tomee-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r503493 - in /incubator/openejb/trunk/openejb2/modules/openejb-corba/src: main/java/org/apache/openejb/corba/security/config/css/ main/java/org/apache/openejb/corba/security/config/tss/ main/java/org/apache/openejb/corba/security/jgss/ main...
Date Sun, 04 Feb 2007 21:47:56 GMT
Author: djencks
Date: Sun Feb  4 13:47:55 2007
New Revision: 503493

URL: http://svn.apache.org/viewvc?view=rev&rev=503493
Log:
OPENEJB-469 Improve GSS scoped-username processing

Added:
    incubator/openejb/trunk/openejb2/modules/openejb-corba/src/test/java/org/apache/openejb/corba/util/NameDescopingTest.java
  (with props)
Modified:
    incubator/openejb/trunk/openejb2/modules/openejb-corba/src/main/java/org/apache/openejb/corba/security/config/css/CSSGSSUPMechConfigDynamic.java
    incubator/openejb/trunk/openejb2/modules/openejb-corba/src/main/java/org/apache/openejb/corba/security/config/css/CSSGSSUPMechConfigStatic.java
    incubator/openejb/trunk/openejb2/modules/openejb-corba/src/main/java/org/apache/openejb/corba/security/config/css/CSSSASITTPrincipalNameDynamic.java
    incubator/openejb/trunk/openejb2/modules/openejb-corba/src/main/java/org/apache/openejb/corba/security/config/css/CSSSASITTPrincipalNameStatic.java
    incubator/openejb/trunk/openejb2/modules/openejb-corba/src/main/java/org/apache/openejb/corba/security/config/tss/TSSGSSUPMechConfig.java
    incubator/openejb/trunk/openejb2/modules/openejb-corba/src/main/java/org/apache/openejb/corba/security/config/tss/TSSITTPrincipalNameGSSUP.java
    incubator/openejb/trunk/openejb2/modules/openejb-corba/src/main/java/org/apache/openejb/corba/security/jgss/GSSUPContext.java
    incubator/openejb/trunk/openejb2/modules/openejb-corba/src/main/java/org/apache/openejb/corba/util/Util.java

Modified: incubator/openejb/trunk/openejb2/modules/openejb-corba/src/main/java/org/apache/openejb/corba/security/config/css/CSSGSSUPMechConfigDynamic.java
URL: http://svn.apache.org/viewvc/incubator/openejb/trunk/openejb2/modules/openejb-corba/src/main/java/org/apache/openejb/corba/security/config/css/CSSGSSUPMechConfigDynamic.java?view=diff&rev=503493&r1=503492&r2=503493
==============================================================================
--- incubator/openejb/trunk/openejb2/modules/openejb-corba/src/main/java/org/apache/openejb/corba/security/config/css/CSSGSSUPMechConfigDynamic.java
(original)
+++ incubator/openejb/trunk/openejb2/modules/openejb-corba/src/main/java/org/apache/openejb/corba/security/config/css/CSSGSSUPMechConfigDynamic.java
Sun Feb  4 13:47:55 2007
@@ -75,7 +75,8 @@
                     }
                 }
                 if(credential != null) {
-                    encoding = Util.encodeGSSUPToken(Util.getORB(), Util.getCodec(), credential.getUsername(),
new String(credential.getPassword()), domain);
+                    String extendedUserName = Util.buildScopedUserName(credential.getUsername(),
domain);
+                    encoding = Util.encodeGSSUPToken(Util.getORB(), Util.getCodec(), extendedUserName,
new String(credential.getPassword()), domain);
                 }
             }
 

