You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by dj...@apache.org on 2007/01/16 09:24:50 UTC
svn commit: r496618 [4/5] - in /directory/sandbox/triplesec-jacc2: ./
admin-api2/ admin-api2/src/
admin-api2/src/main/java/org/safehaus/triplesec/admin/
admin-api2/src/main/java/org/safehaus/triplesec/admin/dao/
admin-api2/src/main/java/org/safehaus/tr...
Modified: directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/mock/MockConnectionDriver.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/mock/MockConnectionDriver.java?view=diff&rev=496618&r1=496617&r2=496618
==============================================================================
--- directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/mock/MockConnectionDriver.java (original)
+++ directory/sandbox/triplesec-jacc2/guardian-api/src/test/java/org/safehaus/triplesec/guardian/mock/MockConnectionDriver.java Tue Jan 16 00:24:45 2007
@@ -26,6 +26,7 @@
import org.safehaus.triplesec.guardian.ApplicationPolicyFactory;
import org.safehaus.triplesec.guardian.ConnectionDriver;
import org.safehaus.triplesec.guardian.GuardianException;
+import org.safehaus.triplesec.guardian.RealmPolicy;
/**
@@ -54,5 +55,10 @@
public ApplicationPolicy newStore( String url, Properties info ) throws GuardianException
{
return new MockApplicationPolicy();
+ }
+
+ public RealmPolicy newRealmPolicy( String url, Properties info )
+ {
+ return null;
}
}
Modified: directory/sandbox/triplesec-jacc2/guardian-ldap/src/main/java/org/safehaus/triplesec/guardian/ldap/LdapConnectionDriver.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc2/guardian-ldap/src/main/java/org/safehaus/triplesec/guardian/ldap/LdapConnectionDriver.java?view=diff&rev=496618&r1=496617&r2=496618
==============================================================================
--- directory/sandbox/triplesec-jacc2/guardian-ldap/src/main/java/org/safehaus/triplesec/guardian/ldap/LdapConnectionDriver.java (original)
+++ directory/sandbox/triplesec-jacc2/guardian-ldap/src/main/java/org/safehaus/triplesec/guardian/ldap/LdapConnectionDriver.java Tue Jan 16 00:24:45 2007
@@ -32,6 +32,7 @@
import org.safehaus.triplesec.guardian.ConnectionDriver;
import org.safehaus.triplesec.guardian.GuardianException;
import org.safehaus.triplesec.guardian.StoreConnectionException;
+import org.safehaus.triplesec.guardian.RealmPolicy;
/**
@@ -108,5 +109,10 @@
}
return new LdapApplicationPolicy( ictx, applicationRdn );
+ }
+
+ public RealmPolicy newRealmPolicy( String url, Properties info )
+ {
+ return null;
}
}
Modified: directory/sandbox/triplesec-jacc2/guardian-ldif/src/main/java/org/safehaus/triplesec/guardian/ldif/LdifConnectionDriver.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc2/guardian-ldif/src/main/java/org/safehaus/triplesec/guardian/ldif/LdifConnectionDriver.java?view=diff&rev=496618&r1=496617&r2=496618
==============================================================================
--- directory/sandbox/triplesec-jacc2/guardian-ldif/src/main/java/org/safehaus/triplesec/guardian/ldif/LdifConnectionDriver.java (original)
+++ directory/sandbox/triplesec-jacc2/guardian-ldif/src/main/java/org/safehaus/triplesec/guardian/ldif/LdifConnectionDriver.java Tue Jan 16 00:24:45 2007
@@ -33,6 +33,7 @@
import org.safehaus.triplesec.guardian.ApplicationPolicyFactory;
import org.safehaus.triplesec.guardian.ConnectionDriver;
import org.safehaus.triplesec.guardian.GuardianException;
+import org.safehaus.triplesec.guardian.RealmPolicy;
/**
@@ -48,12 +49,12 @@
ApplicationPolicyFactory.registerDriver( new LdifConnectionDriver() );
}
-
+
public LdifConnectionDriver()
{
}
-
+
public boolean accept( String url )
{
if ( ( url.startsWith( "file:" ) || url.startsWith( "jar:" ) ) && url.endsWith( ".ldif" ) )
@@ -63,7 +64,7 @@
return false;
}
-
+
public ApplicationPolicy newStore( String url, Properties info ) throws GuardianException
{
@@ -125,6 +126,11 @@
//ignore
}
}
-
+
+ }
+
+ public RealmPolicy newRealmPolicy( String url, Properties info )
+ {
+ return null;
}
}
Modified: directory/sandbox/triplesec-jacc2/integration/src/main/java/org/safehaus/triplesec/integration/TriplesecIntegration.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc2/integration/src/main/java/org/safehaus/triplesec/integration/TriplesecIntegration.java?view=diff&rev=496618&r1=496617&r2=496618
==============================================================================
--- directory/sandbox/triplesec-jacc2/integration/src/main/java/org/safehaus/triplesec/integration/TriplesecIntegration.java (original)
+++ directory/sandbox/triplesec-jacc2/integration/src/main/java/org/safehaus/triplesec/integration/TriplesecIntegration.java Tue Jan 16 00:24:45 2007
@@ -419,7 +419,13 @@
protected void tearDown() throws Exception
{
- server.stop( null );
+ try
+ {
+ server.stop( null );
+ } catch ( Exception e )
+ {
+ //ignore?
+ }
server.destroy();
server = null;
super.tearDown();
Added: directory/sandbox/triplesec-jacc2/itest-data/src/main/java/org/apache/directory/triplesec/jaas/TestLoginConfiguration.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc2/itest-data/src/main/java/org/apache/directory/triplesec/jaas/TestLoginConfiguration.java?view=auto&rev=496618
==============================================================================
--- directory/sandbox/triplesec-jacc2/itest-data/src/main/java/org/apache/directory/triplesec/jaas/TestLoginConfiguration.java (added)
+++ directory/sandbox/triplesec-jacc2/itest-data/src/main/java/org/apache/directory/triplesec/jaas/TestLoginConfiguration.java Tue Jan 16 00:24:45 2007
@@ -0,0 +1,80 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.directory.triplesec.jaas;
+
+import java.util.Map;
+import java.util.HashMap;
+import java.util.List;
+
+import javax.security.auth.login.Configuration;
+import javax.security.auth.login.AppConfigurationEntry;
+import javax.security.auth.spi.LoginModule;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class TestLoginConfiguration extends Configuration
+{
+
+ private Configuration oldConfiguration;
+ private final Map<String, AppConfigurationEntry[]> realms = new HashMap<String, AppConfigurationEntry[]>();
+
+ public void start()
+ {
+ oldConfiguration = null;
+ try {
+ oldConfiguration = Configuration.getConfiguration();
+ } catch (SecurityException e) {
+ //ignore
+ }
+ Configuration.setConfiguration( this );
+ }
+
+ public void stop()
+ {
+ Configuration.setConfiguration( oldConfiguration );
+ }
+
+ public AppConfigurationEntry[] getAppConfigurationEntry( String realm )
+ {
+ AppConfigurationEntry[] entries = realms.get( realm );
+ if ( entries == null )
+ {
+ throw new IllegalArgumentException( "unknown realm: " + realm );
+ }
+ return entries;
+ }
+
+ public void refresh()
+ {
+ }
+
+ public void addAppConfigurationEntries( String realm, AppConfigurationEntry[] entries )
+ {
+ realms.put( realm, entries );
+ }
+
+ public void addAppConfigurationEntries( String realm, List<AppConfigurationEntry> entry )
+ {
+ realms.put( realm, entry.toArray( new AppConfigurationEntry[entry.size()] ) );
+ }
+
+}
Propchange: directory/sandbox/triplesec-jacc2/itest-data/src/main/java/org/apache/directory/triplesec/jaas/TestLoginConfiguration.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: directory/sandbox/triplesec-jacc2/itest-data/src/main/java/org/apache/directory/triplesec/jaas/TestLoginConfiguration.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: directory/sandbox/triplesec-jacc2/itest-data/src/main/java/org/apache/directory/triplesec/jaas/TestLoginConfiguration.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: directory/sandbox/triplesec-jacc2/itest-data/src/main/resources/server.ldif
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc2/itest-data/src/main/resources/server.ldif?view=diff&rev=496618&r1=496617&r2=496618
==============================================================================
--- directory/sandbox/triplesec-jacc2/itest-data/src/main/resources/server.ldif (original)
+++ directory/sandbox/triplesec-jacc2/itest-data/src/main/resources/server.ldif Tue Jan 16 00:24:45 2007
@@ -51,7 +51,7 @@
objectClass: subentry
objectClass: accessControlSubentry
subtreeSpecification: { base "ou=users", maximum 1 }
-prescriptiveACI: { identificationTag "allowSelfModifications", precedence 14, authenticationLevel simple, itemOrUserFirst userFirst: { userClasses { thisEntry }, userPermissions { { protectedItems {entry}, grantsAndDenials { grantReturnDN, grantModify, grantBrowse, grantRead, grantDiscloseOnError } }, { protectedItems {allAttributeValues {userPassword, krb5Key, givenName, cn, commonName, surName, sn, objectClass }}, grantsAndDenials { grantModify, grantAdd, grantRemove, grantRead, grantDiscloseOnError, grantCompare } } } } }
+prescriptiveACI: { identificationTag "allowSelfModifications", precedence 14, authenticationLevel simple, itemOrUserFirst userFirst: { userClasses { thisEntry }, userPermissions { { protectedItems {entry}, grantsAndDenials { grantReturnDN, grantModify, grantBrowse, grantRead, grantDiscloseOnError } }, { protectedItems {allAttributeValues {userPassword, krb5Key, krb5PrincipalName, givenName, cn, commonName, surName, sn, objectClass }}, grantsAndDenials { grantModify, grantAdd, grantRemove, grantRead, grantDiscloseOnError, grantCompare } } } } }
#
# This ACI allows users to access a limited set of attributes in their own user
Modified: directory/sandbox/triplesec-jacc2/jaas/pom.xml
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc2/jaas/pom.xml?view=diff&rev=496618&r1=496617&r2=496618
==============================================================================
--- directory/sandbox/triplesec-jacc2/jaas/pom.xml (original)
+++ directory/sandbox/triplesec-jacc2/jaas/pom.xml Tue Jan 16 00:24:45 2007
@@ -26,7 +26,7 @@
</parent>
<artifactId>triplesec-jaas</artifactId>
<name>Triplesec JAAS Login Module</name>
- <packaging>jar</packaging>
+ <packaging>jar</packaging>
<description>
A Safehaue Triplsec JAAS LoginModule which accounts for SAM execeptions, and ties
in Guardian for authorization.
