More changes as a result of project code review.
This commit is contained in:
Juan Carlos Luciani
@@ -39,9 +39,9 @@ import javax.security.auth.spi.LoginModule;
|
|||||||
import com.novell.casa.authtoksvc.AuthToken;
|
import com.novell.casa.authtoksvc.AuthToken;
|
||||||
import com.novell.casa.authtoksvc.CasaIdentityToken;
|
import com.novell.casa.authtoksvc.CasaIdentityToken;
|
||||||
|
|
||||||
/*
|
/**
|
||||||
* CasaLoginModule Class.
|
* CasaLoginModule Class.
|
||||||
*
|
* <p>
|
||||||
* This class implements a LoginModule which performs
|
* This class implements a LoginModule which performs
|
||||||
* authentication via the Casa Authentication Token
|
* authentication via the Casa Authentication Token
|
||||||
* infrastructure.
|
* infrastructure.
|
||||||
@@ -57,8 +57,10 @@ public final class CasaLoginModule implements LoginModule
|
|||||||
private Map m_sharedState = null;
|
private Map m_sharedState = null;
|
||||||
private Map m_options = null;
|
private Map m_options = null;
|
||||||
|
|
||||||
/*
|
/**
|
||||||
* (non-Javadoc)
|
* Aborts the subject authentication operation.
|
||||||
|
*
|
||||||
|
* @throws LoginException
|
||||||
* @see javax.security.auth.spi.LoginModule#abort()
|
* @see javax.security.auth.spi.LoginModule#abort()
|
||||||
*/
|
*/
|
||||||
public boolean abort() throws LoginException
|
public boolean abort() throws LoginException
|
||||||
@@ -73,8 +75,10 @@ public final class CasaLoginModule implements LoginModule
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/**
|
||||||
* (non-Javadoc)
|
* Commit the results of the subject authentication operation.
|
||||||
|
*
|
||||||
|
* @throws LoginException
|
||||||
* @see javax.security.auth.spi.LoginModule#commit()
|
* @see javax.security.auth.spi.LoginModule#commit()
|
||||||
*/
|
*/
|
||||||
public boolean commit() throws LoginException
|
public boolean commit() throws LoginException
|
||||||
@@ -104,8 +108,10 @@ public final class CasaLoginModule implements LoginModule
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/**
|
||||||
* (non-Javadoc)
|
* Authenticate subject.
|
||||||
|
*
|
||||||
|
* @throws LoginException
|
||||||
* @see javax.security.auth.spi.LoginModule#login()
|
* @see javax.security.auth.spi.LoginModule#login()
|
||||||
*/
|
*/
|
||||||
public boolean login() throws LoginException
|
public boolean login() throws LoginException
|
||||||
@@ -120,7 +126,7 @@ public final class CasaLoginModule implements LoginModule
|
|||||||
// Do not perform the username check unless configured to do it.
|
// Do not perform the username check unless configured to do it.
|
||||||
boolean performUsernameCheck = false;
|
boolean performUsernameCheck = false;
|
||||||
if (m_options != null
|
if (m_options != null
|
||||||
&& m_options.containsKey((String) "PerformUsernameCheck") == true)
|
&& m_options.containsKey("PerformUsernameCheck") == true)
|
||||||
{
|
{
|
||||||
String keyVal = (String) m_options.get("PerformUsernameCheck");
|
String keyVal = (String) m_options.get("PerformUsernameCheck");
|
||||||
if (keyVal != null && keyVal.equals("true"))
|
if (keyVal != null && keyVal.equals("true"))
|
||||||
@@ -211,18 +217,18 @@ public final class CasaLoginModule implements LoginModule
|
|||||||
else
|
else
|
||||||
{
|
{
|
||||||
// Token not provided
|
// Token not provided
|
||||||
// tbd - Log
|
|
||||||
System.err.println("CasaLoginModule.login()- Token not provided");
|
System.err.println("CasaLoginModule.login()- Token not provided");
|
||||||
throw new FailedLoginException("CasaAuthenticationToken not obtained");
|
throw new FailedLoginException("CasaAuthenticationToken not obtained");
|
||||||
}
|
}
|
||||||
|
|
||||||
// User validated
|
// User validated
|
||||||
// tbd - Log
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/**
|
||||||
* (non-Javadoc)
|
* Logout subject.
