You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by ad...@apache.org on 2005/10/28 04:00:22 UTC
svn commit: r329036 [4/7] - in /geronimo/trunk/sandbox/freeorb: ./
geronimo-orb/ geronimo-orb/src/ geronimo-orb/src/main/
geronimo-orb/src/main/java/ geronimo-orb/src/main/java/org/
geronimo-orb/src/main/java/org/apache/ geronimo-orb/src/main/java/org/...
Added: geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/channel/nio/SyncNIOTransport.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/channel/nio/SyncNIOTransport.java?rev=329036&view=auto
==============================================================================
--- geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/channel/nio/SyncNIOTransport.java (added)
+++ geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/channel/nio/SyncNIOTransport.java Thu Oct 27 19:00:06 2005
@@ -0,0 +1,181 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation or its licensors, as applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.channel.nio;
+
+import java.io.IOException;
+import java.nio.channels.SocketChannel;
+
+import org.apache.geronimo.corba.channel.InputChannel;
+import org.apache.geronimo.corba.channel.InputHandler;
+import org.apache.geronimo.corba.channel.OutputChannel;
+import org.apache.geronimo.corba.channel.RingByteBuffer;
+import org.apache.geronimo.corba.channel.Transport;
+
+
+public class SyncNIOTransport extends Transport {
+
+ private final SyncNIOTransportManager manager;
+
+ private final SocketChannel chan;
+
+ private final InputHandler handler;
+
+ private ParticipationExecutor executor;
+
+ private RingByteBuffer receiveBuffer;
+
+ private RingByteBuffer sendBuffer;
+
+ static final int RCV_BUFFER_SIZE = getIntProperty(
+ "org.freeorb.rcv_buffer_size", 64 * 1024);
+
+ static final int SND_BUFFER_SIZE = getIntProperty(
+ "org.freeorb.snd_buffer_size", 64 * 1024);
+
+ private static int getIntProperty(String string, int defaultValue) {
+ try {
+ return Integer.parseInt(System.getProperty(string, ""));
+ }
+ catch (NumberFormatException ex) {
+ return defaultValue;
+ }
+ }
+
+ public SyncNIOTransport(SyncNIOTransportManager manager,
+ final SocketChannel chan, InputHandler handler)
+ {
+ this.manager = manager;
+ this.chan = chan;
+ this.handler = handler;
+
+ this.executor = new ParticipationExecutor(manager.getExecutor());
+
+ receiveBuffer = new RingByteBuffer(RCV_BUFFER_SIZE, true) {
+
+ public String getName() {
+ return "receive buffer for " + chan.toString();
+ }
+
+ protected void bufferFullHook(String how) {
+ // do nothing //
+ }
+
+ protected void bufferEmptyHook(String how) throws IOException {
+ if (!isClosedForPut()) {
+ fillReceiveBuffer();
+ }
+ }
+
+ protected void readEOFHook() {
+ // the client just read the EOF marker //
+ }
+
+ protected void relinquishInput() {
+ releaseInputChannel();
+ }
+
+ protected void relinquishOutput() {
+ throw new InternalError();
+ }
+
+
+ };
+
+ sendBuffer = new RingByteBuffer("send" + chan.socket(), SND_BUFFER_SIZE) {
+
+ protected void bufferFullHook(String how) throws IOException {
+ if (!chan.socket().isOutputShutdown()) {
+ flushSendBuffer();
+ }
+ }
+
+ protected void bufferEmptyHook(String how) {
+ // what do we care? //
+ }
+
+ /**
+ * the send buffer was closed(), and we have send everything
+ */
+ protected void readEOFHook() {
+ // do nothing //
+ try {
+ chan.socket().shutdownOutput();
+ }
+ catch (IOException e) {
+ e.printStackTrace();
+ }
+ }
+
+ };
+
+
+ try {
+ executor.execute(inputListener);
+ }
+ catch (InterruptedException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+
+ private Runnable inputListener = new Runnable() {
+
+ public void run() {
+
+ while (true) {
+
+ while (receiveBuffer.isEmpty()) {
+ try {
+ fillReceiveBuffer();
+ }
+ catch (IOException e) {
+ System.out.println("loop reached EOF");
+ return;
+ }
+
+ if (receiveBuffer.isClosedForPut()) {
+ System.out.println("END OF INPUT");
+ return;
+ }
+ }
+
+ handler.inputAvailable(SyncNIOTransport.this);
+ }
+
+ }
+
+ };
+
+
+ public OutputChannel getOutputChannel() {
+ return sendBuffer.getOutputChannel();
+ }
+
+ public InputChannel getInputChannel() {
+ return receiveBuffer.getInputChannel();
+ }
+
+ public void close() throws IOException {
+ chan.close();
+ }
+
+ public void releaseInputChannel() {
+ // TODO Auto-generated method stub
+
+ }
+
+}
Added: geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/channel/nio/SyncNIOTransportManager.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/channel/nio/SyncNIOTransportManager.java?rev=329036&view=auto
==============================================================================
--- geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/channel/nio/SyncNIOTransportManager.java (added)
+++ geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/channel/nio/SyncNIOTransportManager.java Thu Oct 27 19:00:06 2005
@@ -0,0 +1,73 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation or its licensors, as applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.channel.nio;
+
+import java.io.IOException;
+import java.net.SocketAddress;
+import java.nio.channels.SocketChannel;
+import java.nio.channels.spi.SelectorProvider;
+
+import EDU.oswego.cs.dl.util.concurrent.Executor;
+
+import org.apache.geronimo.corba.channel.InputHandler;
+import org.apache.geronimo.corba.channel.Transport;
+import org.apache.geronimo.corba.channel.TransportManager;
+
+
+public class SyncNIOTransportManager implements TransportManager {
+
+ private final SelectorProvider provider;
+
+ private final Executor executor;
+
+ SyncNIOTransportManager(Executor executor) throws IOException {
+ this(executor, SelectorProvider.provider());
+ }
+
+ SyncNIOTransportManager(Executor executor, SelectorProvider provider)
+ throws IOException
+ {
+ this.executor = executor;
+ this.provider = provider;
+ }
+
+ public Transport createTransport(SocketAddress addr, InputHandler handler) throws IOException {
+ SocketChannel ch = provider.openSocketChannel();
+ ch.configureBlocking(true);
+ ch.connect(addr);
+ SyncNIOTransport t = new SyncNIOTransport(this, ch, handler);
+
+ // executor.execute(inputListener);
+
+ return t;
+ }
+
+ public void start() throws InterruptedException {
+ // TODO Auto-generated method stub
+
+ }
+
+ public void shutdown() throws IOException {
+ // TODO Auto-generated method stub
+
+ }
+
+ public Executor getExecutor() {
+ return executor;
+ }
+
+}
Added: geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/concurrency/IOSemaphoreClosedException.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/concurrency/IOSemaphoreClosedException.java?rev=329036&view=auto
==============================================================================
--- geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/concurrency/IOSemaphoreClosedException.java (added)
+++ geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/concurrency/IOSemaphoreClosedException.java Thu Oct 27 19:00:06 2005
@@ -0,0 +1,37 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.concurrency;
+
+import java.io.IOException;
