You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by dj...@apache.org on 2006/12/30 05:19:50 UTC
svn commit: r491167 - in /directory/sandbox/triplesec-jacc:
guardian-ldap/src/test/java/org/safehaus/triplesec/guardian/ldap/ jaas/
jaas/src/main/java/org/safehaus/triplesec/jaas/
jaas/src/test/java/org/safehaus/triplesec/jaas/ jaas/src/test/resources/...
Author: djencks
Date: Fri Dec 29 20:19:49 2006
New Revision: 491167
URL: http://svn.apache.org/viewvc?view=rev&rev=491167
Log:
simple jaas integration tests. Most of kerberos support in jaas temporarily disabled until I understand it better
Added:
directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/ProfileIdCallback.java (with props)
directory/sandbox/triplesec-jacc/jaas/src/test/java/org/safehaus/triplesec/jaas/SafehausLoginModuleIntegrationTest.java (with props)
directory/sandbox/triplesec-jacc/jaas/src/test/resources/
- copied from r490648, directory/sandbox/triplesec-jacc/guardian-ldap/src/test/resources/
Modified:
directory/sandbox/triplesec-jacc/guardian-ldap/src/test/java/org/safehaus/triplesec/guardian/ldap/LdapApplicationPolicyIntegrationTest.java
directory/sandbox/triplesec-jacc/jaas/pom.xml
directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/RealmCallback.java
directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/SafehausLoginModule.java
directory/sandbox/triplesec-jacc/jaas/src/test/java/org/safehaus/triplesec/jaas/SafehausLoginModuleTest.java
directory/sandbox/triplesec-jacc/store/pom.xml
directory/sandbox/triplesec-jacc/swing-admin/pom.xml
Modified: directory/sandbox/triplesec-jacc/guardian-ldap/src/test/java/org/safehaus/triplesec/guardian/ldap/LdapApplicationPolicyIntegrationTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/guardian-ldap/src/test/java/org/safehaus/triplesec/guardian/ldap/LdapApplicationPolicyIntegrationTest.java?view=diff&rev=491167&r1=491166&r2=491167
==============================================================================
--- directory/sandbox/triplesec-jacc/guardian-ldap/src/test/java/org/safehaus/triplesec/guardian/ldap/LdapApplicationPolicyIntegrationTest.java (original)
+++ directory/sandbox/triplesec-jacc/guardian-ldap/src/test/java/org/safehaus/triplesec/guardian/ldap/LdapApplicationPolicyIntegrationTest.java Fri Dec 29 20:19:49 2006
@@ -80,7 +80,6 @@
protected void setUp() throws Exception
{
super.setUp();
-// Thread.sleep(500);
Properties props = new Properties();
props.setProperty( "applicationPrincipalDN", "appName=" + APP_NAME + ",ou=applications,dc=example,dc=com" );
props.setProperty( "applicationCredentials", "testing" );
Modified: directory/sandbox/triplesec-jacc/jaas/pom.xml
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/jaas/pom.xml?view=diff&rev=491167&r1=491166&r2=491167
==============================================================================
--- directory/sandbox/triplesec-jacc/jaas/pom.xml (original)
+++ directory/sandbox/triplesec-jacc/jaas/pom.xml Fri Dec 29 20:19:49 2006
@@ -18,42 +18,165 @@
under the License.
-->
<project>
- <modelVersion>4.0.0</modelVersion>
- <parent>
- <groupId>org.apache.directory.triplesec</groupId>
- <artifactId>build</artifactId>
- <version>1.0-SNAPSHOT</version>
- </parent>
- <artifactId>triplesec-jaas</artifactId>
- <name>Triplesec JAAS Login Module</name>
- <packaging>jar</packaging>
- <description>
- A Safehaue Triplsec JAAS LoginModule which accounts for SAM execeptions, and ties
- in Guardian for authorization.
- </description>
- <dependencies>
- <dependency>
- <groupId>${project.groupId}</groupId>
- <artifactId>triplesec-crypto</artifactId>
- <version>${project.version}</version>
- </dependency>
-
- <dependency>
- <groupId>${project.groupId}</groupId>
- <artifactId>triplesec-otp</artifactId>
- <version>${project.version}</version>
- </dependency>
-
- <dependency>
- <groupId>${project.groupId}</groupId>
- <artifactId>triplesec-guardian-api</artifactId>
- <version>${project.version}</version>
- </dependency>
-
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>nlog4j</artifactId>
- <scope>provided</scope>
- </dependency>
- </dependencies>
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.apache.directory.triplesec</groupId>
+ <artifactId>build</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </parent>
+ <artifactId>triplesec-jaas</artifactId>
+ <name>Triplesec JAAS Login Module</name>
+ <packaging>jar</packaging>
+ <description>
+ A Safehaue Triplsec JAAS LoginModule which accounts for SAM execeptions, and ties
+ in Guardian for authorization.
