You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by ga...@apache.org on 2009/07/28 03:03:42 UTC
svn commit: r798343 - in
/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security:
LoginService.java authentication/ClientCertAuthenticator.java
impl/GeronimoLoginService.java
Author: gawor
Date: Tue Jul 28 01:03:41 2009
New Revision: 798343
URL: http://svn.apache.org/viewvc?rev=798343&view=rev
Log:
improve cert based authentication
Modified:
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/LoginService.java
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/ClientCertAuthenticator.java
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoLoginService.java
Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/LoginService.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/LoginService.java?rev=798343&r1=798342&r2=798343&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/LoginService.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/LoginService.java Tue Jul 28 01:03:41 2009
@@ -20,6 +20,8 @@
package org.apache.geronimo.tomcat.security;
+import java.security.cert.X509Certificate;
+
/**
* @version $Rev$ $Date$
*/
@@ -27,5 +29,7 @@
UserIdentity login(String userName, String password);
+ UserIdentity login(X509Certificate[] certs);
+
void logout(UserIdentity userIdentity);
}
Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/ClientCertAuthenticator.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/ClientCertAuthenticator.java?rev=798343&r1=798342&r2=798343&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/ClientCertAuthenticator.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/authentication/ClientCertAuthenticator.java Tue Jul 28 01:03:41 2009
@@ -77,11 +77,7 @@
}
// Authenticate the specified certificate chain
- //TODO almost certainly wrong
- Principal p = certs[0].getSubjectDN();
- byte[] sig = certs[0].getSignature();
- String cred = new String(Base64.encode(sig));
- UserIdentity userIdentity = loginService.login(p.getName(), cred);
+ UserIdentity userIdentity = loginService.login(certs);
if (userIdentity != null) {
return new AuthResult(TomcatAuthStatus.SUCCESS, userIdentity);
}
Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoLoginService.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoLoginService.java?rev=798343&r1=798342&r2=798343&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoLoginService.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/impl/GeronimoLoginService.java Tue Jul 28 01:03:41 2009
@@ -21,6 +21,7 @@
package org.apache.geronimo.tomcat.security.impl;
import java.security.Principal;
+import java.security.cert.X509Certificate;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginContext;
@@ -31,6 +32,7 @@
import org.apache.geronimo.tomcat.security.UserIdentity;
import org.apache.geronimo.tomcat.security.IdentityService;
import org.apache.geronimo.security.jaas.ConfigurationFactory;
+import org.apache.geronimo.security.realm.providers.CertificateChainCallbackHandler;
import org.apache.geronimo.security.realm.providers.PasswordCallbackHandler;
import org.apache.geronimo.security.ContextManager;
@@ -48,7 +50,14 @@
}
public UserIdentity login(String userName, String password) {
- CallbackHandler callbackHandler = new PasswordCallbackHandler(userName, password.toCharArray());
+ return login(new PasswordCallbackHandler(userName, password.toCharArray()));
+ }
+
+ public UserIdentity login(X509Certificate[] certs) {
+ return login(new CertificateChainCallbackHandler(certs));
+ }
+
+ private UserIdentity login(CallbackHandler callbackHandler) {
try {
LoginContext loginContext = ContextManager.login(configurationFactory.getConfigurationName(), callbackHandler, configurationFactory.getConfiguration());
Subject establishedSubject = loginContext.getSubject();
@@ -58,7 +67,7 @@
return null;
}
}
-
+
public void logout(UserIdentity userIdentity) {
}
}