+
+
+/**
+ * @version $Rev: $ $Date: $
+ */
+public class IOSemaphoreClosedException extends IOException {
+
+ private final int number;
+
+ public IOSemaphoreClosedException(int number) {
+ this.number = number;
+ }
+
+ public int getNumber() {
+ return number;
+ }
+}
Added: geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/AuthenticationInfo.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/AuthenticationInfo.java?rev=329036&view=auto
==============================================================================
--- geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/AuthenticationInfo.java (added)
+++ geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/AuthenticationInfo.java Thu Oct 27 19:00:06 2005
@@ -0,0 +1,49 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation or its licensors, as applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.csi;
+
+import javax.security.auth.Subject;
+import javax.security.auth.x500.X500Principal;
+
+
+public interface AuthenticationInfo {
+
+ void setX500Principal(X500Principal principal);
+
+ X500Principal getX500Principal();
+
+ void setPrincipalName(String name);
+
+ String getPrincipalName();
+
+ void setPassword(String name);
+
+ String getPassword();
+
+ void setRealm(String realm);
+
+ String getRealm();
+
+ void setAnonymous(boolean value);
+
+ boolean isAnonymous();
+
+ void setSubject(Subject subject);
+
+ Subject getSubject();
+
+}
Added: geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/CSIClientRequestInterceptor.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/CSIClientRequestInterceptor.java?rev=329036&view=auto
==============================================================================
--- geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/CSIClientRequestInterceptor.java (added)
+++ geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/CSIClientRequestInterceptor.java Thu Oct 27 19:00:06 2005
@@ -0,0 +1,284 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation or its licensors, as applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.csi;
+
+import org.omg.CORBA.Any;
+import org.omg.CORBA.CompletionStatus;
+import org.omg.CORBA.MARSHAL;
+import org.omg.CORBA.UserException;
+import org.omg.CSI.*;
+import org.omg.CSIIOP.*;
+import org.omg.GSSUP.InitialContextToken;
+import org.omg.IOP.Codec;
+import org.omg.IOP.SecurityAttributeService;
+import org.omg.IOP.ServiceContext;
+import org.omg.IOP.TaggedComponent;
+import org.omg.PortableInterceptor.ClientRequestInfo;
+import org.omg.PortableInterceptor.ForwardRequest;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+
+public class CSIClientRequestInterceptor extends CSIInterceptorBase
+ implements org.omg.PortableInterceptor.ClientRequestInterceptor
+{
+
+ CSIClientRequestInterceptor(Codec codec) {
+ super(codec);
+ }
+
+ private static final Log log = LogFactory
+ .getLog(CSIClientRequestInterceptor.class);
+
+ //
+ // CLIENT REQUEST API
+ //
+
+ public void send_request(ClientRequestInfo ri) throws ForwardRequest {
+ org.omg.CORBA.Object target = ri.effective_target();
+
+ if (target instanceof org.omg.CORBA.portable.ObjectImpl) {
+ boolean isLocal = ((org.omg.CORBA.portable.ObjectImpl) target)
+ ._is_local();
+
+ // save value of isLocal
+ if (ri.response_expected())
+ CallStatus.pushIsLocal(isLocal);
+
+ // ignore CSI for local calls
+ if (isLocal) {
+ return;
+ }
+ }
+
+ boolean target_supports_gssup = false;
+ boolean target_requires_gssup = false;
+
+ CompoundSecMech mech = null;
+
+ try {
+ TaggedComponent tc = ri
+ .get_effective_component(TAG_CSI_SEC_MECH_LIST.value);
+
+ byte[] data = tc.component_data;
+
+ Any sl_any = codec.decode_value(data, CompoundSecMechListHelper
+ .type());
+ CompoundSecMechList sl = CompoundSecMechListHelper.extract(sl_any);
+
+ if (sl.mechanism_list.length == 0) {
+ log.debug("empty sec mech list");
+ return;
+ }
+
+ mech = sl.mechanism_list[0];
+
+ }
+ catch (org.omg.CORBA.BAD_PARAM ex) {
+ log.debug("no security mechanism");
+ return;
+ }
+ catch (UserException e) {
+ MARSHAL me = new MARSHAL("cannot decode local security descriptor",
+ 0, CompletionStatus.COMPLETED_NO);
+ me.initCause(e);
+ throw me;
+ }
+
+ log.debug("transport_mech tag = " + mech.transport_mech.tag);
+
+ String target_name = null;
+
+ AS_ContextSec as = mech.as_context_mech;
+ if (as != null) {
+ if (java.util.Arrays.equals(GSSUP_OID,
+ as.client_authentication_mech))
+ {
+ target_requires_gssup = (as.target_requires & EstablishTrustInClient.value) != 0;
+ target_supports_gssup = (as.target_supports & EstablishTrustInClient.value) != 0;
+
+ target_name = decodeGSSExportedName(as.target_name);
+
+ if (log.isDebugEnabled()) {
+ log.debug("decoded target name = " + target_name);
+ }
+ }
+ }
+
+ boolean support_gssup_delegation = false;
+ boolean support_x500_delegation = false;
+
+ if (!target_supports_gssup) {
+
+ SAS_ContextSec sas = mech.sas_context_mech;
+ for (int i = 0; i < sas.supported_naming_mechanisms.length; i++) {
+ if (java.util.Arrays.equals(GSSUP_OID,
+ sas.supported_naming_mechanisms[i])
+ && (sas.supported_identity_types & ITTPrincipalName.value) != 0)
+ {
+ support_gssup_delegation = true;
+ log.debug("target supports GSSUP identity delegation");
+ break;
+ }
+ }
+
+ if ((sas.supported_identity_types & ITTDistinguishedName.value) != 0) {
+ support_x500_delegation = true;
+ }
+
+ if (!support_gssup_delegation && !support_x500_delegation) {
+ if (log.isDebugEnabled()) {
+ log.debug("target supports security, but not GSSUP/X500");
+ }
+
+ return;
+ }
+
+ } else {
+ if (log.isDebugEnabled()) {
+ log.debug("AS SPEC:" + " target_supports="
+ + target_supports_gssup + " target_requires="
+ + target_requires_gssup);
+ }
+ }
+
+ AuthenticationInfo authInfo = SecurityContext.getAuthenticationInfo();
+
+ if (authInfo == null) {
+ if (log.isDebugEnabled()) {
+ log.debug("no auth info");
+ }
+ return;
+ }
+
+ String name = authInfo.getPrincipalName();
+ String realm = authInfo.getRealm();
+ String password = authInfo.getPassword();
+
+ SASContextBody sasBody = new SASContextBody();
+
+ EstablishContext establishMsg = new EstablishContext();
+
+ // Indicate stateless CSS
+ establishMsg.client_context_id = 0;
+
+ // Make empty authorization token list
+ establishMsg.authorization_token = EMPTY_AUTH_ELEMENT;
+
+ String scopedUserName = name + "@" + realm;
+
+ if (support_gssup_delegation) {
+
+ establishMsg.client_authentication_token = EMPTY_BARR;
+
+ //
+ // indicate identitytoken as ITTPrincipalName
+ //
+ IdentityToken identityToken = new IdentityToken();
+ identityToken
+ .principal_name(encapsulateByteArray(encodeGSSExportedName(scopedUserName)));
+ establishMsg.identity_token = identityToken;
+
+ if (log.isDebugEnabled()) {
+ log.debug("send_request, name: \"" + scopedUserName + "\"");
+ }
+
+ } else {
+
+ // Make GSSUP InitialContextToken
+ InitialContextToken gssupToken = new InitialContextToken();
+ gssupToken.username = utf8encode(scopedUserName);
+ gssupToken.target_name = encodeGSSExportedName(realm);
+ gssupToken.password = utf8encode(password);
+
