djencks 2005/11/22 23:04:14
Modified: modules/core/src/java/org/openejb/corba/security/config/tss
TSSITTDistinguishedName.java
TSSITTPrincipalNameGSSUP.java TSSSASMechConfig.java
Log:
GERONIMO-1122 Support 3 levels of principal wrapping. I did not change the
schema version.
Revision Changes Path
1.5 +8 -14
openejb/modules/core/src/java/org/openejb/corba/security/config/tss/TSSITTDistinguishedName.java
Index: TSSITTDistinguishedName.java
===================================================================
RCS file:
/home/projects/openejb/scm/openejb/modules/core/src/java/org/openejb/corba/security/config/tss/TSSITTDistinguishedName.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- TSSITTDistinguishedName.java 27 Oct 2005 19:10:12 -0000 1.4
+++ TSSITTDistinguishedName.java 23 Nov 2005 04:04:14 -0000 1.5
@@ -101,23 +101,17 @@
}
byte[] principalNameBytes = X501DistinguishedNameHelper.extract(any);
+ Subject subject = new Subject();
X500Principal x500Principal = new X500Principal(principalNameBytes);
- Principal principal = null;
- Principal primaryPrincipal = null;
+ subject.getPrincipals().add(x500Principal);
if (realmName != null && domainName != null) {
- principal = new RealmPrincipal(realmName, domainName,
x500Principal);
- primaryPrincipal = new PrimaryRealmPrincipal(realmName,
domainName, x500Principal);
- } else if (domainName != null) {
- principal = new DomainPrincipal(domainName, x500Principal);
- primaryPrincipal = new PrimaryDomainPrincipal(domainName,
x500Principal);
+ subject.getPrincipals().add(new RealmPrincipal(realmName,
domainName, x500Principal));
+ subject.getPrincipals().add(new PrimaryRealmPrincipal(realmName,
domainName, x500Principal));
}
-
- Subject subject = new Subject();
- subject.getPrincipals().add(x500Principal);
- if (principal != null) {
- subject.getPrincipals().add(principal);
- subject.getPrincipals().add(primaryPrincipal);
+ if (domainName != null) {
+ subject.getPrincipals().add(new DomainPrincipal(domainName,
x500Principal));
+ subject.getPrincipals().add(new
PrimaryDomainPrincipal(domainName, x500Principal));
}
return subject;
1.4 +38 -22
openejb/modules/core/src/java/org/openejb/corba/security/config/tss/TSSITTPrincipalNameGSSUP.java
Index: TSSITTPrincipalNameGSSUP.java
===================================================================
RCS file:
/home/projects/openejb/scm/openejb/modules/core/src/java/org/openejb/corba/security/config/tss/TSSITTPrincipalNameGSSUP.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- TSSITTPrincipalNameGSSUP.java 27 Oct 2005 19:10:12 -0000 1.3
+++ TSSITTPrincipalNameGSSUP.java 23 Nov 2005 04:04:14 -0000 1.4
@@ -47,9 +47,15 @@
*/
package org.openejb.corba.security.config.tss;
+import java.lang.reflect.Constructor;
+import java.lang.reflect.InvocationTargetException;
import java.security.Principal;
import javax.security.auth.Subject;
+import org.apache.geronimo.security.DomainPrincipal;
+import org.apache.geronimo.security.PrimaryDomainPrincipal;
+import org.apache.geronimo.security.PrimaryRealmPrincipal;
+import org.apache.geronimo.security.RealmPrincipal;
import org.omg.CORBA.Any;
import org.omg.CSI.GSS_NT_ExportedNameHelper;
import org.omg.CSI.ITTPrincipalName;
@@ -57,13 +63,6 @@
import org.omg.GSSUP.GSSUPMechOID;
import org.omg.IOP.CodecPackage.FormatMismatch;
import org.omg.IOP.CodecPackage.TypeMismatch;
-
-import org.apache.geronimo.security.DomainPrincipal;
-import org.apache.geronimo.security.PrimaryDomainPrincipal;
-import org.apache.geronimo.security.PrimaryRealmPrincipal;
-import org.apache.geronimo.security.RealmPrincipal;
-import org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal;
-
