Search in sources :

Example 1 with CompoundSecMech

use of com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech in project Payara by payara.

the class CSIV2TaggedComponentInfo method createCompoundSecMechs.

/**
 * Create the security mechanisms. Only 1 such mechanism is created although the spec allows
 * multiple mechanisms (in decreasing order of preference). Note that creating more than one
 * CompoundSecMech here will cause getSecurityMechanisms to fail, as it supports only one
 * CompoundSecMech.
 */
private CompoundSecMech[] createCompoundSecMechs(DescriptorMaker maker, EjbDescriptor ejbDescriptor) throws IOException {
    if (logger.isLoggable(FINE)) {
        logger.log(FINE, "IIOP: Creating CompoundSecMech");
    }
    if (ejbDescriptor == null) {
        return null;
    }
    Set<EjbIORConfigurationDescriptor> iorDescriptors = getIORConfigurationDescriptors(ejbDescriptor);
    CompoundSecMech[] mechList = new CompoundSecMech[iorDescriptors.size()];
    Iterator<EjbIORConfigurationDescriptor> itr = iorDescriptors.iterator();
    if (logger.isLoggable(FINE)) {
        logger.log(FINE, "IORDescSet SIZE:" + iorDescriptors.size());
    }
    String realmName = DEFAULT_REALM;
    for (int i = 0; i < iorDescriptors.size(); i++) {
        EjbIORConfigurationDescriptor iorDescriptor = itr.next();
        int targetRequires = getTargetRequires(iorDescriptor);
        org.omg.IOP.TaggedComponent comp = maker.evaluate(iorDescriptor);
        if (ejbDescriptor.getApplication() != null) {
            realmName = ejbDescriptor.getApplication().getRealm();
        }
        if (realmName == null) {
            realmName = iorDescriptor.getRealmName();
        }
        if (realmName == null) {
            realmName = DEFAULT_REALM;
        }
        // Create AS_Context
        AS_ContextSec asContext = createASContextSec(iorDescriptor, realmName);
        // Create SAS_Context
        SAS_ContextSec sasContext = createSASContextSec(iorDescriptor);
        // Update the target requires value
        int targ_req = targetRequires | asContext.target_requires | sasContext.target_requires;
        // Convert Profile.TaggedComponent to org.omg.IOP.TaggedComponent
        mechList[i] = new CompoundSecMech((short) targ_req, comp, asContext, sasContext);
    }
    return mechList;
}
Also used : AS_ContextSec(com.sun.corba.ee.org.omg.CSIIOP.AS_ContextSec) SAS_ContextSec(com.sun.corba.ee.org.omg.CSIIOP.SAS_ContextSec) CompoundSecMech(com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech) SAS_ContextSec(com.sun.corba.ee.org.omg.CSIIOP.SAS_ContextSec) EjbIORConfigurationDescriptor(com.sun.enterprise.deployment.EjbIORConfigurationDescriptor)

Example 2 with CompoundSecMech

use of com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech in project Payara by payara.

the class CSIV2TaggedComponentInfo method createSecurityTaggedComponent.

/**
 * This method is called on the server side for all non-EJB POAs.
 */
public org.omg.IOP.TaggedComponent createSecurityTaggedComponent(int sslPort) {
    org.omg.IOP.TaggedComponent securityTaggedComponent = null;
    try {
        Properties props = orbHelper.getCSIv2Props();
        boolean sslRequired = getBooleanValue(props, ORBLocator.ORB_SSL_SERVER_REQUIRED);
        boolean clientAuthRequired = getBooleanValue(props, ORBLocator.ORB_CLIENT_AUTH_REQUIRED);
        CompoundSecMech[] mechList = new CompoundSecMech[1];
        org.omg.IOP.TaggedComponent transportMech = createSSLInfo(sslPort, null, sslRequired);
        // Create AS_Context
        AS_ContextSec asContext = createASContextSec(null, DEFAULT_REALM);
        // Create SAS_Context
        SAS_ContextSec sasContext = createSASContextSec(null);
        short targetRequires = (clientAuthRequired ? EstablishTrustInClient.value : 0);
        // Convert Profile.TaggedComponent to org.omg.IOP.TaggedComponent
        mechList[0] = new CompoundSecMech(targetRequires, transportMech, asContext, sasContext);
        securityTaggedComponent = createCompoundSecMechListComponent(mechList);
    } catch (Exception e) {
        logger.log(SEVERE, "iiop.createcompund_exception", e);
    }
    return securityTaggedComponent;
}
Also used : AS_ContextSec(com.sun.corba.ee.org.omg.CSIIOP.AS_ContextSec) SAS_ContextSec(com.sun.corba.ee.org.omg.CSIIOP.SAS_ContextSec) CompoundSecMech(com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech) SAS_ContextSec(com.sun.corba.ee.org.omg.CSIIOP.SAS_ContextSec) Properties(java.util.Properties) IOException(java.io.IOException)

Example 3 with CompoundSecMech

use of com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech in project Payara by payara.

the class SecClientRequestInterceptor method send_request.

