Added: webservices/wss4j/site/xref/org/apache/ws/security/saml/ext/bean/SubjectLocalityBean.html URL: http://svn.apache.org/viewvc/webservices/wss4j/site/xref/org/apache/ws/security/saml/ext/bean/SubjectLocalityBean.html?rev=1158618&view=auto ============================================================================== --- webservices/wss4j/site/xref/org/apache/ws/security/saml/ext/bean/SubjectLocalityBean.html (added) +++ webservices/wss4j/site/xref/org/apache/ws/security/saml/ext/bean/SubjectLocalityBean.html Wed Aug 17 10:34:33 2011 @@ -0,0 +1,151 @@ + + + + +SubjectLocalityBean xref + + + +
View Javadoc
+
+1   /**
+2    * Licensed to the Apache Software Foundation (ASF) under one
+3    * or more contributor license agreements. See the NOTICE file
+4    * distributed with this work for additional information
+5    * regarding copyright ownership. The ASF licenses this file
+6    * to you under the Apache License, Version 2.0 (the
+7    * "License"); you may not use this file except in compliance
+8    * with the License. You may obtain a copy of the License at
+9    *
+10   * http://www.apache.org/licenses/LICENSE-2.0
+11   *
+12   * Unless required by applicable law or agreed to in writing,
+13   * software distributed under the License is distributed on an
+14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+15   * KIND, either express or implied. See the License for the
+16   * specific language governing permissions and limitations
+17   * under the License.
+18   */
+19  
+20  package org.apache.ws.security.saml.ext.bean;
+21  
+22  /**
+23   * This class represents a SubjectLocality.
+24   */
+25  public class SubjectLocalityBean {
+26  
+27      /** The ipAddress. */
+28      private String ipAddress;
+29  
+30      /** The DNS Address. */
+31      private String dnsAddress;
+32  
+33      /**
+34       * Default constructor explicitly provided since other constructors would
+35       * prevent its automatic creation.
+36       */
+37      public SubjectLocalityBean() {
+38          //
+39      }
+40  
+41      /**
+42       * Constructor for creating a SubjectLocalityBean with ip and dns addresses.
+43       * 
+44       * @param ipAddress ip address
+45       * @param dnsAddress dns address
+46       */
+47      public SubjectLocalityBean(final String ipAddress, final String dnsAddress) {
+48          this.ipAddress = ipAddress;
+49          this.dnsAddress = dnsAddress;
+50      }
+51  
+52      /**
+53       * Get the ip address.
+54       * 
+55       * @return the ipAddress
+56       */
+57      public final String getIpAddress() {
+58          return ipAddress;
+59      }
+60  
+61      /**
+62       * Set the ip address.
+63       * 
+64       * @param ipAddress the ipAddress to set
+65       */
+66      public final void setIpAddress(final String ipAddress) {
+67          this.ipAddress = ipAddress;
+68      }
+69  
+70      /**
+71       * Get the dns address.
+72       * 
+73       * @return the dnsAddress
+74       */
+75      public final String getDnsAddress() {
+76          return dnsAddress;
+77      }
+78  
+79      /**
+80       * Set the dns address.