+ establishMsg.client_authentication_token = encodeGSSUPToken(gssupToken);
+
+ // Indicate identity token is ITTAbsent
+ IdentityToken identityToken = new IdentityToken();
+ identityToken.absent(true);
+ establishMsg.identity_token = identityToken;
+
+ if (log.isDebugEnabled()) {
+ log.debug("send_request, name: \"" + scopedUserName
+ + "\", pw: \"" + password + "\"");
+ }
+ }
+
+ sasBody.establish_msg(establishMsg);
+
+ ri.add_request_service_context(encodeSASContextBody(sasBody), true);
+ }
+
+ public void send_poll(ClientRequestInfo ri) {
+ }
+
+ public void receive_reply(ClientRequestInfo ri) {
+ // ignore tx for local calls
+ if (CallStatus.popIsLocal()) {
+ return;
+ }
+
+ ServiceContext serviceContext;
+ try {
+ serviceContext = ri
+ .get_reply_service_context(SecurityAttributeService.value);
+ }
+ catch (org.omg.CORBA.BAD_PARAM ex) {
+ serviceContext = null;
+ }
+
+ SASContextBody sasBody = null;
+
+ if (serviceContext != null) {
+ sasBody = decodeSASContextBody(serviceContext);
+
+ switch (sasBody.discriminator()) {
+ case MTEstablishContext.value:
+ case MTMessageInContext.value:
+ // Unexpected
+ log.error("Unexpected message of type "
+ + sasBody.discriminator());
+ break;
+ case MTCompleteEstablishContext.value:
+ // Things went well
+ break;
+ case MTContextError.value:
+ // Things did not go well
+ break;
+ }
+ }
+ }
+
+ public void receive_exception(ClientRequestInfo ri) throws ForwardRequest {
+ if (log.isDebugEnabled()) {
+ log.debug("receive_exception");
+ }
+ receive_reply(ri);
+ }
+
+ public void receive_other(ClientRequestInfo ri) throws ForwardRequest {
+ if (log.isDebugEnabled()) {
+ log.debug("receive_other");
+ }
+ receive_reply(ri);
+ }
+
+ public String name() {
+ return "CSI Client Interceptor";
+ }
+
+}
Added: geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/CSIInterceptorBase.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/CSIInterceptorBase.java?rev=329036&view=auto
==============================================================================
--- geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/CSIInterceptorBase.java (added)
+++ geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/CSIInterceptorBase.java Thu Oct 27 19:00:06 2005
@@ -0,0 +1,400 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation or its licensors, as applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.csi;
+
+import org.omg.CORBA.Any;
+import org.omg.CORBA.CompletionStatus;
+import org.omg.CORBA.LocalObject;
+import org.omg.CORBA.MARSHAL;
+import org.omg.CORBA.ORB;
+import org.omg.CORBA.OctetSeqHelper;
+import org.omg.CORBA.UserException;
+import org.omg.CSIIOP.CompoundSecMechList;
+import org.omg.CSIIOP.CompoundSecMechListHelper;
+import org.omg.CSIIOP.CompoundSecMechanismsHelper;
+import org.omg.GSSUP.InitialContextToken;
+import org.omg.GSSUP.InitialContextTokenHelper;
+import org.omg.IOP.Codec;
+import org.omg.IOP.CodecPackage.FormatMismatch;
+import org.omg.IOP.CodecPackage.InvalidTypeForEncoding;
+import org.omg.IOP.CodecPackage.TypeMismatch;
+import org.omg.IOP.SecurityAttributeService;
+import org.omg.IOP.ServiceContext;
+import org.omg.IOP.TaggedComponent;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+
+public abstract class CSIInterceptorBase extends LocalObject {
+
+ private static final Log log = LogFactory.getLog(CSIInterceptorBase.class);
+
+ static final AuthorizationElement[] EMPTY_AUTH_ELEMENT = new AuthorizationElement[0];
+
+ static final byte[] EMPTY_BARR = new byte[0];
+
+ ORB orb;
+
+ final protected Codec codec;
+
+ CSIInterceptorBase(Codec codec) {
+ this.codec = codec;
+ }
+
+ /**
+ * we need to ORB to be able to create the Any's into which we encode
+ * various info
+ */
+ protected final ORB getOrb() {
+ if (orb == null) {
+ orb = ORB.init();
+ }
+
+ return orb;
+ }
+
+ SASContextBody decodeSASContextBody(ServiceContext sasSC) {
+ //
+ // Decode encapsulated SAS context body
+ //
+ /*
+ * org.omg.CORBA.portable.InputStream in =
+ * Porting.open_encapsulated_input_stream( sasSC.context_data, 0,
+ * sasSC.context_data.length, getOrb());
+ *
+ * return SASContextBodyHelper.read(in);
+ */
+ Any any;
+ try {
+ any = codec.decode_value(sasSC.context_data, SASContextBodyHelper
+ .type());
+ }
+ catch (FormatMismatch ex) {
+ throw new org.omg.CORBA.INTERNAL(ex.getMessage());
+ }
+ catch (TypeMismatch ex) {
+ throw new org.omg.CORBA.INTERNAL(ex.getMessage());
+ }
+ return SASContextBodyHelper.extract(any);
+ }
+
+ CompoundSecMechList decodeCompoundSecMechList(TaggedComponent seccomp)
+ throws FormatMismatch, TypeMismatch
+ {
+ /*
+ * org.omg.CORBA.portable.InputStream in = openEncapsulatedInputStream(
+ * seccomp.component_data, 0, seccomp.component_data.length, getOrb());
+ *
+ * return CompoundSecMechListHelper.read(in);
+ */
+ Any any = codec.decode_value(seccomp.component_data,
+ CompoundSecMechanismsHelper.type());
+ return CompoundSecMechListHelper.extract(any);
+ }
+
+ byte[] utf8encode(String text) {
+ if (text == null) {
+ return EMPTY_BARR;
+ } else {
+ try {
+ return text.getBytes("UTF8");
+ }
+ catch (java.io.UnsupportedEncodingException ex) {
+ throw new org.omg.CORBA.INTERNAL(ex.getMessage());
+ }
+ }
+ }
+
+ String utf8decode(byte[] data) {
+ try {
+ return new String(data, "UTF8");
+ }
+ catch (java.io.UnsupportedEncodingException ex) {
+ throw new org.omg.CORBA.INTERNAL(ex.getMessage());
+ }
+ }
+
+ static final byte[] GSSUP_OID = {0x06, // OBJECT IDENTIFIER
+ 6, // length of OID
+ (2 * 40 + 23), // ISO[2]*40 + INTERNATIONAL[23]
+ (byte) 0x81, // 0x80 | (OMG[130] >> 7)
+ 130 & 0x7f, // OMG[130] & 0x7f
+ 1, // SECURITY[1]
+ 1, // AUTHENTICATION[1]
+ 1 // GSSUP-MECH[1]
+ };
+
+ byte[] encapsulateByteArray(byte[] data) {
+ // org.omg.CORBA.portable.OutputStream out =
+ // Porting.create_encapsulated_output_stream();
+ //
+ // out.write_long(data.length);
+ // out.write_octet_array(data, 0, data.length);
+ //
+ // return Porting.extract_data(out);
+
+ Any a = getOrb().create_any();
+ OctetSeqHelper.insert(a, data);
+
+ try {
+ return codec.encode_value(a);
+ }
+ catch (InvalidTypeForEncoding e) {
+ MARSHAL me = new MARSHAL("cannot encode security descriptor", 0,
+ CompletionStatus.COMPLETED_NO);
+ me.initCause(e);
+ throw me;
+ }
+ }
+
+ byte[] encodeGSSUPToken(InitialContextToken gssupToken) {
+
+ // first, create the Any encoding of the token
+ Any a = getOrb().create_any();
+ InitialContextTokenHelper.insert(a, gssupToken);
+
+ //OutputStream out = a.create_output_stream();
+ //a.type(InitialContextTokenHelper.type());
+ //InitialContextTokenHelper.write(out, gssupToken);
+ //InputStream in = out.create_input_stream();
+ //a.read_value(in, InitialContextTokenHelper.type());
+
+ byte[] data;
+ try {
+ data = codec.encode_value(a);
+ }
+ catch (InvalidTypeForEncoding e) {
+ MARSHAL me = new MARSHAL("cannot encode security descriptor", 0,
+ CompletionStatus.COMPLETED_NO);
+ me.initCause(e);
+ throw me;
+ }
+
+ //
+ // next, wrap the byte encoding in the ASN.1 magic
+ //
+ int len = data.length + GSSUP_OID.length;
+ if (len < (1 << 7)) {
+ byte[] result = new byte[len + 2];
+ result[0] = 0x60;