/**
 * send_request() interception point adds the security context to the service context field.
 */
@Override
public void send_request(ClientRequestInfo ri) throws ForwardRequest {
    /**
     * CSIV2 level 0 implementation only requires stateless clients. Client context id is therefore
     * always set to 0.
     */
    // CSIV2 requires type to be long
    long cContextId = 0;
    // XXX: Workaround for non-null connection object ri for local invocation.
    ConnectionExecutionContext.removeClientThreadID();
    /**
     * CSIV2 level 0 implementation does not require any authorization tokens to be sent over the wire.
     * So set cAuthzElem to empty.
     */
    AuthorizationElement[] cAuthzElem = {};
    /* Client identity token to be added to the service context field */
    IdentityToken cIdentityToken = null;
    /* Client authentication token to be added to the service context field */
    byte[] cAuthenticationToken = {};
    /* CDR encoded Security Attribute Service element */
    byte[] cdr_encoded_saselm = null;
    // A single JAAS credential
    java.lang.Object cred = null;
    if (_logger.isLoggable(Level.FINE))
        _logger.log(Level.FINE, "++++ Entered " + prname + "send_request" + "()");
    // SecurityContext to be sent
    SecurityContext secctxt = null;
    ORB orb = orbHelper.getORB();
    org.omg.CORBA.Object effective_target = ri.effective_target();
    try {
        secctxt = secContextUtil.getSecurityContext(effective_target);
    } catch (InvalidMechanismException ime) {
        _logger.log(Level.SEVERE, "iiop.sec_context_exception", ime);
        throw new RuntimeException(ime.getMessage());
    } catch (InvalidIdentityTokenException iite) {
        _logger.log(Level.SEVERE, "iiop.runtime_exception", iite);
        throw new RuntimeException(iite.getMessage());
    }
    /**
     * In an unprotected invocation, there is nothing to be sent to the service context field. Check for
     * this case.
     */
    if (secctxt == null) {
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "Security context is null (nothing to add to service context)");
        }
        return;
    }
    final SecurityContext sCtx = secctxt;
    /* Construct an authentication token */
    if (secctxt.authcls != null) {
        cred = AccessController.doPrivileged(new PrivilegedAction() {

            @Override
            public java.lang.Object run() {
                return getCred(sCtx.subject.getPrivateCredentials(sCtx.authcls), sCtx.authcls);
            }
        });
        try {
            SecurityMechanismSelector sms = Lookups.getSecurityMechanismSelector();
            ConnectionContext cc = sms.getClientConnectionContext();
            CompoundSecMech mech = cc.getMechanism();
            cAuthenticationToken = createAuthToken(cred, secctxt.authcls, orb, mech);
        } catch (Exception e) {
            _logger.log(Level.SEVERE, "iiop.createauthtoken_exception", e);
            throw new SecurityException(localStrings.getLocalString("secclientreqinterceptor.err_authtok_create", "Error while constructing an authentication token."));
        }
    }
    /* Construct an identity token */
    if (secctxt.identcls != null) {
        cred = getCred(secctxt.subject.getPublicCredentials(secctxt.identcls), secctxt.identcls);
        try {
            cIdentityToken = createIdToken(cred, secctxt.identcls, orb);
        } catch (Exception e) {
            _logger.log(Level.SEVERE, "iiop.createidtoken_exception", e);
            throw new SecurityException(localStrings.getLocalString("secclientreqinterceptor.err_idtok_create", "Error while constructing an identity token."));
        }
    } else {
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "Constructing an Absent Identity Token");
        }
        cIdentityToken = new IdentityToken();
        cIdentityToken.absent(true);
    }
    if (_logger.isLoggable(Level.FINE)) {
        _logger.log(Level.FINE, "Creating an EstablishContext message");
    }
    EstablishContext ec = new EstablishContext(cContextId, cAuthzElem, cIdentityToken, cAuthenticationToken);
    SASContextBody sasctxbody = new SASContextBody();
    sasctxbody.establish_msg(ec);
    /* CDR encode the SASContextBody */
    Any SasAny = orb.create_any();
    SASContextBodyHelper.insert(SasAny, sasctxbody);
    try {
        cdr_encoded_saselm = codec.encode_value(SasAny);
    } catch (Exception e) {
        _logger.log(Level.SEVERE, "iiop.encode_exception", e);
        throw new SecurityException(localStrings.getLocalString("secclientreqinterceptor.err_cdr_encode", "CDR Encoding error for a SAS context element."));
    }
    /* add SAS element to service context list */
    ServiceContext sc = new ServiceContext();
    sc.context_id = SECURITY_ATTRIBUTE_SERVICE_ID;
    sc.context_data = cdr_encoded_saselm;
    if (_logger.isLoggable(Level.FINE)) {
        _logger.log(Level.FINE, "Adding EstablishContext message to service context list");
    }
    boolean no_replace = false;
    ri.add_request_service_context(sc, no_replace);
    if (_logger.isLoggable(Level.FINE)) {
        _logger.log(Level.FINE, "Added EstablishContext message to service context list");
    }
}
Also used : PrivilegedAction(java.security.PrivilegedAction) CompoundSecMech(com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech) CORBA(org.omg.CORBA) SecurityContext(com.sun.enterprise.common.iiop.security.SecurityContext)