Modified: incubator/openejb/trunk/openejb2/modules/openejb-corba/src/main/java/org/apache/openejb/corba/security/config/css/CSSGSSUPMechConfigStatic.java
URL: http://svn.apache.org/viewvc/incubator/openejb/trunk/openejb2/modules/openejb-corba/src/main/java/org/apache/openejb/corba/security/config/css/CSSGSSUPMechConfigStatic.java?view=diff&rev=503493&r1=503492&r2=503493
==============================================================================
--- incubator/openejb/trunk/openejb2/modules/openejb-corba/src/main/java/org/apache/openejb/corba/security/config/css/CSSGSSUPMechConfigStatic.java
(original)
+++ incubator/openejb/trunk/openejb2/modules/openejb-corba/src/main/java/org/apache/openejb/corba/security/config/css/CSSGSSUPMechConfigStatic.java
Sun Feb  4 13:47:55 2007
@@ -55,7 +55,8 @@
 
     public byte[] encode() {
         if (encoding == null) {
-            encoding = Util.encodeGSSUPToken(Util.getORB(), Util.getCodec(), username, password,
domain);
+            String scopedUserName = Util.buildScopedUserName(username, domain);
+            encoding = Util.encodeGSSUPToken(Util.getORB(), Util.getCodec(), scopedUserName,
password, domain);
 
             if (encoding == null) encoding = new byte[0];
         }

Modified: incubator/openejb/trunk/openejb2/modules/openejb-corba/src/main/java/org/apache/openejb/corba/security/config/css/CSSSASITTPrincipalNameDynamic.java
URL: http://svn.apache.org/viewvc/incubator/openejb/trunk/openejb2/modules/openejb-corba/src/main/java/org/apache/openejb/corba/security/config/css/CSSSASITTPrincipalNameDynamic.java?view=diff&rev=503493&r1=503492&r2=503493
==============================================================================
--- incubator/openejb/trunk/openejb2/modules/openejb-corba/src/main/java/org/apache/openejb/corba/security/config/css/CSSSASITTPrincipalNameDynamic.java
(original)
+++ incubator/openejb/trunk/openejb2/modules/openejb-corba/src/main/java/org/apache/openejb/corba/security/config/css/CSSSASITTPrincipalNameDynamic.java
Sun Feb  4 13:47:55 2007
@@ -97,6 +97,7 @@
 
             Any any = Util.getORB().create_any();
 
+            //TODO consider including a domain in this scoped-username
             GSS_NT_ExportedNameHelper.insert(any, Util.encodeGSSExportName(oid, principalName));
 
             byte[] encoding = null;

Modified: incubator/openejb/trunk/openejb2/modules/openejb-corba/src/main/java/org/apache/openejb/corba/security/config/css/CSSSASITTPrincipalNameStatic.java
URL: http://svn.apache.org/viewvc/incubator/openejb/trunk/openejb2/modules/openejb-corba/src/main/java/org/apache/openejb/corba/security/config/css/CSSSASITTPrincipalNameStatic.java?view=diff&rev=503493&r1=503492&r2=503493
==============================================================================
--- incubator/openejb/trunk/openejb2/modules/openejb-corba/src/main/java/org/apache/openejb/corba/security/config/css/CSSSASITTPrincipalNameStatic.java
(original)
+++ incubator/openejb/trunk/openejb2/modules/openejb-corba/src/main/java/org/apache/openejb/corba/security/config/css/CSSSASITTPrincipalNameStatic.java
Sun Feb  4 13:47:55 2007
@@ -48,7 +48,7 @@
 
         if (token == null) {
             Any any = Util.getORB().create_any();
-
+            //TODO consider including a domain in this scoped-username
             GSS_NT_ExportedNameHelper.insert(any, Util.encodeGSSExportName(oid, name));
 
             byte[] encoding = null;

