Example 41 with Any
use of org.omg.CORBA.Any in project Payara by payara.
the class IORInterceptorImpl method establish_components.
// org.omg.PortableInterceptors.IORInterceptorOperations implementation
public void establish_components(IORInfo info) {
// get the OTSPolicy and InvocationPolicy objects
OTSPolicy otsPolicy = null;
try {
otsPolicy = (OTSPolicy) info.get_effective_policy(OTS_POLICY_TYPE.value);
} catch (INV_POLICY e) {
// ignore. This implies an policy was not explicitly set.
// A default value will be used instead.
}
InvocationPolicy invPolicy = null;
try {
invPolicy = (InvocationPolicy) info.get_effective_policy(INVOCATION_POLICY_TYPE.value);
} catch (INV_POLICY e) {
// ignore. This implies an policy was not explicitly set.
// A default value will be used instead.
}
// get OTSPolicyValue and InvocationPolicyValue from policy objects.
// default value
short otsPolicyValue = FORBIDS.value;
// default value
short invPolicyValue = EITHER.value;
if (otsPolicy != null) {
otsPolicyValue = otsPolicy.value();
}
if (invPolicy != null) {
invPolicyValue = invPolicy.value();
}
// use codec to encode policy value into an CDR encapsulation.
Any otsAny = ORB.init().create_any();
Any invAny = ORB.init().create_any();
otsAny.insert_short(otsPolicyValue);
invAny.insert_short(invPolicyValue);
byte[] otsCompValue = null;
byte[] invCompValue = null;
try {
otsCompValue = this.codec.encode_value(otsAny);
invCompValue = this.codec.encode_value(invAny);
} catch (InvalidTypeForEncoding e) {
throw new INTERNAL();
}
// create IOR TaggedComponents for OTSPolicy and InvocationPolicy.
TaggedComponent otsComp = new TaggedComponent(TAG_OTS_POLICY.value, otsCompValue);
TaggedComponent invComp = new TaggedComponent(TAG_INV_POLICY.value, invCompValue);
// add ior components.
info.add_ior_component(otsComp);
info.add_ior_component(invComp);
}
Also used :
TAG_INV_POLICY(org.omg.CosTSInteroperation.TAG_INV_POLICY)
INV_POLICY(org.omg.CORBA.INV_POLICY)
TaggedComponent(org.omg.IOP.TaggedComponent)
INTERNAL(org.omg.CORBA.INTERNAL)
Any(org.omg.CORBA.Any)
InvalidTypeForEncoding(org.omg.IOP.CodecPackage.InvalidTypeForEncoding)
Example 42 with Any
use of org.omg.CORBA.Any in project Payara by payara.
the class TxIORInterceptor method addOTSComponents.
private void addOTSComponents(IORInfo iorInfo, OTSPolicy otsPolicy) {
short invPolicyValue = SHARED.value;
short otsPolicyValue = ADAPTS.value;
if (otsPolicy != null) {
otsPolicyValue = otsPolicy.value();
}
Any otsAny = ORB.init().create_any();
Any invAny = ORB.init().create_any();
otsAny.insert_short(otsPolicyValue);
invAny.insert_short(invPolicyValue);
byte[] otsCompValue = null;
byte[] invCompValue = null;
try {
otsCompValue = codec.encode_value(otsAny);
invCompValue = codec.encode_value(invAny);
} catch (org.omg.IOP.CodecPackage.InvalidTypeForEncoding e) {
throw new INTERNAL("InvalidTypeForEncoding " + e.getMessage());
}
TaggedComponent otsComp = new TaggedComponent(TAG_OTS_POLICY.value, otsCompValue);
iorInfo.add_ior_component(otsComp);
TaggedComponent invComp = new TaggedComponent(TAG_INV_POLICY.value, invCompValue);
iorInfo.add_ior_component(invComp);
}
Also used :
TaggedComponent(org.omg.IOP.TaggedComponent)
INTERNAL(org.omg.CORBA.INTERNAL)
Any(org.omg.CORBA.Any)
Example 43 with Any
use of org.omg.CORBA.Any in project Payara by payara.
the class Counter method receive_request.