@@ -37,23 +37,124 @@
<artifactId>triplesec-crypto</artifactId>
<version>${project.version}</version>
</dependency>
-
+
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>triplesec-otp</artifactId>
<version>${project.version}</version>
</dependency>
-
+
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>triplesec-guardian-api</artifactId>
<version>${project.version}</version>
</dependency>
-
+
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>nlog4j</artifactId>
<scope>provided</scope>
</dependency>
+ <dependency>
+ <artifactId>triplesec-integration</artifactId>
+ <groupId>${pom.groupId}</groupId>
+ <version>${pom.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>${pom.groupId}</groupId>
+ <artifactId>triplesec-itest-data</artifactId>
+ <version>${pom.version}</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
+ <profiles>
+ <profile>
+ <id>no-integration-tests</id>
+ <activation>
+ <activeByDefault>true</activeByDefault>
+ </activation>
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <systemProperties>
+ <property>
+ <name>org.safehaus.triplesec.integration.resourcesDirectory</name>
+ <value>${basedir}/src/test/resources</value>
+ </property>
+ </systemProperties>
+
+ <excludes>
+ <exclude>**/*ITest.java</exclude>
+ <exclude>**/*IntegrationTest.java</exclude>
+ </excludes>
+ </configuration>
+ </plugin>
+ <plugin>
+ <artifactId>maven-antrun-plugin</artifactId>
+ <executions>
+ <execution>
+ <phase>validate</phase>
+ <configuration>
+ <tasks>
+ <echo>
+ =================================================================
+ W A R N I N G
+ -------------
+
+ Integration tests have been disabled. To enable integration
+ tests run maven with the -Dintegration switch.
+ =================================================================
+ </echo>
+ </tasks>
+ </configuration>
+ <goals>
+ <goal>run</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+ </profile>
+ <profile>
+ <id>integration</id>
+ <activation>
+ <property>
+ <name>integration</name>
+ </property>
+ </activation>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>dependency-maven-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>unpack-itest-data</id>
+ <phase>compile</phase>
+ <goals>
+ <goal>unpack</goal>
+ </goals>
+ <configuration>
+ <artifactItems>
+ <artifactItem>
+ <groupId>${pom.groupId}</groupId>
+ <artifactId>triplesec-itest-data</artifactId>
+ <version>${pom.version}</version>
+ </artifactItem>
+ </artifactItems>
+ <outputDirectory>${project.build.directory}/serverHome/conf</outputDirectory>
+ </configuration>
+ </execution>
+
+ </executions>
+ </plugin>
+
+ </plugins>
+ </build>
+ </profile>
+ </profiles>
</project>
Added: directory/sandbox/triplesec-jacc2/jaas/src/main/java/org/safehaus/triplesec/jaas/BaseKerberosLoginModuleWrapper.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc2/jaas/src/main/java/org/safehaus/triplesec/jaas/BaseKerberosLoginModuleWrapper.java?view=auto&rev=496618
==============================================================================
--- directory/sandbox/triplesec-jacc2/jaas/src/main/java/org/safehaus/triplesec/jaas/BaseKerberosLoginModuleWrapper.java (added)
+++ directory/sandbox/triplesec-jacc2/jaas/src/main/java/org/safehaus/triplesec/jaas/BaseKerberosLoginModuleWrapper.java Tue Jan 16 00:24:45 2007
@@ -0,0 +1,135 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.safehaus.triplesec.jaas;
+
+import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
+
+import org.safehaus.otp.HotpErrorConstants;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class BaseKerberosLoginModuleWrapper
+{
+ protected static final Class KERBEROS_LM_CLASS;
+ protected final LoginModule wrapped;
+ static {
+ Class clazz;
+ try
+ {
+ clazz = Class.forName( "com.ibm.security.auth.module.Krb5LoginModule" );
+ } catch ( ClassNotFoundException e )
+ {
+ try
+ {
+ clazz = Class.forName( "com.sun.security.auth.module.Krb5LoginModule" );
+ } catch ( ClassNotFoundException e1 )
+ {
+ throw new RuntimeException("Kerberos login module not found, what vm are you using?");
+ }
+ }
+ KERBEROS_LM_CLASS = clazz;
+ }
+
+ public BaseKerberosLoginModuleWrapper() throws IllegalAccessException, InstantiationException
+ {
+ wrapped = ( LoginModule ) KERBEROS_LM_CLASS.newInstance();
+ }
+
+
+ public boolean login() throws LoginException
+ {
+ try
+ {
+ return wrapped.login();
+ } catch ( LoginException e )
+ {
+ return handle(e);
+ }
+ }
+
+ public boolean commit() throws LoginException
+ {
+ try
+ {
+ return wrapped.commit();
+ } catch ( LoginException e )
+ {
+ return handle(e);
+ }
+ }
+
+ public boolean abort() throws LoginException
+ {
+ try
+ {
+ return wrapped.abort();
+ } catch ( LoginException e )
+ {
+ return handle(e);
+ }
+ }
+
+ public boolean logout() throws LoginException
+ {
+ try
+ {
+ return wrapped.logout();
+ } catch ( LoginException e )
+ {
+ return handle(e);
+ }
+ }
+
+ /**
+ * Handles the LoginException by throwing a more specific HOTP exception type if it detects
+ * an embedded ordinal value within the exception message, otherwise it rethrows le itself.