Modified: incubator/openejb/trunk/openejb2/modules/openejb-corba/src/main/java/org/apache/openejb/corba/security/config/tss/TSSGSSUPMechConfig.java
URL: http://svn.apache.org/viewvc/incubator/openejb/trunk/openejb2/modules/openejb-corba/src/main/java/org/apache/openejb/corba/security/config/tss/TSSGSSUPMechConfig.java?view=diff&rev=503493&r1=503492&r2=503493
==============================================================================
--- incubator/openejb/trunk/openejb2/modules/openejb-corba/src/main/java/org/apache/openejb/corba/security/config/tss/TSSGSSUPMechConfig.java
(original)
+++ incubator/openejb/trunk/openejb2/modules/openejb-corba/src/main/java/org/apache/openejb/corba/security/config/tss/TSSGSSUPMechConfig.java
Sun Feb  4 13:47:55 2007
@@ -17,6 +17,9 @@
 package org.apache.openejb.corba.security.config.tss;
 
 import java.io.UnsupportedEncodingException;
+import java.util.regex.Pattern;
+import java.util.regex.Matcher;
+
 import javax.security.auth.Subject;
 import javax.security.auth.login.LoginContext;
 import javax.security.auth.login.LoginException;
@@ -94,17 +97,19 @@
             if (msg.client_authentication_token != null && msg.client_authentication_token.length
> 0) {
                 InitialContextToken token = new InitialContextToken();
 
-                if (!Util.decodeGSSUPToken(Util.getCodec(), msg.client_authentication_token,
token)) throw new SASException(2);
+                if (!Util.decodeGSSUPToken(Util.getCodec(), msg.client_authentication_token,
token))
+                    throw new SASException(2);
 
                 if (token.target_name == null) return null;
 
                 String tokenTargetName = (token.target_name == null ? targetName : new String(token.target_name,
"UTF8"));
 
                 if (!targetName.equals(tokenTargetName)) throw new SASException(2);
+                String userName = Util.extractUserNameFromScopedName(token.username);
 
                 LoginContext context = new LoginContext(tokenTargetName,
-                                                        new UsernamePasswordCallback(new
String(token.username, "UTF8"),
-                                                                                     new
String(token.password, "UTF8").toCharArray()));
+                        new UsernamePasswordCallback(userName,
+                                new String(token.password, "UTF8").toCharArray()));
                 context.login();
                 result = ContextManager.getServerSideSubject(context.getSubject());
             }

Modified: incubator/openejb/trunk/openejb2/modules/openejb-corba/src/main/java/org/apache/openejb/corba/security/config/tss/TSSITTPrincipalNameGSSUP.java
URL: http://svn.apache.org/viewvc/incubator/openejb/trunk/openejb2/modules/openejb-corba/src/main/java/org/apache/openejb/corba/security/config/tss/TSSITTPrincipalNameGSSUP.java?view=diff&rev=503493&r1=503492&r2=503493
==============================================================================
--- incubator/openejb/trunk/openejb2/modules/openejb-corba/src/main/java/org/apache/openejb/corba/security/config/tss/TSSITTPrincipalNameGSSUP.java
(original)
+++ incubator/openejb/trunk/openejb2/modules/openejb-corba/src/main/java/org/apache/openejb/corba/security/config/tss/TSSITTPrincipalNameGSSUP.java
Sun Feb  4 13:47:55 2007
@@ -81,6 +81,7 @@
         }
         byte[] principalNameBytes = GSS_NT_ExportedNameHelper.extract(any);
         String principalName = Util.decodeGSSExportName(principalNameBytes);
+        principalName = Util.extractUserNameFromScopedName(principalName);
         Principal basePrincipal = null;
         try {
             getConstructor();

