Created the ATS daemon and made necessary RPM install changes to allow
for its deployment.
This commit is contained in:
Juan Carlos Luciani
@@ -20,10 +20,9 @@
|
||||
#######################################################################
|
||||
|
||||
SUBDIRS = src
|
||||
DIST_SUBDIRS = src
|
||||
DIST_SUBDIRS = src linux
|
||||
|
||||
EXTRA_DIST = $(JAVAFILES) \
|
||||
make_and_run_test.sh \
|
||||
make_test.sh \
|
||||
run_test.sh
|
||||
|
||||
|
||||
@@ -34,10 +34,21 @@ to validate credentials consisting of CASA Authentication Tokens.
|
||||
|
||||
CONFIGURATION
|
||||
|
||||
To use CasaLoginModule for your service, set the java.security.auth.login.config
|
||||
property to point to the JAAS configuration file for your application. You must
|
||||
also set the org.xml.sax.driver property to point to an appropriate SAX Parser.
|
||||
The Xerces SAX Parser is a good option (org.apache.xerces.parsers.SAXParser).
|
||||
To configure the CasaLoginModule for your service follow the following
|
||||
steps:
|
||||
|
||||
- Set the java.security.auth.login.config property to point to the JAAS
|
||||
configuration file for your application.
|
||||
- Set the org.xml.sax.driver property to point to an appropriate SAX Parser.
|
||||
The Xerces SAX Parser is a good option (org.apache.xerces.parsers.SAXParser).
|
||||
- Include the "/etc/CASA/authtoken/keys/client" path in the applications
|
||||
CLASSPATH. This is the location of the crypto.properties file used by the
|
||||
module to access the keystore with the ATS's signing certificate.
|
||||
- Add the "/usr/share/java/CASA/authtoken/CasaJaasSupport.jar" and the
|
||||
"/usr/share/java/CASA/authtoken/CasaAuthToken.jar" paths to the applications
|
||||
CLASSPATH.
|
||||
- Add the jar files in the /usr/share/java/CASA/authtoken/external folder
|
||||
to the applications CLASSPATH.
|
||||
|
||||
The JAAS configuration file should include the following line:
|
||||
|
||||
@@ -84,9 +95,6 @@ SampleApp {
|
||||
com.novell.casa.jaas.CasaLoginModule Required debug=true;
|
||||
};
|
||||
|
||||
You must also include the CasaJaasSupport.jar and CasaAuthToken.jar files in the
|
||||
CLASSPATH of the application.
|
||||
|
||||
SECURITY CONSIDERATIONS
|
||||
|
||||
CASA Authenticatication Tokens when compromised can be used to either impersonate
|
||||
|
||||
38
CASA-auth-token/java/server/Jaas/linux/Makefile.am
Normal file
38
CASA-auth-token/java/server/Jaas/linux/Makefile.am
Normal file
@@ -0,0 +1,38 @@
|
||||
#######################################################################
|
||||
#
|
||||
# Copyright (C) 2006 Novell, Inc.
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public
|
||||
# License as published by the Free Software Foundation; either
|
||||
# version 2 of the License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
# General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||
#
|
||||
# Author: Juan Carlos Luciani <jluciani@novell.com>
|
||||
#
|
||||
#######################################################################
|
||||
|
||||
SUBDIRS =
|
||||
|
||||
DIST_SUBDIRS =
|
||||
|
||||
CFILES =
|
||||
|
||||
EXTRA_DIST = client_keystore_setup.sh \
|
||||
crypto.properties
|
||||
|
||||
.PHONY: package package-clean package-install package-uninstall
|
||||
package package-clean package-install package-uninstall:
|
||||
$(MAKE) -C $(TARGET_OS) $@
|
||||
|
||||
maintainer-clean-local:
|
||||
rm -f Makefile.in
|
||||
|
||||
51
CASA-auth-token/java/server/Jaas/linux/client_keystore_setup.sh
Executable file
51
CASA-auth-token/java/server/Jaas/linux/client_keystore_setup.sh
Executable file
@@ -0,0 +1,51 @@
|
||||
#!/bin/sh
|
||||
########################################################################
|
||||
#
|
||||
# Copyright (C) 2006 Novell, Inc. All Rights Reserved.
|
||||
#
|
||||
# This library is free software; you can redistribute it and/or
|
||||
# modify it under the terms of the GNU Lesser General Public
|
||||
# License as published by the Free Software Foundation; version 2.1
|
||||
# of the License.
|
||||
#
|
||||
# This library is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
# Library Lesser General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Lesser General Public
|
||||
# License along with this library; if not, Novell, Inc.
|
||||
#
|
||||
# To contact Novell about this file by physical or electronic mail,
|
||||
# you may find current contact information at www.novell.com.
|
||||
#
|
||||
# Author: Juan Carlos Luciani <jluciani@novell.com>
|
||||
#
|
||||
########################################################################
|
||||
|
||||
#############################################################
|
||||
# #
|
||||
# CASA Authentication Token Keystore Setup Script for #
|
||||
# auththentication token validating clients. #
|
||||
# #
|
||||
# This script sets up the certificate associated with the #
|
||||
# keys used by the ATS to sign authentication tokens in the #
|
||||
# keystore utilized by token validating clients. #
|
||||
# #
|
||||
#############################################################
|
||||
|
||||
# Do not do anything if the client keystore has already been created
|
||||
if [ -f /etc/CASA/authtoken/keys/client/jks-store ]; then
|
||||
echo "The client keystore is already setup"
|
||||
else
|
||||
if [ -f /etc/CASA/authtoken/keys/casaatsdSigningCert ]; then
|
||||
echo "Setting up the clients's keystore"
|
||||
# Import the certificate to the client's keystore
|
||||
/usr/lib/jvm/java-1.5.0-ibm/bin/keytool -import -noprompt -keystore /etc/CASA/authtoken/keys/client/jks-store -alias signingCert -storepass secret -keypass secret -file /etc/CASA/authtoken/keys/casaatsdSigningCert
|
||||
|
||||
# List the content's of the client's keystore
|
||||
#/usr/lib/jvm/java-1.5.0-ibm/bin/keytool -list -rfc -keystore client/jks-store -alias signingCert -storepass secret
|
||||
else
|
||||
echo "File /etc/CASA/authtoken/keys/casaatsdSigningCert not found"
|
||||
fi
|
||||
fi
|
||||
6
CASA-auth-token/java/server/Jaas/linux/crypto.properties
Normal file
6
CASA-auth-token/java/server/Jaas/linux/crypto.properties
Normal file
@@ -0,0 +1,6 @@
|
||||
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
|
||||
org.apache.ws.security.crypto.merlin.keystore.type=jks
|
||||
org.apache.ws.security.crypto.merlin.keystore.password=secret
|
||||
org.apache.ws.security.crypto.merlin.keystore.alias=signingCert
|
||||
org.apache.ws.security.crypto.merlin.alias.password=secret
|
||||
org.apache.ws.security.crypto.merlin.file=/etc/CASA/authtoken/keys/client/jks-store
|
||||
@@ -1,17 +0,0 @@
|
||||
#!/bin/bash
|
||||
if [ ! -d build-test ]; then
|
||||
mkdir build-test
|
||||
mkdir build-test/classes
|
||||
else
|
||||
if [ ! -d build-test/classes ]; then
|
||||
mkdir build-test/classes
|
||||
fi
|
||||
fi
|
||||
echo "*** Compiling the test application ***"
|
||||
javac -g -sourcepath src -classpath ../../lib/java/CasaJaasSupport.jar:../../lib/java/CasaAuthToken.jar -d build-test/classes src/com/novell/casa/jaas/sample/SampleApp.java src/com/novell/casa/jaas/sample/SampleAppCallbackHandler.java