+ *
+ * @param le the initial LoginException thrown
+ * @return never returns - exceptions always thrown
+ * @throws javax.security.auth.login.LoginException always but a more specific on if possible
+ */
+ protected boolean handle( LoginException le ) throws LoginException
+ {
+ if ( ! HotpErrorConstants.hasEmbeddedOrdinal( le.getMessage() ) )
+ {
+ throw le;
+ }
+
+ int ordinal = HotpErrorConstants.getEmbeddedOrdinal( le.getMessage() );
+ switch( ordinal )
+ {
+ case( HotpErrorConstants.HOTPAUTH_FAILURE_VAL ):
+ throw new PreauthFailedException();
+ case( HotpErrorConstants.LOCKEDOUT_VAL ):
+ throw new AccountLockedOutException();
+ case( HotpErrorConstants.DISABLED_VAL ):
+ throw new AccountDisabledException();
+ case( HotpErrorConstants.RESYNCH_INPROGRESS_VAL ):
+ throw new ResynchInProgressException();
+ case( HotpErrorConstants.RESYNCH_STARTING_VAL ):
+ throw new ResynchStartingException();
+ default:
+ throw le;
+ }
+ }
+}
Propchange: directory/sandbox/triplesec-jacc2/jaas/src/main/java/org/safehaus/triplesec/jaas/BaseKerberosLoginModuleWrapper.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: directory/sandbox/triplesec-jacc2/jaas/src/main/java/org/safehaus/triplesec/jaas/BaseKerberosLoginModuleWrapper.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: directory/sandbox/triplesec-jacc2/jaas/src/main/java/org/safehaus/triplesec/jaas/BaseKerberosLoginModuleWrapper.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: directory/sandbox/triplesec-jacc2/jaas/src/main/java/org/safehaus/triplesec/jaas/Kerberos1FactorLoginModuleWrapper.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc2/jaas/src/main/java/org/safehaus/triplesec/jaas/Kerberos1FactorLoginModuleWrapper.java?view=auto&rev=496618
==============================================================================
--- directory/sandbox/triplesec-jacc2/jaas/src/main/java/org/safehaus/triplesec/jaas/Kerberos1FactorLoginModuleWrapper.java (added)
+++ directory/sandbox/triplesec-jacc2/jaas/src/main/java/org/safehaus/triplesec/jaas/Kerberos1FactorLoginModuleWrapper.java Tue Jan 16 00:24:45 2007
@@ -0,0 +1,69 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.safehaus.triplesec.jaas;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class Kerberos1FactorLoginModuleWrapper extends BaseKerberosLoginModuleWrapper implements LoginModule
+{
+ public Kerberos1FactorLoginModuleWrapper()
+ throws IllegalAccessException, InstantiationException
+ {
+ }
+
+ public void initialize( Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options )
+ {
+ final String krb5PrincipalName = ( String ) sharedState.get( LdapBindLoginModule.PREFIX + "krb5PrincipalName");
+ final char[] password = ( char[] ) sharedState.get( "javax.security.auth.login.password");
+ CallbackHandler wrappingHandler = new CallbackHandler() {
+
+ public void handle( Callback[] callbacks )
+ {
+ for ( Callback callback : callbacks )
+ {
+ if ( callback instanceof NameCallback )
+ {
+ NameCallback ncb = ( NameCallback ) callback;
+ ncb.setName( krb5PrincipalName );
+ } else if ( callback instanceof PasswordCallback )
+ {
+ PasswordCallback pcb = ( PasswordCallback ) callback;
+ pcb.setPassword( password );
+ }
+ }
+ }
+ };
+ wrapped.initialize( subject, wrappingHandler, new HashMap<String, Object>(), options);
+ }
+
+}
Propchange: directory/sandbox/triplesec-jacc2/jaas/src/main/java/org/safehaus/triplesec/jaas/Kerberos1FactorLoginModuleWrapper.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: directory/sandbox/triplesec-jacc2/jaas/src/main/java/org/safehaus/triplesec/jaas/Kerberos1FactorLoginModuleWrapper.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: directory/sandbox/triplesec-jacc2/jaas/src/main/java/org/safehaus/triplesec/jaas/Kerberos1FactorLoginModuleWrapper.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: directory/sandbox/triplesec-jacc2/jaas/src/main/java/org/safehaus/triplesec/jaas/Kerberos2FactorLoginModuleWrapper.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc2/jaas/src/main/java/org/safehaus/triplesec/jaas/Kerberos2FactorLoginModuleWrapper.java?view=auto&rev=496618
==============================================================================
--- directory/sandbox/triplesec-jacc2/jaas/src/main/java/org/safehaus/triplesec/jaas/Kerberos2FactorLoginModuleWrapper.java (added)
+++ directory/sandbox/triplesec-jacc2/jaas/src/main/java/org/safehaus/triplesec/jaas/Kerberos2FactorLoginModuleWrapper.java Tue Jan 16 00:24:45 2007
@@ -0,0 +1,103 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.safehaus.triplesec.jaas;
+
+import java.util.Map;
+import java.util.HashMap;
+import java.io.IOException;
+
+import javax.security.auth.spi.LoginModule;
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class Kerberos2FactorLoginModuleWrapper extends BaseKerberosLoginModuleWrapper implements LoginModule
+{
+ private char[] passcode;
+ private CallbackHandler wrappingCallbackHandler;
+ private CallbackHandler callbackHandler;
+
+ public Kerberos2FactorLoginModuleWrapper()
+ throws IllegalAccessException, InstantiationException
+ {
+ }
+
+ public void initialize( Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options )
+ {
+ final String krb5PrincipalName = ( String ) sharedState.get( LdapBindLoginModule.PREFIX + "krb5PrincipalName" );
+ this.callbackHandler = callbackHandler;
+ wrappingCallbackHandler = new CallbackHandler()
+ {
+
+ public void handle( Callback[] callbacks )
+ {
+ for ( int ii = 0; ii < callbacks.length; ii++ )
+ {
+ if ( callbacks[ii] instanceof NameCallback )
+ {
+ NameCallback ncb = ( NameCallback ) callbacks[ii];
+ ncb.setName( krb5PrincipalName.toString() );
+ } else if ( callbacks[ii] instanceof PasswordCallback )
+ {
+ PasswordCallback pcb = ( PasswordCallback ) callbacks[ii];
+ // Notice we use the passcode instead of the password
+ pcb.setPassword( passcode );
+ }
+ }
+ }
+ };
+ CallbackHandler wrappingHandler = wrappingCallbackHandler;
+ wrapped.initialize( subject, wrappingHandler, new HashMap<String, Object>(), options );
+ }
+
+ public boolean login() throws LoginException
+ {
+ PasscodeCallback passcodeCallback = new PasscodeCallback();
+ Callback[] callbacks = new Callback[] { passcodeCallback };
+ try
+ {
+ callbackHandler.handle(callbacks);
+ } catch ( IOException e )
+ {
+ throw (LoginException)new LoginException("IOException").initCause( e);
+ } catch ( UnsupportedCallbackException e )
+ {
+ throw (LoginException)new LoginException("IOException").initCause( e);
+ }
+ try
+ {
+ return wrapped.login();
+ } catch ( LoginException e )
+ {
+ return handle(e);
+ }
+ }
+
+
+
+}
Propchange: directory/sandbox/triplesec-jacc2/jaas/src/main/java/org/safehaus/triplesec/jaas/Kerberos2FactorLoginModuleWrapper.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: directory/sandbox/triplesec-jacc2/jaas/src/main/java/org/safehaus/triplesec/jaas/Kerberos2FactorLoginModuleWrapper.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: directory/sandbox/triplesec-jacc2/jaas/src/main/java/org/safehaus/triplesec/jaas/Kerberos2FactorLoginModuleWrapper.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: directory/sandbox/triplesec-jacc2/jaas/src/main/java/org/safehaus/triplesec/jaas/LdapBindLoginModule.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc2/jaas/src/main/java/org/safehaus/triplesec/jaas/LdapBindLoginModule.java?view=auto&rev=496618
==============================================================================
--- directory/sandbox/triplesec-jacc2/jaas/src/main/java/org/safehaus/triplesec/jaas/LdapBindLoginModule.java (added)
+++ directory/sandbox/triplesec-jacc2/jaas/src/main/java/org/safehaus/triplesec/jaas/LdapBindLoginModule.java Tue Jan 16 00:24:45 2007