Modified: incubator/openejb/trunk/openejb2/modules/openejb-corba/src/main/java/org/apache/openejb/corba/security/jgss/GSSUPContext.java
URL: http://svn.apache.org/viewvc/incubator/openejb/trunk/openejb2/modules/openejb-corba/src/main/java/org/apache/openejb/corba/security/jgss/GSSUPContext.java?view=diff&rev=503493&r1=503492&r2=503493
==============================================================================
--- incubator/openejb/trunk/openejb2/modules/openejb-corba/src/main/java/org/apache/openejb/corba/security/jgss/GSSUPContext.java
(original)
+++ incubator/openejb/trunk/openejb2/modules/openejb-corba/src/main/java/org/apache/openejb/corba/security/jgss/GSSUPContext.java
Sun Feb  4 13:47:55 2007
@@ -234,8 +234,9 @@
         protReady = true;
 
         if (credential == null) return new byte[0];
-
-        return Util.encodeGSSUPToken(Util.getORB(), Util.getCodec(), credential.getUsername(),
new String(credential.getPassword()), "GSSUP-REALM");
+        //TODO there isn't a domain apparently available in this class, so its' hard to see
how to construct a full scoped username
+        String scopedUsername = Util.buildScopedUserName(credential.getUsername(), null);
+        return Util.encodeGSSUPToken(Util.getORB(), Util.getCodec(), scopedUsername, new
String(credential.getPassword()), "GSSUP-REALM");
     }
 
     public Provider getProvider() {

Modified: incubator/openejb/trunk/openejb2/modules/openejb-corba/src/main/java/org/apache/openejb/corba/util/Util.java
URL: http://svn.apache.org/viewvc/incubator/openejb/trunk/openejb2/modules/openejb-corba/src/main/java/org/apache/openejb/corba/util/Util.java?view=diff&rev=503493&r1=503492&r2=503493
==============================================================================
--- incubator/openejb/trunk/openejb2/modules/openejb-corba/src/main/java/org/apache/openejb/corba/util/Util.java
(original)
+++ incubator/openejb/trunk/openejb2/modules/openejb-corba/src/main/java/org/apache/openejb/corba/util/Util.java
Sun Feb  4 13:47:55 2007
@@ -20,6 +20,7 @@
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.Serializable;
+import java.io.UnsupportedEncodingException;
 import java.rmi.Remote;
 import java.rmi.UnexpectedException;
 import java.rmi.RemoteException;
@@ -33,6 +34,9 @@
 import java.util.LinkedHashSet;
 import java.util.HashMap;
 import java.util.HashSet;
+import java.util.regex.Pattern;
+import java.util.regex.Matcher;
+
 import javax.ejb.spi.HandleDelegate;
 import javax.naming.InitialContext;
 import javax.naming.NamingException;
@@ -269,6 +273,65 @@
         }
         return result;
     }
+
+    private static final Pattern SCOPED_NAME_EXTRACTION_PATTERN = Pattern.compile("(\\\\\\\\)|(\\\\@)|(@)|(\\z)");
+
+    /**
+     * See csiv2 spec 16.2.5 par. 63-64.  We extract the username if any and un-escape any
+     * escaped \ and @ characters.
+     * 
+     * @param scopedNameBytes
+     * @return
+     * @throws UnsupportedEncodingException
+     */
+    public static String extractUserNameFromScopedName(byte[] scopedNameBytes) throws UnsupportedEncodingException
{
+        String scopedUserName = new String(scopedNameBytes, "UTF8");
+        return extractUserNameFromScopedName(scopedUserName);
+    }
+
+    public static String extractUserNameFromScopedName(String scopedUserName) {
+        Matcher m = SCOPED_NAME_EXTRACTION_PATTERN.matcher(scopedUserName);
+        StringBuffer buf = new StringBuffer();
+        while (m.find()) {
+            m.appendReplacement(buf, "");
+            if (m.group(1) != null) {
+                buf.append('\\');
+            } else if (m.group(2) != null) {
+                buf.append("@");
+            } else if (m.group(3) != null) {
+                break;
+            }
+        }
+        return buf.toString();
+    }
+
+    private static final Pattern SCOPED_NAME_ESCAPE_PATTERN = Pattern.compile("(\\\\)|(@)");
+
+    public static String buildScopedUserName(String user, String domain) {
+        StringBuffer buf = new StringBuffer();
+        if (user != null) {
+            escape(user, buf);
+        }
+        if (domain != null) {
+            buf.append('@');
+            escape(domain, buf);
+        }
+        return buf.toString();
+    }
+
+    private static void escape(String s, StringBuffer buf) {
+        Matcher m = SCOPED_NAME_ESCAPE_PATTERN.matcher(s);
+        while (m.find()) {
+            m.appendReplacement(buf, "");
+            if (m.group(1) != null) {
+                buf.append("\\\\");
+            } else if (m.group(2) != null) {
+                buf.append("\\@");
+            }
+        }
+        m.appendTail(buf);
+    }
+
 
