User: starksm
Date: 02/04/08 21:13:00
Modified: src/main/org/jboss/security Tag: Branch_2_4
AbstractSecurityProxy.java AppPolicy.java
AuthenticationInfo.java AuthorizationInfo.java
Base64Encoder.java ClientLoginModule.java
IAppPolicyStore.java NestableGroup.java
NestablePrincipal.java SecurityPolicy.java
SimpleGroup.java SubjectSecurityProxy.java
SubjectSecurityProxyFactory.java Util.java
Log:
Merge the changes from 3.0 into 2.4
Revision Changes Path
No revision
No revision
1.1.4.1 +198 -180 jbosssx/src/main/org/jboss/security/AbstractSecurityProxy.java
Index: AbstractSecurityProxy.java
===================================================================
RCS file:
/cvsroot/jboss/jbosssx/src/main/org/jboss/security/AbstractSecurityProxy.java,v
retrieving revision 1.1
retrieving revision 1.1.4.1
diff -u -r1.1 -r1.1.4.1
--- AbstractSecurityProxy.java 5 Mar 2001 09:53:25 -0000 1.1
+++ AbstractSecurityProxy.java 9 Apr 2002 04:12:59 -0000 1.1.4.1
@@ -1,200 +1,218 @@
/*
- * JBoss, the OpenSource EJB server
+ * JBoss, the OpenSource WebOS
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
+
package org.jboss.security;
-import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.HashMap;
import javax.ejb.EJBContext;
-import org.jboss.ejb.MethodInvocation;
-
-/** An abstract implementation of SecurityProxy that wraps a non-SecurityProxy
-object. Subclasses of this class are used to create a SecurityProxy given
-a security delegate that implements methods in the EJB home or remote
-interface for security checks. This allows custom security classes to be
-written without using a JBoss specific interface. It also allows the security
-delegate to follow a natural proxy pattern implementation.
-
-@author [EMAIL PROTECTED]
-@version $Revision: 1.1 $
-*/
+/**
+ * An abstract implementation of SecurityProxy that wraps a non-SecurityProxy
+ * object. Subclasses of this class are used to create a SecurityProxy given
+ * a security delegate that implements methods in the EJB home or remote
+ * interface for security checks. This allows custom security classes to be
+ * written without using a JBoss specific interface. It also allows the security
+ * delegate to follow a natural proxy pattern implementation.
+ *
+ * @author [EMAIL PROTECTED]
+ * @version $Revision: 1.1.4.1 $
+ */
public abstract class AbstractSecurityProxy implements SecurityProxy
{
- private HashMap methodMap;
- private Method setContextMethod;
- private Method setBeanMethod;
- protected Object delegate;
-
- AbstractSecurityProxy(Object delegate)
- {
- this.delegate = delegate;
- methodMap = new HashMap();
- }
-
- /** Subclasses implement this method to actually invoke the given home
- method on the proxy delegate.
- @param m, the delegate method that was mapped from the ejb home method.
- @param args, the method invocation arguments.
- @param delegate, the proxy delegate object associated with the
- AbstractSecurityProxy
- @see invokeHome(Method, Object[])
- */
- protected abstract void invokeHomeOnDelegate(Method m, Object[] args, Object
delegate) throws SecurityException;
- /** Subclasses implement this method to actually invoke the given remote
- method on the proxy delegate.
- @param m, the delegate method that was mapped from the ejb remote method.
- @param args, the method invocation arguments.
- @param delegate, the proxy delegate object associated with the
- AbstractSecurityProxy
- @see invoke(Method, Object[], Object)
- */
- protected abstract void invokeOnDelegate(Method m, Object[] args, Object
delegate) throws SecurityException;
-
- /** This method is called by the container SecurityInterceptor to intialize
- the proxy with the EJB home and remote interface classes that the
- container is housing. This method creates a mapping from the home and
- remote classes to the proxy delegate instance. The mapping is based on
- method name and paramter types. In addition, the proxy delegate is
- inspected for a setEJBContext(EJBContext) and a setBean(Object) method
- so that the active EJBContext and EJB instance can be passed to the
- delegate prior to method invocations.
-
- @param beanHome, the class for the EJB home interface
- @param beanRemote, the class for the EJB remote interface
- @param securityMgr, The security manager instance assigned to the container.
- It is not used by this class.