import org.openejb.corba.security.SASException;
import org.openejb.corba.util.Util;
@@ -74,12 +73,22 @@
public class TSSITTPrincipalNameGSSUP extends TSSSASIdentityToken {
public static final String OID = GSSUPMechOID.value.substring(4);
+ private final Class principalClass;
+ private transient Constructor constructor;
private final String realmName;
private final String domainName;
- public TSSITTPrincipalNameGSSUP(String realmName, String domainName) {
+ public TSSITTPrincipalNameGSSUP(Class principalClass, String realmName,
String domainName) throws NoSuchMethodException {
+ this.principalClass = principalClass;
this.realmName = realmName;
this.domainName = domainName;
+ getConstructor();
+ }
+
+ private void getConstructor() throws NoSuchMethodException {
+ if (constructor == null && principalClass != null) {
+ constructor = principalClass.getConstructor(new
Class[]{String.class});
+ }
}
public short getType() {
@@ -91,6 +100,7 @@
}
public Subject check(IdentityToken identityToken) throws SASException {
+ assert principalClass != null;
byte[] principalNameToken = identityToken.principal_name();
Any any = null;
try {
@@ -102,23 +112,29 @@
}
byte[] principalNameBytes = GSS_NT_ExportedNameHelper.extract(any);
String principalName = Util.decodeGSSExportName(principalNameBytes);
- Principal basePrincipal = new GeronimoUserPrincipal(principalName);
- Principal principal = null;
- Principal primaryPrincipal = null;
-
- if (realmName != null && domainName != null) {
- principal = new RealmPrincipal(realmName, domainName,
basePrincipal);
- primaryPrincipal = new PrimaryRealmPrincipal(realmName,
domainName, basePrincipal);
- } else if (domainName != null) {
- principal = new DomainPrincipal(domainName, basePrincipal);
- primaryPrincipal = new PrimaryDomainPrincipal(domainName,
basePrincipal);
+ Principal basePrincipal = null;
+ try {
+ getConstructor();
+ basePrincipal = (Principal) constructor.newInstance(new
Object[]{principalName});
+ } catch (InstantiationException e) {
+ throw new SASException(1, e);
+ } catch (IllegalAccessException e) {
+ throw new SASException(1, e);
+ } catch (InvocationTargetException e) {
+ throw new SASException(1, e);
+ } catch (NoSuchMethodException e) {
+ throw new SASException(1, e);
}
Subject subject = new Subject();
subject.getPrincipals().add(basePrincipal);
- if (principal != null) {
- subject.getPrincipals().add(principal);
- subject.getPrincipals().add(primaryPrincipal);
+ if (realmName != null && domainName != null) {
+ subject.getPrincipals().add(new RealmPrincipal(realmName,
domainName, basePrincipal));
+ subject.getPrincipals().add(new PrimaryRealmPrincipal(realmName,
domainName, basePrincipal));
+ }
+ if (domainName != null) {
+ subject.getPrincipals().add(new DomainPrincipal(domainName,
basePrincipal));
+ subject.getPrincipals().add(new
PrimaryDomainPrincipal(domainName, basePrincipal));
}
return subject;
1.7 +2 -2
openejb/modules/core/src/java/org/openejb/corba/security/config/tss/TSSSASMechConfig.java
Index: TSSSASMechConfig.java
===================================================================
RCS file:
/home/projects/openejb/scm/openejb/modules/core/src/java/org/openejb/corba/security/config/tss/TSSSASMechConfig.java,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- TSSSASMechConfig.java 27 Oct 2005 19:10:12 -0000 1.6
+++ TSSSASMechConfig.java 23 Nov 2005 04:04:14 -0000 1.7
@@ -97,7 +97,7 @@
//TODO is this needed?
if (TSSITTPrincipalNameGSSUP.OID.equals(oid)) {
//TODO this doesn't make sense if we plan to use this for
identity check.
- addIdentityToken(new TSSITTPrincipalNameGSSUP(null, null));
+ addIdentityToken(new TSSITTPrincipalNameGSSUP(null, null,
null));
}
}