+ result[1] = (byte) len;
+ System.arraycopy(GSSUP_OID, 0, result, 2, GSSUP_OID.length);
+ System.arraycopy(data, 0, result, 10, data.length);
+ return result;
+
+ } else if (len < (1 << 14)) {
+ byte[] result = new byte[len + 3];
+ result[0] = 0x60;
+ result[1] = (byte) ((byte) (len >> 7) | (byte) 0x80);
+ result[2] = ((byte) (len & 0x7f));
+ System.arraycopy(GSSUP_OID, 0, result, 3, GSSUP_OID.length);
+ System.arraycopy(data, 0, result, 11, data.length);
+ return result;
+
+ } else if (len < (1 << 21)) {
+ byte[] result = new byte[len + 4];
+ result[0] = 0x60;
+ result[2] = (byte) ((byte) 0x80 | (byte) (0x7f & (len >> 14)));
+ result[1] = (byte) ((byte) 0x80 | (byte) (0x7f & (len >> 7)));
+ result[3] = (byte) (len & 0x7f);
+ System.arraycopy(GSSUP_OID, 0, result, 4, GSSUP_OID.length);
+ System.arraycopy(data, 0, result, 12, data.length);
+ return result;
+
+ } else {
+ throw new org.omg.CORBA.INTERNAL("user/password too long");
+ }
+
+ // return data;
+ }
+
+ InitialContextToken decodeGSSUPToken(byte[] data) {
+ if (data[0] != 0x60)
+ throw new org.omg.CORBA.MARSHAL("Invalid Token");
+
+ int idx = 1;
+ int len = 0;
+ byte b;
+
+ // collect length
+ do {
+ len <<= 7;
+ len |= (b = data[idx++]) & 0x7f;
+ }
+ while ((b & 0x80) == 0x80);
+
+ if ((len + idx) != data.length)
+ throw new org.omg.CORBA.MARSHAL("Bad Token Size");
+
+ for (int i = 0; i < GSSUP_OID.length; i++) {
+ if (data[idx + i] != GSSUP_OID[i]) {
+ throw new org.omg.CORBA.NO_PERMISSION("Not GSSUP_OID");
+ }
+ }
+
+ idx += GSSUP_OID.length;
+
+ byte[] token = new byte[data.length - idx];
+ System.arraycopy(data, idx, token, 0, data.length - idx);
+
+ try {
+ Any a = codec.decode_value(data, InitialContextTokenHelper.type());
+ return InitialContextTokenHelper.extract(a);
+ }
+ catch (UserException e) {
+ MARSHAL me = new MARSHAL("cannot decode local security descriptor",
+ 0, CompletionStatus.COMPLETED_NO);
+ me.initCause(e);
+ throw me;
+ }
+ }
+
+ ServiceContext encodeSASContextBody(SASContextBody sasBody) {
+ //
+ // Create encapsulation for SAS context body
+ //
+
+ Any a = getOrb().create_any();
+ SASContextBodyHelper.insert(a, sasBody);
+
+ // wrap the ANY in an encapsulation
+ byte[] data;
+ try {
+ data = codec.encode_value(a);
+ }
+ catch (UserException ex) {
+ MARSHAL me = new MARSHAL("cannot encode local security descriptor",
+ 0, CompletionStatus.COMPLETED_NO);
+ me.initCause(ex);
+ throw me;
+ }
+ return new ServiceContext(SecurityAttributeService.value, data);
+ }
+
+
+ //
+ // thread-local mechanism to shortcut local calls
+ //
+ static class CallStatus {
+
+ boolean isLocal;
+
+ CallStatus prev;
+
+ CallStatus(boolean l, CallStatus p) {
+ isLocal = l;
+ prev = p;
+ }
+
+ static ThreadLocal status = new ThreadLocal();
+
+ static void pushIsLocal(boolean isLocal) {
+ CallStatus cs = new CallStatus(isLocal, (CallStatus) status.get());
+ status.set(cs);
+ }
+
+ static boolean peekIsLocal() {
+ CallStatus cs = (CallStatus) status.get();
+ if (cs == null)
+ return false;
+ else
+ return cs.isLocal;
+ }
+
+ static boolean popIsLocal() {
+ CallStatus cs = (CallStatus) status.get();
+ if (cs == null)
+ return false;
+
+ status.set(cs.prev);
+ return cs.isLocal;
+ }
+ }
+
+ /**
+ * RFC 2743, Section 3.2. Construct a GSS_ExportedName for a GSSUP domain
+ * given a String
+ */
+ byte[] encodeGSSExportedName(String value) {
+ byte[] name_data = utf8encode(value);
+
+ int len = 8 + name_data.length + GSSUP_OID.length;
+
+ byte[] result = new byte[len];
+
+ result[0] = 0x04; // Token Identifier
+ result[1] = 0x01;
+
+ result[2] = 0x00; // 2-byte Length of GSSUP_OID
+ result[3] = (byte) GSSUP_OID.length;
+
+ // the OID
+ for (int i = 0; i < GSSUP_OID.length; i++) {
+ result[4 + i] = GSSUP_OID[i];
+ }
+
+ int name_len = name_data.length;
+ int idx = 4 + GSSUP_OID.length;
+
+ // 4-byte length of name
+ result[idx + 0] = (byte) ((name_len >> 24) & 0xff);
+ result[idx + 1] = (byte) ((name_len >> 16) & 0xff);
+ result[idx + 2] = (byte) ((name_len >> 8) & 0xff);
+ result[idx + 3] = (byte) ((name_len) & 0xff);
+
+ for (int i = 0; i < name_len; i++) {
+ result[idx + 4 + i] = name_data[i];
+ }
+
+ return result;
+ }
+
+ String decodeGSSExportedName(byte[] data) {
+ if (data.length < 8 + GSSUP_OID.length) {
+ log.debug("exported name too short len=" + data.length);
+ return null;
+ }
+
+ if (data[0] != 0x04 || data[1] != 0x01 || data[2] != 0x00
+ || data[3] != GSSUP_OID.length)
+ {
+ log.debug("wrong name header");
+ return null;
+ }
+
+ for (int i = 0; i < GSSUP_OID.length; i++) {
+ if (data[4 + i] != GSSUP_OID[i]) {
+ log.debug("wrong name OID @ " + i);
+ return null;
+ }
+ }
+
+ int idx = 4 + GSSUP_OID.length;
+ int len = (((int) data[idx + 0] << 24) & 0xff000000)
+ | (((int) data[idx + 1] << 16) & 0x00ff0000)
+ | (((int) data[idx + 2] << 8) & 0x0000ff00)
+ | (((int) data[idx + 3] << 0) & 0x000000ff);
+
+ try {
+ return new String(data, idx + 4, data.length - (idx + 4), "UTF8");
+ }
+ catch (java.io.UnsupportedEncodingException ex) {
+ throw new org.omg.CORBA.INTERNAL(ex.getMessage());
+ }
+ }
+
+}
Added: geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/CSIInterceptorLoader.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/CSIInterceptorLoader.java?rev=329036&view=auto
==============================================================================
--- geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/CSIInterceptorLoader.java (added)
+++ geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/CSIInterceptorLoader.java Thu Oct 27 19:00:06 2005
@@ -0,0 +1,93 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation or its licensors, as applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.csi;
+
+import org.omg.IOP.Codec;
+import org.omg.IOP.CodecFactoryPackage.UnknownEncoding;
+import org.omg.IOP.ENCODING_CDR_ENCAPS;
+import org.omg.IOP.Encoding;
+import org.omg.PortableInterceptor.ORBInitInfo;
+import org.omg.PortableInterceptor.ORBInitializer;
+import org.omg.PortableInterceptor.PolicyFactory;
+import org.omg.Security.*;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import org.apache.geronimo.corba.csi.gssup.SecGSSUPPolicy;
+
+
+/**
+ * @author Jeppe Sommer (jso@eos.dk)
+ */
+public class CSIInterceptorLoader extends org.omg.CORBA.LocalObject implements
+ ORBInitializer
+{
+
+ static Log log = LogFactory.getLog(CSIInterceptorLoader.class);
+
+ CSIClientRequestInterceptor client_interceptor;
+ CSIServerRequestInterceptor server_interceptor;
+ GSSUPIORInterceptor ior_interceptor;
+
+ public void pre_init(ORBInitInfo info) {
+ if (log.isDebugEnabled()) {
+ log.debug("******** Running PortableCSILoader ******** ");
+ }
+
+ Codec codec = null;
+ try {
+ codec = info.codec_factory()
+ .create_codec(
+ new Encoding(ENCODING_CDR_ENCAPS.value, (byte) 1,
+ (byte) 2));
+ }
+ catch (UnknownEncoding ex) {
+ log.error("Could not get codec: ", ex);
+ return;
+ }
+
+ client_interceptor = new CSIClientRequestInterceptor(codec);
+ server_interceptor = new CSIServerRequestInterceptor(codec);
+ ior_interceptor = new GSSUPIORInterceptor(codec);
+
+ // Install factory for security policies...