- */
- public void init(Class beanHome, Class beanRemote, Object securityMgr) throws
InstantiationException
- {
- mapHomeMethods(beanHome);
- mapRemoteMethods(beanRemote);
- try
- {
- Class[] parameterTypes = {EJBContext.class};
- setContextMethod = delegate.getClass().getMethod("setEJBContext",
parameterTypes);
- }
- catch(Exception e)
- {
- }
- try
- {
- Class[] parameterTypes = {Object.class};
- setBeanMethod = delegate.getClass().getMethod("setBean",
parameterTypes);
- }
- catch(Exception e)
- {
- }
- }
-
- /**
- */
- public void setEJBContext(EJBContext ctx)
- {
- if( setContextMethod != null )
- {
- Object[] args = {ctx};
+ private HashMap methodMap;
+ private Method setContextMethod;
+ private Method setBeanMethod;
+ protected Object delegate;
+ /**
+ * Flag which sets whether the method mapping will be performed in a "strict"
+ * fashion. The proxy delegate must provide an implementation of all methods.
+ * If set to 'true' (the default), a security exception will be thrown during
+ * initialisation if a method is found for which the delegate doesn't have
+ * a matching method.
+ */
+ protected boolean strict = true;
+
+ AbstractSecurityProxy(Object delegate)
+ {
+ this.delegate = delegate;
+ methodMap = new HashMap();
+ }
+
+ /**
+ * Subclasses implement this method to actually invoke the given home
+ * method on the proxy delegate.
+ *
+ * @param m, the delegate method that was mapped from the ejb home method.
+ * @param args, the method invocation arguments.
+ * @param delegate, the proxy delegate object associated with the
AbstractSecurityProxy
+ *
+ * @see invokeHome(Method, Object[])
+ */
+ protected abstract void invokeHomeOnDelegate(Method m, Object[] args, Object
delegate) throws SecurityException;
+
+ /**
+ * Subclasses implement this method to actually invoke the given remote
+ * method on the proxy delegate.
+ *
+ * @param m, the delegate method that was mapped from the ejb remote method.
+ * @param args, the method invocation arguments.
+ * @param delegate, the proxy delegate object associated with the
AbstractSecurityProxy
+ *
+ * @see invoke(Method, Object[], Object)
+ */
+ protected abstract void invokeOnDelegate(Method m, Object[] args, Object
delegate) throws SecurityException;
+
+ /**
+ * This method is called by the container SecurityInterceptor to intialize
+ * the proxy with the EJB home and remote interface classes that the
+ * container is housing. This method creates a mapping from the home and
+ * remote classes to the proxy delegate instance. The mapping is based on
+ * method name and paramter types. In addition, the proxy delegate is
+ * inspected for a setEJBContext(EJBContext) and a setBean(Object) method
+ * so that the active EJBContext and EJB instance can be passed to the
+ * delegate prior to method invocations.
+ *
+ * @param beanHome, the class for the EJB home interface
+ * @param beanRemote, the class for the EJB remote interface
+ * @param securityMgr, The security manager instance assigned to the container.
+ * It is not used by this class.
+ */
+ public void init(Class beanHome, Class beanRemote, Object securityMgr) throws
InstantiationException
+ {
+ mapHomeMethods(beanHome);
+ mapRemoteMethods(beanRemote);
+ try
+ {
+ Class[] parameterTypes = {EJBContext.class};
+ setContextMethod = delegate.getClass().getMethod("setEJBContext",
parameterTypes);
+ }
+ catch(Exception e)
+ {
+ }
+ try
+ {
+ Class[] parameterTypes = {Object.class};
+ setBeanMethod = delegate.getClass().getMethod("setBean", parameterTypes);
+ }
+ catch(Exception e)
+ {
+ }
+ }
+
+ /** */
+ public void setEJBContext(EJBContext ctx)
+ {
+ if(setContextMethod != null)
+ {
+ Object[] args = {ctx};
+ try
+ {
+ setContextMethod.invoke(delegate, args);
+ }
+ catch(Exception e)
+ {
+ e.printStackTrace();
+ }
+ }
+ }
+
+ /**
+ * Called by the SecurityProxyInterceptor to allow the proxy delegate to perform
+ * a security check of the indicated home interface method.
+ *
+ * @param m, the EJB home interface method
+ * @param args, the method arguments
+ */
+ public void invokeHome(final Method m, Object[] args) throws SecurityException
+ {
+ Method delegateMethod = (Method)methodMap.get(m);
+ if( delegateMethod != null )
+ invokeHomeOnDelegate(delegateMethod, args, delegate);
+ }
+
+ /**
+ * Called by the SecurityProxyInterceptor to allow the proxy delegate to perform
+ * a security check of the indicated remote interface method.