+ </description>
+ <dependencies>
+ <dependency>
+ <groupId>${project.groupId}</groupId>
+ <artifactId>triplesec-crypto</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>${project.groupId}</groupId>
+ <artifactId>triplesec-otp</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>${project.groupId}</groupId>
+ <artifactId>triplesec-guardian-api</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>${project.groupId}</groupId>
+ <artifactId>triplesec-guardian-ldap</artifactId>
+ <version>${project.version}</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>${pom.groupId}</groupId>
+ <artifactId>triplesec-integration</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>${pom.groupId}</groupId>
+ <artifactId>triplesec-itest-data</artifactId>
+ <version>${pom.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>nlog4j</artifactId>
+ <scope>provided</scope>
+ </dependency>
+ </dependencies>
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <systemProperties>
+ <property>
+ <name>org.safehaus.triplesec.integration.resourcesDirectory</name>
+ <value>${basedir}/src/test/resources</value>
+ </property>
+ </systemProperties>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <profiles>
+ <profile>
+ <id>no-integration-tests</id>
+ <activation>
+ <activeByDefault>true</activeByDefault>
+ </activation>
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <systemProperties>
+ <property>
+ <name>org.safehaus.triplesec.integration.resourcesDirectory</name>
+ <value>${basedir}/src/test/resources</value>
+ </property>
+ </systemProperties>
+
+ <excludes>
+ <exclude>**/*ITest.java</exclude>
+ <exclude>**/*IntegrationTest.java</exclude>
+ </excludes>
+ </configuration>
+ </plugin>
+ <plugin>
+ <artifactId>maven-antrun-plugin</artifactId>
+ <executions>
+ <execution>
+ <phase>validate</phase>
+ <configuration>
+ <tasks>
+ <echo>
+ =================================================================
+ W A R N I N G
+ -------------
+
+ Integration tests have been disabled. To enable integration
+ tests run maven with the -Dintegration switch.
+ =================================================================
+ </echo>
+ </tasks>
+ </configuration>
+ <goals>
+ <goal>run</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+ </profile>
+ <profile>
+ <id>integration</id>
+ <activation>
+ <property>
+ <name>integration</name>
+ </property>
+ </activation>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>dependency-maven-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>unpack-itest-data</id>
+ <phase>compile</phase>
+ <goals>
+ <goal>unpack</goal>
+ </goals>
+ <configuration>
+ <artifactItems>
+ <artifactItem>
+ <groupId>${pom.groupId}</groupId>
+ <artifactId>triplesec-itest-data</artifactId>
+ <version>${pom.version}</version>
+ </artifactItem>
+ </artifactItems>
+ <outputDirectory>${project.build.directory}/serverHome/conf</outputDirectory>
+ </configuration>
+ </execution>
+
+ </executions>
+ </plugin>
+
+ </plugins>
+ </build>
+ </profile>
+ </profiles>
</project>
Added: directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/ProfileIdCallback.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/ProfileIdCallback.java?view=auto&rev=491167
==============================================================================
--- directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/ProfileIdCallback.java (added)
+++ directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/ProfileIdCallback.java Fri Dec 29 20:19:49 2006
@@ -0,0 +1,44 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.safehaus.triplesec.jaas;
+
+import javax.security.auth.callback.Callback;
+
+/**
+ * The Callback used for capturing the profileId the user wants to use.
+ * IMO this sucks, the user should have a single profile in a profileId.
+ *
+ * @version $Rev$
+ */
+public class ProfileIdCallback implements Callback
+{
+ String profileId;
+
+ public void setProfileId( String profileId )
+ {
+ this.profileId = profileId;
+ }
+
+ public String getProfileId()
+ {
+ return profileId;
+ }
+}
Propchange: directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/ProfileIdCallback.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/ProfileIdCallback.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/ProfileIdCallback.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/RealmCallback.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/RealmCallback.java?view=diff&rev=491167&r1=491166&r2=491167
==============================================================================
--- directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/RealmCallback.java (original)
+++ directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/RealmCallback.java Fri Dec 29 20:19:49 2006
@@ -24,7 +24,7 @@
/**
- * The Callback used for capturing the realm associated with the user attempting
+ * The Callback used for capturing the profileId associated with the user attempting
* to authenticate.