+81       * 
+82       * @param dnsAddress the dnsAddress to set
+83       */
+84      public final void setDnsAddress(final String dnsAddress) {
+85          this.dnsAddress = dnsAddress;
+86      }
+87  
+88      /*
+89       * (non-Javadoc)
+90       * 
+91       * @see java.lang.Object#equals(java.lang.Object)
+92       */
+93      @Override
+94      public boolean equals(final Object o) {
+95          if (this == o) {
+96              return true;
+97          }
+98  
+99          if (!(o instanceof SubjectLocalityBean)) {
+100             return false;
+101         }
+102 
+103         SubjectLocalityBean that = (SubjectLocalityBean) o;
+104 
+105         if (ipAddress == null && that.ipAddress != null) {
+106             return false;
+107         } else if (ipAddress != null && !ipAddress.equals(that.ipAddress)) {
+108             return false;
+109         }
+110 
+111         if (dnsAddress == null && that.dnsAddress != null) {
+112             return false;
+113         } else if (dnsAddress != null && !dnsAddress.equals(that.dnsAddress)) {
+114             return false;
+115         }
+116 
+117         return true;
+118     }
+119 
+120     /*
+121      * (non-Javadoc)
+122      * 
+123      * @see java.lang.Object#hashCode()
+124      */
+125     @Override
+126     public int hashCode() {
+127         int result = 0;
+128         if (ipAddress != null) {
+129             result = 31 * result + ipAddress.hashCode();
+130         }
+131         if (dnsAddress != null) {
+132             result = 31 * result + dnsAddress.hashCode();
+133         }
+134 
+135         return result;
+136     }
+137 }
+
+
+ + Added: webservices/wss4j/site/xref/org/apache/ws/security/validate/KerberosTokenValidator.html URL: http://svn.apache.org/viewvc/webservices/wss4j/site/xref/org/apache/ws/security/validate/KerberosTokenValidator.html?rev=1158618&view=auto ============================================================================== --- webservices/wss4j/site/xref/org/apache/ws/security/validate/KerberosTokenValidator.html (added) +++ webservices/wss4j/site/xref/org/apache/ws/security/validate/KerberosTokenValidator.html Wed Aug 17 10:34:33 2011 @@ -0,0 +1,196 @@ + + + + +KerberosTokenValidator xref + + + +
View Javadoc
+
+1   /**
+2    * Licensed to the Apache Software Foundation (ASF) under one
+3    * or more contributor license agreements. See the NOTICE file
+4    * distributed with this work for additional information
+5    * regarding copyright ownership. The ASF licenses this file
+6    * to you under the Apache License, Version 2.0 (the
+7    * "License"); you may not use this file except in compliance
+8    * with the License. You may obtain a copy of the License at
+9    *
+10   * http://www.apache.org/licenses/LICENSE-2.0
+11   *
+12   * Unless required by applicable law or agreed to in writing,
+13   * software distributed under the License is distributed on an
+14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+15   * KIND, either express or implied. See the License for the
+16   * specific language governing permissions and limitations
+17   * under the License.
+18   */
+19  
+20  package org.apache.ws.security.validate;
+21  
+22  import java.security.Principal;
+23  import java.util.Set;
+24  
+25  import javax.security.auth.Subject;
+26  import javax.security.auth.callback.CallbackHandler;
+27  import javax.security.auth.login.LoginContext;
+28  import javax.security.auth.login.LoginException;
+29  
+30  import org.apache.ws.security.WSSecurityException;
+31  import org.apache.ws.security.handler.RequestData;
+32  import org.apache.ws.security.message.token.BinarySecurity;
+33  import org.apache.ws.security.message.token.KerberosSecurity;
+34  import org.apache.ws.security.message.token.KerberosServiceAction;
+35  
+36  /**
+37   */
+38  public class KerberosTokenValidator implements Validator {
+39      
+40      private static org.apache.commons.logging.Log log =
+41          org.apache.commons.logging.LogFactory.getLog(KerberosTokenValidator.class);
+42      
+43      private String serviceName;
+44      private CallbackHandler callbackHandler;
+45      private String jaasLoginModuleName;
+46      
+47      /**
+48       * Get the JAAS Login module name to use.
+49       * @return the JAAS Login module name to use
+50       */
+51      public String getJaasLoginModuleName() {
+52          return jaasLoginModuleName;
+53      }
+54  
+55      /**
+56       * Set the JAAS Login module name to use.
+57       * @param jaasLoginModuleName the JAAS Login module name to use
+58       */
+59      public void setJaasLoginModuleName(String jaasLoginModuleName) {
+60          this.jaasLoginModuleName = jaasLoginModuleName;
+61      }
+62  
+63      /**
+64       * Get the CallbackHandler to use with the LoginContext
+65       * @return the CallbackHandler to use with the LoginContext
+66       */
+67      public CallbackHandler getCallbackHandler() {
+68          return callbackHandler;
+69      }
+70  
+71      /**
+72       * Set the CallbackHandler to use with the LoginContext. It can be null.