     /**
      * Encode a mechanism independent initial context token (GSSToken). Defined

Added: incubator/openejb/trunk/openejb2/modules/openejb-corba/src/test/java/org/apache/openejb/corba/util/NameDescopingTest.java
URL: http://svn.apache.org/viewvc/incubator/openejb/trunk/openejb2/modules/openejb-corba/src/test/java/org/apache/openejb/corba/util/NameDescopingTest.java?view=auto&rev=503493
==============================================================================
--- incubator/openejb/trunk/openejb2/modules/openejb-corba/src/test/java/org/apache/openejb/corba/util/NameDescopingTest.java
(added)
+++ incubator/openejb/trunk/openejb2/modules/openejb-corba/src/test/java/org/apache/openejb/corba/util/NameDescopingTest.java
Sun Feb  4 13:47:55 2007
@@ -0,0 +1,74 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.openejb.corba.util;
+
+import java.io.UnsupportedEncodingException;
+
+import org.omg.GSSUP.InitialContextToken;
+import org.apache.openejb.corba.util.Util;
+import junit.framework.TestCase;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class NameDescopingTest extends TestCase {
+
+    public void testDomainRemoval() throws Exception {
+        String scopedName = "username@domain";
+        String expected = "username";
+        test(scopedName, expected);
+    }
+    public void testAt() throws Exception {
+        String scopedName = "user\\\\name@domain";
+        String expected = "user\\name";
+        test(scopedName, expected);
+    }
+    public void testBackslash() throws Exception {
+        String scopedName = "user\\@name@domain";
+        String expected = "user@name";
+        test(scopedName, expected);
+    }
+    public void testNoDomainRemoval() throws Exception {
+        String scopedName = "username";
+        String expected = "username";
+        test(scopedName, expected);
+    }
+    public void testNoUsername() throws Exception {
+        String scopedName = "@domain";
+        String expected = "";
+        test(scopedName, expected);
+    }
+
+    private void test(String scopedName, String expected) throws UnsupportedEncodingException
{
+        String user = Util.extractUserNameFromScopedName(scopedName.getBytes());
+        assertEquals(expected, user);
+    }
+
+    public void testBuildScoped() throws Exception {
+        assertEquals("username@domain", Util.buildScopedUserName("username", "domain"));
+        assertEquals("user\\@name@domain", Util.buildScopedUserName("user@name", "domain"));
+        assertEquals("username@do\\@main", Util.buildScopedUserName("username", "do@main"));
+        assertEquals("user\\\\name@domain", Util.buildScopedUserName("user\\name", "domain"));
+        assertEquals("username@do\\\\main", Util.buildScopedUserName("username", "do\\main"));
+        assertEquals("username", Util.buildScopedUserName("username", null));
+        assertEquals("@domain", Util.buildScopedUserName(null, "domain"));
+    }
+}

Propchange: incubator/openejb/trunk/openejb2/modules/openejb-corba/src/test/java/org/apache/openejb/corba/util/NameDescopingTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: incubator/openejb/trunk/openejb2/modules/openejb-corba/src/test/java/org/apache/openejb/corba/util/NameDescopingTest.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: incubator/openejb/trunk/openejb2/modules/openejb-corba/src/test/java/org/apache/openejb/corba/util/NameDescopingTest.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain



Mime
View raw message