*
* @author <a href="mailto:akarasulu@safehaus.org">Alex Karasulu</a>
Modified: directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/SafehausLoginModule.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/SafehausLoginModule.java?view=diff&rev=491167&r1=491166&r2=491167
==============================================================================
--- directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/SafehausLoginModule.java (original)
+++ directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/SafehausLoginModule.java Fri Dec 29 20:19:49 2006
@@ -20,14 +20,13 @@
package org.safehaus.triplesec.jaas;
-import java.util.HashMap;
import java.util.Hashtable;
-import java.util.Iterator;
import java.util.Map;
import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.InitialDirContext;
+import javax.naming.directory.Attributes;
import javax.security.auth.spi.LoginModule;
import javax.security.auth.login.LoginException;
import javax.security.auth.Subject;
@@ -50,344 +49,310 @@
* @author <a href="mailto:aok123@bellsouth.net">Alex Karasulu</a>
* @version $Rev$
*/
-public class SafehausLoginModule implements LoginModule
-{
+public class SafehausLoginModule implements LoginModule {
public static final String ALLOW_ADMIN = SafehausLoginModule.class.getName() + ".allowAdmin";
- private static final Logger log = LoggerFactory.getLogger( SafehausLoginModule.class );
-
- /** the underlying LoginModule is the Krb5LoginModule */
- private NameCallback profileIdCallback;
+ public static final String REALM_KEY = SafehausLoginModule.class.getName() + ".profileId";
+ public static final String POLICY_KEY = SafehausLoginModule.class.getName() + ".policy";
+ private static final Logger log = LoggerFactory.getLogger(SafehausLoginModule.class);
+
+ /**
+ * the underlying LoginModule is the Krb5LoginModule
+ */
+ private NameCallback nameCallback;
+ private ProfileIdCallback profileIdCallback;
private PasswordCallback passwordCallback;
- private RealmCallback realmCallback;
+// private RealmCallback realmCallback;
private PasscodeCallback passcodeCallback;
private Subject subject;
private CallbackHandler callbackHandler;
private Map sharedState;
private Map options;
- private PolicyCallback policyCallback;
+// private PolicyCallback policyCallback;
private Profile profile;
LoginModule module;
- public SafehausLoginModule()
- {
- String javaVendor = System.getProperty( "java.vendor" );
- if ( javaVendor.equalsIgnoreCase( "IBM Corporation" ) )
- {
+ public SafehausLoginModule() {
+ String javaVendor = System.getProperty("java.vendor");
+ if (javaVendor.equalsIgnoreCase("IBM Corporation")) {
/// init IBM's Krb5LoginModule
- try
- {
- module = ( LoginModule ) Class.forName( "com.ibm.security.auth.module.Krb5LoginModule" ).newInstance();
+ try {
+ module = (LoginModule) Class.forName("com.ibm.security.auth.module.Krb5LoginModule").newInstance();
}
- catch ( Exception e )
- {
+ catch (Exception e) {
e.printStackTrace();
}
}
-
- if ( javaVendor.equalsIgnoreCase( "Sun Microsystems Inc." ) )
- {
+
+ if (javaVendor.equalsIgnoreCase("Sun Microsystems Inc.") || javaVendor.equalsIgnoreCase("Apple Computer, Inc.")) {
/// init SUN's Krb5LoginModule
- try
- {
- module = ( LoginModule ) Class.forName( "com.sun.security.auth.module.Krb5LoginModule" ).newInstance();
+ try {
+ module = (LoginModule) Class.forName("com.sun.security.auth.module.Krb5LoginModule").newInstance();
}
- catch ( Exception e )
- {
+ catch (Exception e) {
e.printStackTrace();
}
}
}
- public boolean abort() throws LoginException
- {
- try
- {
+ public boolean abort() throws LoginException {
+ try {
return module.abort();
}
- catch ( LoginException le )
- {
+ catch (LoginException le) {
// the return shuts the compiler up
- return handle( le );
+ return handle(le);
}
}
- public boolean commit() throws LoginException
- {
- try
- {
- if ( module.commit() )
- {
+ public boolean commit() throws LoginException {
+// try {
+// if (module.commit()) {
//Clearing the principals means this has to be the only login module, not a reasonable assumption
// this.subject.getPrincipals().clear();
- this.subject.getPrincipals().add( new SafehausPrincipal( profile ) );
+ this.subject.getPrincipals().add(new SafehausPrincipal(profile));
return true;
- }
-
- return false;
- }
- catch ( LoginException le )
- {
+// }
+//
+// return false;
+// }
+// catch (LoginException le) {
// the return shuts the compiler up
- return handle( le );
- }
+// return handle(le);
+// }
}
- public boolean login() throws LoginException
- {
- Callback[] callbacks = new Callback[] {
- profileIdCallback, passwordCallback, realmCallback, passcodeCallback
+ public boolean login() throws LoginException {
+ Callback[] callbacks = new Callback[]{
+ nameCallback, profileIdCallback, passwordCallback, passcodeCallback
};
-
+
// -------------------------------------------------------------------
// Invoke the handler populate all the parameters we need
// -------------------------------------------------------------------
- try
- {
- callbackHandler.handle( callbacks );
- }
- catch ( Exception e )
- {
- log.error( "Callback handler failed.", e );
- LoginException le = new LoginException( "Callback handler failed." );
- le.initCause( e );
+ try {
+ callbackHandler.handle(callbacks);
+ }
+ catch (Exception e) {
+ log.error("Callback handler failed.", e);
+ LoginException le = new LoginException("Callback handler failed.");
+ le.initCause(e);
throw le;
}
-
+
// -------------------------------------------------------------------
// Collect all the parameters we need and determine what kind of auth
// we're going to have to perform.