@Override
public void receive_request(ServerRequestInfo serverRequestInfo) throws ForwardRequest {
// SecurityContext to be sent
SecurityContext securityContext = null;
// service context
ServiceContext serviceContext = null;
int status = 0;
if (logger.isLoggable(Level.FINE)) {
logger.log(Level.FINE, "++++ Entered " + prname + "receive_request");
}
ORB orb = orbHelper.getORB();
try {
serviceContext = serverRequestInfo.get_request_service_context(SECURITY_ATTRIBUTE_SERVICE_ID);
if (serviceContext == null) {
handle_null_service_context(serverRequestInfo, orb);
return;
}
} catch (BAD_PARAM e) {
handle_null_service_context(serverRequestInfo, orb);
return;
}
if (logger.isLoggable(FINE)) {
logger.log(FINE, "Received a non null SAS context element");
}
// Decode the service context field
Any SasAny;
try {
SasAny = codec.decode_value(serviceContext.context_data, SASContextBodyHelper.type());
} catch (Exception e) {
logger.log(SEVERE, "iiop.decode_exception", e);
throw new SecurityException(localStrings.getLocalString("secserverreqinterceptor.err_cdr_decode", "CDR Decoding error for SAS context element."));
}
if (logger.isLoggable(FINE)) {
logger.log(FINE, "Successfully decoded CDR encoded SAS context element.");
}
SASContextBody sasctxbody = SASContextBodyHelper.extract(SasAny);
short sasdiscr = sasctxbody.discriminator();
if (logger.isLoggable(FINE)) {
logger.log(FINE, "SAS context element is a/an " + SvcContextUtils.getMsgname(sasdiscr) + " message");
}
if (sasdiscr == MTMessageInContext.value) {
sasctxbody = createContextError(SvcContextUtils.MessageInContextMinor);
serviceContext = createSvcContext(sasctxbody, orb);
if (logger.isLoggable(FINE)) {
logger.log(FINE, "Adding ContextError message to service context list");
logger.log(FINE, "SecurityContext set to null");
}
serverRequestInfo.add_reply_service_context(serviceContext, NO_REPLACE);
throw new NO_PERMISSION();
}
if (sasdiscr != MTEstablishContext.value) {
logger.log(SEVERE, "iiop.not_establishcontext_msg");
throw new SecurityException(localStrings.getLocalString("secserverreqinterceptor.err_not_ec_msg", "Received message not an EstablishContext message."));
}
EstablishContext establishContext = sasctxbody.establish_msg();
securityContext = new SecurityContext();
securityContext.subject = new Subject();
try {
if (establishContext.client_authentication_token.length != 0) {
if (logger.isLoggable(FINE)) {
logger.log(FINE, "Message contains Client Authentication Token");
}
createAuthCredential(securityContext, establishContext.client_authentication_token, orb);
}
} catch (Exception e) {
logger.log(SEVERE, "iiop.authentication_exception", e);
throw new SecurityException(localStrings.getLocalString("secsercverreqinterceptor.err_cred_create", "Error while creating a JAAS subject credential."));
}
try {
if (establishContext.identity_token != null) {
if (logger.isLoggable(Level.FINE)) {
logger.log(Level.FINE, "Message contains an Identity Token");
}
createIdCred(securityContext, establishContext.identity_token);
}
} catch (SecurityException secex) {
logger.log(SEVERE, "iiop.security_exception", secex);
sasctxbody = createContextError(INVALID_MECHANISM_MAJOR, INVALID_MECHANISM_MINOR);
serviceContext = createSvcContext(sasctxbody, orb);
serverRequestInfo.add_reply_service_context(serviceContext, NO_REPLACE);
throw new NO_PERMISSION();
} catch (Exception e) {
logger.log(SEVERE, "iiop.generic_exception", e);
throw new SecurityException(localStrings.getLocalString("secsercverreqinterceptor.err_cred_create", "Error while creating a JAAS subject credential."));
}
if (logger.isLoggable(Level.FINE)) {
logger.log(Level.FINE, "Invoking setSecurityContext() to set security context");
}
status = secContextUtil.setSecurityContext(securityContext, serverRequestInfo.object_id(), serverRequestInfo.operation(), getServerSocket());
if (logger.isLoggable(Level.FINE)) {
logger.log(Level.FINE, "setSecurityContext() returned status code " + status);
}
/**
* CSIV2 SPEC NOTE:
*
* If ec.client_context_id is non zero, then this is a stateful request. As specified in section
* 4.2.1, a stateless server must attempt to validate the security tokens in the security context
* field. If validation succeeds then CompleteEstablishContext message is sent back. If validation
* fails, a ContextError must be sent back.