@@ -0,0 +1,170 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.safehaus.triplesec.jaas;
+
+import java.io.IOException;
+import java.util.Hashtable;
+import java.util.Map;
+
+import javax.naming.Context;
+import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.InitialDirContext;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class LdapBindLoginModule implements LoginModule
+{
+ public static final String PREFIX = "org.apache.directory.triplesec.jaas.";
+ public static final String REALM_KEY = PREFIX + "Realm";
+ public static final String ATTR_KEYS = PREFIX + "AttrKeys";
+
+// private Subject subject;
+ private CallbackHandler callbackHandler;
+ private Map sharedState;
+ private Hashtable<String, Object> env;
+ private String realm;
+ private String[] keys;
+
+ private String rdn;
+
+ public void initialize( Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options )
+ {
+// this.subject = subject;
+ this.callbackHandler = callbackHandler;
+ this.sharedState = sharedState;
+ env = new Hashtable<String, Object>( options );
+ realm = ( String ) env.remove( REALM_KEY );
+ keys = ( ( String ) env.remove( ATTR_KEYS ) ).split( " " );
+ }
+
+
+ public boolean login() throws LoginException
+ {
+
+ NameCallback nameCallback = new NameCallback( "UserName:" );
+ PasswordCallback passwordCallback = new PasswordCallback( "Password:", false );
+ Callback[] callbacks = new Callback[] {
+ nameCallback,
+ passwordCallback
+ };
+ try
+ {
+ callbackHandler.handle( callbacks );
+ } catch ( IOException e )
+ {
+ throw ( LoginException ) new LoginException( "Problem reading callbacks" ).initCause( e );
+ } catch ( UnsupportedCallbackException e )
+ {
+ throw ( LoginException ) new LoginException( "Unsupported callback" ).initCause( e );
+ }
+ String name = nameCallback.getName();
+ char[] passwordChars = passwordCallback.getPassword();
+ String password = new String( passwordChars );
+ sharedState.put("javax.security.auth.login.name", name);
+ sharedState.put("javax.security.auth.login.password", passwordChars);
+ String dn = getDn( name );
+ env.put( Context.SECURITY_PRINCIPAL, dn );
+ env.put( Context.SECURITY_CREDENTIALS, password );
+ try
+ {
+ DirContext ctx = new InitialDirContext( env );
+ try
+ {
+ Attributes attrs = ctx.getAttributes( rdn, keys );
+ for ( String key : keys )
+ {
+ Attribute attr = attrs.get( key );
+ if ( attr != null )
+ {
+ String stateKey = PREFIX + key;
+ int size = attr.size();
+ if ( size == 1 )
+ {
+ String value = ( String ) attr.get();
+ sharedState.put( stateKey, value );
+ } else
+ {
+ String[] values = new String[size];
+ for ( int i = 0; i < size; i++ )
+ {
+ values[i] = ( String ) attr.get( i );
+ }
+ sharedState.put( stateKey, values );
+ }
+ }
+ }
+
+ } finally
+ {
+ ctx.close();
+ }
+ return true;
+ } catch ( NamingException e )
+ {
+ e.printStackTrace( );
+ throw new LoginException( "failed to bind" );
+ }
+ }
+
+ private String getDn( String name )
+ {
+ StringBuffer buf = new StringBuffer();
+ buf.append( "uid=" ).append( name );
+ buf.append( ",ou=users" );
+ rdn = buf.toString();
+ if ( realm == null )
+ {
+ return rdn;
+ }
+ for ( String dc : realm.split( "\\." ) )
+ {
+ buf.append( ",dc=" ).append( dc );
+ }
+ return buf.toString();
+ }
+
+ public boolean commit() throws LoginException
+ {
+ return true;
+ }
+
+ public boolean abort() throws LoginException
+ {
+ return true;
+ }
+
+ public boolean logout() throws LoginException
+ {
+ return true;
+ }
+}
Propchange: directory/sandbox/triplesec-jacc2/jaas/src/main/java/org/safehaus/triplesec/jaas/LdapBindLoginModule.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: directory/sandbox/triplesec-jacc2/jaas/src/main/java/org/safehaus/triplesec/jaas/LdapBindLoginModule.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: directory/sandbox/triplesec-jacc2/jaas/src/main/java/org/safehaus/triplesec/jaas/LdapBindLoginModule.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: directory/sandbox/triplesec-jacc2/jaas/src/main/java/org/safehaus/triplesec/jaas/TriplesecRealmPrincipal.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc2/jaas/src/main/java/org/safehaus/triplesec/jaas/TriplesecRealmPrincipal.java?view=auto&rev=496618
==============================================================================
--- directory/sandbox/triplesec-jacc2/jaas/src/main/java/org/safehaus/triplesec/jaas/TriplesecRealmPrincipal.java (added)
+++ directory/sandbox/triplesec-jacc2/jaas/src/main/java/org/safehaus/triplesec/jaas/TriplesecRealmPrincipal.java Tue Jan 16 00:24:45 2007
@@ -0,0 +1,59 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.safehaus.triplesec.jaas;
+
+import java.security.Principal;
+
+import org.safehaus.triplesec.guardian.RealmPolicy;
+import org.safehaus.triplesec.guardian.Profile;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class TriplesecRealmPrincipal implements Principal
+{
+
+ private final String profileId;
+ private final RealmPolicy realmPolicy;
+
+ public TriplesecRealmPrincipal( String profileId, RealmPolicy realmPolicy )
+ {
+ this.profileId = profileId;
+ this.realmPolicy = realmPolicy;
+ }
+
+ public String getName()
+ {
+ return profileId;
+ }
+
+ /**
+ * Gets the Guardian authorization profile for this SafehausPrincipal.
+ *
+ * @return the authorization Profile
+ */
+ public Profile getProfile(String applicationName)
+ {
+ return realmPolicy.getProfile(profileId, applicationName);
+ }
+
+
+}
Propchange: directory/sandbox/triplesec-jacc2/jaas/src/main/java/org/safehaus/triplesec/jaas/TriplesecRealmPrincipal.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: directory/sandbox/triplesec-jacc2/jaas/src/main/java/org/safehaus/triplesec/jaas/TriplesecRealmPrincipal.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: directory/sandbox/triplesec-jacc2/jaas/src/main/java/org/safehaus/triplesec/jaas/TriplesecRealmPrincipal.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: directory/sandbox/triplesec-jacc2/jaas/src/main/java/org/safehaus/triplesec/jaas/TriplesecRealmPrincipalLoginModule.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc2/jaas/src/main/java/org/safehaus/triplesec/jaas/TriplesecRealmPrincipalLoginModule.java?view=auto&rev=496618
==============================================================================
--- directory/sandbox/triplesec-jacc2/jaas/src/main/java/org/safehaus/triplesec/jaas/TriplesecRealmPrincipalLoginModule.java (added)
+++ directory/sandbox/triplesec-jacc2/jaas/src/main/java/org/safehaus/triplesec/jaas/TriplesecRealmPrincipalLoginModule.java Tue Jan 16 00:24:45 2007
@@ -0,0 +1,86 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.safehaus.triplesec.jaas;
+
+import java.util.Map;
+import java.util.HashMap;
+import java.security.Principal;
+
+import javax.security.auth.spi.LoginModule;
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.callback.CallbackHandler;
+
+import org.safehaus.triplesec.guardian.RealmPolicy;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class TriplesecRealmPrincipalLoginModule implements LoginModule
+{
+
+ public static final String PROFILE_KEY = LdapBindLoginModule.PREFIX + "profileID";
+ public static final String POLICY_KEY = LdapBindLoginModule.PREFIX + "realmPolicy";
+
+ private Subject subject;
+ private String profileId;
+ private RealmPolicy realmPolicy;
+ private Principal principal;
+
+ public void initialize( Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options )
+ {
+ this.subject = subject;
+ profileId = ( String ) sharedState.get( PROFILE_KEY );
+ if ( profileId == null )
+ {