// -------------------------------------------------------------------
- final String profileId = profileIdCallback.getName();
- if ( profileId == null )
- {
+ final String name = nameCallback.getName();
+ if (name == null) {
String msg = "Cannot login with null username field.";
- log.error( msg );
- throw new NullPointerException( msg );
+ log.error(msg);
+ throw new NullPointerException(msg);
+ }
+
+ final String profileId = profileIdCallback.getProfileId();
+ if (profileId == null) {
+ String msg = "Cannot login with null profileId field.";
+ log.error(msg);
+ throw new NullPointerException(msg);
}
-
+
final char[] password = passwordCallback.getPassword();
- if ( password == null )
- {
+ if (password == null) {
String msg = "Cannot login with null password.";
- log.error( msg );
- throw new NullPointerException( msg );
+ log.error(msg);
+ throw new NullPointerException(msg);
+ }
+
+ final String realm = (String) options.get(REALM_KEY);
+ if (realm == null) {
+ String msg = "Cannot login with null profileId.";
+ log.error(msg);
+ throw new NullPointerException(msg);
}
-
- final String realm = realmCallback.getRealm();
- if ( realm == null )
- {
- String msg = "Cannot login with null realm.";
- log.error( msg );
- throw new NullPointerException( msg );
- }
-
- final ApplicationPolicy policy = policyCallback.getPolicy();
- if ( policy == null )
- {
+
+ final ApplicationPolicy policy = (ApplicationPolicy) options.get(POLICY_KEY);
+ if (policy == null) {
String msg = "Cannot login without a non-null .";
- log.error( msg );
- throw new NullPointerException( msg );
+ log.error(msg);
+ throw new NullPointerException(msg);
}
// -------------------------------------------------------------------
// Passcode is optional and may be null, check to make sure we
- // get a valid profile back for the profileId and report findings
+ // get a valid profile back for the name and report findings
// -------------------------------------------------------------------
final String passcode = passcodeCallback.getPasscode();
- this.profile = policy.getProfile( profileId );
- if ( this.profile == null )
- {
- log.info( "Profile " + profileId + " not found for user." );
+ this.profile = policy.getProfile(profileId);
+ if (this.profile == null) {
+ log.info("Profile " + name + " not found for user.");
return false;
- }
- else if ( profileId.equals( "admin" ) )
- {
- if ( ! options.containsKey( ALLOW_ADMIN ) ||
- ( options.containsKey( ALLOW_ADMIN ) && ! ( ( String ) options.get( ALLOW_ADMIN ) ).equals( "true" ) ) )
- {
- throw new LoginException( "Admin authentication has not been enabled." );
+ } else if (name.equals("admin")) {
+ if (! options.containsKey(ALLOW_ADMIN) ||
+ (options.containsKey(ALLOW_ADMIN) && ! ((String) options.get(ALLOW_ADMIN)).equals("true"))) {
+ throw new LoginException("Admin authentication has not been enabled.");
}
-
+
// ---------------------------------------------------------------
// Do just LDAP auth now but with special DN for the admin user
// ---------------------------------------------------------------
-
- if ( bindAs( "uid=admin,ou=system", "admin" ) )
- {
+
+ if (bindAs("uid=admin,ou=system", password)) {
//add in commit(), not here
// this.subject.getPrincipals().add( new SafehausPrincipal( profile ) );
return true;
- }
- else
- {
+ } else {
return false;
}
+ } else {
+ log.info("Profile " + name + " found for user " + profile.getUserName());
}
- else
- {
- log.info( "Profile " + profileId + " found for user " + profile.getUserName() );
+
+ //try to connect to ldap using these credentials
+ if (!bindAs(getUserDn(profile.getUserName(), realm), password)) {
+ return false;
}
-
+
+
// If the profile is disabled then throw and exceptions
- if ( profile.isDisabled() )
- {
- throw new AccountDisabledException( "The profile " + profile.getProfileId()
- + " associated with your account for application "
- + profile.getApplicationName() + " has been disabled." );
+ if (profile.isDisabled()) {
+ return false;
+// throw new AccountDisabledException("The profile " + profile.getProfileId()
+// + " associated with your account for application "
+// + profile.getApplicationName() + " has been disabled.");
}
-
+
+ return true;
// -------------------------------------------------------------------
// Setup for standard login without a keyfob using kerberos: 1-FACTOR
// -------------------------------------------------------------------
- CallbackHandler cbHandler;
- final StringBuffer krb5PrincipalName = new StringBuffer();
