[JBoss-dev] [ jboss-Patches-945287 ] Support client cert auth. in InvokerServlet

Fri, 30 Apr 2004 06:05:10 -0700 

Patches item #945287, was opened at 2004-04-30 15:03
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=376687&aid=945287&group_id=22866

Category: JBossServer
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Rolf Arne Corneliussen (rolfarne)
Assigned to: Nobody/Anonymous (nobody)
Summary: Support client cert auth. in InvokerServlet

Initial Comment:
If the InvokerServlet is deployed with CLIENT-CERT 
authentication, the Principal and Credential will (upon 
successful authentication) be set in the 
SecurityAssociation, and not in the MarshalledInvocation.

(If the InvokerServlet is deployed with BASIC-AUTH, 
there is equal values in both SecurityAssociation and 
MarshalledInvocation, if the recommende configuration is 
used).

The code below suggests that if both the principal and 
credential in the MarshalledInvocation are null, we use 
the values from SecurityAssociation. This will support 
client cert. auth. with the http invoker.

Excerpt from InvokerServlet:

import org.jboss.security.SecurityAssociation;
....

MarshalledInvocation mi = (MarshalledInvocation) 
request.getAttribute("MarshalledInvocation");
if( mi == null )
{
    // Get the invocation from the post
    ServletInputStream sis = request.getInputStream();
    ObjectInputStream ois = new ObjectInputStream(sis);
    mi = (MarshalledInvocation) ois.readObject();
    ois.close();
}

// New code starts here
if (mi.getPrincipal() == null && mi.getCredential() == null)
{
    mi.setPrincipal(SecurityAssociation.getPrincipal());
    mi.setCredential(SecurityAssociation.getCredential());
}

// New code ends here

Object[] params = {mi};
String[] sig = {"org.jboss.invocation.Invocation"};

...


Rolf Arne

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=376687&aid=945287&group_id=22866


-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
JBoss-Development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development

Reply via email to