+ * @param m, the EJB remote interface method
+ * @param args, the method arguments
+ * @param bean, the EJB bean instance
+ */
+ public void invoke(final Method m, final Object[] args, final Object bean)
throws SecurityException
+ {
+ Method delegateMethod = (Method)methodMap.get(m);
+ if( delegateMethod != null )
+ {
+ if( setBeanMethod != null )
+ {
+ Object[] bargs = {bean};
try
{
- setContextMethod.invoke(delegate, args);
+ setBeanMethod.invoke(delegate, bargs);
}
catch(Exception e)
{
- e.printStackTrace();
- }
- }
- }
-
- /** Called by the SecurityInterceptor to allow the proxy delegate to perform
- a security check of the indicated home interface method.
- @param m, the EJB home interface method
- @param args, the method arguments
- */
- public void invokeHome(final Method m, Object[] args) throws SecurityException
- {
- Method delegateMethod = (Method) methodMap.get(m);
- if( delegateMethod != null )
- invokeHomeOnDelegate(delegateMethod, args, delegate);
- }
-
- /** Called by the SecurityInterceptor to allow the proxy delegate to perform
- a security check of the indicated remote interface method.
- @param m, the EJB remote interface method
- @param args, the method arguments
- @param bean, the EJB bean instance
- */
- public void invoke(final Method m, final Object[] args, final Object bean)
throws SecurityException
- {
- Method delegateMethod = (Method) methodMap.get(m);
- if( delegateMethod != null )
- {
- if( setBeanMethod != null )
- {
- Object[] bargs = {bean};
- try
- {
- setBeanMethod.invoke(delegate, bargs);
- }
- catch(Exception e)
- {
- e.printStackTrace();
- throw new SecurityException("Failed to set bean on
proxy"+e.getMessage());
- }
- }
- invokeOnDelegate(delegateMethod, args, delegate);
- }
- }
-
- /** Performs a mapping from the methods declared in the beanHome
- class to the proxy delegate class.
- */
- protected void mapHomeMethods(Class beanHome)
- {
- Class delegateClass = delegate.getClass();
- Method[] methods = beanHome.getMethods();
- for(int m = 0; m < methods.length; m ++)
- {
- // Check for ejbCreate... methods
- Method hm = methods[m];
- Class[] parameterTypes = hm.getParameterTypes();
- String name = hm.getName();
- name = "ejb" + Character.toUpperCase(name.charAt(0)) +
name.substring(1);
- try
- {
- Method match = delegateClass.getMethod(name, parameterTypes);
- methodMap.put(hm, match);
- }
- catch(NoSuchMethodException e)
- {
- }
- }
- }
-
- /** Performs a mapping from the methods declared in the beanRemote
- class to the proxy delegate class.
- */
- protected void mapRemoteMethods(Class beanRemote)
- {
- Class delegateClass = delegate.getClass();
- Method[] methods = beanRemote.getMethods();
- for(int m = 0; m < methods.length; m ++)
- {
- // Check for ejbCreate... methods
- Method rm = methods[m];
- Class[] parameterTypes = rm.getParameterTypes();
- String name = rm.getName();
- try
- {
- Method match = delegateClass.getMethod(name, parameterTypes);
- methodMap.put(rm, match);
- }
- catch(NoSuchMethodException e)
- {
+ e.printStackTrace();
+ throw new SecurityException("Failed to set bean on proxy" +
e.getMessage());
}
- }
- }
+ }
+ invokeOnDelegate(delegateMethod, args, delegate);
+ }
+ }
+
+ /**
+ * Performs a mapping from the methods declared in the beanHome class to the
proxy delegate class.
+ */
+ protected void mapHomeMethods(Class beanHome)
+ {
+ Class delegateClass = delegate.getClass();
+ Method[] methods = beanHome.getMethods();
+ for(int m = 0; m < methods.length; m++)
+ {
+ // Check for ejbCreate... methods
+ Method hm = methods[m];
+ Class[] parameterTypes = hm.getParameterTypes();
+ String name = hm.getName();
+ name = "ejb" + Character.toUpperCase(name.charAt(0)) + name.substring(1);
+ try
+ {
+ Method match = delegateClass.getMethod(name, parameterTypes);
+ methodMap.put(hm, match);
+ }
+ catch(NoSuchMethodException e)
+ {
+ if( strict )
+ throw new SecurityException("Missing home method in delegate, " + e);
+ }
+ }
+ }
+
+ /**
+ * Performs a mapping from the methods declared in the beanRemote class to the
proxy delegate class.