- krb5PrincipalName.append( profile.getUserName() ).append( "@" ).append( realm.toUpperCase() );
- if ( passcode == null || passcode.length() == 0 )
- {
- cbHandler = new CallbackHandler()
- {
- public void handle( Callback[] callbacks )
- {
- for ( int ii = 0; ii < callbacks.length; ii++ )
- {
- if ( callbacks[ii] instanceof NameCallback )
- {
- NameCallback ncb = ( NameCallback ) callbacks[ii];
- ncb.setName( krb5PrincipalName.toString() );
- }
-
- else if ( callbacks[ii] instanceof PasswordCallback )
- {
- PasswordCallback pcb = ( PasswordCallback ) callbacks[ii];
- pcb.setPassword( password );
- }
- }
- }
- };
- }
- // -------------------------------------------------------------------
- // Setup to login with keyfob: 2-FACTOR
- // -------------------------------------------------------------------
- else
- {
- cbHandler = new CallbackHandler()
- {
- public void handle( Callback[] callbacks )
- {
- for ( int ii = 0; ii < callbacks.length; ii++ )
- {
- if ( callbacks[ii] instanceof NameCallback )
- {
- NameCallback ncb = ( NameCallback ) callbacks[ii];
- ncb.setName( krb5PrincipalName.toString() );
- }
-
- else if ( callbacks[ii] instanceof PasswordCallback )
- {
- PasswordCallback pcb = ( PasswordCallback ) callbacks[ii];
- // Notice we use the passcode instead of the password
- pcb.setPassword( passcode.toCharArray() );
- }
- }
- }
- };
-
- // ---------------------------------------------------------------
- // Now we verify the static password using LDAP
- // ---------------------------------------------------------------
-
- bindAs( getUserDn( profile.getUserName(), realm ), profile.getUserName() );
- }
-
- try
- {
- Map krb5ModuleOptions = new HashMap( options );
- if ( krb5ModuleOptions.containsKey( ALLOW_ADMIN ) )
- {
- krb5ModuleOptions.remove( ALLOW_ADMIN );
- }
-
- module.initialize( subject, cbHandler, sharedState, krb5ModuleOptions );
- return module.login();
- }
- catch ( LoginException le )
- {
- // the return shuts the compiler up
- return handle( le );
- }
+// CallbackHandler cbHandler;
+// final StringBuffer krb5PrincipalName = new StringBuffer();
+// krb5PrincipalName.append(profile.getUserName()).append("@").append(profileId.toUpperCase());
+// if (passcode == null || passcode.length() == 0) {
+// cbHandler = new CallbackHandler() {
+// public void handle(Callback[] callbacks) {
+// for (int ii = 0; ii < callbacks.length; ii++) {
+// if (callbacks[ii] instanceof NameCallback) {
+// NameCallback ncb = (NameCallback) callbacks[ii];
+// ncb.setName(krb5PrincipalName.toString());
+// } else if (callbacks[ii] instanceof PasswordCallback) {
+// PasswordCallback pcb = (PasswordCallback) callbacks[ii];
+// pcb.setPassword(password);
+// }
+// }
+// }
+// };
+// }
+// // -------------------------------------------------------------------
+// // Setup to login with keyfob: 2-FACTOR
+// // -------------------------------------------------------------------
+// else {
+// cbHandler = new CallbackHandler() {
+// public void handle(Callback[] callbacks) {
+// for (int ii = 0; ii < callbacks.length; ii++) {
+// if (callbacks[ii] instanceof NameCallback) {
+// NameCallback ncb = (NameCallback) callbacks[ii];
+// ncb.setName(krb5PrincipalName.toString());
+// } else if (callbacks[ii] instanceof PasswordCallback) {
+// PasswordCallback pcb = (PasswordCallback) callbacks[ii];
+// // Notice we use the passcode instead of the password
+// pcb.setPassword(passcode.toCharArray());
+// }
+// }
+// }
+// };
+//
+// // ---------------------------------------------------------------
+// // Now we verify the static password using LDAP
+// // ---------------------------------------------------------------
+//
+//// bindAs(getUserDn(profile.getUserName(), profileId), password);
+// }
+//
+// try {
+// Map krb5ModuleOptions = new HashMap(options);
+// if (krb5ModuleOptions.containsKey(ALLOW_ADMIN)) {
+// krb5ModuleOptions.remove(ALLOW_ADMIN);
+// }
+//
+// module.initialize(subject, cbHandler, sharedState, krb5ModuleOptions);
+// return module.login();
+// }
+// catch (LoginException le) {
+// // the return shuts the compiler up
+// return handle(le);
+// }
}
-
- public boolean bindAs( String principalDn, String userName )
- {
+
+ boolean bindAs(String principalDn, char[] password) {
Hashtable env = new Hashtable();
- for ( Iterator ii = options.keySet().iterator(); ii.hasNext(); /**/ )
- {
- Object key = ii.next();
- env.put( key, options.get( key ) );
- }
- env.put( Context.SECURITY_PRINCIPAL, "uid=admin,ou=system" );
-
+ copy(Context.PROVIDER_URL, env);
+ copy(Context.SECURITY_AUTHENTICATION, env);