|
||||
echo "*** Done compiling ***"
|
||||
echo ""
|
||||
echo "*** Starting the test application ***"
|
||||
java -classpath build-test/classes:../../lib/java/CasaJaasSupport.jar:../../lib/java/CasaAuthToken.jar:/usr/share/java/xerces-j2.jar -Dorg.xml.sax.driver=org.apache.xerces.parsers.SAXParser -Djava.security.auth.login.config=src/com/novell/casa/jaas/sample/SampleApp.conf com.novell.casa.jaas.sample.SampleApp
|
||||
#jdb -sourcepath src:../AuthTokenSvc/src -classpath build-test/classes:../../lib/java/CasaJaasSupport.jar:../../lib/java/CasaAuthToken.jar:/usr/share/java/xerces-j2.jar -Dorg.xml.sax.driver=org.apache.xerces.parsers.SAXParser -Djava.security.auth.login.config=src/com/novell/casa/jaas/sample/SampleApp.conf com.novell.casa.jaas.sample.SampleApp
|
||||
|
||||
@@ -8,6 +8,6 @@ else
|
||||
fi
|
||||
fi
|
||||
echo "*** Compiling the test application ***"
|
||||
javac -g -sourcepath src -classpath ../../lib/java/CasaJaasSupport.jar:../../lib/java/CasaAuthToken.jar -d build-test/classes src/com/novell/casa/jaas/sample/SampleApp.java src/com/novell/casa/jaas/sample/SampleAppCallbackHandler.java
|
||||
/usr/lib/jvm/java-1.5.0-ibm/bin/javac -g -sourcepath src -classpath /usr/share/java/CASA/authtoken/CasaJaasSupport.jar:/usr/share/java/CASA/authtoken/CasaAuthToken.jar -d build-test/classes src/com/novell/casa/jaas/sample/SampleApp.java src/com/novell/casa/jaas/sample/SampleAppCallbackHandler.java
|
||||
echo "*** Done compiling ***"
|
||||
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
echo "*** Starting the test application ***"
|
||||
java -classpath build-test/classes:../../lib/java/CasaJaasSupport.jar:../../lib/java/CasaAuthToken.jar:/usr/share/java/xerces-j2.jar -Dorg.xml.sax.driver=org.apache.xerces.parsers.SAXParser -Djava.security.auth.login.config=src/com/novell/casa/jaas/sample/SampleApp.conf -Xrunjdwp:transport=dt_socket,address=5005,server=y,suspend=n com.novell.casa.jaas.sample.SampleApp
|
||||
#jdb -sourcepath src:../AuthTokenSvc/src -classpath build-test/classes:../../lib/java/CasaJaasSupport.jar:../../lib/java/CasaAuthToken.jar:/usr/share/java/xerces-j2.jar -Dorg.xml.sax.driver=org.apache.xerces.parsers.SAXParser -Djava.security.auth.login.config=src/com/novell/casa/jaas/sample/SampleApp.conf com.novell.casa.jaas.sample.SampleApp
|
||||
export JAVA_HOME=/usr/lib/jvm/java-1.5.0-ibm
|
||||
/usr/lib/jvm/java-1.5.0-ibm/bin/java -classpath build-test/classes:/usr/share/java/CASA/authtoken/CasaJaasSupport.jar:/usr/share/java/CASA/authtoken/CasaAuthToken.jar:/usr/share/java/CASA/authtoken/external/axis-ant.jar:/usr/share/java/CASA/authtoken/external/axis.jar:/usr/share/java/CASA/authtoken/external/commons-discovery-0.2.jar:/usr/share/java/CASA/authtoken/external/commons-logging-1.0.4.jar:/usr/share/java/CASA/authtoken/external/commons-logging-api.jar:/usr/share/java/CASA/authtoken/external/jaxrpc.jar:/usr/share/java/CASA/authtoken/external/log4j-1.2.8.jar:/usr/share/java/CASA/authtoken/external/saaj.jar:/usr/share/java/CASA/authtoken/external/wsdl4j-1.5.1.jar:/usr/share/java/CASA/authtoken/external/wss4j-1.5.0.jar:/usr/share/java/CASA/authtoken/external/xalan.jar:/usr/share/java/CASA/authtoken/external/xercesImpl.jar:/usr/share/java/CASA/authtoken/external/xml-apis.jar:/usr/share/java/CASA/authtoken/external/xmlsec-1.2.1.jar:/usr/share/java/xerces-j2.jar:/etc/CASA/authtoken/keys/client -Dorg.xml.sax.driver=org.apache.xerces.parsers.SAXParser -Djava.security.auth.login.config=src/com/novell/casa/jaas/sample/SampleApp.conf -Xrunjdwp:transport=dt_socket,address=5005,server=y,suspend=n com.novell.casa.jaas.sample.SampleApp
|
||||
|
||||
|
||||
Reference in New Issue
Block a user