+ */
+ protected void mapRemoteMethods(Class beanRemote)
+ {
+ Class delegateClass = delegate.getClass();
+ Method[] methods = beanRemote.getMethods();
+ for(int m = 0; m < methods.length; m++)
+ {
+ Method rm = methods[m];
+ Class[] parameterTypes = rm.getParameterTypes();
+ String name = rm.getName();
+ try
+ {
+ Method match = delegateClass.getMethod(name, parameterTypes);
+ methodMap.put(rm, match);
+ }
+ catch(NoSuchMethodException e)
+ {
+ if( strict )
+ throw new SecurityException("Missing method in delegate, " + e);
+ }
+ }
+ }
}
1.2.4.1 +2 -13 jbosssx/src/main/org/jboss/security/AppPolicy.java
Index: AppPolicy.java
===================================================================
RCS file: /cvsroot/jboss/jbosssx/src/main/org/jboss/security/AppPolicy.java,v
retrieving revision 1.2
retrieving revision 1.2.4.1
diff -u -r1.2 -r1.2.4.1
--- AppPolicy.java 29 Mar 2001 02:29:47 -0000 1.2
+++ AppPolicy.java 9 Apr 2002 04:12:59 -0000 1.2.4.1
@@ -6,30 +6,19 @@
*/
package org.jboss.security;
-import java.io.IOException;
import java.security.AccessController;
import java.security.AllPermission;
import java.security.CodeSource;
import java.security.KeyStore;
-import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Set;
-import javax.security.auth.AuthPermission;
-import javax.security.auth.Policy;
-import javax.security.auth.Refreshable;
-import javax.security.auth.RefreshFailedException;
import javax.security.auth.Subject;
import javax.security.auth.login.AppConfigurationEntry;
/** A combination of keystore, authentication and authorization entries.
-@author [EMAIL PROTECTED]
-@version $Revision: 1.2 $
+@author [EMAIL PROTECTED]
+@version $Revision: 1.2.4.1 $
*/
public class AppPolicy
{
1.1.4.1 +2 -3 jbosssx/src/main/org/jboss/security/AuthenticationInfo.java
Index: AuthenticationInfo.java
===================================================================
RCS file:
/cvsroot/jboss/jbosssx/src/main/org/jboss/security/AuthenticationInfo.java,v
retrieving revision 1.1
retrieving revision 1.1.4.1
diff -u -r1.1 -r1.1.4.1
--- AuthenticationInfo.java 5 Mar 2001 09:53:26 -0000 1.1
+++ AuthenticationInfo.java 9 Apr 2002 04:12:59 -0000 1.1.4.1
@@ -9,13 +9,12 @@
import java.security.AccessController;
import javax.security.auth.AuthPermission;
import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.login.Configuration;
import javax.security.auth.login.AppConfigurationEntry;
/** The login module configuration information.
-@author [EMAIL PROTECTED]
-@version $Revision: 1.1 $
+@author [EMAIL PROTECTED]
+@version $Revision: 1.1.4.1 $
*/
public class AuthenticationInfo
{
1.1.4.1 +2 -3 jbosssx/src/main/org/jboss/security/AuthorizationInfo.java
Index: AuthorizationInfo.java
===================================================================
RCS file: /cvsroot/jboss/jbosssx/src/main/org/jboss/security/AuthorizationInfo.java,v
retrieving revision 1.1
retrieving revision 1.1.4.1
diff -u -r1.1 -r1.1.4.1
--- AuthorizationInfo.java 5 Mar 2001 09:53:26 -0000 1.1
+++ AuthorizationInfo.java 9 Apr 2002 04:12:59 -0000 1.1.4.1
@@ -7,7 +7,6 @@
package org.jboss.security;
import java.io.IOException;
-import java.security.AccessController;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
@@ -22,8 +21,8 @@
/**
-@author [EMAIL PROTECTED]
-@version $Revision: 1.1 $
+@author [EMAIL PROTECTED]
+@version $Revision: 1.1.4.1 $
*/
public class AuthorizationInfo
{
1.2.2.2 +4 -3 jbosssx/src/main/org/jboss/security/Base64Encoder.java
Index: Base64Encoder.java
===================================================================
RCS file: /cvsroot/jboss/jbosssx/src/main/org/jboss/security/Base64Encoder.java,v
retrieving revision 1.2.2.1
retrieving revision 1.2.2.2
diff -u -r1.2.2.1 -r1.2.2.2
--- Base64Encoder.java 29 Dec 2001 04:32:21 -0000 1.2.2.1
+++ Base64Encoder.java 9 Apr 2002 04:12:59 -0000 1.2.2.2
@@ -1,4 +1,5 @@
-package org.jboss.security;
+
+package org.jboss.security; // for the time being ...
