From f8decf4b849b43e0bb40ccf9fcf7fbf8495f31ee Mon Sep 17 00:00:00 2001 From: Juan Carlos Luciani Date: Wed, 17 Jan 2007 12:14:29 +0000 Subject: [PATCH] Addressed bugs 225066 and 190821. Also fixed "ReconfigureInterval=0" issue and added the ability to search using multiple search roots configured on a per-realm basis in the iaRealms file. --- CASA-auth-token/server-java/Svc/Makefile.am | 3 +- CASA-auth-token/server-java/Svc/README | 2 +- CASA-auth-token/server-java/Svc/TODO | 1 - .../com/novell/casa/authtoksvc/AuthToken.java | 3 + .../casa/authtoksvc/CasaIdentityToken.java | 4 +- .../novell/casa/authtoksvc/GetAuthToken.java | 1 + .../novell/casa/authtoksvc/IdentityToken.java | 2 + .../casa/authtoksvc/Krb5Authenticate.java | 68 ++++-- .../com/novell/casa/authtoksvc/Makefile.am | 1 + .../casa/authtoksvc/PwdAuthenticate.java | 110 +++++---- .../novell/casa/authtoksvc/RealmsInfo.java | 211 ++++++++++++++++++ .../src/com/novell/casa/authtoksvc/Rpc.java | 5 + .../com/novell/casa/authtoksvc/SvcConfig.java | 12 +- .../server-java/Svc/templates/iaRealms.xml | 6 +- .../package/linux/CASA_auth_token_svc.changes | 19 ++ .../package/linux/CASA_auth_token_svc.spec.in | 6 +- 16 files changed, 376 insertions(+), 78 deletions(-) create mode 100644 CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/RealmsInfo.java diff --git a/CASA-auth-token/server-java/Svc/Makefile.am b/CASA-auth-token/server-java/Svc/Makefile.am index 1bcde1de..e02eca0b 100644 --- a/CASA-auth-token/server-java/Svc/Makefile.am +++ b/CASA-auth-token/server-java/Svc/Makefile.am @@ -79,6 +79,7 @@ JAVAFILES = src/com/novell/casa/authtoksvc/ProtoDefs.java \ src/com/novell/casa/authtoksvc/AuthPolicyEditor.java \ src/com/novell/casa/authtoksvc/AuthTokenSettingsEditor.java \ src/com/novell/casa/authtoksvc/IdenTokenSettingsEditor.java \ + src/com/novell/casa/authtoksvc/RealmsInfo.java \ src/com/novell/casa/authtoksvc/SvcSettingsEditor.java BUILDDIR = build @@ -119,7 +120,7 @@ AXIS_LIBS = $(AXIS_JARS_DIR)/axis.jar:$(AXIS_JARS_DIR)/saaj.jar:$(AXIS_JARS_DIR) #AXIS_LIBS = $(AXIS_JARS_DIR)/wss4j-1.5.0.jar LIBS = /usr/share/java/servletapi5.jar:/usr/share/java/xerces-j2.jar -CLASSPATH = $(AXIS_LIBS):$(IDENT_ABSTRACTION_DIR)/identity-abstraction.jar:$(IDENT_ABSTRACTION_DIR)/bandit-util.jar:$(LIBS) +CLASSPATH = $(AXIS_LIBS):$(IDENT_ABSTRACTION_DIR)/identity-abstraction.jar:$(IDENT_ABSTRACTION_DIR)/bandit-util.jar:$(IDENT_ABSTRACTION_DIR)/castor-1.0.4.jar:$(LIBS) CUR_DIR := $(shell pwd) diff --git a/CASA-auth-token/server-java/Svc/README b/CASA-auth-token/server-java/Svc/README index e58ee595..ff2c221d 100644 --- a/CASA-auth-token/server-java/Svc/README +++ b/CASA-auth-token/server-java/Svc/README @@ -105,7 +105,7 @@ The following is an example svc.settings file: Note the following about the sample svc.settings file: - The settngs that you can specify in the svc.settings file are: SessionLifetime, - LifetimeShorter, IAConfigFile, and startSearchContext. + LifetimeShorter, and IAConfigFile. - The SessionTokenLifetime setting specifies the number of seconds for which a session token is good for after being issued. The default value for this setting diff --git a/CASA-auth-token/server-java/Svc/TODO b/CASA-auth-token/server-java/Svc/TODO index 24cb6267..2b7224bd 100644 --- a/CASA-auth-token/server-java/Svc/TODO +++ b/CASA-auth-token/server-java/Svc/TODO @@ -10,7 +10,6 @@ This file contains a list of the items still outstanding for AuthTokenSvc. OUTSTANDING ITEMS -- CasaIdentityToken needs to obtain the identity source url from the identity abstraction layer. - Switch Client/Server communication to use SOAP.(This is under evaluation). - Add code to verify that client/server communications occur over HTTPS. - Add logging. diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/AuthToken.