+ throw new IllegalArgumentException( "No profileID supplied in sharedState" );
+ }
+ realmPolicy = ( RealmPolicy ) options.get( POLICY_KEY );
+ if ( realmPolicy == null )
+ {
+ throw new IllegalArgumentException( "No realm policy in options" );
+ }
+ }
+
+ public boolean login() throws LoginException
+ {
+ return true;
+ }
+
+ public boolean commit() throws LoginException
+ {
+ principal = new TriplesecRealmPrincipal( profileId, realmPolicy );
+ subject.getPrincipals().add( principal );
+ return true;
+ }
+
+ public boolean abort() throws LoginException
+ {
+ return true;
+ }
+
+ public boolean logout() throws LoginException
+ {
+ subject.getPrincipals().remove( principal );
+ return true;
+ }
+
+}
Propchange: directory/sandbox/triplesec-jacc2/jaas/src/main/java/org/safehaus/triplesec/jaas/TriplesecRealmPrincipalLoginModule.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: directory/sandbox/triplesec-jacc2/jaas/src/main/java/org/safehaus/triplesec/jaas/TriplesecRealmPrincipalLoginModule.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: directory/sandbox/triplesec-jacc2/jaas/src/main/java/org/safehaus/triplesec/jaas/TriplesecRealmPrincipalLoginModule.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: directory/sandbox/triplesec-jacc2/jaas/src/test/java/org/safehaus/triplesec/jaas/LdapBindLoginModuleIntegrationTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc2/jaas/src/test/java/org/safehaus/triplesec/jaas/LdapBindLoginModuleIntegrationTest.java?view=auto&rev=496618
==============================================================================
--- directory/sandbox/triplesec-jacc2/jaas/src/test/java/org/safehaus/triplesec/jaas/LdapBindLoginModuleIntegrationTest.java (added)
+++ directory/sandbox/triplesec-jacc2/jaas/src/test/java/org/safehaus/triplesec/jaas/LdapBindLoginModuleIntegrationTest.java Tue Jan 16 00:24:45 2007
@@ -0,0 +1,126 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.safehaus.triplesec.jaas;
+
+import java.util.Map;
+import java.util.HashMap;
+
+import javax.security.auth.login.AppConfigurationEntry;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.spi.LoginModule;
+import javax.naming.Context;
+
+import org.safehaus.triplesec.integration.TriplesecIntegration;
+import org.apache.directory.triplesec.jaas.TestLoginConfiguration;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class LdapBindLoginModuleIntegrationTest extends TriplesecIntegration
+{
+ private TestLoginConfiguration loginConfiguration;
+
+ public LdapBindLoginModuleIntegrationTest() throws Exception
+ {
+ super();
+ }
+
+ public LdapBindLoginModuleIntegrationTest( String string ) throws Exception
+ {
+ super( string );
+ }
+
+ protected void setUp() throws Exception
+ {
+ loginConfiguration = new TestLoginConfiguration();
+ loginConfiguration.start();
+ super.setUp();
+ }
+
+ protected void tearDown() throws Exception
+ {
+ loginConfiguration.stop();
+ super.tearDown();
+ }
+
+ public void testLogin() throws Exception
+ {
+ Map<String, String> options = new HashMap<String, String>();
+ options.put( Context.PROVIDER_URL, "ldap://localhost:" + super.getLdapPort() + "/dc=example,dc=com" );
+ options.put( Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory" );
+ options.put( Context.SECURITY_AUTHENTICATION, "simple" );
+ options.put( LdapBindLoginModule.REALM_KEY, "example.com" );
+ options.put( LdapBindLoginModule.ATTR_KEYS, "uid krb5PrincipalName" );
+
+ AppConfigurationEntry entry1 = new AppConfigurationEntry( LdapBindLoginModule.class.getName(),
+ AppConfigurationEntry.LoginModuleControlFlag.REQUISITE,
+ options );
+ AppConfigurationEntry entry2 = new AppConfigurationEntry( StateRetrievingLoginModule.class.getName(),
+ AppConfigurationEntry.LoginModuleControlFlag.REQUISITE,
+ new HashMap<String, String>() );
+
+ loginConfiguration.addAppConfigurationEntries( "testRealm", new AppConfigurationEntry[] {entry1, entry2} );
+ Subject subject = new Subject();
+ LoginContext loginContext = new LoginContext( "testRealm", subject, new UPCallbackHandler( "akarasulu", "maxwell" ) );
+ loginContext.login();
+ assertEquals(2, StateRetrievingLoginModule.sharedState.size());
+ assertEquals( "akarasulu@EXAMPLE.COM", StateRetrievingLoginModule.sharedState.get(LdapBindLoginModule.PREFIX + "krb5PrincipalName"));
+ assertEquals( "akarasulu", StateRetrievingLoginModule.sharedState.get(LdapBindLoginModule.PREFIX + "uid"));
+ loginContext.logout();
+ }
+
+ public static class StateRetrievingLoginModule implements LoginModule {
+
+ private static Map<String, ?> sharedState;
+
+ public StateRetrievingLoginModule()
+ {
+ }
+
+ public void initialize( Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options )
+ {
+ StateRetrievingLoginModule.sharedState = sharedState;
+ }
+
+ public boolean login() throws LoginException
+ {
+ return true;
+ }
+
+ public boolean commit() throws LoginException
+ {
+ return true;
+ }
+
+ public boolean abort() throws LoginException
+ {
+ return true;
+ }
+
+ public boolean logout() throws LoginException
+ {
+ return true;
+ }
+ }
+}
Propchange: directory/sandbox/triplesec-jacc2/jaas/src/test/java/org/safehaus/triplesec/jaas/LdapBindLoginModuleIntegrationTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: directory/sandbox/triplesec-jacc2/jaas/src/test/java/org/safehaus/triplesec/jaas/LdapBindLoginModuleIntegrationTest.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: directory/sandbox/triplesec-jacc2/jaas/src/test/java/org/safehaus/triplesec/jaas/LdapBindLoginModuleIntegrationTest.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: directory/sandbox/triplesec-jacc2/jaas/src/test/java/org/safehaus/triplesec/jaas/TriplesecRealmPrincipalLoginModuleTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc2/jaas/src/test/java/org/safehaus/triplesec/jaas/TriplesecRealmPrincipalLoginModuleTest.java?view=auto&rev=496618
==============================================================================
--- directory/sandbox/triplesec-jacc2/jaas/src/test/java/org/safehaus/triplesec/jaas/TriplesecRealmPrincipalLoginModuleTest.java (added)
+++ directory/sandbox/triplesec-jacc2/jaas/src/test/java/org/safehaus/triplesec/jaas/TriplesecRealmPrincipalLoginModuleTest.java Tue Jan 16 00:24:45 2007
@@ -0,0 +1,249 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.safehaus.triplesec.jaas;
+
+import java.util.Map;
+import java.util.HashMap;
+import java.util.Set;
+import java.util.Iterator;
+import java.security.Permissions;
+import java.security.Permission;
+
+import javax.security.auth.login.AppConfigurationEntry;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.spi.LoginModule;
+
+import junit.framework.TestCase;
+import org.apache.directory.triplesec.jaas.TestLoginConfiguration;
+import org.safehaus.triplesec.guardian.RealmPolicy;
+import org.safehaus.triplesec.guardian.Profile;
+import org.safehaus.triplesec.guardian.GuardianException;
+import org.safehaus.triplesec.guardian.Roles;
+import org.safehaus.triplesec.guardian.Role;
+import org.safehaus.triplesec.guardian.StringPermission;
+import org.safehaus.triplesec.guardian.ApplicationPolicy;
+import org.safehaus.triplesec.guardian.PolicyChangeListener;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class TriplesecRealmPrincipalLoginModuleTest extends TestCase
+{
+
+ private TestLoginConfiguration loginConfiguration;
+ private final String appRdn = "appName=testContext";
+
+ protected void setUp() throws Exception
+ {
+ loginConfiguration = new TestLoginConfiguration();
+ loginConfiguration.start();
+ super.setUp();
+ }
+
+ protected void tearDown() throws Exception
+ {
+ loginConfiguration.stop();
+ super.tearDown();