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
@@ -236,8 +237,7 @@
}
}
// Manage the last bytes, from 0 to off:
- switch (off)
- {
+ switch (off) {
case 1:
out.write(encoding[get1(buffer, 0)]);
out.write(encoding[get2(buffer, 0)]);
@@ -253,3 +253,4 @@
return;
}
}
+
1.1.4.3 +27 -30 jbosssx/src/main/org/jboss/security/ClientLoginModule.java
Index: ClientLoginModule.java
===================================================================
RCS file: /cvsroot/jboss/jbosssx/src/main/org/jboss/security/ClientLoginModule.java,v
retrieving revision 1.1.4.2
retrieving revision 1.1.4.3
diff -u -r1.1.4.2 -r1.1.4.3
--- ClientLoginModule.java 9 Dec 2001 00:55:21 -0000 1.1.4.2
+++ ClientLoginModule.java 9 Apr 2002 04:12:59 -0000 1.1.4.3
@@ -1,5 +1,5 @@
/*
- * JBoss, the OpenSource EJB server
+ * JBoss, the OpenSource WebOS
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
@@ -18,8 +18,6 @@
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
-import org.jboss.security.Logger;
-
/** A simple implementation of LoginModule for use by JBoss clients for
the establishment of the caller identity and credentials. This simply sets
the SecurityAssociation principal to the value of the NameCallback
@@ -44,28 +42,28 @@
*/
public class ClientLoginModule implements LoginModule
{
- private CallbackHandler _callbackHandler;
+ private Subject subject;
+ private CallbackHandler callbackHandler;
/** Shared state between login modules */
- private Map _sharedState;
+ private Map sharedState;
/** Flag indicating if the shared password should be used */
- private boolean _useFirstPass;
- /** An interface into log4j */
- private Logger log;
+ private boolean useFirstPass;
/**
* Initialize this LoginModule.
*/
public void initialize(Subject subject, CallbackHandler callbackHandler,
- Map sharedState, Map options)
+ Map sharedState, Map options)
{
- this._callbackHandler = callbackHandler;
- this._sharedState = sharedState;
+ this.subject = subject;
+ this.callbackHandler = callbackHandler;
+ this.sharedState = sharedState;
// Check for multi-threaded option
String mt = (String) options.get("multi-threaded");
if( mt != null && Boolean.valueOf(mt).booleanValue() == true )
{ /* Turn on the server mode which uses thread local storage for
the principal information.
- */
+ */
SecurityAssociation.setServer();
}
@@ -74,38 +72,38 @@
validate any shared password.
*/
String passwordStacking = (String) options.get("password-stacking");
- _useFirstPass = passwordStacking != null;
- log = Logger.getLogger(getClass());
+ useFirstPass = passwordStacking != null;
}
-
+
/**
* Method to authenticate a Subject (phase 1).
*/
public boolean login() throws LoginException
{
// If useFirstPass is true, look for the shared password
- if( _useFirstPass == true )
+ if( useFirstPass == true )
{
try
{
- String username = (String)
_sharedState.get("javax.security.auth.login.name");
- Object credential =
_sharedState.get("javax.security.auth.login.password");
+ String username = (String)
sharedState.get("javax.security.auth.login.name");
+ Object credential =
sharedState.get("javax.security.auth.login.password");
SecurityAssociation.setPrincipal(new SimplePrincipal(username));
SecurityAssociation.setCredential(credential);
+ SecurityAssociation.setSubject(subject);
return true;
}
catch(Exception e)
{ // Dump the exception and continue
- log.warn("Failed to setup SecurityAssociation from sharedState", e);
+ e.printStackTrace();
}
}
-
- /* There is no password sharing or we are the first login module. Get
- the username and password from the callback hander.
- */
- if (_callbackHandler == null)
+
+ /* There is no password sharing or we are the first login module. Get
+ the username and password from the callback hander.