+ PolicyFactory factory = new CSIPolicyFactory();
+ info.register_policy_factory(SecMechanismsPolicy.value, factory);
+ info.register_policy_factory(SecInvocationCredentialsPolicy.value,
+ factory);
+ info.register_policy_factory(SecQOPPolicy.value, factory);
+ info.register_policy_factory(SecEstablishTrustPolicy.value, factory);
+ info.register_policy_factory(SecGSSUPPolicy.value, factory);
+ info.register_policy_factory(SecDelegationDirectivePolicy.value,
+ factory);
+
+ try {
+ info.add_client_request_interceptor(client_interceptor);
+ info.add_server_request_interceptor(server_interceptor);
+ info.add_ior_interceptor(ior_interceptor);
+
+ }
+ catch (org.omg.PortableInterceptor.ORBInitInfoPackage.DuplicateName ex) {
+ throw new org.omg.CORBA.INITIALIZE(ex.toString());
+ }
+
+ }
+
+ public void post_init(ORBInitInfo info) {
+ }
+
+}
Added: geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/CSIPolicyFactory.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/CSIPolicyFactory.java?rev=329036&view=auto
==============================================================================
--- geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/CSIPolicyFactory.java (added)
+++ geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/CSIPolicyFactory.java Thu Oct 27 19:00:06 2005
@@ -0,0 +1,201 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation or its licensors, as applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.geronimo.corba.csi;
+
+import org.omg.CORBA.Any;
+import org.omg.CORBA.LocalObject;
+import org.omg.CORBA.Policy;
+import org.omg.Security.*;
+import org.omg.SecurityLevel2.Credentials;
+import org.omg.SecurityLevel2.CredentialsListHelper;
+
+
+class CSIPolicyFactory extends LocalObject
+ implements org.omg.PortableInterceptor.PolicyFactory
+{
+
+ public Policy create_policy(int type, Any value)
+ throws org.omg.CORBA.PolicyError
+ {
+ switch (type) {
+ case SecMechanismsPolicy.value:
+ return new MechanismPolicy(value);
+ case SecInvocationCredentialsPolicy.value:
+ return new InvocationCredentialsPolicy(value);
+ case SecQOPPolicy.value:
+ return new QOPPolicy(value);
+ case SecEstablishTrustPolicy.value:
+ return new EstablishTrustPolicy(value);
+ case SecDelegationDirectivePolicy.value:
+ return new DelegationDirectivePolicy(value);
+ case SecGSSUPPolicy.value:
+ return new GSSUPPolicy(value);
+ }
+
+ throw new org.omg.CORBA.PolicyError
+ (org.omg.CORBA.BAD_POLICY.value);
+ }
+
+ static abstract class SecurityPolicy
+ extends LocalObject
+ implements Policy, Cloneable
+ {
+
+ public Policy copy() {
+ try {
+ return (Policy) super.clone();
+ }
+ catch (CloneNotSupportedException ex) {
+ return null;
+ }
+ }
+
+ public void destroy() {
+ // do nothing //
+ }
+ }
+
+ static class MechanismPolicy extends SecurityPolicy
+ implements org.omg.SecurityLevel2.MechanismPolicy
+ {
+
+ String[] mechanisms;
+
+ MechanismPolicy(Any value) {
+ mechanisms = MechanismTypeListHelper.extract(value);
+ }
+
+ public int policy_type() {
+ return SecMechanismsPolicy.value;
+ }
+
+ public String[] mechanisms() {
+ return mechanisms;
+ }
+
+ }
+
+ static class InvocationCredentialsPolicy extends SecurityPolicy
+ implements org.omg.SecurityLevel2.InvocationCredentialsPolicy
+ {
+
+ Credentials[] creds;
+
+ InvocationCredentialsPolicy(Any value) {
+ creds = CredentialsListHelper.extract(value);
+ }
+
+ public int policy_type() {
+ return SecInvocationCredentialsPolicy.value;
+ }
+
+ public Credentials[] creds() {
+ return creds;
+ }
+
+ }
+
+ static class QOPPolicy extends SecurityPolicy
+ implements org.omg.SecurityLevel2.QOPPolicy
+ {
+
+ QOP qop;
+
+ QOPPolicy(Any value) {
+ qop = QOPHelper.extract(value);
+ }
+
+ public int policy_type() {
+ return SecQOPPolicy.value;
+ }
+
+ public QOP qop() {
+ return qop;
+ }
+
+ }
+
+ static class EstablishTrustPolicy extends SecurityPolicy
+ implements org.omg.SecurityLevel2.EstablishTrustPolicy
+ {
+
+ EstablishTrust trust;
+
+ EstablishTrustPolicy(Any value) {
+ trust = EstablishTrustHelper.extract(value);
+ }
+
+ public int policy_type() {
+ return SecEstablishTrustPolicy.value;
+ }
+
+ public EstablishTrust trust() {
+ return trust;
+ }
+
+ }
+
+ static class DelegationDirectivePolicy extends SecurityPolicy
+ implements org.omg.SecurityLevel2.DelegationDirectivePolicy
+ {
+
+ DelegationDirective directive;
+
+ DelegationDirectivePolicy(Any value) {
+ directive = DelegationDirectiveHelper.extract(value);
+ }
+
+ public int policy_type() {
+ return SecDelegationDirectivePolicy.value;
+ }
+
+ public DelegationDirective delegation_directive() {
+ return directive;
+ }
+
+ }
+
+ static class GSSUPPolicy extends SecurityPolicy
+ implements org.apache.geronimo.corba.csi.gssup.GSSUPPolicy
+ {
+
+ RequiresSupports mode;
+ String domain;
+
+ GSSUPPolicy(Any value) {
+ GSSUPPolicyValue val = GSSUPPolicyValueHelper.extract(value);
+ mode = val.mode;
+ domain = val.domain;
+ }
+
+ public int policy_type() {
+ return SecGSSUPPolicy.value;
+ }
+
+ public RequiresSupports mode() {
+ return mode;
+ }
+
+ public String domain() {
+ return domain;
+ }
+
+ }
+
+
+}
Added: geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/CSIServerRequestInterceptor.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/CSIServerRequestInterceptor.java?rev=329036&view=auto
==============================================================================
--- geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/CSIServerRequestInterceptor.java (added)
+++ geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/CSIServerRequestInterceptor.java Thu Oct 27 19:00:06 2005
@@ -0,0 +1,483 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation or its licensors, as applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.csi;
+
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.x500.X500Principal;
+
+import org.omg.CORBA.Any;
+import org.omg.CORBA.CompletionStatus;
+import org.omg.CORBA.MARSHAL;
+import org.omg.CORBA.OctetSeqHelper;
+import org.omg.CORBA.UserException;
+import org.omg.CSI.*;
+import org.omg.GSSUP.InitialContextToken;
+import org.omg.IOP.Codec;
+import org.omg.IOP.SecurityAttributeService;
+import org.omg.IOP.ServiceContext;
+import org.omg.PortableInterceptor.ForwardRequest;
+import org.omg.PortableInterceptor.ServerRequestInfo;
+import org.omg.Security.DelegationDirective;
+import org.omg.Security.RequiresSupports;
+import org.omg.Security.SecDelegationDirectivePolicy;
+import org.omg.SecurityLevel2.DelegationDirectivePolicy;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import org.apache.geronimo.corba.csi.gssup.GSSUPPolicy;
+import org.apache.geronimo.corba.csi.gssup.SecGSSUPPolicy;
+
+
+public class CSIServerRequestInterceptor extends CSIInterceptorBase
+ implements org.omg.PortableInterceptor.ServerRequestInterceptor
+{
+
+ CSIServerRequestInterceptor(Codec codec) {
+ super(codec);
+ }
+
+ private static final Log log = LogFactory
+ .getLog(CSIServerRequestInterceptor.class);
+
+ //
+ // SERVER REQUEST API
+ //
+
+ public void receive_request_service_contexts(ServerRequestInfo ri)
+ throws ForwardRequest
+ {
+
+ if (log.isDebugEnabled()) {
+ log.debug("receive_request_service_contexts " + ri.operation());
+ }
+
+ if (CallStatus.peekIsLocal()) {
+ if (log.isDebugEnabled()) {
+ log.debug("local call");
+ }
+
+ return;
+ }
+
+ // set null subject so that we won't run in context of some
+ // previous subject
+ // CSISubjectInfo.clear ();
+
+ boolean support_gssup_authorization = false;
+ boolean require_gssup_authorization = false;
+
+ String gssup_domain = null;
+
+ // if there is no GSSUP policy on this POA, then we won't try
+ // to validate the user.
