old realm but leave here for now in case we
need to go back quickly -->
<!--
<Realm className="org.apache.catalina.realm.MemoryRealm" />
-->
<!-- Replace the above Realm with one of the following to get a Realm
stored in a database and accessed via JDBC -->
<!--
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="org.gjt.mm.mysql.Driver"
connectionURL="jdbc:mysql://localhost/authority"
connectionName="test" connectionPassword="test"
userTable="users" userNameCol="user_name" userCredCol="user_pass"
userRoleTable="user_roles" roleNameCol="role_name" />
-->
<!--
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="oracle.jdbc.driver.OracleDriver"
connectionURL="jdbc:oracle:thin:@ntserver:1521:ORCL"
connectionName="scott" connectionPassword="tiger"
userTable="users" userNameCol="user_name" userCredCol="user_pass"
userRoleTable="user_roles" roleNameCol="role_name" />
-->
<!--
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="sun.jdbc.odbc.JdbcOdbcDriver"
connectionURL="jdbc:odbc:CATALINA"
userTable="users" userNameCol="user_name" userCredCol="user_pass"
userRoleTable="user_roles" roleNameCol="role_name" />
-->
<!-- Define the default virtual host <!-- Define the default virtual host
Note: XML Schema validation will not work with Xerces 2.2. Note: XML Schema validation will not work with Xerces 2.2.
--> -->
@ -219,143 +138,6 @@
unpackWARs="true" autoDeploy="true" unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false"> xmlValidation="false" xmlNamespaceAware="false">
<!-- Defines a cluster for this node,
By defining this element, means that every manager will be changed.
So when running a cluster, only make sure that you have webapps in there
that need to be clustered and remove the other ones.
A cluster has the following parameters:
className = the fully qualified name of the cluster class
name = a descriptive name for your cluster, can be anything
debug = the debug level, higher means more output
mcastAddr = the multicast address, has to be the same for all the nodes
mcastPort = the multicast port, has to be the same for all the nodes
mcastBindAddr = bind the multicast socket to a specific address
mcastTTL = the multicast TTL if you want to limit your broadcast
mcastSoTimeout = the multicast readtimeout
mcastFrequency = the number of milliseconds in between sending a "I'm alive" heartbeat
mcastDropTime = the number a milliseconds before a node is considered "dead" if no heartbeat is received
tcpThreadCount = the number of threads to handle incoming replication requests, optimal would be the same amount of threads as nodes
tcpListenAddress = the listen address (bind address) for TCP cluster request on this host,
in case of multiple ethernet cards.
auto means that address becomes
InetAddress.getLocalHost().getHostAddress()
tcpListenPort = the tcp listen port
tcpSelectorTimeout = the timeout (ms) for the Selector.select() method in case the OS
has a wakup bug in java.nio. Set to 0 for no timeout
printToScreen = true means that managers will also print to std.out
expireSessionsOnShutdown = true means that
useDirtyFlag = true means that we only replicate a session after setAttribute,removeAttribute has been called.
false means to replicate the session after each request.
false means that replication would work for the following piece of code:
<%
HashMap map = (HashMap)session.getAttribute("map");
map.put("key","value");
%>
replicationMode = can be either 'pooled', 'synchronous' or 'asynchronous'.
* Pooled means that the replication happens using several sockets in a synchronous way. Ie, the data gets replicated, then the request return. This is the same as the 'synchronous' setting except it uses a pool of sockets, hence it is multithreaded. This is the fastest and safest configuration. To use this, also increase the nr of tcp threads that you have dealing with replication.
* Synchronous means that the thread that executes the request, is also the
thread the replicates the data to the other nodes, and will not return until all
nodes have received the information.
* Asynchronous means that there is a specific 'sender' thread for each cluster node,
so the request thread will queue the replication request into a "smart" queue,
and then return to the client.
The "smart" queue is a queue where when a session is added to the queue, and the same session
already exists in the queue from a previous request, that session will be replaced
in the queue instead of replicating two requests. This almost never happens, unless there is a
large network delay.
-->
<!--
When configuring for clustering, you also add in a valve to catch all the requests
coming in, at the end of the request, the session may or may not be replicated.
A session is replicated if and only if all the conditions are met:
1. useDirtyFlag is true or setAttribute or removeAttribute has been called AND
2. a session exists (has been created)
3. the request is not trapped by the "filter" attribute
The filter attribute is to filter out requests that could not modify the session,
hence we don't replicate the session after the end of this request.
The filter is negative, ie, anything you put in the filter, you mean to filter out,
ie, no replication will be done on requests that match one of the filters.
The filter attribute is delimited by ;, so you can't escape out ; even if you wanted to.
filter=".*\.gif;.*\.js;" means that we will not replicate the session after requests with the URI
ending with .gif and .js are intercepted.
The deployer element can be used to deploy apps cluster wide.
Currently the deployment only deploys/undeploys to working members in the cluster
so no WARs are copied upons startup of a broken node.
The deployer watches a directory (watchDir) for WAR files when watchEnabled="true"
When a new war file is added the war gets deployed to the local instance,
and then deployed to the other instances in the cluster.
When a war file is deleted from the watchDir the war is undeployed locally
and cluster wide
-->
<!--
<Cluster className="org.apache.catalina.cluster.tcp.SimpleTcpCluster"
managerClassName="org.apache.catalina.cluster.session.DeltaManager"
expireSessionsOnShutdown="false"
useDirtyFlag="true">
<Membership
className="org.apache.catalina.cluster.mcast.McastService"
mcastAddr="228.0.0.4"
mcastPort="45564"
mcastFrequency="500"
mcastDropTime="3000"/>
<Receiver
className="org.apache.catalina.cluster.tcp.ReplicationListener"
tcpListenAddress="auto"
tcpListenPort="4001"
tcpSelectorTimeout="100"
tcpThreadCount="6"/>
<Sender
className="org.apache.catalina.cluster.tcp.ReplicationTransmitter"
replicationMode="pooled"/>
<Valve className="org.apache.catalina.cluster.tcp.ReplicationValve"
filter=".*\.gif;.*\.js;.*\.jpg;.*\.htm;.*\.html;.*\.txt;"/>
<Deployer className="org.apache.catalina.cluster.deploy.FarmWarDeployer"
tempDir="/tmp/war-temp/"
deployDir="/tmp/war-deploy/"
watchDir="/tmp/war-listen/"
watchEnabled="false"/>
</Cluster>
-->
<!-- Normally, users must authenticate themselves to each web app
individually. Uncomment the following entry if you would like
a user to be authenticated the first time they encounter a
resource protected by a security constraint, and then have that
user identity maintained across *all* web applications contained
in this virtual host. -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn"
debug="0"/>
-->
<!-- Access log processes all requests for this virtual host. By <!-- Access log processes all requests for this virtual host. By
default, log files are created in the "logs" directory relative to default, log files are created in the "logs" directory relative to
$CATALINA_HOME. If you wish, you can specify a different $CATALINA_HOME. If you wish, you can specify a different