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/AuthToken.java index d3717204..6a3efc78 100644 --- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/AuthToken.java +++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/AuthToken.java @@ -80,6 +80,7 @@ public final class AuthToken * * @param identityId Id of the authenticated identity. * @param realm Realm where the identity id is valid. + * @param realmUrl Realm Url. * @param targetService Name of the targeted service. * @param targetHost Host where the targeted service resides. * @param svcConfig Service configuration object. @@ -88,6 +89,7 @@ public final class AuthToken */ public AuthToken(String identityId, String realm, + String realmUrl, String targetService, String targetHost, SvcConfig svcConfig, @@ -108,6 +110,7 @@ public final class AuthToken CasaIdentityToken identityToken = new CasaIdentityToken(enabledSvcsConfig.getIdenTokenConfig(targetHost, targetService)); identityToken.initialize(identityId, realm, + realmUrl, targetService, targetHost, svcConfig); diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/CasaIdentityToken.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/CasaIdentityToken.java index e4efd243..f5f3ada9 100644 --- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/CasaIdentityToken.java +++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/CasaIdentityToken.java @@ -684,6 +684,7 @@ public final class CasaIdentityToken implements IdentityToken * * @param identityId Identity identifier. * @param sourceName Name of the realm where the identityId is valid. + * @param sourceUrl URL to the realm (identity data source). * @param targetService Name of service being targeted. * @param targetHost Host where the targeted service resides. * @param svcConfig Service configuration object. @@ -691,6 +692,7 @@ public final class CasaIdentityToken implements IdentityToken */ public final void initialize (String identityId, String sourceName, + String sourceUrl, String targetService, String targetHost, SvcConfig svcConfig) throws Exception @@ -698,7 +700,7 @@ public final class CasaIdentityToken implements IdentityToken // Save input parameters m_identityId = identityId; m_sourceName = sourceName; - m_sourceUrl = "ldap://myldaphost.novell.com:389"; // tbd - Obtain from Identity Abstraction layer + m_sourceUrl = sourceUrl; m_service = targetService; m_host = targetHost; diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/GetAuthToken.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/GetAuthToken.java index 97e7d368..02d342dd 100644 --- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/GetAuthToken.java +++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/GetAuthToken.java @@ -89,6 +89,7 @@ public final class GetAuthToken implements RpcMethod // Create the Authentication Token AuthToken authToken = new AuthToken(sessionToken.getIdentId(), sessionToken.getRealm(), + m_svcConfig.m_realmsInfo.getUrl(sessionToken.getRealm()), getAuthTokReqMsg.getServiceName(), getAuthTokReqMsg.getHostName(), m_svcConfig, diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/IdentityToken.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/IdentityToken.java index 119b59a8..a07bd8cc 100644 --- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/IdentityToken.java +++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/IdentityToken.java @@ -36,6 +36,7 @@ public interface IdentityToken * * @param identityId Identity identifier. * @param sourceName Name of the realm where the identityId is valid. + * @param sourceUrl URL to the realm (identity data source). * @param targetService Name of service being targeted. * @param targetHost Host where the targeted service resides. * @param svcConfig Service configuration object. @@ -43,6 +44,7 @@ public interface IdentityToken */ void initialize(String identityId, String sourceName, + String sourceUrl, String targetService, String targetHost, SvcConfig svcConfig) throws Exception; diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Krb5Authenticate.