+ env.put( Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory" );
+ env.put(Context.SECURITY_PRINCIPAL, principalDn);
+ env.put(Context.SECURITY_CREDENTIALS, password);
InitialDirContext ctx = null;
- try
- {
- ctx = new InitialDirContext( env );
- ctx.close();
+ try {
+ ctx = new InitialDirContext(env);
+ Attributes attrs = ctx.getAttributes("", null);
return true;
}
- catch ( NamingException e )
- {
- log.error( "Failed to bind to directory as user " + userName, e );
+ catch (NamingException e) {
+ log.error("Failed to bind to directory as principal " + principalDn, e);
return false;
}
- finally
- {
- if ( ctx == null )
- {
- try
- {
+ finally {
+ if (ctx != null) {
+ try {
ctx.close();
}
- catch ( NamingException e )
- {
- log.error( "can't close ldap context", e );
+ catch (NamingException e) {
+ log.error("can't close ldap context", e);
}
}
}
}
-
-
- public boolean logout() throws LoginException
- {
- try
- {
+
+ private void copy(String key, Hashtable env) {
+ Object value = options.get(key);
+ if (value == null || value instanceof String && ((String) value).length() == 0) {
+ return;
+ }
+ env.put(key, value);
+ }
+
+
+ public boolean logout() throws LoginException {
+ try {
return module.logout();
}
- catch ( LoginException le )
- {
+ catch (LoginException le) {
// the return shuts the compiler up
- return handle( le );
+ return handle(le);
}
}
- public void initialize( Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options )
- {
+ public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
// What is the username to the application is really the profileId to us
- profileIdCallback = new NameCallback( "Username: " );
- passwordCallback = new PasswordCallback( "Password: ", false );
- realmCallback = new RealmCallback();
+ nameCallback = new NameCallback("Username: ");
+ profileIdCallback = new ProfileIdCallback();
+ passwordCallback = new PasswordCallback("Password: ", false);
+// realmCallback = new RealmCallback();
passcodeCallback = new PasscodeCallback();
+// policyCallback = new PolicyCallback();
// Save these values for delayed initialization of the Krb5LoginModule
this.subject = subject;
@@ -395,8 +360,8 @@
this.sharedState = sharedState;
this.options = options;
}
-
-
+
+
/**
* Handles the LoginException by throwing a more specific HOTP exception type if it detects
* an embedded ordinal value within the exception message, otherwise it rethrows le itself.
@@ -405,54 +370,47 @@
* @return never returns - exceptions always thrown
* @throws LoginException always but a more specific on if possible
*/
- public boolean handle( LoginException le ) throws LoginException
- {
- if ( ! HotpErrorConstants.hasEmbeddedOrdinal( le.getMessage() ) )
- {
+ public boolean handle(LoginException le) throws LoginException {
+ if (! HotpErrorConstants.hasEmbeddedOrdinal(le.getMessage())) {
throw le;
}
- int ordinal = HotpErrorConstants.getEmbeddedOrdinal( le.getMessage() );
- switch( ordinal )
- {
- case( HotpErrorConstants.HOTPAUTH_FAILURE_VAL ):
+ int ordinal = HotpErrorConstants.getEmbeddedOrdinal(le.getMessage());
+ switch (ordinal) {
+ case(HotpErrorConstants.HOTPAUTH_FAILURE_VAL):
throw new PreauthFailedException();
- case( HotpErrorConstants.LOCKEDOUT_VAL ):
+ case(HotpErrorConstants.LOCKEDOUT_VAL):
throw new AccountLockedOutException();
- case( HotpErrorConstants.DISABLED_VAL ):
+ case(HotpErrorConstants.DISABLED_VAL):
throw new AccountDisabledException();
- case( HotpErrorConstants.RESYNCH_INPROGRESS_VAL ):
+ case(HotpErrorConstants.RESYNCH_INPROGRESS_VAL):
throw new ResynchInProgressException();
- case( HotpErrorConstants.RESYNCH_STARTING_VAL ):
+ case(HotpErrorConstants.RESYNCH_STARTING_VAL):
throw new ResynchStartingException();
default:
throw le;
}
}
-
-
- public static String getUserDn( String username, String realm )
- {
- StringBuffer buf = new StringBuffer( realm.length() + username.length() + 5 );
- buf.append( "uid=" ).append( username ).append( ",ou=users," );
- if ( realm == null || realm.length() == 0 )
- {
+
+
+ public static String getUserDn(String username, String realm) {
+ if (realm == null) {
+ realm = "";
+ }
+ StringBuffer buf = new StringBuffer(realm.length() + username.length() + 5);
+ buf.append("uid=").append(username).append(",ou=users");
+ if (realm.length() == 0) {
return buf.toString();
}
- buf.append( "dc=" );
- int start = 0, end = 0;
// Replace all the '.' by ",dc=". The comma is added because
// the string is not supposed to start with a dot, so another
// dc=XXXX already exists in any cases.