+ }
+
+ public void testLogin() throws Exception
+ {
+ String profileId = "testProfile";
+ Map<String, String> options1 = new HashMap<String, String>();
+ options1.put(TriplesecRealmPrincipalLoginModule.PROFILE_KEY, profileId );
+ Map<String, RealmPolicy> options2 = new HashMap<String, RealmPolicy>();
+ Permissions grants = new Permissions();
+ grants.add( new StringPermission( "mockPerm0" ) );
+ Permissions denials = new Permissions();
+ denials.add( new StringPermission( "mockPerm1" ) );
+ Roles roles = new Roles( appRdn, new Role[] {} );
+ Profile profile = new Profile( new MockAppPolicy(appRdn), "mockProfile5", "trustin", roles, grants, denials, false );
+
+ options2.put( TriplesecRealmPrincipalLoginModule.POLICY_KEY, new MockRealmPolicy( profileId, appRdn, profile ) );
+
+ AppConfigurationEntry entry1 = new AppConfigurationEntry( StateInsertingLoginModule.class.getName(),
+ AppConfigurationEntry.LoginModuleControlFlag.REQUISITE,
+ options1 );
+ AppConfigurationEntry entry2 = new AppConfigurationEntry( TriplesecRealmPrincipalLoginModule.class.getName(),
+ AppConfigurationEntry.LoginModuleControlFlag.REQUISITE,
+ options2 );
+
+ loginConfiguration.addAppConfigurationEntries( "testRealm", new AppConfigurationEntry[] {entry1, entry2} );
+ Subject subject = new Subject();
+ LoginContext loginContext = new LoginContext( "testRealm", subject );
+ loginContext.login();
+ assertEquals( 1, subject.getPrincipals().size() );
+ TriplesecRealmPrincipal principal = ( TriplesecRealmPrincipal ) subject.getPrincipals().iterator().next();
+ assertNotNull( principal );
+ assertEquals( profile, principal.getProfile( appRdn ) );
+ assertFalse( profile.equals( principal.getProfile( "foo" ) ) );
+ loginContext.logout();
+ assertEquals( 0, subject.getPrincipals().size() );
+ }
+
+
+ public static class StateInsertingLoginModule implements LoginModule
+ {
+ private Map sharedState;
+
+ private String profileId;
+
+
+ public StateInsertingLoginModule( )
+ {
+ }
+
+ public void initialize( Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options )
+ {
+ this.sharedState = sharedState;
+ profileId = ( String ) options.get( TriplesecRealmPrincipalLoginModule.PROFILE_KEY);
+ }
+
+ public boolean login() throws LoginException
+ {
+ sharedState.put( TriplesecRealmPrincipalLoginModule.PROFILE_KEY, profileId );
+ return true;
+ }
+
+ public boolean commit() throws LoginException
+ {
+ return true;
+ }
+
+ public boolean abort() throws LoginException
+ {
+ return true;
+ }
+
+ public boolean logout() throws LoginException
+ {
+ return true;
+ }
+ }
+
+ private class MockRealmPolicy implements RealmPolicy
+ {
+ private final String profileId;
+ private final String appRdn;
+ private final Profile profile;
+ private String appRdn2 = "appName=foo";
+ private final Profile emptyProfile;
+
+ public MockRealmPolicy( String profileId, String appRdn, Profile profile )
+ {
+ this.profileId = profileId;
+ this.appRdn = appRdn;
+ this.profile = profile;
+ emptyProfile = new Profile( new MockAppPolicy( appRdn2 ), profileId, profileId, new Roles( appRdn2, new Role[] {} ), new Permissions(), new Permissions(), false );
+
+ }
+
+ public Profile getProfile( String profileId, String applicationRdn ) throws GuardianException
+ {
+ if ( this.profileId.equals( profileId ) && this.appRdn.equals( applicationRdn ) )
+ {
+ return profile;
+ }
+ return emptyProfile;
+ }
+
+ public void close()
+ {
+ }
+ }
+
+ private class MockAppPolicy implements ApplicationPolicy
+ {
+ private final String appRdn;
+
+ public MockAppPolicy( String appRdn )
+ {
+ this.appRdn = appRdn;
+ }
+
+ public boolean removePolicyListener( PolicyChangeListener listener ) throws GuardianException
+ {
+ return false;
+ }
+
+ public boolean addPolicyListener( PolicyChangeListener listener ) throws GuardianException
+ {
+ return false;
+ }
+
+ public String getApplicationRelativeDistinguishedName()
+ {
+ return appRdn;
+ }
+
+ public Roles getRoles()
+ {
+ return null;
+ }
+
+ public Map<String, Permission> getPermissions()
+ {
+ return null;
+ }
+
+ public Set getDependentProfileNames( Role role ) throws GuardianException
+ {
+ return null;
+ }
+
+ public Set getDependentProfileNames( String permissionID ) throws GuardianException
+ {
+ return null;
+ }
+
+ public Set getUserProfileIds( String userName ) throws GuardianException
+ {
+ return null;
+ }
+
+ public Iterator getProfileIdIterator() throws GuardianException
+ {
+ return null;
+ }
+
+ public Profile getProfile( String profileId ) throws GuardianException
+ {
+ return null;
+ }
+
+ public Profile getAdminProfile()
+ {
+ return null;
+ }
+
+ public String getDescription()
+ {
+ return null;
+ }
+
+ public void close() throws GuardianException
+ {
+ }
+ }
+}
Propchange: directory/sandbox/triplesec-jacc2/jaas/src/test/java/org/safehaus/triplesec/jaas/TriplesecRealmPrincipalLoginModuleTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: directory/sandbox/triplesec-jacc2/jaas/src/test/java/org/safehaus/triplesec/jaas/TriplesecRealmPrincipalLoginModuleTest.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: directory/sandbox/triplesec-jacc2/jaas/src/test/java/org/safehaus/triplesec/jaas/TriplesecRealmPrincipalLoginModuleTest.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: directory/sandbox/triplesec-jacc2/jaas/src/test/java/org/safehaus/triplesec/jaas/UPCallbackHandler.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc2/jaas/src/test/java/org/safehaus/triplesec/jaas/UPCallbackHandler.java?view=auto&rev=496618
==============================================================================
--- directory/sandbox/triplesec-jacc2/jaas/src/test/java/org/safehaus/triplesec/jaas/UPCallbackHandler.java (added)
+++ directory/sandbox/triplesec-jacc2/jaas/src/test/java/org/safehaus/triplesec/jaas/UPCallbackHandler.java Tue Jan 16 00:24:45 2007
@@ -0,0 +1,63 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.safehaus.triplesec.jaas;
+
+import java.io.IOException;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class UPCallbackHandler implements CallbackHandler
+{
+
+ private final String userName;
+ private final String password;
+
+ public UPCallbackHandler( String userName, String password )
+ {
+ this.userName = userName;
+ this.password = password;
+ }
+
+
+ public void handle( Callback[] callbacks ) throws IOException, UnsupportedCallbackException
+ {
+ for ( Callback callback : callbacks )
+ {
+ if ( callback instanceof NameCallback )
+ {
+ ( ( NameCallback ) callback ).setName( userName );
+ } else if ( callback instanceof PasswordCallback )
+ {
+ ( ( PasswordCallback ) callback ).setPassword( password.toCharArray() );
+ } else
+ {
+ throw new UnsupportedCallbackException( callback );
+ }
+ }
+ }
+}
Propchange: directory/sandbox/triplesec-jacc2/jaas/src/test/java/org/safehaus/triplesec/jaas/UPCallbackHandler.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: directory/sandbox/triplesec-jacc2/jaas/src/test/java/org/safehaus/triplesec/jaas/UPCallbackHandler.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: directory/sandbox/triplesec-jacc2/jaas/src/test/java/org/safehaus/triplesec/jaas/UPCallbackHandler.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: directory/sandbox/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/DataPolicyConfiguration.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/DataPolicyConfiguration.java?view=diff&rev=496618&r1=496617&r2=496618
==============================================================================
--- directory/sandbox/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/DataPolicyConfiguration.java (original)