+ try {
+ GSSUPPolicy gp = (GSSUPPolicy) ri
+ .get_server_policy(SecGSSUPPolicy.value);
+
+ if (gp == null) {
+
+ if (log.isDebugEnabled()) {
+ log.debug("null GSSUPPolicy");
+ }
+
+ } else {
+ support_gssup_authorization = true;
+
+ if (gp.mode() == RequiresSupports.SecRequires) {
+ require_gssup_authorization = true;
+ }
+
+ gssup_domain = gp.domain();
+ }
+
+ }
+ catch (org.omg.CORBA.INV_POLICY ex) {
+
+ if (log.isDebugEnabled()) {
+ log.debug("no GSSUPPolicy");
+ }
+ }
+
+ boolean support_gssup_principal_identity = false;
+
+ try {
+ DelegationDirectivePolicy delegate = (DelegationDirectivePolicy) ri
+ .get_server_policy(SecDelegationDirectivePolicy.value);
+ if (delegate != null) {
+ DelegationDirective dir = delegate.delegation_directive();
+ if (dir == DelegationDirective.Delegate) {
+ support_gssup_principal_identity = true;
+ }
+ }
+ }
+ catch (org.omg.CORBA.INV_POLICY ex) {
+ // ignore //
+ }
+
+ if (log.isDebugEnabled()) {
+ log.debug("support gssup authorization: "
+ + support_gssup_authorization);
+ log.debug("require gssup authorization: "
+ + require_gssup_authorization);
+ log.debug("support gssup identity: "
+ + support_gssup_principal_identity);
+ }
+
+ ServiceContext serviceContext;
+ try {
+ serviceContext = ri
+ .get_request_service_context(SecurityAttributeService.value);
+ }
+ catch (org.omg.CORBA.BAD_PARAM ex) {
+ serviceContext = null;
+ }
+
+ if (log.isDebugEnabled()) {
+ log.debug("Received request service context: " + serviceContext);
+ }
+
+ if (require_gssup_authorization && serviceContext == null) {
+ throw new org.omg.CORBA.NO_PERMISSION(
+ "GSSUP authorization required"
+ + " (missing SAS EstablishContext message)");
+ }
+
+ SASContextBody sasBody = null;
+
+ if (serviceContext != null) {
+ sasBody = decodeSASContextBody(serviceContext);
+
+ if (log.isDebugEnabled()) {
+ log
+ .debug("received request of type "
+ + sasBody.discriminator());
+ }
+
+ switch (sasBody.discriminator()) {
+ case MTCompleteEstablishContext.value:
+ case MTContextError.value:
+ // Unexpected
+ log.error("Unexpected message of type "
+ + sasBody.discriminator());
+ throw new org.omg.CORBA.NO_PERMISSION("unexpected SAS message");
+
+ case MTMessageInContext.value:
+ if (log.isDebugEnabled()) {
+ log.debug("MTMessageInContext");
+ }
+
+ throw new org.omg.CORBA.NO_PERMISSION(
+ "Stateful SAS not supported");
+
+ case MTEstablishContext.value:
+ if (log.isDebugEnabled()) {
+ log.debug("MTEstablishContext");
+ }
+ acceptContext(ri, sasBody.establish_msg(),
+ support_gssup_authorization,
+ require_gssup_authorization,
+ support_gssup_principal_identity, gssup_domain);
+ break;
+ }
+ }
+ }
+
+ public void receive_request(ServerRequestInfo ri) throws ForwardRequest {
+ }
+
+ public void send_reply(ServerRequestInfo ri) {
+ if (CallStatus.peekIsLocal()) {
+ return;
+ }
+ }
+
+ public void send_exception(ServerRequestInfo ri) throws ForwardRequest {
+ send_reply(ri);
+ }
+
+ public void send_other(ServerRequestInfo ri) throws ForwardRequest {
+ send_reply(ri);
+ }
+
+ public String name() {
+ return "CSI Server Interceptor";
+ }
+
+
+ void acceptContext(ServerRequestInfo ri, EstablishContext establishMsg,
+ boolean support_gssup_authorization,
+ boolean require_gssup_authorization,
+ boolean support_gssup_principal_identity, String gssup_domain)
+ {
+ if (establishMsg.client_context_id != 0) {
+ // Error, we do not support stateful mode
+ log.error("Stateful security contexts not supported");
+
+ throw new org.omg.CORBA.NO_PERMISSION(
+ "Stateful security contexts not supported");
+ }
+
+ if (log.isDebugEnabled()) {
+ log.debug("accepting context...");
+ }
+
+ // Ignore authorization token list (not supported)
+ // establishMsg.authorization_token;
+
+ // Ignore identity token for now
+ // establishMsg.identity_token;
+
+ // Extract client authentication token
+ if (support_gssup_authorization
+ && establishMsg.identity_token.discriminator() == ITTAbsent.value
+ && establishMsg.client_authentication_token.length > 0)
+ {
+ InitialContextToken gssupToken = decodeGSSUPToken(establishMsg.client_authentication_token);
+
+ String useratrealm = utf8decode(gssupToken.username);
+
+ String name;
+ String realm;
+
+ int idx = useratrealm.lastIndexOf('@');
+ if (idx == -1) {
+ name = useratrealm;
+ realm = "default";
+ } else {
+ name = useratrealm.substring(0, idx);
+ realm = useratrealm.substring(idx + 1);
+ }
+
+ if (!realm.equals(gssup_domain)) {
+ returnContextError(ri, 1, 1);
+ throw new org.omg.CORBA.NO_PERMISSION("bad domain: \"" + realm
+ + "\"");
+ }
+
+ String password = utf8decode(gssupToken.password);
+
+ if (log.isDebugEnabled()) {
+ log.debug("GSSUP initial context token name=" + name
+ + "; realm=" + realm + "; password=" + password);
+ }
+
+ try {
+
+ Subject subject = SecurityContext.login(name, realm, password);
+
+ // Login succeeded
+ SecurityContext.setAuthenticatedSubject(subject);
+
+ if (log.isDebugEnabled()) {
+ log.debug("Login succeeded");
+ }
+
+ returnCompleteEstablishContext(ri);
+
+ }
+ catch (LoginException ex) {
+ // Login failed
+ log.error("Login failed", ex);
+
+ returnContextError(ri, 1, 1);
+ throw new org.omg.CORBA.NO_PERMISSION("login failed");
+
+ }
+ catch (Exception ex) {
+ log.error("Exception occured: ", ex);
+ }
+
+ } else if (require_gssup_authorization) {
+
+ returnContextError(ri, 1, 1);
+ throw new org.omg.CORBA.NO_PERMISSION(
+ "GSSUP authorization required");
+
+ } else if (support_gssup_principal_identity
+ && establishMsg.identity_token.discriminator() == ITTPrincipalName.value)
+ {
+
+ if (log.isDebugEnabled()) {
+ log.debug("accepting ITTPrincipalName");
+ }
+
+ byte[] name = establishMsg.identity_token.principal_name();
+ Any aa;
+ try {
+ aa = codec.decode_value(name, OctetSeqHelper.type());
+ }
+ catch (UserException e) {
+ MARSHAL me = new MARSHAL("cannot decode security descriptor",
+ 0, CompletionStatus.COMPLETED_NO);
+ me.initCause(e);
+ throw me;
+ }
+
+ byte[] exported_name = OctetSeqHelper.extract(aa);
+ // byte[] exported_name = uncapsulateByteArray(name);
+ String userAtDomain = decodeGSSExportedName(exported_name);
+
+ if (log.isDebugEnabled()) {
+ log.debug("establish ITTPrincipalName " + userAtDomain);
+ }
+
+ int idx = userAtDomain.indexOf('@');
+ String user = "";
+ String domain;
+
+ if (idx == -1) {
+ user = userAtDomain;
+ domain = "default";
+ } else {
+ user = userAtDomain.substring(0, idx);
+ domain = userAtDomain.substring(idx + 1);
+ }
+
+ if (gssup_domain != null && !domain.equals(gssup_domain)) {
+ returnContextError(ri, 1, 1);
+
+ log.warn("request designates wrong domain: " + userAtDomain);
+ throw new org.omg.CORBA.NO_PERMISSION("bad domain");
+ }
+
+ // CSISubjectInfo.setPropagatedCaller (user, domain);
+ Subject subject = SecurityContext.delegate(user, domain);
+ SecurityContext.setAuthenticatedSubject(subject);
+
+ returnCompleteEstablishContext(ri);
+
+ } else if (establishMsg.identity_token.discriminator() == ITTAnonymous.value) {
+ // establish anoynous identity
+
+ if (log.isDebugEnabled()) {
+ log.debug("accepting ITTAnonymous");
+ }
+
+ // CSISubjectInfo.setAnonymousSubject ();
+ try {
+ Subject subject = SecurityContext.anonymousLogin();
+ SecurityContext.setAuthenticatedSubject(subject);
+ }
+ catch (LoginException ex) {
+ // Won't happen
+ }
+