+73       * @param callbackHandler the CallbackHandler to use with the LoginContext
+74       */
+75      public void setCallbackHandler(CallbackHandler callbackHandler) {
+76          this.callbackHandler = callbackHandler;
+77      }
+78  
+79      /**
+80       * The name of the service to use when contacting the KDC. This value can be null, in which
+81       * case it defaults to the current principal name.
+82       * @param serviceName the name of the service to use when contacting the KDC
+83       */
+84      public void setServiceName(String serviceName) {
+85          this.serviceName = serviceName;
+86      }
+87      
+88      /**
+89       * Get the name of the service to use when contacting the KDC. This value can be null, in which
+90       * case it defaults to the current principal name.
+91       * @return the name of the service to use when contacting the KDC
+92       */
+93      public String getServiceName() {
+94          return serviceName;
+95      }
+96      
+97      /**
+98       * Validate the credential argument. It must contain a non-null BinarySecurityToken. 
+99       * 
+100      * @param credential the Credential to be validated
+101      * @param data the RequestData associated with the request
+102      * @throws WSSecurityException on a failed validation
+103      */
+104     public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
+105         if (credential == null || credential.getBinarySecurityToken() == null) {
+106             throw new WSSecurityException(WSSecurityException.FAILURE, "noCredential");
+107         }
+108         
+109         BinarySecurity binarySecurity = credential.getBinarySecurityToken();
+110         if (!(binarySecurity instanceof KerberosSecurity)) {
+111             return credential;
+112         }
+113         
+114         if (log.isDebugEnabled()) {
+115             try {
+116                 String jaasAuth = System.getProperty("java.security.auth.login.config");
+117                 String krbConf = System.getProperty("java.security.krb5.conf");
+118                 log.debug("KerberosTokenValidator - Using JAAS auth login file: " + jaasAuth);
+119                 log.debug("KerberosTokenValidator - Using KRB conf file: " + krbConf);
+120             } catch (SecurityException ex) {
+121                 log.debug(ex.getMessage(), ex);
+122             }
+123         }
+124         
+125         // Get a TGT from the KDC using JAAS
+126         LoginContext loginContext = null;
+127         try {
+128             if (callbackHandler == null) {
+129                 loginContext = new LoginContext(jaasLoginModuleName);
+130             } else {
+131                 loginContext = new LoginContext(jaasLoginModuleName, callbackHandler);
+132             }
+133             loginContext.login();
+134         } catch (LoginException ex) {
+135             if (log.isDebugEnabled()) {
+136                 log.debug(ex.getMessage(), ex);
+137             }
+138             throw new WSSecurityException(
+139                 WSSecurityException.FAILURE,
+140                 "kerberosLoginError", 
+141                 new Object[] {ex.getMessage()}
+142             );
+143         }
+144         if (log.isDebugEnabled()) {
+145             log.debug("Successfully authenticated to the TGT");
+146         }
+147         
+148         byte[] token = binarySecurity.getToken();
+149         
+150         // Get the service name to use - fall back on the principal
+151         Subject subject = loginContext.getSubject();
+152         String service = serviceName;
+153         if (service == null) {
+154             Set<Principal> principals = subject.getPrincipals();
+155             if (principals.isEmpty()) {
+156                 throw new WSSecurityException(
+157                     WSSecurityException.FAILURE, 
+158                     "kerberosLoginError", 
+159                     new Object[] {"No Client principals found after login"}
+160                 );
+161             }
+162             service = principals.iterator().next().getName();
+163         }
+164         
+165         // Validate the ticket
+166         KerberosServiceAction action = new KerberosServiceAction(token, service);
+167         Principal principal = (Principal)Subject.doAs(subject, action);
+168         if (principal == null) {
+169             throw new WSSecurityException(
+170                 WSSecurityException.FAILURE, "kerberosTicketValidationError"
+171             );
+172         }
+173         credential.setPrincipal(principal);
+174         
+175         if (log.isDebugEnabled()) {
+176             log.debug("Successfully validated a ticket");
+177         }
+178         
+179         return credential;
+180     }
+181     
+182 }
+
+
+ +