*/
if (status == STATUS_FAILED) {
if (logger.isLoggable(FINE)) {
logger.log(FINE, "setSecurityContext() returned STATUS_FAILED");
}
sasctxbody = createContextError(status);
serviceContext = createSvcContext(sasctxbody, orb);
if (logger.isLoggable(FINE)) {
logger.log(FINE, "Adding ContextError message to service context list");
}
serverRequestInfo.add_reply_service_context(serviceContext, NO_REPLACE);
throw new NO_PERMISSION();
}
if (logger.isLoggable(FINE)) {
logger.log(FINE, "setSecurityContext() returned SUCCESS");
}
sasctxbody = createCompleteEstablishContext(status);
serviceContext = createSvcContext(sasctxbody, orb);
if (logger.isLoggable(FINE)) {
logger.log(FINE, "Adding CompleteEstablisContext message to service context list");
}
serverRequestInfo.add_reply_service_context(serviceContext, NO_REPLACE);
}
Also used :
NO_PERMISSION(org.omg.CORBA.NO_PERMISSION)
ServiceContext(org.omg.IOP.ServiceContext)
BAD_PARAM(org.omg.CORBA.BAD_PARAM)
SASContextBody(com.sun.corba.ee.org.omg.CSI.SASContextBody)
Any(org.omg.CORBA.Any)
Subject(javax.security.auth.Subject)
SecurityContext(com.sun.enterprise.common.iiop.security.SecurityContext)
CompleteEstablishContext(com.sun.corba.ee.org.omg.CSI.CompleteEstablishContext)
MTEstablishContext(com.sun.corba.ee.org.omg.CSI.MTEstablishContext)
EstablishContext(com.sun.corba.ee.org.omg.CSI.EstablishContext)
ORB(org.omg.CORBA.ORB)
Example 44 with Any
use of org.omg.CORBA.Any in project wildfly by wildfly.
the class CSIv2Util method getMatchingSecurityMech.
/**
* <p>
* Helper method to be called from a client request interceptor. The {@code ri} parameter refers to the current
* request. This method returns the first {@code CompoundSecMech} found in the target IOR such that
* <ul>
* <li>all {@code CompoundSecMech} requirements are satisfied by the options in the {@code clientSupports}
* parameter, and</li>
* <li>every requirement in the {@code clientRequires} parameter is satisfied by the {@code CompoundSecMech}.
* </li>
* </ul>
* The method returns null if the target IOR contains no {@code CompoundSecMech}s or if no matching
* {@code CompoundSecMech} is found.
* </p>
* <p>
* Since this method is intended to be called from a client request interceptor, it converts unexpected exceptions
* into {@code MARSHAL} exceptions.
* </p>
*
* @param ri a reference to the current {@code ClientRequestInfo}.
* @param codec the {@code Codec} used to decode the CSIv2 components.
* @param clientSupports the client supported transport options that must be satisfied by the {@code CompoundSecMech}.
* @param clientRequires the client required transport options that must be satisfied by the {@code CompoundSecMech}.
* @return the {@code CompoundSecMech} instance that satisfies all client options, or {@code null} if no such object
* can be found.
*/
public static CompoundSecMech getMatchingSecurityMech(ClientRequestInfo ri, Codec codec, short clientSupports, short clientRequires) {
CompoundSecMechList csmList;
try {
TaggedComponent tc = ri.get_effective_component(org.omg.IOP.TAG_CSI_SEC_MECH_LIST.value);
Any any = codec.decode_value(tc.component_data, CompoundSecMechListHelper.type());
csmList = CompoundSecMechListHelper.extract(any);
// look for the first matching security mech.
for (int i = 0; i < csmList.mechanism_list.length; i++) {
CompoundSecMech securityMech = csmList.mechanism_list[i];
AS_ContextSec authConfig = securityMech.as_context_mech;
if ((EstablishTrustInTarget.value & (clientRequires ^ authConfig.target_supports) & ~authConfig.target_supports) != 0) {
// client requires EstablishTrustInTarget, but target does not support it: skip this securityMech.
continue;
}
if ((EstablishTrustInClient.value & (authConfig.target_requires ^ clientSupports) & ~clientSupports) != 0) {
// target requires EstablishTrustInClient, but client does not support it: skip this securityMech.
continue;
}
SAS_ContextSec identityConfig = securityMech.sas_context_mech;
if ((IdentityAssertion.value & (identityConfig.target_requires ^ clientSupports) & ~clientSupports) != 0) {
// target requires IdentityAssertion, but client does not support it: skip this securityMech
continue;
}
// found matching securityMech.
return securityMech;
}
// no matching securityMech was found.
return null;
} catch (BAD_PARAM e) {
// no component with TAG_CSI_SEC_MECH_LIST was found.
return null;
} catch (org.omg.IOP.CodecPackage.TypeMismatch e) {
// unexpected exception in codec
throw IIOPLogger.ROOT_LOGGER.unexpectedException(e);
} catch (org.omg.IOP.CodecPackage.FormatMismatch e) {
// unexpected exception in codec
throw IIOPLogger.ROOT_LOGGER.unexpectedException(e);
}
}
Also used :
SAS_ContextSec(org.omg.CSIIOP.SAS_ContextSec)
AS_ContextSec(org.omg.CSIIOP.AS_ContextSec)
CompoundSecMechList(org.omg.CSIIOP.CompoundSecMechList)
TaggedComponent(org.omg.IOP.TaggedComponent)
CompoundSecMech(org.omg.CSIIOP.CompoundSecMech)
BAD_PARAM(org.omg.CORBA.BAD_PARAM)
SAS_ContextSec(org.omg.CSIIOP.SAS_ContextSec)
Any(org.omg.CORBA.Any)
Example 45 with Any
use of org.omg.CORBA.Any in project wildfly by wildfly.
the class CSIv2Util method createTransportMech.