15
CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.changes
View File

@ -1,3 +1,18 @@
-------------------------------------------------------------------
Tue Feb 13 16:41:46 MST 2007 - jluciani@novell.com
- Made changes to deal with recommendations given by Greg as
a result of the code review that he performed.
- Added check to protect against zero length passwords in the
Pwd authentication mechanism.
- Fixed issue that was not allowing us to associate a PID file
with the ATS service.
- Stopped deleting the user "casaatsd" during RPM un-install to
avoid problems with orphaned files.
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Feb 12 09:09:56 MST 2007 - jluciani@novell.com Mon Feb 12 09:09:56 MST 2007 - jluciani@novell.com

2
CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.spec.in
View File

@ -261,7 +261,7 @@ fi
%dir %{prefix}/share/java/CASA/authtoken/bin %dir %{prefix}/share/java/CASA/authtoken/bin
%dir /var/lib/CASA %dir /var/lib/CASA
%dir /var/lib/CASA/authtoken %dir /var/lib/CASA/authtoken
%dir /var/lib/CASA/authtoken/svc %dir %attr(-, casaatsd, casaauth) /var/lib/CASA/authtoken/svc
%dir /etc/CASA %dir /etc/CASA
%dir /etc/CASA/authtoken %dir /etc/CASA/authtoken
%dir /etc/CASA/authtoken/keys %dir /etc/CASA/authtoken/keys

5
CASA-auth-token/server-java/package/linux/CASA_auth_token_svc_4zen.spec.in
View File

@ -251,9 +251,6 @@ if test "$1" == 1; then
exit 0 exit 0
fi fi
# Delete the casaatsd user
userdel casaatsd
%files %files
%defattr(-,root,root) %defattr(-,root,root)
@ -262,7 +259,7 @@ userdel casaatsd
%dir %{prefix}/share/java/CASA/authtoken/bin %dir %{prefix}/share/java/CASA/authtoken/bin
%dir /var/lib/CASA %dir /var/lib/CASA
%dir /var/lib/CASA/authtoken %dir /var/lib/CASA/authtoken
%dir /var/lib/CASA/authtoken/svc %dir %attr(-, casaatsd, casaauth) /var/lib/CASA/authtoken/svc
%dir /etc/CASA %dir /etc/CASA
%dir /etc/CASA/authtoken %dir /etc/CASA/authtoken
%dir /etc/CASA/authtoken/keys %dir /etc/CASA/authtoken/keys