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Krb5Authenticate.java index 01320a11..3696bc99 100644 --- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Krb5Authenticate.java +++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Krb5Authenticate.java @@ -215,37 +215,63 @@ public final class Krb5Authenticate implements AuthMechanism, Serializable SearchControls controls = new SearchControls(); controls.setSearchScope(SearchControls.SUBTREE_SCOPE); - // Obtain the start search context - tbd - this will be removed once the functionality flows into Bandit - String searchContext = m_svcConfig.getSetting(SvcConfig.StartSearchContext); - if (searchContext == null) + // Obtain the search roots + String[] searchRoots = m_svcConfig.m_realmsInfo.getSearchRoots(authReqMsg.getRealm()); + if (searchRoots == null) { - // A start search context was not configured, start from the root. - searchContext = ""; + // No configured search roots + searchRoots = new String[] {""}; } - // Perform the search - NamingEnumeration answer = ctx.search(searchContext, - "(krbPrincipalName={0})", - new String[] {krb5Token.getPrincipalName()}, - controls); - - // Proceed based on the result of the search - if (answer.hasMore()) + // Determine the search string to be utilized based on the type of directory + // associated with the realm. + String searchString; + String realmType = m_svcConfig.m_realmsInfo.getType(authReqMsg.getRealm()); + if (realmType != null) { - // The search succeeded, set the identity id. - SearchResult sr = answer.next(); - if (searchContext.equals("")) - { - identId = sr.getNameInNamespace(); - } + if (realmType.compareToIgnoreCase(RealmsInfo.eDirectoryRealm) == 0) + searchString = "(krbPrincipalName={0})"; + else if (realmType.compareToIgnoreCase(RealmsInfo.ActiveDirectoryRealm) == 0) + searchString = "(userPrincipalName={0})"; else { - identId = sr.getName() + "," + searchContext; + System.err.println("Krb5Authenticate.invoke()- Unsupported realm type " + realmType); + throw new Exception("Realm configuration error"); } } else { - System.err.println("Krb5Authenticate.invoke()- No matching identity entities found"); + System.err.println("Krb5Authenticate.invoke()- Failed to obtain realm type for realm " + authReqMsg.getRealm()); + throw new Exception("Realm configuration error"); + } + + // Go through the search roots stopping if the identity is resolved. + for (int i = 0; i < searchRoots.length && identId == null; i++) + { + // Perform search for this root + NamingEnumeration answer = ctx.search(searchRoots[i], + searchString, + new String[] {krb5Token.getPrincipalName()}, + controls); + + // Proceed based on the result of the search + if (answer.hasMore()) + { + // The search succeeded, set the identity id. + SearchResult sr = answer.next(); + if (searchRoots[i].equals("")) + { + identId = sr.getNameInNamespace(); + } + else + { + identId = sr.getName() + "," + searchRoots[i]; + } + } + else + { + System.err.println("Krb5Authenticate.invoke()- No matching identity entities found"); + } } } catch (NamingException e) diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Makefile.am b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Makefile.am index 02d01da0..d856ef40 100644 --- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Makefile.am +++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Makefile.am @@ -56,6 +56,7 @@ JAVAFILES = ProtoDefs.java \ IVerifySetting.java \ SettingsFileUtil.java \ SettingsFileSAXHandler.java \ + RealmsInfo.java \ SvcSettingsEditor.java EXTRA_DIST = $(JAVAFILES) \ diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/PwdAuthenticate.