Example 1 with CompoundSecMech
use of com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech in project Payara by payara.
the class CSIV2TaggedComponentInfo method createCompoundSecMechs.
/**
* Create the security mechanisms. Only 1 such mechanism is created although the spec allows
* multiple mechanisms (in decreasing order of preference). Note that creating more than one
* CompoundSecMech here will cause getSecurityMechanisms to fail, as it supports only one
* CompoundSecMech.
*/
private CompoundSecMech[] createCompoundSecMechs(DescriptorMaker maker, EjbDescriptor ejbDescriptor) throws IOException {
if (logger.isLoggable(FINE)) {
logger.log(FINE, "IIOP: Creating CompoundSecMech");
}
if (ejbDescriptor == null) {
return null;
}
Set<EjbIORConfigurationDescriptor> iorDescriptors = getIORConfigurationDescriptors(ejbDescriptor);
CompoundSecMech[] mechList = new CompoundSecMech[iorDescriptors.size()];
Iterator<EjbIORConfigurationDescriptor> itr = iorDescriptors.iterator();
if (logger.isLoggable(FINE)) {
logger.log(FINE, "IORDescSet SIZE:" + iorDescriptors.size());
}
String realmName = DEFAULT_REALM;
for (int i = 0; i < iorDescriptors.size(); i++) {
EjbIORConfigurationDescriptor iorDescriptor = itr.next();
int targetRequires = getTargetRequires(iorDescriptor);
org.omg.IOP.TaggedComponent comp = maker.evaluate(iorDescriptor);
if (ejbDescriptor.getApplication() != null) {
realmName = ejbDescriptor.getApplication().getRealm();
}
if (realmName == null) {
realmName = iorDescriptor.getRealmName();
}
if (realmName == null) {
realmName = DEFAULT_REALM;
}
// Create AS_Context
AS_ContextSec asContext = createASContextSec(iorDescriptor, realmName);
// Create SAS_Context
SAS_ContextSec sasContext = createSASContextSec(iorDescriptor);
// Update the target requires value
int targ_req = targetRequires | asContext.target_requires | sasContext.target_requires;
// Convert Profile.TaggedComponent to org.omg.IOP.TaggedComponent
mechList[i] = new CompoundSecMech((short) targ_req, comp, asContext, sasContext);
}
return mechList;
}
Also used :
AS_ContextSec(com.sun.corba.ee.org.omg.CSIIOP.AS_ContextSec)
SAS_ContextSec(com.sun.corba.ee.org.omg.CSIIOP.SAS_ContextSec)
CompoundSecMech(com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech)
SAS_ContextSec(com.sun.corba.ee.org.omg.CSIIOP.SAS_ContextSec)
EjbIORConfigurationDescriptor(com.sun.enterprise.deployment.EjbIORConfigurationDescriptor)
Example 2 with CompoundSecMech
use of com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech in project Payara by payara.
the class CSIV2TaggedComponentInfo method createSecurityTaggedComponent.
/**
* This method is called on the server side for all non-EJB POAs.
*/
public org.omg.IOP.TaggedComponent createSecurityTaggedComponent(int sslPort) {
org.omg.IOP.TaggedComponent securityTaggedComponent = null;
try {
Properties props = orbHelper.getCSIv2Props();
boolean sslRequired = getBooleanValue(props, ORBLocator.ORB_SSL_SERVER_REQUIRED);
boolean clientAuthRequired = getBooleanValue(props, ORBLocator.ORB_CLIENT_AUTH_REQUIRED);
CompoundSecMech[] mechList = new CompoundSecMech[1];
org.omg.IOP.TaggedComponent transportMech = createSSLInfo(sslPort, null, sslRequired);
// Create AS_Context
AS_ContextSec asContext = createASContextSec(null, DEFAULT_REALM);
// Create SAS_Context
SAS_ContextSec sasContext = createSASContextSec(null);
short targetRequires = (clientAuthRequired ? EstablishTrustInClient.value : 0);
// Convert Profile.TaggedComponent to org.omg.IOP.TaggedComponent
mechList[0] = new CompoundSecMech(targetRequires, transportMech, asContext, sasContext);
securityTaggedComponent = createCompoundSecMechListComponent(mechList);
} catch (Exception e) {
logger.log(SEVERE, "iiop.createcompund_exception", e);
}
return securityTaggedComponent;
}
Also used :
AS_ContextSec(com.sun.corba.ee.org.omg.CSIIOP.AS_ContextSec)
SAS_ContextSec(com.sun.corba.ee.org.omg.CSIIOP.SAS_ContextSec)
CompoundSecMech(com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech)
SAS_ContextSec(com.sun.corba.ee.org.omg.CSIIOP.SAS_ContextSec)
Properties(java.util.Properties)
IOException(java.io.IOException)
Example 3 with CompoundSecMech
use of com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech in project Payara by payara.
the class SecClientRequestInterceptor method send_request.