- // The realm is also not supposed to finish with a '.'
- while ( ( end = realm.indexOf( '.', start ) ) != -1 )
- {
- buf.append( realm.substring( start, end ) ).append( ",dc=" );
- start = end + 1;
+ // The profileId is also not supposed to finish with a '.'
+ String[] dcs = realm.split("\\.");
+ for (String dc : dcs) {
+ buf.append(",dc=").append(dc);
}
-
- buf.append( realm.substring( start ) );
return buf.toString();
}
}
Added: directory/sandbox/triplesec-jacc/jaas/src/test/java/org/safehaus/triplesec/jaas/SafehausLoginModuleIntegrationTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/jaas/src/test/java/org/safehaus/triplesec/jaas/SafehausLoginModuleIntegrationTest.java?view=auto&rev=491167
==============================================================================
--- directory/sandbox/triplesec-jacc/jaas/src/test/java/org/safehaus/triplesec/jaas/SafehausLoginModuleIntegrationTest.java (added)
+++ directory/sandbox/triplesec-jacc/jaas/src/test/java/org/safehaus/triplesec/jaas/SafehausLoginModuleIntegrationTest.java Fri Dec 29 20:19:49 2006
@@ -0,0 +1,137 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.safehaus.triplesec.jaas;
+
+import java.util.Properties;
+import java.util.HashMap;
+import java.util.Map;
+import java.io.IOException;
+import java.security.Principal;
+
+import javax.naming.Context;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+
+import org.safehaus.triplesec.integration.TriplesecIntegration;
+import org.safehaus.triplesec.guardian.ApplicationPolicyFactory;
+import org.safehaus.triplesec.guardian.ApplicationPolicy;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class SafehausLoginModuleIntegrationTest extends TriplesecIntegration {
+
+ private static final String APP_NAME = "mockApplication";
+
+ private ApplicationPolicy store;
+ private static final String BASE_URL = "dc=example,dc=com";
+ private String providerUrl;
+
+ public SafehausLoginModuleIntegrationTest() throws Exception {
+ super();
+ }
+
+ public SafehausLoginModuleIntegrationTest(String string) throws Exception {
+ super(string);
+ }
+
+ protected void setUp() throws Exception
+ {
+ super.setUp();
+ providerUrl = "ldap://localhost:" + super.getLdapPort() + "/" + BASE_URL;
+ Properties props = new Properties();
+ props.setProperty( "applicationPrincipalDN", "appName=" + APP_NAME + ",ou=applications," + BASE_URL );
+ props.setProperty( "applicationCredentials", "testing" );
+
+ Class.forName( "org.safehaus.triplesec.guardian.ldap.LdapConnectionDriver" );
+ store = ApplicationPolicyFactory.
+ newInstance( providerUrl, props );
+ }
+
+
+ protected void tearDown() throws Exception {
+ super.tearDown();
+ store.close();
+ store = null;
+ }
+
+ public void testBindAs() throws Exception {
+ Map<String, Object> options = new HashMap<String, Object>();
+ options.put(Context.PROVIDER_URL, providerUrl);
+ options.put(Context.SECURITY_AUTHENTICATION, "simple");
+ options.put(SafehausLoginModule.REALM_KEY, "example.com");
+ SafehausLoginModule module = new SafehausLoginModule();
+ Subject subject = new Subject();
+ CallbackHandler callbackHandler = new TestCallbackHandler("akarasulu", "mockProfile0", "maxwell".toCharArray());
+ Map<String, Object> sharedState = new HashMap<String, Object>();
+ module.initialize(subject, callbackHandler, sharedState, options);
+ assertTrue(module.bindAs(SafehausLoginModule.getUserDn("akarasulu", "example.com"), "maxwell".toCharArray()));
+ assertFalse(module.bindAs(SafehausLoginModule.getUserDn("akarasulu", "example.com"), "foo".toCharArray()));
+ //is in ldif, but supposedly disabled..... shouldn't login fail?