+ */
+ if (callbackHandler == null)
throw new LoginException("Error: no CallbackHandler available " +
- "to garner authentication information from the user");
+ "to garner authentication information from the user");
PasswordCallback pc = new PasswordCallback("Password: ", false);
NameCallback nc = new NameCallback("User name: ", "guest");
@@ -116,7 +114,7 @@
char[] password = null;
char[] tmpPassword;
- _callbackHandler.handle(callbacks);
+ callbackHandler.handle(callbacks);
username = nc.getName();
SecurityAssociation.setPrincipal(new SimplePrincipal(username));
tmpPassword = pc.getPassword();
@@ -127,6 +125,7 @@
pc.clearPassword();
}
SecurityAssociation.setCredential(password);
+ SecurityAssociation.setSubject(subject);
}
catch (java.io.IOException ioe)
{
@@ -154,15 +153,13 @@
*/
public boolean abort() throws LoginException
{
- SecurityAssociation.setPrincipal(null);
- SecurityAssociation.setCredential(null);
+ SecurityAssociation.clear();
return true;
}
public boolean logout() throws LoginException
{
- SecurityAssociation.setPrincipal(null);
- SecurityAssociation.setCredential(null);
+ SecurityAssociation.clear();
return true;
}
}
1.1.4.1 +2 -5 jbosssx/src/main/org/jboss/security/IAppPolicyStore.java
Index: IAppPolicyStore.java
===================================================================
RCS file: /cvsroot/jboss/jbosssx/src/main/org/jboss/security/IAppPolicyStore.java,v
retrieving revision 1.1
retrieving revision 1.1.4.1
diff -u -r1.1 -r1.1.4.1
--- IAppPolicyStore.java 5 Mar 2001 09:53:26 -0000 1.1
+++ IAppPolicyStore.java 9 Apr 2002 04:12:59 -0000 1.1.4.1
@@ -6,16 +6,13 @@
*/
package org.jboss.security;
-import java.security.CodeSource;
-import java.security.Principal;
-import java.util.ArrayList;
/** An interface describing an AppPolicy security store. It is used by
the SecurityPolicy class to isolate the source of security information
from the SecurityPolicy.
-@author [EMAIL PROTECTED]
-@version $Revision: 1.1 $
+@author [EMAIL PROTECTED]
+@version $Revision: 1.1.4.1 $
*/
public interface IAppPolicyStore
{
1.3.2.1 +2 -2 jbosssx/src/main/org/jboss/security/NestableGroup.java
Index: NestableGroup.java
===================================================================
RCS file: /cvsroot/jboss/jbosssx/src/main/org/jboss/security/NestableGroup.java,v
retrieving revision 1.3
retrieving revision 1.3.2.1
diff -u -r1.3 -r1.3.2.1
--- NestableGroup.java 30 May 2001 12:20:26 -0000 1.3
+++ NestableGroup.java 9 Apr 2002 04:12:59 -0000 1.3.2.1
@@ -17,8 +17,8 @@
to runAs a new Principal with a new set of roles that should be added
without destroying the current identity and roles.
-@author [EMAIL PROTECTED]
-@version $Revision: 1.3 $
+@author [EMAIL PROTECTED]
+@version $Revision: 1.3.2.1 $
*/
public class NestableGroup extends SimplePrincipal implements Group
{
1.1.4.1 +2 -2 jbosssx/src/main/org/jboss/security/NestablePrincipal.java
Index: NestablePrincipal.java
===================================================================
RCS file: /cvsroot/jboss/jbosssx/src/main/org/jboss/security/NestablePrincipal.java,v
retrieving revision 1.1
retrieving revision 1.1.4.1
diff -u -r1.1 -r1.1.4.1
--- NestablePrincipal.java 21 Mar 2001 08:47:44 -0000 1.1
+++ NestablePrincipal.java 9 Apr 2002 04:12:59 -0000 1.1.4.1
@@ -17,8 +17,8 @@
to runAs a new Principal with a new CallerPrincipal identity
without destroying the current CallerPrincipal identity and roles.
-@author [EMAIL PROTECTED]
-@version $Revision: 1.1 $
+@author [EMAIL PROTECTED]
+@version $Revision: 1.1.4.1 $
*/
public class NestablePrincipal extends SimplePrincipal implements Group
{
1.1.4.1 +2 -10 jbosssx/src/main/org/jboss/security/SecurityPolicy.java
Index: SecurityPolicy.java
===================================================================
RCS file: /cvsroot/jboss/jbosssx/src/main/org/jboss/security/SecurityPolicy.java,v
retrieving revision 1.1
retrieving revision 1.1.4.1
diff -u -r1.1 -r1.1.4.1
--- SecurityPolicy.java 5 Mar 2001 09:53:27 -0000 1.1
+++ SecurityPolicy.java 9 Apr 2002 04:12:59 -0000 1.1.4.1
@@ -6,33 +6,25 @@
*/
package org.jboss.security;
-import java.net.URL;
import java.security.AccessController;
import java.security.CodeSource;
-import java.security.Permission;
import java.security.PermissionCollection;
-import java.security.Permissions;
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.HashMap;
import java.util.HashSet;
import java.util.Set;
import javax.security.auth.AuthPermission;
import javax.security.auth.Policy;
-import javax.security.auth.RefreshFailedException;
import javax.security.auth.Subject;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.AppConfigurationEntry;
-import org.jboss.security.SimplePrincipal;
/** An concrete implementation of the javax.security.auth.Policy class that
categorizes authorization info by application.