+++ directory/sandbox/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/DataPolicyConfiguration.java Tue Jan 16 00:24:45 2007
@@ -24,117 +24,165 @@
import java.security.PermissionCollection;
import java.util.Enumeration;
+import javax.naming.NamingException;
import javax.security.jacc.PolicyConfiguration;
import javax.security.jacc.PolicyContextException;
-import org.apache.directory.triplesec.jacc.data.Context;
-import org.apache.directory.triplesec.jacc.data.PermissionClass;
-import org.apache.directory.triplesec.jacc.data.Role;
-import org.safehaus.triplesec.admin.DataAccessException;
-import org.safehaus.triplesec.admin.dao.DaoFactory;
+import org.safehaus.triplesec.admin.Application;
+import org.safehaus.triplesec.admin.Role;
+import org.safehaus.triplesec.admin.persistence.EntityManager;
/**
* @version $Rev$ $Date$
*/
-public class DataPolicyConfiguration implements PolicyConfiguration {
+public class DataPolicyConfiguration implements PolicyConfiguration
+{
- public static final String UNCHECKED_ROLE_NAME = "org.apache.directory.triplesec.jacc.unchecked";
- public static final String EXCLUDED_ROLE_NAME = "org.apache.directory.triplesec.jacc.excluded";
+ public static final String UNIVERSAL_ROLE_NAME = "org.apache.directory.triplesec.jacc.universal";
- private final Context context;
+ private final Application context;
private final TripleSecPolicyConfigurationFactory policyConfigurationFactory;
- public DataPolicyConfiguration(String contextID, TripleSecPolicyConfigurationFactory policyConfigurationFactory) {
- context = new Context(contextID);
+ private int counter = 0;
+
+ public DataPolicyConfiguration( String contextID, TripleSecPolicyConfigurationFactory policyConfigurationFactory )
+ {
+ context = new Application();
+ context.setAppName( contextID );
this.policyConfigurationFactory = policyConfigurationFactory;
- context.addRole(new Role(UNCHECKED_ROLE_NAME));
- context.addRole(new Role(EXCLUDED_ROLE_NAME));
+ context.addRole( new Role( UNIVERSAL_ROLE_NAME, "universal role" ) );
}
- public String getContextID() throws PolicyContextException {
- return context.getContextID();
+ public String getContextID() throws PolicyContextException
+ {
+ return context.getAppName();
}
- public void addToRole(String roleName, PermissionCollection permissionCollection) throws PolicyContextException {
- Role role = context.getRole(roleName);
- for (Enumeration<Permission> permissions = permissionCollection.elements(); permissions.hasMoreElements();) {
+ public void addToRole( String roleName, PermissionCollection permissionCollection ) throws PolicyContextException
+ {
+ Role role = context.getRole( roleName );
+ for ( Enumeration<Permission> permissions = permissionCollection.elements(); permissions.hasMoreElements(); )
+ {
Permission permission = permissions.nextElement();
- addToGrants(permission, role);
+ addToGrants( permission, role );
}
}
- public void addToRole(String roleName, Permission permission) throws PolicyContextException {
- Role role = context.getRole(roleName);
- addToGrants(permission, role);
+ public void addToRole( String roleName, Permission permission ) throws PolicyContextException
+ {
+ Role role = getRole( roleName );
+ addToGrants( permission, role );
}
- public void addToUncheckedPolicy(PermissionCollection permissionCollection) throws PolicyContextException {
- addToRole(UNCHECKED_ROLE_NAME, permissionCollection);
+ public void addToUncheckedPolicy( PermissionCollection permissionCollection ) throws PolicyContextException
+ {
+ addToRole( UNIVERSAL_ROLE_NAME, permissionCollection );
}
- public void addToUncheckedPolicy(Permission permission) throws PolicyContextException {
- addToRole(UNCHECKED_ROLE_NAME, permission);
+ public void addToUncheckedPolicy( Permission permission ) throws PolicyContextException
+ {
+ addToRole( UNIVERSAL_ROLE_NAME, permission );
}
- private void addToGrants(Permission permission, Role role) {
+ private void addToGrants( Permission permission, Role role )
+ {
String permissionClassName = permission.getClass().getName();
String permissionName = permission.getName();
String permissionActions = permission.getActions();
- PermissionClass permissionClass = role.getPermissionClass(permissionClassName);
- permissionClass.addGrant(permissionName, permissionActions);
+ String permissionId = nextPermissionId();
+ org.safehaus.triplesec.admin.Permission permissionData = new org.safehaus.triplesec.admin.Permission( permissionId, null, permissionClassName, permissionName, permissionActions );
+ context.addPermission( permissionData );
+ role.addGrant( permissionData );
}
- public void addToExcludedPolicy(PermissionCollection permissionCollection) throws PolicyContextException {
- Role role = context.getRole(EXCLUDED_ROLE_NAME);
- for (Enumeration<Permission> permissions = permissionCollection.elements(); permissions.hasMoreElements();) {
+ public void addToExcludedPolicy( PermissionCollection permissionCollection ) throws PolicyContextException
+ {
+ Role role = getRole( UNIVERSAL_ROLE_NAME );
+ for ( Enumeration<Permission> permissions = permissionCollection.elements(); permissions.hasMoreElements(); )
+ {
Permission permission = permissions.nextElement();
- addToDenials(permission, role);
+ addToDenials( permission, role );
}
}
- public void addToExcludedPolicy(Permission permission) throws PolicyContextException {
- Role role = context.getRole(EXCLUDED_ROLE_NAME);
- addToDenials(permission, role);
+ public void addToExcludedPolicy( Permission permission ) throws PolicyContextException
+ {
+ Role role = getRole( UNIVERSAL_ROLE_NAME );
+ addToDenials( permission, role );
}
- private void addToDenials(Permission permission, Role role) {
+ private void addToDenials( Permission permission, Role role )
+ {
String permissionClassName = permission.getClass().getName();
String permissionName = permission.getName();
String permissionActions = permission.getActions();
- PermissionClass permissionClass = role.getPermissionClass(permissionClassName);
- permissionClass.addDenial(permissionName, permissionActions);
+ String permissionId = nextPermissionId();
+ org.safehaus.triplesec.admin.Permission permissionData = new org.safehaus.triplesec.admin.Permission( permissionId, null, permissionClassName, permissionName, permissionActions );
+ context.addPermission( permissionData );
+ role.addDenial( permissionData );
}
- public void removeRole(String roleName) throws PolicyContextException {
- context.getRoleMap().remove(roleName);
+ public void removeRole( String roleName ) throws PolicyContextException
+ {
+ Role role = context.getRole( roleName );
+ if ( role != null )
+ {
+ context.removeRole( role );
+ }
}
- public void removeUncheckedPolicy() throws PolicyContextException {
- context.getRole(UNCHECKED_ROLE_NAME).getPermissionClassMap().clear();
+ public void removeUncheckedPolicy() throws PolicyContextException
+ {
+ getRole( UNIVERSAL_ROLE_NAME ).getGrants().clear();
}
- public void removeExcludedPolicy() throws PolicyContextException {
- context.getRole(EXCLUDED_ROLE_NAME).getPermissionClassMap().clear();
+ public void removeExcludedPolicy() throws PolicyContextException
+ {
+ getRole( UNIVERSAL_ROLE_NAME ).getDenials().clear();
}
- public void linkConfiguration(PolicyConfiguration policyConfiguration) throws PolicyContextException {
+ public void linkConfiguration( PolicyConfiguration policyConfiguration ) throws PolicyContextException
+ {
}
- public void delete() throws PolicyContextException {
+ public void delete() throws PolicyContextException
+ {
//TODO read spec on what to do. Most likely we want to remove all permissions from all roles.