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/PwdAuthenticate.java index 71920c20..6c9daedb 100644 --- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/PwdAuthenticate.java +++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/PwdAuthenticate.java @@ -184,57 +184,79 @@ public final class PwdAuthenticate implements AuthMechanism, Serializable SearchControls controls = new SearchControls(); controls.setSearchScope(SearchControls.SUBTREE_SCOPE); - // Obtain the start search context - tbd - this will be removed once the functionality flows into Bandit - String searchContext = m_svcConfig.getSetting(SvcConfig.StartSearchContext); - if (searchContext == null) + // Obtain the search roots + String[] searchRoots = m_svcConfig.m_realmsInfo.getSearchRoots(authReqMsg.getRealm()); + if (searchRoots == null) { - // A start search context was not configured, start from the root. - searchContext = ""; + // No configured search roots + searchRoots = new String[] {""}; } - // Perform the search - NamingEnumeration answer = ctx.search(searchContext, - "(cn={0})", - new String[] {pwToken.getUsername()}, - controls); - if (!answer.hasMore()) + // Determine the search string to be utilized based on the type of directory + // associated with the realm. + String searchString; + String realmType = m_svcConfig.m_realmsInfo.getType(authReqMsg.getRealm()); + if (realmType != null) { - System.err.println("PwdAuthenticate.invoke()- No matching identity entities found"); - } - - // Enumerate through the users returned checking the password - while (answer.hasMore()) - { - SearchResult sr = answer.next(); - - // Open a directory context for the user as a way of verifying its password - try + if (realmType.compareToIgnoreCase(RealmsInfo.eDirectoryRealm) == 0) + searchString = "(cn={0})"; + else if (realmType.compareToIgnoreCase(RealmsInfo.ActiveDirectoryRealm) == 0) + searchString = "(sAMAccountName={0})"; + else { - Hashtable env2 = new Hashtable(); - env2.put(Context.INITIAL_CONTEXT_FACTORY, "org.bandit.ia.IAInitialCtxFactory"); - env2.put(Realm.REALM_CONFIG_LOCATION, m_svcConfig.getSetting(SvcConfig.IdentityAbstractionConfigFile)); - env2.put(Realm.REALM_SELECTOR, authReqMsg.getRealm()); - env2.put(Context.SECURITY_AUTHENTICATION, "simple"); - env2.put(Context.SECURITY_PRINCIPAL, sr.getNameInNamespace()); - env2.put(Context.SECURITY_CREDENTIALS, pwToken.getPassword()); - - if ((new InitialDirContext(env2)) != null) - { - // The password must be valid, set the identity Id. - if (searchContext.equals("")) - { - identId = sr.getName(); - } - else - { - identId = sr.getName() + "," + searchContext; - } - break; - } + System.err.println("PwdAuthenticate.invoke()- Unsupported realm type " + realmType); + throw new Exception("Realm configuration error"); } - catch (NamingException e) + } + else + { + System.err.println("PwdAuthenticate.invoke()- Failed to obtain realm type for realm " + authReqMsg.getRealm()); + throw new Exception("Realm configuration error"); + } + + // Go through the search roots stopping if the identity is resolved. + for (int i = 0; i < searchRoots.length && identId == null; i++) + { + // Perform search for this root + NamingEnumeration answer = ctx.search(searchRoots[i], + searchString, + new String[] {pwToken.getUsername()}, + controls); + + // Enumerate through the users returned checking the password + while (answer.hasMore()) { - System.err.println("PwdAuthenticate.invoke()- NamingException: " + e.getExplanation()); + SearchResult sr = answer.next(); + + // Open a directory context for the user as a way of verifying its password + try + { + Hashtable env2 = new Hashtable(); + env2.put(Context.INITIAL_CONTEXT_FACTORY, "org.bandit.ia.IAInitialCtxFactory"); + env2.put(Realm.REALM_CONFIG_LOCATION, m_svcConfig.getSetting(SvcConfig.IdentityAbstractionConfigFile)); + env2.put(Realm.REALM_SELECTOR, authReqMsg.getRealm()); + env2.put(Context.SECURITY_AUTHENTICATION, "simple"); + env2.put(Context.SECURITY_PRINCIPAL, sr.getNameInNamespace()); + env2.put(Context.SECURITY_CREDENTIALS, pwToken.getPassword()); + + if ((new InitialDirContext(env2)) != null) + { + // The password must be valid, set the identity Id. + if (searchRoots[i].equals("")) + { + identId = sr.getName(); + } + else + { + identId = sr.getName() + "," + searchRoots[i]; + } + break; + } + } + catch (NamingException e) + { + System.err.println("PwdAuthenticate.invoke()- NamingException: " + e.getExplanation()); + } } } diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/RealmsInfo.