@see javax.security.auth.Policy
-@author [EMAIL PROTECTED]
-@version $Revision: 1.1 $
+@author [EMAIL PROTECTED]
+@version $Revision: 1.1.4.1 $
*/
public class SecurityPolicy extends Policy
{
1.2.2.1 +2 -1 jbosssx/src/main/org/jboss/security/SimpleGroup.java
Index: SimpleGroup.java
===================================================================
RCS file: /cvsroot/jboss/jbosssx/src/main/org/jboss/security/SimpleGroup.java,v
retrieving revision 1.2
retrieving revision 1.2.2.1
diff -u -r1.2 -r1.2.2.1
--- SimpleGroup.java 12 Jun 2001 08:03:33 -0000 1.2
+++ SimpleGroup.java 9 Apr 2002 04:12:59 -0000 1.2.2.1
@@ -19,7 +19,8 @@
objects based on their hashCode() and equals() methods. This class
is not thread safe.
-@author [EMAIL PROTECTED]
+@author [EMAIL PROTECTED]
+@version $Revision: 1.2.2.1 $
*/
public class SimpleGroup extends SimplePrincipal implements Group
{
1.1.4.1 +2 -3 jbosssx/src/main/org/jboss/security/SubjectSecurityProxy.java
Index: SubjectSecurityProxy.java
===================================================================
RCS file:
/cvsroot/jboss/jbosssx/src/main/org/jboss/security/SubjectSecurityProxy.java,v
retrieving revision 1.1
retrieving revision 1.1.4.1
diff -u -r1.1 -r1.1.4.1
--- SubjectSecurityProxy.java 5 Mar 2001 09:53:28 -0000 1.1
+++ SubjectSecurityProxy.java 9 Apr 2002 04:12:59 -0000 1.1.4.1
@@ -14,7 +14,6 @@
import javax.ejb.EJBContext;
import javax.security.auth.Subject;
-import org.jboss.ejb.MethodInvocation;
import org.jboss.security.SecurityPolicy;
import org.jboss.security.SubjectSecurityManager;
@@ -31,8 +30,8 @@
@see org.jboss.security.SecurityPolicy
@see org.jboss.security.SubjectSecurityManager
-@author [EMAIL PROTECTED]
-@version $Revision: 1.1 $
+@author [EMAIL PROTECTED]
+@version $Revision: 1.1.4.1 $
*/
public class SubjectSecurityProxy extends AbstractSecurityProxy
{
1.1.4.1 +2 -2
jbosssx/src/main/org/jboss/security/SubjectSecurityProxyFactory.java
Index: SubjectSecurityProxyFactory.java
===================================================================
RCS file:
/cvsroot/jboss/jbosssx/src/main/org/jboss/security/SubjectSecurityProxyFactory.java,v
retrieving revision 1.1
retrieving revision 1.1.4.1
diff -u -r1.1 -r1.1.4.1
--- SubjectSecurityProxyFactory.java 5 Mar 2001 09:53:28 -0000 1.1
+++ SubjectSecurityProxyFactory.java 9 Apr 2002 04:12:59 -0000 1.1.4.1
@@ -11,8 +11,8 @@
/** An implementation of SecurityProxyFactory that creates SubjectSecurityProxy
objects to wrap the raw security proxy objects.
-@author [EMAIL PROTECTED]
-@version $Revision: 1.1 $
+@author [EMAIL PROTECTED]
+@version $Revision: 1.1.4.1 $
*/
public class SubjectSecurityProxyFactory implements SecurityProxyFactory,
Serializable
{
1.1.4.4 +54 -18 jbosssx/src/main/org/jboss/security/Util.java
Index: Util.java
===================================================================
RCS file: /cvsroot/jboss/jbosssx/src/main/org/jboss/security/Util.java,v
retrieving revision 1.1.4.3
retrieving revision 1.1.4.4
diff -u -r1.1.4.3 -r1.1.4.4
--- Util.java 6 Feb 2002 19:59:45 -0000 1.1.4.3
+++ Util.java 9 Apr 2002 04:12:59 -0000 1.1.4.4
@@ -10,10 +10,13 @@
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
import java.security.SecureRandom;
+import java.security.Security;
import java.util.Random;
-import org.jboss.security.Logger;
+import org.jboss.logging.Logger;
+import org.jboss.crypto.JBossSXProvider;
/** Various security related utilities like MessageDigest
factories, SecureRandom access, password hashing.
@@ -22,7 +25,7 @@
Jhong for the SRP Distribution (http://srp.stanford.edu/srp/).
