You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jo...@apache.org on 2007/04/27 01:03:26 UTC
svn commit: r532902 - in /ofbiz/branches/release4.0/framework:
security/entitydef/entitymodel.xml
webapp/src/org/ofbiz/webapp/control/LoginWorker.java
Author: jonesde
Date: Thu Apr 26 16:03:25 2007
New Revision: 532902
URL: http://svn.apache.org/viewvc?view=rev&rev=532902
Log:
Applied fix from trunk for revision: 532069
Modified:
ofbiz/branches/release4.0/framework/security/entitydef/entitymodel.xml
ofbiz/branches/release4.0/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java
Modified: ofbiz/branches/release4.0/framework/security/entitydef/entitymodel.xml
URL: http://svn.apache.org/viewvc/ofbiz/branches/release4.0/framework/security/entitydef/entitymodel.xml?view=diff&rev=532902&r1=532901&r2=532902
==============================================================================
--- ofbiz/branches/release4.0/framework/security/entitydef/entitymodel.xml (original)
+++ ofbiz/branches/release4.0/framework/security/entitydef/entitymodel.xml Thu Apr 26 16:03:25 2007
@@ -52,6 +52,7 @@
<field name="cityLocality" type="value"></field>
<field name="stateProvince" type="value"></field>
<field name="country" type="value"></field>
+ <field name="serialNumber" type="value"></field>
<prim-key field="certProvisionId"/>
</entity>
Modified: ofbiz/branches/release4.0/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/release4.0/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java?view=diff&rev=532902&r1=532901&r2=532902
==============================================================================
--- ofbiz/branches/release4.0/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java (original)
+++ ofbiz/branches/release4.0/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java Thu Apr 26 16:03:25 2007
@@ -20,6 +20,7 @@
import java.util.*;
import java.security.cert.X509Certificate;
+import java.math.BigInteger;
import javax.servlet.ServletContext;
import javax.servlet.ServletRequest;
@@ -543,14 +544,14 @@
X500Principal x500 = clientCerts[i].getSubjectX500Principal();
Debug.log("Checking client certification for authentication: " + x500.getName(), module);
- Map x500Map = KeyStoreUtil.getCertX500Map(clientCerts[i]);
+ Map x500Map = KeyStoreUtil.getCertX500Map(clientCerts[i]);
if (i == 0) {
userLoginId = (String) x500Map.get("CN");
}
try {
// check for a valid issuer (or generated cert data)
- if (LoginWorker.checkValidIssuer(delegator, x500Map)) {
+ if (LoginWorker.checkValidIssuer(delegator, x500Map, clientCerts[i].getSerialNumber())) {
Debug.log("Looking up userLogin from CN: " + userLoginId, module);
// CN should match the userLoginId
@@ -577,7 +578,7 @@
return "success";
}
- protected static boolean checkValidIssuer(GenericDelegator delegator, Map x500Map) throws GeneralException {
+ protected static boolean checkValidIssuer(GenericDelegator delegator, Map x500Map, BigInteger serialNumber) throws GeneralException {
List conds = FastList.newInstance();
conds.add(new EntityConditionList(UtilMisc.toList(new EntityExpr("commonName", EntityOperator.EQUALS, x500Map.get("CN")),
new EntityExpr("commonName", EntityOperator.EQUALS, null),
@@ -602,6 +603,10 @@
conds.add(new EntityConditionList(UtilMisc.toList(new EntityExpr("country", EntityOperator.EQUALS, x500Map.get("C")),
new EntityExpr("country", EntityOperator.EQUALS, null),
new EntityExpr("country", EntityOperator.EQUALS, "")), EntityOperator.OR));
+
+ conds.add(new EntityConditionList(UtilMisc.toList(new EntityExpr("serialNumber", EntityOperator.EQUALS, serialNumber.toString(16)),
+ new EntityExpr("serialNumber", EntityOperator.EQUALS, null),
+ new EntityExpr("serialNumber", EntityOperator.EQUALS, "")), EntityOperator.OR));
EntityConditionList condition = new EntityConditionList(conds, EntityOperator.AND);
Debug.log("Doing issuer lookup: " + condition.toString(), module);