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/RealmsInfo.java new file mode 100644 index 00000000..adf6bcbc --- /dev/null +++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/RealmsInfo.java @@ -0,0 +1,211 @@ +/*********************************************************************** + * + * Copyright (C) 2006 Novell, Inc. All Rights Reserved. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; version 2.1 + * of the License. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, Novell, Inc. + * + * To contact Novell about this file by physical or electronic mail, + * you may find current contact information at www.novell.com. + * + * Author: Juan Carlos Luciani + * + ***********************************************************************/ + +package com.novell.casa.authtoksvc; + +import org.bandit.util.config.gen.*; + +import javax.naming.Context; +import javax.naming.NamingEnumeration; +import javax.naming.directory.DirContext; +import javax.naming.directory.InitialDirContext; +import javax.naming.directory.Attributes; + +import org.bandit.ia.IAContext; +import org.bandit.util.config.Realm; + +import java.io.FileReader; +import java.util.Hashtable; +import java.util.Map; +import java.util.HashMap; + +/** + * RealmsInfo class. + *

+ * Class for obtaining information about the configured realms. + */ +public class RealmsInfo +{ + // Internal constants + private final static String RealmUrl = "Url"; + private final static String RealmType = "Type"; + + /** + * String returned by getType method for Active Directory realms. + */ + public final static String ActiveDirectoryRealm = "AD"; + + /** + * String returned by getType method for eDirectory realms. + */ + public final static String eDirectoryRealm = "eDir"; + + /** + * Internal class for holding information associated with a realm + */ + private final class RealmInfo + { + // Map for holding ream key/values + protected Map m_keyValueMap = new HashMap(); + protected String[] m_searchRoots = null; + } + + // Map for holding ream information + private final Map m_realmsMap = new HashMap(); + + /** + * Constructor. + * + * @param realmConfigFilePath Path to iaRealms configuration file. + * @throws Exception + */ + RealmsInfo(String realmConfigFilePath) throws Exception + { + // Go through all of the configured realms + FileReader fileReader = new FileReader(realmConfigFilePath); + RealmsType realmsType = Realms.unmarshal(fileReader); + for (int i = 0; i < realmsType.getRealmsTypeItemCount(); i++) + { + RealmsTypeItem realmsTypeItem = realmsType.getRealmsTypeItem(i); + org.bandit.util.config.gen.Realm realm = realmsTypeItem.getRealm(); + if (realm.getDesc().compareToIgnoreCase("Directory") == 0) + { + // We are dealing with a directory realm + RealmInfo realmInfo = new RealmInfo(); + RealmTypeItem[] realmTypeItems = realm.getRealmTypeItem(); + for (int ii = 0; ii < realmTypeItems.length; ii++) + { + // Find the configure Proxy User Name for the realm and any configured + // search roots. + if (realmTypeItems[ii].getConnection() == null) + { + Env env[] = realmTypeItems[ii].getEnv(); + if (env != null) + { + for (int iii = 0; iii < env.length; iii++) + { + if (env[iii].getProp().compareToIgnoreCase("java.naming.security.principal") == 0) + { + // We found the proxy user, now use it to determine whether or not + // we are dealing with an Active Directory Server. + // + // Open a directory context and use it to read the "sAMAccountName" + // users