@author [EMAIL PROTECTED]
- @version $Revision: 1.1.4.3 $
+ @version $Revision: 1.1.4.4 $
*/
public class Util
{
@@ -51,9 +54,12 @@
psuedoRng = SecureRandom.getInstance("SHA1PRNG");
if( prngSeed != null )
psuedoRng.setSeed(prngSeed);
+ // Install the JBossSX security provider
+ Provider provider = new JBossSXProvider();
+ Security.addProvider(provider);
initialized = true;
}
-
+
public static MessageDigest newDigest()
{
MessageDigest md = null;
@@ -116,30 +122,43 @@
{
return psuedoRng.generateSeed(numBytes);
}
-
- public static byte[] calculatePasswordHash(String username, String password,
- byte[] salt)
+
+ /** Cacluate the SRP RFC2945 password hash = H(salt | H(username | ':' |
password))
+ where H = SHA secure hash. The username is converted to a byte[] using the
+ UTF-8 encoding.
+ */
+ public static byte[] calculatePasswordHash(String username, char[] password,
+ byte[] salt)
{
// Calculate x = H(s | H(U | ':' | password))
MessageDigest xd = newDigest();
- // Try to convert the username, password to a byte[] using UTF-8
+ // Try to convert the username to a byte[] using UTF-8
byte[] user = null;
- byte[] pass = null;
+ byte[] colon = {};
try
{
user = username.getBytes("UTF-8");
- pass = password.getBytes("UTF-8");
+ colon = ":".getBytes("UTF-8");
}
catch(UnsupportedEncodingException e)
{
- e.printStackTrace();
+ log.error("Failed to convert username to byte[] using UTF-8", e);
// Use the default platform encoding
user = username.getBytes();
- pass = password.getBytes();
+ colon = ":".getBytes();
}
+ byte[] passBytes = new byte[2*password.length];
+ for(int n = 0, p = 0; p < password.length; p ++)
+ {
+ char c = password[p];
+ passBytes[n ++] = (byte) (c & 0x00FF00);
+ passBytes[n ++] = (byte) (c & 0x0000FF);
+ }
+
+ // Build the hash
xd.update(user);
- xd.update(":".getBytes());
- xd.update(pass);
+ xd.update(colon);
+ xd.update(passBytes);
byte[] h = xd.digest();
xd.reset();
xd.update(salt);
@@ -147,12 +166,12 @@
byte[] xb = xd.digest();
return xb;
}
-
+
/** Calculate x = H(s | H(U | ':' | password)) verifier
v = g^x % N
described in RFC2945.
*/
- public static byte[] calculateVerifier(String username, String password,
+ public static byte[] calculateVerifier(String username, char[] password,
byte[] salt, byte[] Nb, byte[] gb)
{
BigInteger g = new BigInteger(1, gb);
@@ -163,7 +182,7 @@
v = g^x % N
described in RFC2945.
*/
- public static byte[] calculateVerifier(String username, String password,
+ public static byte[] calculateVerifier(String username, char[] password,
byte[] salt, BigInteger N, BigInteger g)
{
byte[] xb = calculatePasswordHash(username, password, salt);
@@ -171,7 +190,7 @@
BigInteger v = g.modPow(x, N);
return v.toByteArray();
}
-
+
/** Perform an interleaved even-odd hash on the byte string
*/
public static byte[] sessionKeyHash(byte[] number)
@@ -188,13 +207,17 @@
byte[] hbuf = new byte[klen];
for(i = 0; i < klen; ++i)
+ {
hbuf[i] = number[number.length - 2 * i - 1];
+ }
hout = newDigest().digest(hbuf);
for(i = 0; i < HASH_LEN; ++i)
key[2 * i] = hout[i];
for(i = 0; i < klen; ++i)
+ {
hbuf[i] = number[number.length - 2 * i - 2];
+ }
hout = newDigest().digest(hbuf);
for(i = 0; i < HASH_LEN; ++i)
key[2 * i + 1] = hout[i];
@@ -486,5 +509,18 @@
System.arraycopy(a, j, result, 0, len - j + 1);
return result;
}
-
+
+ public static void main(String[] args) throws Exception
+ {
+ long start = System.currentTimeMillis();
+ Util.init();
+ long end = System.currentTimeMillis();
+ System.out.println("Init time = "+(end - start));
+ Util.nextLong();
+ end = System.currentTimeMillis();
+ System.out.println("Init2 time = "+(end - start));
+ Util.nextLong();
+ end = System.currentTimeMillis();
+ System.out.println("Init2 time = "+(end - start));
+ }
}
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development