+ returnCompleteEstablishContext(ri);
+
+ } else if (establishMsg.identity_token.discriminator() == ITTDistinguishedName.value) {
+
+ if (log.isDebugEnabled()) {
+ log.debug("accepting ITTDistinguishedName");
+ }
+
+ byte[] name_data = establishMsg.identity_token.dn();
+
+ Any aa;
+ try {
+ aa = codec.decode_value(name_data, OctetSeqHelper.type());
+ }
+ catch (UserException e) {
+ MARSHAL me = new MARSHAL("cannot encode security descriptor",
+ 0, CompletionStatus.COMPLETED_NO);
+ me.initCause(e);
+ throw me;
+ }
+ byte[] x500name_data = OctetSeqHelper.extract(aa);
+
+ // byte[] x500name_data = uncapsulateByteArray(name_data);
+
+ try {
+
+ Subject subject = new Subject();
+ subject.getPrincipals().add(new X500Principal(x500name_data));
+ SecurityContext.setAuthenticatedSubject(subject);
+
+ }
+ catch (IllegalArgumentException ex) {
+
+ if (log.isDebugEnabled()) {
+ log.debug("cannot decode X500 name", ex);
+ }
+
+ returnContextError(ri, 1, 1);
+ throw new org.omg.CORBA.NO_PERMISSION("cannot decode X500 name");
+ }
+
+ returnCompleteEstablishContext(ri);
+
+ } else {
+
+ returnContextError(ri, 2, 1);
+ throw new org.omg.CORBA.NO_PERMISSION("Unsupported IdentityToken");
+
+ }
+ }
+
+
+ void returnCompleteEstablishContext(ServerRequestInfo ri) {
+ // Create CompleteEstablishContext
+ SASContextBody sasBody = new SASContextBody();
+
+ CompleteEstablishContext completeMsg = new CompleteEstablishContext();
+
+ completeMsg.client_context_id = 0;
+ completeMsg.context_stateful = false;
+ completeMsg.final_context_token = EMPTY_BARR;
+
+ sasBody.complete_msg(completeMsg);
+
+ if (log.isDebugEnabled()) {
+ log.debug("Adding SASContextBody, discriminator = "
+ + sasBody.discriminator());
+ }
+
+ ri.add_reply_service_context(encodeSASContextBody(sasBody), true);
+ }
+
+ void returnContextError(ServerRequestInfo ri, int major, int minor) {
+ // Create CompleteEstablishContext
+ SASContextBody sasBody = new SASContextBody();
+
+ ContextError errorMsg = new ContextError();
+
+ errorMsg.client_context_id = 0;
+ errorMsg.major_status = major;
+ errorMsg.minor_status = minor;
+ errorMsg.error_token = EMPTY_BARR;
+
+ sasBody.error_msg(errorMsg);
+
+ if (log.isDebugEnabled()) {
+ log.debug("Adding SASContextBody, discriminator = "
+ + sasBody.discriminator());
+ }
+
+ ri.add_reply_service_context(encodeSASContextBody(sasBody), true);
+ }
+
+ // void login(Subject subject, String realm, String name,
+ // String password) throws LoginException {
+
+ // LoginContext lc = new LoginContext
+ // ("EASSERVER", subject, new LoginCallbackHandler(name, password));
+
+ // lc.login();
+ // }
+
+
+}
Added: geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/GSSUPIORInterceptor.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/GSSUPIORInterceptor.java?rev=329036&view=auto
==============================================================================
--- geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/GSSUPIORInterceptor.java (added)
+++ geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/GSSUPIORInterceptor.java Thu Oct 27 19:00:06 2005
@@ -0,0 +1,190 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation or its licensors, as applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.csi;
+
+import org.omg.CORBA.Any;
+import org.omg.CORBA.CompletionStatus;
+import org.omg.CORBA.MARSHAL;
+import org.omg.CSI.*;
+import org.omg.CSIIOP.*;
+import org.omg.IOP.Codec;
+import org.omg.IOP.CodecPackage.InvalidTypeForEncoding;
+import org.omg.IOP.TaggedComponent;
+import org.omg.PortableInterceptor.IORInfo;
+import org.omg.Security.DelegationDirective;
+import org.omg.Security.RequiresSupports;
+import org.omg.Security.SecDelegationDirectivePolicy;
+import org.omg.SecurityLevel2.DelegationDirectivePolicy;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import org.apache.geronimo.corba.csi.gssup.GSSUPPolicy;
+import org.apache.geronimo.corba.csi.gssup.SecGSSUPPolicy;
+
+
+/**
+ * This interceptor adds GSSUP security information to the IOR, if the relevant
+ * policy is set.
+ */
+public class GSSUPIORInterceptor extends CSIInterceptorBase implements
+ org.omg.PortableInterceptor.IORInterceptor
+{
+
+ private static final Log log = LogFactory.getLog(GSSUPIORInterceptor.class);
+
+ GSSUPIORInterceptor(Codec codec) {
+ super(codec);
+ }
+
+ public void establish_components(IORInfo info) {
+ try {
+ TaggedComponent mechanism_list = constructMechList(info);
+
+ if (mechanism_list != null) {
+ // add this component to all outgoing profiles!
+ info.add_ior_component(mechanism_list);
+ }
+ }
+ catch (NullPointerException ex) {
+ // ex.printStackTrace ();
+ throw ex;
+ }
+ }
+
+ public String name() {
+ return "CSI IOR Interceptor";
+ }
+
+ private TaggedComponent constructMechList(IORInfo info) {
+ short as_target_requires = (short) 0;
+ short as_target_supports = (short) 0;
+ short sas_target_requires = (short) 0;
+ short sas_target_supports = (short) 0;
+
+ GSSUPPolicy gp = null;
+ String gssup_realm = null;
+
+ boolean has_security = false;
+
+ try {
+ gp = (GSSUPPolicy) info.get_effective_policy(SecGSSUPPolicy.value);
+
+ if (gp.mode() == RequiresSupports.SecRequires) {
+ as_target_requires |= EstablishTrustInClient.value;
+ }
+
+ as_target_supports |= EstablishTrustInClient.value;
+
+ gssup_realm = gp.domain();
+ has_security = true;
+
+ }
+ catch (org.omg.CORBA.INV_POLICY ex) {
+ // ignore
+ }
+
+ try {
+ DelegationDirectivePolicy delegatePolicy = (DelegationDirectivePolicy) info
+ .get_effective_policy(SecDelegationDirectivePolicy.value);
+
+ if (delegatePolicy != null
+ && delegatePolicy.delegation_directive() == DelegationDirective.Delegate)
+ {
+ sas_target_supports |= DelegationByClient.value
+ | IdentityAssertion.value;
+ has_security = true;
+ }
+ }
+ catch (org.omg.CORBA.INV_POLICY ex) {
+ // ignore
+ }
+
+ if (!has_security) {
+ return null;
+ }
+
+ CompoundSecMech mech = new CompoundSecMech();
+
+ AS_ContextSec as = new AS_ContextSec();
+ as.target_supports = as_target_supports;
+ as.target_requires = as_target_requires;
+
+ if (as_target_supports != 0) {
+ as.client_authentication_mech = GSSUP_OID;
+
+ if (gssup_realm != null) {
+ as.target_name = encodeGSSExportedName(gssup_realm);
+ } else {
+ as.target_name = EMPTY_BARR;
+ }
+ } else {
+ as.target_name = EMPTY_BARR;
+ as.client_authentication_mech = EMPTY_BARR;
+ }
+
+ if (log.isDebugEnabled()) {
+ log.debug("AS.target_requires=" + as_target_requires);
+ log.debug("AS.target_supports=" + as_target_supports);
+ log.debug("SAS.target_requires=" + sas_target_requires);
+ log.debug("SAS.target_supports=" + sas_target_supports);
+ }
+
+ SAS_ContextSec sas = new SAS_ContextSec();
+
+ sas.target_supports = sas_target_supports;
+ sas.target_requires = sas_target_requires;
+ sas.privilege_authorities = new ServiceConfiguration[0];
+ sas.supported_naming_mechanisms = new byte[][]{GSSUP_OID};
+
+ sas.supported_identity_types = ITTAnonymous.value;
+
+ if (as_target_supports != 0) {
+ sas.supported_identity_types |= ITTAbsent.value;
+ }
+
+ if (sas_target_supports != 0) {
+ sas.supported_identity_types |= ITTPrincipalName.value
+ | ITTDistinguishedName.value | ITTX509CertChain.value;
+ }
+
+ // transport mech is null here, this field is modified by code
+ // inside SSL server-side logic, adding SSL-specific information.