/**
* send_request() interception point adds the security context to the service context field.
*/
@Override
public void send_request(ClientRequestInfo ri) throws ForwardRequest {
/**
* CSIV2 level 0 implementation only requires stateless clients. Client context id is therefore
* always set to 0.
*/
// CSIV2 requires type to be long
long cContextId = 0;
// XXX: Workaround for non-null connection object ri for local invocation.
ConnectionExecutionContext.removeClientThreadID();
/**
* CSIV2 level 0 implementation does not require any authorization tokens to be sent over the wire.
* So set cAuthzElem to empty.
*/
AuthorizationElement[] cAuthzElem = {};
/* Client identity token to be added to the service context field */
IdentityToken cIdentityToken = null;
/* Client authentication token to be added to the service context field */
byte[] cAuthenticationToken = {};
/* CDR encoded Security Attribute Service element */
byte[] cdr_encoded_saselm = null;
// A single JAAS credential
java.lang.Object cred = null;
if (_logger.isLoggable(Level.FINE))
_logger.log(Level.FINE, "++++ Entered " + prname + "send_request" + "()");
// SecurityContext to be sent
SecurityContext secctxt = null;
ORB orb = orbHelper.getORB();
org.omg.CORBA.Object effective_target = ri.effective_target();
try {
secctxt = secContextUtil.getSecurityContext(effective_target);
} catch (InvalidMechanismException ime) {
_logger.log(Level.SEVERE, "iiop.sec_context_exception", ime);
throw new RuntimeException(ime.getMessage());
} catch (InvalidIdentityTokenException iite) {
_logger.log(Level.SEVERE, "iiop.runtime_exception", iite);
throw new RuntimeException(iite.getMessage());
}
/**
* In an unprotected invocation, there is nothing to be sent to the service context field. Check for
* this case.
*/
if (secctxt == null) {
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "Security context is null (nothing to add to service context)");
}
return;
}
final SecurityContext sCtx = secctxt;
/* Construct an authentication token */
if (secctxt.authcls != null) {
cred = AccessController.doPrivileged(new PrivilegedAction() {
@Override
public java.lang.Object run() {
return getCred(sCtx.subject.getPrivateCredentials(sCtx.authcls), sCtx.authcls);
}
});
try {
SecurityMechanismSelector sms = Lookups.getSecurityMechanismSelector();
ConnectionContext cc = sms.getClientConnectionContext();
CompoundSecMech mech = cc.getMechanism();
cAuthenticationToken = createAuthToken(cred, secctxt.authcls, orb, mech);
} catch (Exception e) {
_logger.log(Level.SEVERE, "iiop.createauthtoken_exception", e);
throw new SecurityException(localStrings.getLocalString("secclientreqinterceptor.err_authtok_create", "Error while constructing an authentication token."));
}
}
/* Construct an identity token */
if (secctxt.identcls != null) {
cred = getCred(secctxt.subject.getPublicCredentials(secctxt.identcls), secctxt.identcls);
try {
cIdentityToken = createIdToken(cred, secctxt.identcls, orb);
} catch (Exception e) {
_logger.log(Level.SEVERE, "iiop.createidtoken_exception", e);
throw new SecurityException(localStrings.getLocalString("secclientreqinterceptor.err_idtok_create", "Error while constructing an identity token."));
}
} else {
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "Constructing an Absent Identity Token");
}
cIdentityToken = new IdentityToken();
cIdentityToken.absent(true);
}
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "Creating an EstablishContext message");
}
EstablishContext ec = new EstablishContext(cContextId, cAuthzElem, cIdentityToken, cAuthenticationToken);
SASContextBody sasctxbody = new SASContextBody();
sasctxbody.establish_msg(ec);
/* CDR encode the SASContextBody */
Any SasAny = orb.create_any();
SASContextBodyHelper.insert(SasAny, sasctxbody);
try {
cdr_encoded_saselm = codec.encode_value(SasAny);
} catch (Exception e) {
_logger.log(Level.SEVERE, "iiop.encode_exception", e);
throw new SecurityException(localStrings.getLocalString("secclientreqinterceptor.err_cdr_encode", "CDR Encoding error for a SAS context element."));
}
/* add SAS element to service context list */
ServiceContext sc = new ServiceContext();
sc.context_id = SECURITY_ATTRIBUTE_SERVICE_ID;
sc.context_data = cdr_encoded_saselm;
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "Adding EstablishContext message to service context list");
}
boolean no_replace = false;
ri.add_request_service_context(sc, no_replace);
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "Added EstablishContext message to service context list");
}
}
Also used :
PrivilegedAction(java.security.PrivilegedAction)
CompoundSecMech(com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech)
CORBA(org.omg.CORBA)
SecurityContext(com.sun.enterprise.common.iiop.security.SecurityContext)
Example 4 with CompoundSecMech
use of com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech in project Payara by payara.