attribute which theoretically should only be valid on an AD + // server. + Hashtable env2 = new Hashtable(); + env2.put(Context.INITIAL_CONTEXT_FACTORY, "org.bandit.ia.IAInitialCtxFactory"); + env2.put(Realm.REALM_CONFIG_LOCATION, realmConfigFilePath); + env2.put(Realm.REALM_SELECTOR, realm.getId()); + + DirContext ctx = new InitialDirContext(env2); + String[] attributesNeeded = new String[1]; + attributesNeeded[0] = "sAMAccountName"; + Attributes attributes = ctx.getAttributes(env[iii].getValue(), attributesNeeded); + NamingEnumeration ae = attributes.getAll(); + if (ae != null && ae.hasMore()) + { + realmInfo.m_keyValueMap.put(RealmType, ActiveDirectoryRealm); + } + else + { + realmInfo.m_keyValueMap.put(RealmType, eDirectoryRealm); + } + } + else if (env[iii].getProp().compareToIgnoreCase("com.novell.casa.authtoksvc.searchroot") == 0) + { + // We are dealing with a search root, keep track of it. Make sure to preserve the order + // in which they are found. + if (realmInfo.m_searchRoots == null) + { + realmInfo.m_searchRoots = new String[1]; + realmInfo.m_searchRoots[0] = env[iii].getValue(); + } + else + { + String[] newSearchRoots = new String[realmInfo.m_searchRoots.length + 1]; + System.arraycopy(realmInfo.m_searchRoots, 0, newSearchRoots, 0, realmInfo.m_searchRoots.length); + newSearchRoots[realmInfo.m_searchRoots.length] = env[iii].getValue(); + realmInfo.m_searchRoots = newSearchRoots; + } + } + } + } + } + else + { + LDAPConnector connector = (LDAPConnector) realmTypeItems[ii].getConnection(); + realmInfo.m_keyValueMap.put(RealmUrl, connector.getAddress(0)); + } + } + + m_realmsMap.put(realm.getId(), realmInfo); + } + } + } + + /** + * Get Realm Type. + * + * @param realmId Realm id. + * @return Realm type or null if no match found. + */ + String getType(String realmId) + { + RealmInfo realmInfo = m_realmsMap.get(realmId); + if (realmInfo != null) + return realmInfo.m_keyValueMap.get(RealmType); + else + return null; + } + + /** + * Get Realm Url. + * + * @param realmId Realm id. + * @return Realm url or null if no match found. + */ + final String getUrl(String realmId) + { + RealmInfo realmInfo = m_realmsMap.get(realmId); + if (realmInfo != null) + return realmInfo.m_keyValueMap.get(RealmUrl); + else + return null; + } + + /** + * Get Search Roots. + * + * @param realmId Realm id. + * @return String array with search roots or null if no match found. + */ + final String[] getSearchRoots(String realmId) + { + RealmInfo realmInfo = m_realmsMap.get(realmId); + if (realmInfo != null) + return realmInfo.m_searchRoots; + else + return null; + } +} diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Rpc.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Rpc.java index 8fca060c..ad321cfc 100644 --- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Rpc.java +++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Rpc.java @@ -24,6 +24,8 @@ package com.novell.casa.authtoksvc; +import org.bandit.ia.IAContext; + import java.util.*; import java.io.*; @@ -99,6 +101,9 @@ public final class Rpc extends javax.servlet.http.HttpServlet implements javax.s { m_rpc.configureServlet(); + // Also force IA to re-read its configuration + IAContext.clearRealmCache(); + // Check if it is no longer necessary to re-configure the servlet if (m_rpc.m_reconfigureInterval == 0) { diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/SvcConfig.