|
||||||
|
*
|
||||||
|
* @throws LoginException
|
||||||
* @see javax.security.auth.spi.LoginModule#logout()
|
* @see javax.security.auth.spi.LoginModule#logout()
|
||||||
*/
|
*/
|
||||||
public boolean logout() throws LoginException
|
public boolean logout() throws LoginException
|
||||||
@@ -230,7 +236,7 @@ public final class CasaLoginModule implements LoginModule
|
|||||||
// Check if we must try to remove our principal
|
// Check if we must try to remove our principal
|
||||||
// from the associated subject.
|
// from the associated subject.
|
||||||
if (m_principal != null
|
if (m_principal != null
|
||||||
&& m_subject.isReadOnly() == false)
|
&& m_subject.isReadOnly() == false)
|
||||||
{
|
{
|
||||||
Set principalSet = m_subject.getPrincipals();
|
Set principalSet = m_subject.getPrincipals();
|
||||||
principalSet.remove(m_principal);
|
principalSet.remove(m_principal);
|
||||||
@@ -238,15 +244,19 @@ public final class CasaLoginModule implements LoginModule
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/**
|
||||||
* (non-Javadoc)
|
* Initialize CasaLoginModule instance.
|
||||||
|
*
|
||||||
|
* @param subject The subject to be authenticated.
|
||||||
|
* @param callbackHandler Callback handler for communicating with end-user.
|
||||||
|
* @param sharedState State shared between login modules.
|
||||||
|
* @param options Module configuration options.
|
||||||
* @see javax.security.auth.spi.LoginModule#initialize(javax.security.auth.Subject, javax.security.auth.callback.CallbackHandler, java.util.Map, java.util.Map)
|
* @see javax.security.auth.spi.LoginModule#initialize(javax.security.auth.Subject, javax.security.auth.callback.CallbackHandler, java.util.Map, java.util.Map)
|
||||||
*/
|
*/
|
||||||
public void initialize(
|
public void initialize(Subject subject,
|
||||||
Subject subject,
|
CallbackHandler callbackHandler,
|
||||||
CallbackHandler callbackHandler,
|
Map sharedState,
|
||||||
Map sharedState,
|
Map options)
|
||||||
Map options)
|
|
||||||
{
|
{
|
||||||
// Save the input parameters for later use
|
// Save the input parameters for later use
|
||||||
m_subject = subject;
|
m_subject = subject;
|
||||||
|
|||||||
@@ -139,7 +139,7 @@ public final class SampleApp
|
|||||||
else
|
else
|
||||||
{
|
{
|
||||||
// The attribute value is contained in a string
|
// The attribute value is contained in a string
|
||||||
System.out.println(" :: Attribute Value: " + (String) attrValue);
|
System.out.println(" :: Attribute Value: " + attrValue);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -60,8 +60,7 @@ public final class SampleAppCallbackHandler implements CallbackHandler
|
|||||||
|
|
||||||
// Remove the null terminator
|
// Remove the null terminator
|
||||||
char[] tokenChars = new char[allChars.length - 1];
|
char[] tokenChars = new char[allChars.length - 1];
|
||||||
for (int ii = 0; ii < tokenChars.length; ii++)
|
System.arraycopy(allChars, 0, tokenChars, 0, tokenChars.length);
|
||||||
tokenChars[ii] = allChars[ii];
|
|
||||||
pc.setPassword(tokenChars);
|
pc.setPassword(tokenChars);
|
||||||
} else {
|
} else {
|
||||||
throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
|
throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
|
||||||
|
|||||||
@@ -14,6 +14,7 @@ fi
|
|||||||
|
|
||||||
CATALINA_BASE="/srv/www/casaats"
|
CATALINA_BASE="/srv/www/casaats"
|
||||||
CATALINA_HOME="/usr/share/tomcat5"
|
CATALINA_HOME="/usr/share/tomcat5"
|
||||||
|
CATALINA_PID="/var/lib/CASA/authtoken/svc/casaatsd.pid"
|
||||||
JAVA_HOME="/usr/$LIB/jvm/jre-1.5.0"
|
JAVA_HOME="/usr/$LIB/jvm/jre-1.5.0"
|
||||||
JAVA_OPTS="-Dcom.novell.casa.authtoksvc.config=/etc/CASA/authtoken/svc"
|
JAVA_OPTS="-Dcom.novell.casa.authtoksvc.config=/etc/CASA/authtoken/svc"
|
||||||
export CATALINA_BASE CATALINA_HOME JAVA_HOME JAVA_OPTS
|
export CATALINA_BASE CATALINA_HOME JAVA_HOME JAVA_OPTS
|
||||||
|
|||||||
@@ -34,6 +34,7 @@ import java.util.*;
|
|||||||
* the services enabled to use Authentication Tokens.
|
* the services enabled to use Authentication Tokens.