the class CSIV2TaggedComponentInfo method getSecurityMechanisms.
/**
* Get the Compound security mechanism list from the given IOR.
*
* @param the IOR.
* @return the array of compound security mechanisms.
*/
public CompoundSecMech[] getSecurityMechanisms(IOR ior) {
IIOPProfile prof = ior.getProfile();
IIOPProfileTemplate ptemp = (IIOPProfileTemplate) prof.getTaggedProfileTemplate();
Iterator<TaggedComponent> itr = ptemp.iteratorById(TAG_CSI_SEC_MECH_LIST.value);
if (!itr.hasNext()) {
if (logger.isLoggable(FINE)) {
logger.log(FINE, "IIOP:TAG_CSI_SEC_MECH_LIST tagged component not found");
}
return null;
}
TaggedComponent tcomp = itr.next();
if (logger.isLoggable(Level.FINE)) {
logger.log(Level.FINE, "Component:" + tcomp);
}
if (itr.hasNext()) {
String msg = "More than one TAG_CSI_SEC_MECH_LIST tagged " + "component found ";
logger.log(Level.SEVERE, "iiop.many_tagged_component");
throw new RuntimeException(msg);
}
org.omg.IOP.TaggedComponent comp = tcomp.getIOPComponent(orb);
byte[] b = comp.component_data;
CDRInputObject in = new EncapsInputStream(orb, b, b.length);
in.consumeEndian();
CompoundSecMechList l = CompoundSecMechListHelper.read(in);
CompoundSecMech[] list = l.mechanism_list;
return list;
}
Also used :
CDRInputObject(com.sun.corba.ee.impl.encoding.CDRInputObject)
IIOPProfile(com.sun.corba.ee.spi.ior.iiop.IIOPProfile)
CompoundSecMechList(com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMechList)
CompoundSecMech(com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech)
EncapsInputStream(com.sun.corba.ee.impl.encoding.EncapsInputStream)
TaggedComponent(com.sun.corba.ee.spi.ior.TaggedComponent)
IIOPProfileTemplate(com.sun.corba.ee.spi.ior.iiop.IIOPProfileTemplate)
Aggregations
CompoundSecMech (com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech)4
AS_ContextSec (com.sun.corba.ee.org.omg.CSIIOP.AS_ContextSec)2
SAS_ContextSec (com.sun.corba.ee.org.omg.CSIIOP.SAS_ContextSec)2
CDRInputObject (com.sun.corba.ee.impl.encoding.CDRInputObject)1
EncapsInputStream (com.sun.corba.ee.impl.encoding.EncapsInputStream)1
CompoundSecMechList (com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMechList)1
TaggedComponent (com.sun.corba.ee.spi.ior.TaggedComponent)1
IIOPProfile (com.sun.corba.ee.spi.ior.iiop.IIOPProfile)1
IIOPProfileTemplate (com.sun.corba.ee.spi.ior.iiop.IIOPProfileTemplate)1
SecurityContext (com.sun.enterprise.common.iiop.security.SecurityContext)1
EjbIORConfigurationDescriptor (com.sun.enterprise.deployment.EjbIORConfigurationDescriptor)1
IOException (java.io.IOException)1
PrivilegedAction (java.security.PrivilegedAction)1
Properties (java.util.Properties)1
CORBA (org.omg.CORBA)1