/**
* <p>
* Create a transport mechanism {@code TaggedComponent} to be stuffed into a {@code CompoundSecMech}.
* </p>
* <p>
* If no {@code TransportConfig} metadata is specified, or ssl port is negative, or the specified metadata indicates
* that transport config is not supported, then a {@code TAG_NULL_TAG} (empty) {@code TaggedComponent} will be returned.
* </p>
* <p>
* Otherwise a {@code org.omg.CSIIOP.TLS_SEC_TRANS}, tagged as {@code TAG_TLS_SEC_TRANS} will be returned, indicating support
* for TLS/SSL as a CSIv2 transport mechanism.
* </p>
* <p>
* Multiple {@code TransportAddress} may be included in the SSL info (host/port pairs), but we only include one.
* </p>
*
* @param tconfig the transport configuration metadata.
* @param codec the {@code Codec} used to encode the transport configuration.
* @param sslPort an {@code int} representing the SSL port.
* @param orb a reference to the running {@code ORB}.
* @return the constructed {@code TaggedComponent}.
*/
public static TaggedComponent createTransportMech(IORTransportConfigMetaData tconfig, Codec codec, int sslPort, ORB orb) {
TaggedComponent tc;
// what we support and require as a target.
int support = 0;
int require = 0;
if (tconfig != null) {
require = createTargetRequires(tconfig);
support = createTargetSupports(tconfig);
}
if (tconfig == null || support == 0 || sslPort == 0) {
// no support for transport security.
tc = new TaggedComponent(TAG_NULL_TAG.value, new byte[0]);
} else {
// my ip address.
String host = CorbaORBService.getORBProperty(Constants.ORB_ADDRESS);
// this will create only one transport address.
TransportAddress[] taList = createTransportAddress(host, sslPort);
TLS_SEC_TRANS tst = new TLS_SEC_TRANS((short) support, (short) require, taList);
// The tricky part, we must encode TLS_SEC_TRANS into an octet sequence.
try {
Any any = orb.create_any();
TLS_SEC_TRANSHelper.insert(any, tst);
byte[] b = codec.encode_value(any);
tc = new TaggedComponent(TAG_TLS_SEC_TRANS.value, b);
} catch (InvalidTypeForEncoding e) {
throw IIOPLogger.ROOT_LOGGER.unexpectedException(e);
}
}
return tc;
}
Also used :
TAG_TLS_SEC_TRANS(org.omg.CSIIOP.TAG_TLS_SEC_TRANS)
TLS_SEC_TRANS(org.omg.CSIIOP.TLS_SEC_TRANS)
TaggedComponent(org.omg.IOP.TaggedComponent)
TransportAddress(org.omg.CSIIOP.TransportAddress)
Any(org.omg.CORBA.Any)
InvalidTypeForEncoding(org.omg.IOP.CodecPackage.InvalidTypeForEncoding)
Aggregations
Any (org.omg.CORBA.Any)107
MonitorBlob (alma.TMCDB.MonitorBlob)20
MonitorDataBlock (alma.TMCDB.MonitorDataBlock)20
ComponentData (alma.acs.monitoring.DAO.ComponentData)15
ServiceContext (org.omg.IOP.ServiceContext)13
BAD_PARAM (org.omg.CORBA.BAD_PARAM)10
SASContextBody (org.omg.CSI.SASContextBody)10
AcsJException (alma.acs.exceptions.AcsJException)9
Test (org.junit.Test)9
Description (org.omg.CORBA.ContainedPackage.Description)9
FormatMismatch (org.omg.IOP.CodecPackage.FormatMismatch)8
TypeMismatch (org.omg.IOP.CodecPackage.TypeMismatch)8
ContainedOperations (org.omg.CORBA.ContainedOperations)7
NVList (org.omg.CORBA.NVList)7
InvalidTypeForEncoding (org.omg.IOP.CodecPackage.InvalidTypeForEncoding)7
TMCDB.doubleBlobData (alma.TMCDB.doubleBlobData)6
TMCDB.doubleSeqBlobData (alma.TMCDB.doubleSeqBlobData)6
TMCDB.floatBlobData (alma.TMCDB.floatBlobData)6
MonitorPointTimeSeries (alma.acs.monitoring.MonitorPointTimeSeries)6
MonitorPointValue (alma.acs.monitoring.MonitorPointValue)6