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/SvcConfig.java index 2eda8b37..53ced1a8 100644 --- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/SvcConfig.java +++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/SvcConfig.java @@ -49,7 +49,6 @@ public final class SvcConfig public final static String SessionTokenLifetime = "SessionTokenLifetime"; public final static String LifetimeShorter = "LifetimeShorter"; public final static String IdentityAbstractionConfigFile = "IAConfigFile"; - public final static String StartSearchContext = "startSearchContext"; public final static String ConfigFolderPath = "ConfigFolderPath"; public final static String AppRootPath = "AppRootPath"; public final static String ReconfigureInterval = "ReconfigureInterval"; @@ -63,6 +62,11 @@ public final class SvcConfig public final static String DefaultSigningKeyAliasNameValue = "signingKey"; public final static String DefaultSigningKeyPasswordValue = "secret"; + /** + * RealmsInfo object for public use. + */ + public RealmsInfo m_realmsInfo = null; + // Minimum configuration values private final static int MinimumTokenLifetimeValue = 360; // Seconds private final static int MinimumLifetimeShorterValue = 5; // Seconds @@ -171,7 +175,8 @@ public final class SvcConfig try { reconfigureInterval = Integer.valueOf(getSetting(ReconfigureInterval)).intValue(); - if (reconfigureInterval < MinimumReconfigureIntervalValue) + if (reconfigureInterval != 0 + && reconfigureInterval < MinimumReconfigureIntervalValue) { System.err.println("SvcConfig()- Configured reconfigure interval too small, defaulting to " + Integer.toString(MinimumReconfigureIntervalValue) + " seconds"); @@ -188,6 +193,9 @@ public final class SvcConfig // Update the map with the new value for the setting m_svcSettingsMap.put(ReconfigureInterval, Integer.toString(MinimumReconfigureIntervalValue)); } + + // Lets create a RealmsInfo object for public use + m_realmsInfo = new RealmsInfo(getSetting(IdentityAbstractionConfigFile)); } catch (SAXException e) { diff --git a/CASA-auth-token/server-java/Svc/templates/iaRealms.xml b/CASA-auth-token/server-java/Svc/templates/iaRealms.xml index 9ead7d19..9b54ded6 100644 --- a/CASA-auth-token/server-java/Svc/templates/iaRealms.xml +++ b/CASA-auth-token/server-java/Svc/templates/iaRealms.xml @@ -10,13 +10,9 @@ + > ldaps://LDAP_HOST_NAME:LDAP_LISTEN_PORT - - - REALM - - diff --git a/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.changes b/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.changes index 029b3e99..f80666a0 100644 --- a/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.changes +++ b/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.changes @@ -1,3 +1,22 @@ +------------------------------------------------------------------- +Wed Jan 17 16:52:46 MST 2007 - jluciani@novell.com + +- Fixed BUG225066 (Uninstall doesn't cleanup). + +- Addressed BUG190821 (CASA-AD - Display name is being used + instead of the account name). + +- Added the ability to search an identity source using + more than one context (search root). + +- Fixed problem that was keeping us from disabling the + auto-reconfigure feature by setting the service + reconfigure interval to 0. + +- The upgrade path for the ATS was not cleaning up the + appropriate webapp folder so the new webapp was not + getting re-deployed. + ------------------------------------------------------------------- Fri Jan 12 10:23:06 MST 2007 - jluciani@novell.com diff --git a/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.spec.in b/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.spec.in index 5cd85f3e..0200ed76 100644 --- a/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.spec.in +++ b/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.spec.in @@ -240,11 +240,12 @@ fi %stop_on_removal casa_atsd %postun -#Undeploy our webapp -rm -drf %{prefix}/share/java/CASA/authtoken/svc/webapps/CasaAuthTokenSvc +# Always undeploy our webapp to force re-deployment on upgrade cases +rm -drf /srv/www/casaats/webapps/CasaAuthTokenSvc %restart_on_update casa_atsd %insserv_cleanup + # Do not do anything else if this is an upgrade if test "$1" == 1; then exit 0 @@ -337,6 +338,7 @@ userdel casaatsd %postun -n CASA_auth_token_jaas_support # Nothing to do in this preun script + %files -n CASA_auth_token_jaas_support %defattr(-,root,root) %dir %{prefix}/share/java/CASA