+ assertTrue(module.bindAs(SafehausLoginModule.getUserDn("lockedout", "example.com"), "asdfasdf".toCharArray()));
+ }
+
+ public void testLogin() throws Exception {
+ Map<String, Object> options = new HashMap<String, Object>();
+ options.put(Context.PROVIDER_URL, providerUrl);
+ options.put(Context.SECURITY_AUTHENTICATION, "simple");
+ options.put(SafehausLoginModule.REALM_KEY, "example.com");
+ options.put(SafehausLoginModule.POLICY_KEY, store);
+ SafehausLoginModule module = new SafehausLoginModule();
+ Subject subject = new Subject();
+ CallbackHandler callbackHandler = new TestCallbackHandler("akarasulu", "mockProfile1", "maxwell".toCharArray());
+ Map<String, Object> sharedState = new HashMap<String, Object>();
+ module.initialize(subject, callbackHandler, sharedState, options);
+ module.login();
+ module.commit();
+ assertEquals(1, subject.getPrincipals().size());
+ Principal p = subject.getPrincipals().iterator().next();
+ assertTrue(p instanceof SafehausPrincipal);
+ }
+
+ private static class TestCallbackHandler implements CallbackHandler {
+ private final String name;
+ private final String profileId;
+ private final char[] password;
+
+ public TestCallbackHandler(String name, String profileId, char[] password) {
+ this.name = name;
+ this.profileId = profileId;
+ this.password = password;
+ }
+
+ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+ for (Callback callback : callbacks) {
+ if (callback instanceof NameCallback) {
+ ((NameCallback) callback).setName(name);
+ } else if (callback instanceof PasswordCallback) {
+ ((PasswordCallback) callback).setPassword(password);
+ } else if (callback instanceof ProfileIdCallback) {
+ ((ProfileIdCallback)callback).setProfileId(profileId);
+ }
+ }
+ }
+ }
+}
Propchange: directory/sandbox/triplesec-jacc/jaas/src/test/java/org/safehaus/triplesec/jaas/SafehausLoginModuleIntegrationTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: directory/sandbox/triplesec-jacc/jaas/src/test/java/org/safehaus/triplesec/jaas/SafehausLoginModuleIntegrationTest.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: directory/sandbox/triplesec-jacc/jaas/src/test/java/org/safehaus/triplesec/jaas/SafehausLoginModuleIntegrationTest.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: directory/sandbox/triplesec-jacc/jaas/src/test/java/org/safehaus/triplesec/jaas/SafehausLoginModuleTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/jaas/src/test/java/org/safehaus/triplesec/jaas/SafehausLoginModuleTest.java?view=diff&rev=491167&r1=491166&r2=491167
==============================================================================
--- directory/sandbox/triplesec-jacc/jaas/src/test/java/org/safehaus/triplesec/jaas/SafehausLoginModuleTest.java (original)
+++ directory/sandbox/triplesec-jacc/jaas/src/test/java/org/safehaus/triplesec/jaas/SafehausLoginModuleTest.java Fri Dec 29 20:19:49 2006
@@ -36,5 +36,11 @@
{
String dn = SafehausLoginModule.getUserDn( "akarasulu", "example.com" );
assertEquals( "uid=akarasulu,ou=users,dc=example,dc=com", dn );
+ dn = SafehausLoginModule.getUserDn( "akarasulu", null );
+ assertEquals( "uid=akarasulu,ou=users", dn );
+ dn = SafehausLoginModule.getUserDn( "akarasulu", "" );
+ assertEquals( "uid=akarasulu,ou=users", dn );
+ dn = SafehausLoginModule.getUserDn( "akarasulu", "example" );
+ assertEquals( "uid=akarasulu,ou=users,dc=example", dn );
}
}
Modified: directory/sandbox/triplesec-jacc/store/pom.xml
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/store/pom.xml?view=diff&rev=491167&r1=491166&r2=491167
==============================================================================
--- directory/sandbox/triplesec-jacc/store/pom.xml (original)
+++ directory/sandbox/triplesec-jacc/store/pom.xml Fri Dec 29 20:19:49 2006
@@ -45,11 +45,11 @@
<artifactId>triplesec-profile</artifactId>
<version>${project.version}</version>
</dependency>
- <dependency>
- <groupId>${project.groupId}</groupId>
- <artifactId>triplesec-jaas</artifactId>
- <version>${project.version}</version>
- </dependency>
+ <!--<dependency>-->
+ <!--<groupId>${project.groupId}</groupId>-->
+ <!--<artifactId>triplesec-jaas</artifactId>-->
+ <!--<version>${project.version}</version>-->
+ <!--</dependency>-->
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>nlog4j</artifactId>
Modified: directory/sandbox/triplesec-jacc/swing-admin/pom.xml
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/swing-admin/pom.xml?view=diff&rev=491167&r1=491166&r2=491167
==============================================================================
--- directory/sandbox/triplesec-jacc/swing-admin/pom.xml (original)
+++ directory/sandbox/triplesec-jacc/swing-admin/pom.xml Fri Dec 29 20:19:49 2006
@@ -56,6 +56,12 @@
</dependency>
<dependency>
+ <groupId>${pom.groupId}</groupId>
+ <artifactId>triplesec-jaas</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+
+ <dependency>
<groupId>org.slf4j</groupId>
<artifactId>nlog4j</artifactId>
</dependency>