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
|
@SuppressWarnings({"ALL"})
|
||||||
public final class EnabledSvcsConfig
|
public final class EnabledSvcsConfig
|
||||||
{
|
{
|
||||||
private static final String m_authPolicyFileName = "auth.policy";
|
private static final String m_authPolicyFileName = "auth.policy";
|
||||||
@@ -172,7 +173,7 @@ public final class EnabledSvcsConfig
|
|||||||
// Now go through the configured hosts. Note that the services config folder
|
// Now go through the configured hosts. Note that the services config folder
|
||||||
// contains folders for each host for which there are enabled services. The folders
|
// contains folders for each host for which there are enabled services. The folders
|
||||||
// in the services config folder must match the DNS name of the hosts where
|
// in the services config folder must match the DNS name of the hosts where
|
||||||
// the enabled services reside.
|
// the enabled services reside except in the localhost case.
|
||||||
File servicesConfigFolder = new File(svcConfigPath, "enabled_services");
|
File servicesConfigFolder = new File(svcConfigPath, "enabled_services");
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
@@ -296,7 +297,7 @@ public final class EnabledSvcsConfig
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Add this hosts enabled services configuration map to the hosts map
|
// Add this hosts enabled services configuration map to the hosts map
|
||||||
m_hostsMap.put(servicesConfigFolderObjs[i], enabledSvcsConfigMap);
|
m_hostsMap.put(servicesConfigFolderObjs[i].toUpperCase(), enabledSvcsConfigMap);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
@@ -372,8 +373,7 @@ public final class EnabledSvcsConfig
|
|||||||
byte[] authPolicyData = null;
|
byte[] authPolicyData = null;
|
||||||
|
|
||||||
// First try to obtain the Map of enabled services for the host
|
// First try to obtain the Map of enabled services for the host
|
||||||
// tbd - Should we make this case insensitive?
|
Map<Object, SvcConfigEntry> enabledSvcsConfigMap = m_hostsMap.get(hostName.toUpperCase());
|
||||||
Map<Object, SvcConfigEntry> enabledSvcsConfigMap = m_hostsMap.get(hostName);
|
|
||||||
if (enabledSvcsConfigMap != null)
|
if (enabledSvcsConfigMap != null)
|
||||||
{
|
{
|
||||||
// Retrieve SvcConfigEntry for the service from the map for the host
|
// Retrieve SvcConfigEntry for the service from the map for the host
|
||||||
@@ -409,8 +409,7 @@ public final class EnabledSvcsConfig
|
|||||||
AuthTokenConfig authTokenConfig = null;
|
AuthTokenConfig authTokenConfig = null;
|
||||||
|
|
||||||
// First try to obtain the Map of enabled services for the host
|
// First try to obtain the Map of enabled services for the host
|
||||||
// tbd - Should we make this case insensitive?
|
Map<Object, SvcConfigEntry> enabledSvcsConfigMap = m_hostsMap.get(hostName.toUpperCase());
|
||||||
Map<Object, SvcConfigEntry> enabledSvcsConfigMap = m_hostsMap.get(hostName);
|
|
||||||
if (enabledSvcsConfigMap != null)
|
if (enabledSvcsConfigMap != null)
|
||||||
{
|
{
|
||||||
// Retrieve SvcConfigEntry for the service from the map for the host
|
// Retrieve SvcConfigEntry for the service from the map for the host
|
||||||
@@ -445,8 +444,7 @@ public final class EnabledSvcsConfig
|
|||||||
IdenTokenConfig idenTokenConfig = null;
|
IdenTokenConfig idenTokenConfig = null;
|
||||||
|
|
||||||
// First try to obtain the Map of enabled services for the host
|
// First try to obtain the Map of enabled services for the host
|
||||||
// tbd - Should we make this case insensitive?
|
Map<Object, SvcConfigEntry> enabledSvcsConfigMap = m_hostsMap.get(hostName.toUpperCase());
|
||||||
Map<Object, SvcConfigEntry> enabledSvcsConfigMap = m_hostsMap.get(hostName);
|
|
||||||
if (enabledSvcsConfigMap != null)
|
if (enabledSvcsConfigMap != null)
|
||||||
{
|
{
|
||||||
// Retrieve SvcConfigEntry for the service from the map for the host
|
// Retrieve SvcConfigEntry for the service from the map for the host
|
||||||
|
|||||||
Reference in New Issue
Block a user