+ mech.transport_mech = new TaggedComponent(TAG_NULL_TAG.value,
+ EMPTY_BARR);
+ mech.target_requires = (short) (as_target_requires | sas_target_requires);
+ mech.as_context_mech = as;
+ mech.sas_context_mech = sas;
+
+ CompoundSecMechList mech_list = new CompoundSecMechList(false,
+ new CompoundSecMech[]{mech});
+
+ Any a = getOrb().create_any();
+ CompoundSecMechListHelper.insert(a, mech_list);
+ byte[] mech_data;
+ try {
+ mech_data = codec.encode_value(a);
+ }
+ catch (InvalidTypeForEncoding e) {
+ MARSHAL me = new MARSHAL("cannot encode security descriptor", 0,
+ CompletionStatus.COMPLETED_NO);
+ me.initCause(e);
+ throw me;
+ }
+ return new TaggedComponent(TAG_CSI_SEC_MECH_LIST.value, mech_data);
+ }
+
+}
Added: geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/SecurityContext.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/SecurityContext.java?rev=329036&view=auto
==============================================================================
--- geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/SecurityContext.java (added)
+++ geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/SecurityContext.java Thu Oct 27 19:00:06 2005
@@ -0,0 +1,71 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation or its licensors, as applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.csi;
+
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginException;
+
+
+public abstract class SecurityContext {
+
+ private static SecurityContextDelegate delegate;
+
+ public static void setAuthenticatedSubject(Subject subject) {
+ getDelegate().setAuthenticatedSubject(subject);
+ }
+
+ private static SecurityContextDelegate getDelegate() {
+
+ if (delegate == null) {
+ delegate = allocateDelegate();
+ }
+
+ return delegate;
+ }
+
+ private static SecurityContextDelegate allocateDelegate() {
+
+ String className = System.getProperty(
+ "org.freeorb.csi.SecurityContextClass",
+ "org.freeorb.csi.DefaultSecurityContextDelegate");
+
+ try {
+ Class c = Class.forName(className);
+ return (SecurityContextDelegate) c.newInstance();
+ }
+ catch (Exception ex) {
+ throw new InternalError("unable to attach to SecurityContext");
+ }
+ }
+
+ public static Subject anonymousLogin() throws LoginException {
+ return getDelegate().anonymousLogin();
+ }
+
+ public static Subject login(String name, String realm, String password) throws LoginException {
+ return getDelegate().login(name, realm, password);
+ }
+
+ public static Subject delegate(String user, String domain) {
+ return getDelegate().delegate(user, domain);
+ }
+
+ public static AuthenticationInfo getAuthenticationInfo() {
+ return getDelegate().getAuthenticationInfo();
+ }
+
+}
Added: geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/SecurityContextDelegate.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/SecurityContextDelegate.java?rev=329036&view=auto
==============================================================================
--- geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/SecurityContextDelegate.java (added)
+++ geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/SecurityContextDelegate.java Thu Oct 27 19:00:06 2005
@@ -0,0 +1,54 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation or its licensors, as applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.csi;
+
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginException;
+
+
+/**
+ * Interface to the application server logic needed by CSI
+ */
+
+public interface SecurityContextDelegate {
+
+ /**
+ * get info needed to construct an out-bound IIOP request with CSIv2
+ */
+ AuthenticationInfo getAuthenticationInfo();
+
+ /**
+ * do a login
+ */
+ Subject login(String name, String realm, String password) throws LoginException;
+
+ /**
+ * do an anonymous login
+ */
+ Subject anonymousLogin() throws LoginException;
+
+ /**
+ * set the current system subject
+ */
+ void setAuthenticatedSubject(Subject subject);
+
+ /**
+ * establish user
+ */
+ Subject delegate(String user, String domain);
+
+}
Added: geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/gssup/GSSUPPolicy.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/gssup/GSSUPPolicy.java?rev=329036&view=auto
==============================================================================
--- geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/gssup/GSSUPPolicy.java (added)
+++ geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/gssup/GSSUPPolicy.java Thu Oct 27 19:00:06 2005
@@ -0,0 +1,26 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation or its licensors, as applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.csi.gssup;
+
+/**
+ * Generated by the JacORB IDL compiler.
+ */
+public interface GSSUPPolicy
+ extends GSSUPPolicyOperations, org.omg.CORBA.Object, org.omg.CORBA.portable.IDLEntity, org.omg.CORBA.Policy
+{
+
+}
Added: geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/gssup/GSSUPPolicyHelper.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/gssup/GSSUPPolicyHelper.java?rev=329036&view=auto
==============================================================================
--- geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/gssup/GSSUPPolicyHelper.java (added)
+++ geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/gssup/GSSUPPolicyHelper.java Thu Oct 27 19:00:06 2005
@@ -0,0 +1,75 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation or its licensors, as applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.csi.gssup;
+
+/**
+ * Generated by the JacORB IDL compiler.
+ */
+public class GSSUPPolicyHelper {
+
+ public GSSUPPolicyHelper() {
+ }
+
+ public static void insert(org.omg.CORBA.Any any, GSSUPPolicy s) {
+ any.insert_Object(s);
+ }
+
+ public static GSSUPPolicy extract(org.omg.CORBA.Any any) {
+ return narrow(any.extract_Object());
+ }
+
+ public static org.omg.CORBA.TypeCode type() {
+ return org.omg.CORBA.ORB.init().create_interface_tc("IDL:com/trifork/eas/api/csi/GSSUPPolicy:1.0", "GSSUPPolicy");
+ }
+
+ public static String id() {
+ return "IDL:com/trifork/eas/api/csi/GSSUPPolicy:1.0";
+ }
+
+ public static GSSUPPolicy read(org.omg.CORBA.portable.InputStream in) {
+ return narrow(in.read_Object());
+ }
+
+ public static void write(org.omg.CORBA.portable.OutputStream _out, GSSUPPolicy s) {
+ _out.write_Object(s);
+ }
+
+ public static GSSUPPolicy narrow(org.omg.CORBA.Object obj) {
+ if (obj == null)
+ return null;
+ if (obj instanceof GSSUPPolicy)
+ return (GSSUPPolicy) obj;
+ else
+ throw new org.omg.CORBA.BAD_PARAM("Narrow failed, not a GSSUPPolicy");
+ }
+
+ public void write_Object(org.omg.CORBA.portable.OutputStream _out, java.lang.Object obj) {
+ throw new RuntimeException(" not implemented");
+ }
+
+ public java.lang.Object read_Object(org.omg.CORBA.portable.InputStream in) {
+ throw new RuntimeException(" not implemented");
+ }
+
+ public String get_id() {
+ return id();
+ }
+
+ public org.omg.CORBA.TypeCode get_type() {
+ return type();
+ }
+}
Added: geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/gssup/GSSUPPolicyHolder.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/gssup/GSSUPPolicyHolder.java?rev=329036&view=auto
==============================================================================
--- geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/gssup/GSSUPPolicyHolder.java (added)
+++ geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/gssup/GSSUPPolicyHolder.java Thu Oct 27 19:00:06 2005
@@ -0,0 +1,44 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation or its licensors, as applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.csi.gssup;
+
+/**
+ * Generated by the JacORB IDL compiler.
+ */
+public class GSSUPPolicyHolder implements org.omg.CORBA.portable.Streamable {
+
+ public GSSUPPolicy value;
+
+ public GSSUPPolicyHolder() {
+ }
+
+ public GSSUPPolicyHolder(GSSUPPolicy initial) {
+ value = initial;
+ }
+
+ public org.omg.CORBA.TypeCode _type() {
+ return GSSUPPolicyHelper.type();
+ }
+
+ public void _read(org.omg.CORBA.portable.InputStream in) {
+ value = GSSUPPolicyHelper.read(in);
+ }
+
+ public void _write(org.omg.CORBA.portable.OutputStream _out) {
+ GSSUPPolicyHelper.write(_out, value);
+ }
+}
Added: geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/gssup/GSSUPPolicyOperations.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/gssup/GSSUPPolicyOperations.java?rev=329036&view=auto
==============================================================================
--- geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/gssup/GSSUPPolicyOperations.java (added)
+++ geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/gssup/GSSUPPolicyOperations.java Thu Oct 27 19:00:06 2005
@@ -0,0 +1,29 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation or its licensors, as applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.csi.gssup;
+
+/**
+ * Generated by the JacORB IDL compiler.
+ */
+public interface GSSUPPolicyOperations
+ extends org.omg.CORBA.PolicyOperations
+{
+
+ public org.omg.Security.RequiresSupports mode();
+
+ public java.lang.String domain();
+}
Added: geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/gssup/GSSUPPolicyValue.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/gssup/GSSUPPolicyValue.java?rev=329036&view=auto
==============================================================================
--- geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/gssup/GSSUPPolicyValue.java (added)
+++ geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/gssup/GSSUPPolicyValue.java Thu Oct 27 19:00:06 2005
@@ -0,0 +1,33 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation or its licensors, as applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.corba.csi.gssup;
+
+public final class GSSUPPolicyValue
+ implements org.omg.CORBA.portable.IDLEntity
+{
+
+ public GSSUPPolicyValue() {
+ }
+
+ public org.omg.Security.RequiresSupports mode;
+ public java.lang.String domain;
+
+ public GSSUPPolicyValue(org.omg.Security.RequiresSupports mode, java.lang.String domain) {
+ this.mode = mode;
+ this.domain = domain;
+ }
+}