}
- public void commit() throws PolicyContextException {
- DaoFactory daoFactory = policyConfigurationFactory.getDaoFactory();
- try {
- context.commit(daoFactory);
- } catch (DataAccessException e) {
- throw new PolicyContextException("Failed to store data in ldap", e);
+ public void commit() throws PolicyContextException
+ {
+ EntityManager entityManager = policyConfigurationFactory.getEntityManager();
+ entityManager.persist( context, null );
+ try
+ {
+ context.getStateManager().commit();
+ } catch ( NamingException e )
+ {
+ throw new PolicyContextException( "Failed to store data in ldap", e );
}
}
- public boolean inService() throws PolicyContextException {
+ public boolean inService() throws PolicyContextException
+ {
return false;
}
+
+ private Role getRole( String roleId )
+ {
+ Role role = context.getRole( roleId );
+ if ( role == null )
+ {
+ role = new Role( roleId, null );
+ context.addRole( role );
+ }
+ return role;
+ }
+
+ private synchronized String nextPermissionId()
+ {
+ return context.getAppName() + "perm" + counter++;
+ }
+
}
Added: directory/sandbox/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/PermissionKey.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/PermissionKey.java?view=auto&rev=496618
==============================================================================
--- directory/sandbox/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/PermissionKey.java (added)
+++ directory/sandbox/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/PermissionKey.java Tue Jan 16 00:24:45 2007
@@ -0,0 +1,54 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.directory.triplesec.jacc;
+
+import org.safehaus.triplesec.admin.Permission;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class PermissionKey
+{
+ private final Permission permission;
+
+ public PermissionKey( Permission permission )
+ {
+ this.permission = permission;
+ }
+
+ public int hashCode()
+ {
+ return ( permission.getJavaClass().hashCode() * 37 + permission.getJavaName().hashCode() ) * 37 + ( permission.getJavaActions() == null ? 0 : permission.getJavaActions().hashCode() );
+ }
+
+ public boolean equals( Object o )
+ {
+ if ( !( o instanceof PermissionKey ) )
+ {
+ return false;
+ }
+ PermissionKey other = ( PermissionKey ) o;
+ return permission.getJavaClass().equals( other.permission.getJavaClass() )
+ && permission.getJavaName().equals( other.permission.getJavaName() )
+ && ( permission.getJavaActions() == null ? other.permission.getJavaActions() == null : permission.getJavaActions().equals( other.permission.getJavaActions() ) );
+ }
+}
+
Propchange: directory/sandbox/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/PermissionKey.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: directory/sandbox/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/PermissionKey.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: directory/sandbox/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/PermissionKey.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: directory/sandbox/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfiguration.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfiguration.java?view=diff&rev=496618&r1=496617&r2=496618
==============================================================================
--- directory/sandbox/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfiguration.java (original)
+++ directory/sandbox/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfiguration.java Tue Jan 16 00:24:45 2007
@@ -26,13 +26,14 @@
import javax.security.jacc.PolicyContextException;
import org.safehaus.triplesec.guardian.Profile;
-import org.safehaus.triplesec.jaas.SafehausPrincipal;
+import org.safehaus.triplesec.jaas.TriplesecRealmPrincipal;
/**
* @version $Rev$ $Date$
*/
-public class TripleSecPolicyConfiguration implements PolicyConfiguration {
+public class TripleSecPolicyConfiguration implements PolicyConfiguration
+{
final static int OPEN = 1;
final static int IN_SERVICE = 2;
final static int DELETED = 3;
@@ -42,26 +43,34 @@
private DataPolicyConfiguration dataPolicyConfiguration;
private int state;
- TripleSecPolicyConfiguration(String contextID, TripleSecPolicyConfigurationFactory factory) throws PolicyContextException {
+ TripleSecPolicyConfiguration( String contextID, TripleSecPolicyConfigurationFactory factory )
+ {
this.contextID = contextID;
this.state = OPEN;
this.factory = factory;
}
- public String getContextID() throws PolicyContextException {
+ public String getContextID() throws PolicyContextException
+ {
return contextID;
}
- public boolean implies(ProtectionDomain domain, Permission permission) {
+ public boolean implies( ProtectionDomain domain, Permission permission )
+ {
Principal[] principals = domain.getPrincipals();
- if (principals.length == 0) return false;
+ if ( principals.length == 0 )
+ {
+ return false;
+ }
- for (Principal principal : principals) {
- if (principal instanceof SafehausPrincipal) {
- Profile profile = ((SafehausPrincipal) principal).getAuthorizationProfile(contextID);
+ for ( Principal principal : principals )
+ {
+ if ( principal instanceof TriplesecRealmPrincipal )
+ {
+ Profile profile = ( ( TriplesecRealmPrincipal ) principal ).getProfile( contextID );
- return profile.implies(permission);
+ return profile.implies( permission );
}
}
@@ -69,58 +78,71 @@
return false;
}
- public void addToRole(String roleName, PermissionCollection permissions) throws PolicyContextException {
- getDataPolicyConfiguration().addToRole(roleName, permissions);
+ public void addToRole( String roleName, PermissionCollection permissions ) throws PolicyContextException
+ {
+ getDataPolicyConfiguration().addToRole( roleName, permissions );
}
- public void addToRole(String roleName, Permission permission) throws PolicyContextException {
- getDataPolicyConfiguration().addToRole(roleName, permission);
+ public void addToRole( String roleName, Permission permission ) throws PolicyContextException
+ {
+ getDataPolicyConfiguration().addToRole( roleName, permission );
}
- public void addToUncheckedPolicy(PermissionCollection permissions) throws PolicyContextException {
- getDataPolicyConfiguration().addToUncheckedPolicy(permissions);
+ public void addToUncheckedPolicy( PermissionCollection permissions ) throws PolicyContextException
+ {
+ getDataPolicyConfiguration().addToUncheckedPolicy( permissions );
}
- public void addToUncheckedPolicy(Permission permission) throws PolicyContextException {
- getDataPolicyConfiguration().addToUncheckedPolicy(permission);
+ public void addToUncheckedPolicy( Permission permission ) throws PolicyContextException
+ {
+ getDataPolicyConfiguration().addToUncheckedPolicy( permission );
}
- public void addToExcludedPolicy(PermissionCollection permissions) throws PolicyContextException {
- getDataPolicyConfiguration().addToExcludedPolicy(permissions);
+ public void addToExcludedPolicy( PermissionCollection permissions ) throws PolicyContextException
+ {
+ getDataPolicyConfiguration().addToExcludedPolicy( permissions );
}
- public void addToExcludedPolicy(Permission permission) throws PolicyContextException {
- getDataPolicyConfiguration().addToExcludedPolicy(permission);
+ public void addToExcludedPolicy( Permission permission ) throws PolicyContextException
+ {
+ getDataPolicyConfiguration().addToExcludedPolicy( permission );
}
- public void removeRole(String roleName) throws PolicyContextException {
- getDataPolicyConfiguration().removeRole(roleName);
+ public void removeRole( String roleName ) throws PolicyContextException
+ {
+ getDataPolicyConfiguration().removeRole( roleName );
}
- public void removeUncheckedPolicy() throws PolicyContextException {
+ public void removeUncheckedPolicy() throws PolicyContextException
+ {
getDataPolicyConfiguration().removeUncheckedPolicy();
}
- public void removeExcludedPolicy() throws PolicyContextException {
+ public void removeExcludedPolicy() throws PolicyContextException
+ {
getDataPolicyConfiguration().removeExcludedPolicy();
}
- public void linkConfiguration(javax.security.jacc.PolicyConfiguration link) throws PolicyContextException {
- getDataPolicyConfiguration().linkConfiguration(link);
+ public void linkConfiguration( javax.security.jacc.PolicyConfiguration link ) throws PolicyContextException
+ {
+ getDataPolicyConfiguration().linkConfiguration( link );
}
- public void delete() throws PolicyContextException {
+ public void delete() throws PolicyContextException
+ {
getDataPolicyConfiguration().delete();
state = DELETED;
}
- public void commit() throws PolicyContextException {
+ public void commit() throws PolicyContextException
+ {
getDataPolicyConfiguration().commit();
state = IN_SERVICE;
}
- public boolean inService() throws PolicyContextException {
- return (state == IN_SERVICE);
+ public boolean inService() throws PolicyContextException
+ {
+ return ( state == IN_SERVICE );
}
//TODO I have no idea what side effects this might have, but it's needed in some form from GeronimoPolicyConfigurationFactory.
@@ -128,21 +150,29 @@
//spec p. 31 3.1.7 on the effects of remove:
//If the getPolicyConfiguration method is used, the value true should be passed as the second
// argument to cause the corresponding policy statements to be deleted from the context.
- public void open(boolean remove) {
- if (remove) {
+ public void open( boolean remove )
+ {
+ if ( remove )
+ {
//TODO Clear triplesec ldap for this contextId (??)
}
state = OPEN;
}
- int getState() {
+ int getState()
+ {
return state;
}
- private synchronized PolicyConfiguration getDataPolicyConfiguration() {
- if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");
- if (dataPolicyConfiguration == null) {
- dataPolicyConfiguration = new DataPolicyConfiguration(contextID, factory);
+ private synchronized PolicyConfiguration getDataPolicyConfiguration()
+ {
+ if ( state != OPEN )
+ {
+ throw new UnsupportedOperationException( "Not in an open state" );
+ }
+ if ( dataPolicyConfiguration == null )
+ {
+ dataPolicyConfiguration = new DataPolicyConfiguration( contextID, factory );
}
return dataPolicyConfiguration;
}
Modified: directory/sandbox/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfigurationFactory.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfigurationFactory.java?view=diff&rev=496618&r1=496617&r2=496618
==============================================================================
--- directory/sandbox/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfigurationFactory.java (original)
+++ directory/sandbox/triplesec-jacc2/jacc/src/main/java/org/apache/directory/triplesec/jacc/TripleSecPolicyConfigurationFactory.java Tue Jan 16 00:24:45 2007
@@ -29,10 +29,13 @@
import javax.security.jacc.PolicyConfiguration;
import javax.security.jacc.PolicyConfigurationFactory;
import javax.security.jacc.PolicyContextException;
+import javax.naming.directory.DirContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.safehaus.triplesec.admin.DataAccessException;
+import org.safehaus.triplesec.admin.persistence.EntityManager;
+import org.safehaus.triplesec.admin.persistence.EntityManagerImpl;
import org.safehaus.triplesec.admin.dao.DaoFactory;
/**
@@ -131,5 +134,12 @@
}
return daoFactory;
+ }
+
+ public EntityManager getEntityManager()
+ {
+ DirContext ctx = null;
+ String rootDn = null;
+ return new EntityManagerImpl( ctx, rootDn);
}
}