Example 4 with CompoundSecMech

use of com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech in project Payara by payara.

the class CSIV2TaggedComponentInfo method getSecurityMechanisms.

/**
 * Get the Compound security mechanism list from the given IOR.
 *
 * @param the IOR.
 * @return the array of compound security mechanisms.
 */
public CompoundSecMech[] getSecurityMechanisms(IOR ior) {
    IIOPProfile prof = ior.getProfile();
    IIOPProfileTemplate ptemp = (IIOPProfileTemplate) prof.getTaggedProfileTemplate();
    Iterator<TaggedComponent> itr = ptemp.iteratorById(TAG_CSI_SEC_MECH_LIST.value);
    if (!itr.hasNext()) {
        if (logger.isLoggable(FINE)) {
            logger.log(FINE, "IIOP:TAG_CSI_SEC_MECH_LIST tagged component not found");
        }
        return null;
    }
    TaggedComponent tcomp = itr.next();
    if (logger.isLoggable(Level.FINE)) {
        logger.log(Level.FINE, "Component:" + tcomp);
    }
    if (itr.hasNext()) {
        String msg = "More than one TAG_CSI_SEC_MECH_LIST tagged " + "component found ";
        logger.log(Level.SEVERE, "iiop.many_tagged_component");
        throw new RuntimeException(msg);
    }
    org.omg.IOP.TaggedComponent comp = tcomp.getIOPComponent(orb);
    byte[] b = comp.component_data;
    CDRInputObject in = new EncapsInputStream(orb, b, b.length);
    in.consumeEndian();
    CompoundSecMechList l = CompoundSecMechListHelper.read(in);
    CompoundSecMech[] list = l.mechanism_list;
    return list;
}
Also used : CDRInputObject(com.sun.corba.ee.impl.encoding.CDRInputObject) IIOPProfile(com.sun.corba.ee.spi.ior.iiop.IIOPProfile) CompoundSecMechList(com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMechList) CompoundSecMech(com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech) EncapsInputStream(com.sun.corba.ee.impl.encoding.EncapsInputStream) TaggedComponent(com.sun.corba.ee.spi.ior.TaggedComponent) IIOPProfileTemplate(com.sun.corba.ee.spi.ior.iiop.IIOPProfileTemplate)

Aggregations

CompoundSecMech (com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech)4 AS_ContextSec (com.sun.corba.ee.org.omg.CSIIOP.AS_ContextSec)2 SAS_ContextSec (com.sun.corba.ee.org.omg.CSIIOP.SAS_ContextSec)2 CDRInputObject (com.sun.corba.ee.impl.encoding.CDRInputObject)1 EncapsInputStream (com.sun.corba.ee.impl.encoding.EncapsInputStream)1 CompoundSecMechList (com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMechList)1 TaggedComponent (com.sun.corba.ee.spi.ior.TaggedComponent)1 IIOPProfile (com.sun.corba.ee.spi.ior.iiop.IIOPProfile)1 IIOPProfileTemplate (com.sun.corba.ee.spi.ior.iiop.IIOPProfileTemplate)1 SecurityContext (com.sun.enterprise.common.iiop.security.SecurityContext)1 EjbIORConfigurationDescriptor (com.sun.enterprise.deployment.EjbIORConfigurationDescriptor)1 IOException (java.io.IOException)1 PrivilegedAction (java.security.PrivilegedAction)1 Properties (java.util.Properties)1 CORBA (org.omg.CORBA)1