maguro 2005/10/27 15:10:12
Modified: modules/core/src/java/org/openejb/corba/security/config/tss
TSSITTDistinguishedName.java
TSSITTPrincipalNameGSSUP.java
TSSITTX509CertChain.java TSSSASMechConfig.java
Log:
Updated configurations to handle realm->login-domain->principal hierarchy.
Revision Changes Path
1.4 +27 -8
openejb/modules/core/src/java/org/openejb/corba/security/config/tss/TSSITTDistinguishedName.java
Index: TSSITTDistinguishedName.java
===================================================================
RCS file:
/scm/openejb/openejb/modules/core/src/java/org/openejb/corba/security/config/tss/TSSITTDistinguishedName.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- TSSITTDistinguishedName.java 20 Jun 2005 22:28:31 -0000 1.3
+++ TSSITTDistinguishedName.java 27 Oct 2005 19:10:12 -0000 1.4
@@ -51,14 +51,18 @@
import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
-import org.apache.geronimo.security.PrimaryRealmPrincipal;
-import org.apache.geronimo.security.RealmPrincipal;
import org.omg.CORBA.Any;
import org.omg.CSI.ITTDistinguishedName;
import org.omg.CSI.IdentityToken;
import org.omg.CSI.X501DistinguishedNameHelper;
import org.omg.IOP.CodecPackage.FormatMismatch;
import org.omg.IOP.CodecPackage.TypeMismatch;
+
+import org.apache.geronimo.security.DomainPrincipal;
+import org.apache.geronimo.security.PrimaryDomainPrincipal;
+import org.apache.geronimo.security.PrimaryRealmPrincipal;
+import org.apache.geronimo.security.RealmPrincipal;
+
import org.openejb.corba.security.SASException;
import org.openejb.corba.util.Util;
@@ -70,9 +74,11 @@
public static final String OID = "";
private final String realmName;
+ private final String domainName;
- public TSSITTDistinguishedName(String realmName) {
+ public TSSITTDistinguishedName(String realmName, String domainName) {
this.realmName = realmName;
+ this.domainName = domainName;
}
public short getType() {
@@ -93,14 +99,27 @@
} catch (TypeMismatch typeMismatch) {
throw new SASException(1, typeMismatch);
}
+
byte[] principalNameBytes = X501DistinguishedNameHelper.extract(any);
X500Principal x500Principal = new X500Principal(principalNameBytes);
- Principal realmPrincipal = new RealmPrincipal(realmName,
x500Principal);
- Principal primaryRealmPrincipal = new
PrimaryRealmPrincipal(realmName, x500Principal);
+ Principal principal = null;
+ Principal primaryPrincipal = null;
+
+ if (realmName != null && domainName != null) {
+ principal = new RealmPrincipal(realmName, domainName,
x500Principal);
+ primaryPrincipal = new PrimaryRealmPrincipal(realmName,
domainName, x500Principal);
+ } else if (domainName != null) {
+ principal = new DomainPrincipal(domainName, x500Principal);
+ primaryPrincipal = new PrimaryDomainPrincipal(domainName,
x500Principal);
+ }
+
Subject subject = new Subject();
subject.getPrincipals().add(x500Principal);
- subject.getPrincipals().add(realmPrincipal);
- subject.getPrincipals().add(primaryRealmPrincipal);
+ if (principal != null) {
+ subject.getPrincipals().add(principal);
+ subject.getPrincipals().add(primaryPrincipal);
+ }
+
return subject;
}
}
1.3 +29 -11
openejb/modules/core/src/java/org/openejb/corba/security/config/tss/TSSITTPrincipalNameGSSUP.java
Index: TSSITTPrincipalNameGSSUP.java
===================================================================
RCS file:
/scm/openejb/openejb/modules/core/src/java/org/openejb/corba/security/config/tss/TSSITTPrincipalNameGSSUP.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- TSSITTPrincipalNameGSSUP.java 17 Jun 2005 07:25:10 -0000 1.2
+++ TSSITTPrincipalNameGSSUP.java 27 Oct 2005 19:10:12 -0000 1.3
@@ -50,18 +50,22 @@
import java.security.Principal;
import javax.security.auth.Subject;
+import org.omg.CORBA.Any;
+import org.omg.CSI.GSS_NT_ExportedNameHelper;
import org.omg.CSI.ITTPrincipalName;
import org.omg.CSI.IdentityToken;
-import org.omg.CSI.GSS_NT_ExportedNameHelper;
import org.omg.GSSUP.GSSUPMechOID;
-import org.omg.CORBA.Any;
import org.omg.IOP.CodecPackage.FormatMismatch;
import org.omg.IOP.CodecPackage.TypeMismatch;
+
+import org.apache.geronimo.security.DomainPrincipal;
+import org.apache.geronimo.security.PrimaryDomainPrincipal;
+import org.apache.geronimo.security.PrimaryRealmPrincipal;
+import org.apache.geronimo.security.RealmPrincipal;
+import org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal;
+
import org.openejb.corba.security.SASException;
import org.openejb.corba.util.Util;
-import org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal;
-import org.apache.geronimo.security.RealmPrincipal;
-import org.apache.geronimo.security.PrimaryRealmPrincipal;
/**
@@ -71,9 +75,11 @@
public static final String OID = GSSUPMechOID.value.substring(4);
private final String realmName;
+ private final String domainName;
- public TSSITTPrincipalNameGSSUP(String realmName) {
+ public TSSITTPrincipalNameGSSUP(String realmName, String domainName) {
this.realmName = realmName;
+ this.domainName = domainName;
}
public short getType() {
@@ -97,12 +103,24 @@
byte[] principalNameBytes = GSS_NT_ExportedNameHelper.extract(any);
String principalName = Util.decodeGSSExportName(principalNameBytes);
Principal basePrincipal = new GeronimoUserPrincipal(principalName);
- Principal realmPrincipal = new RealmPrincipal(realmName,
basePrincipal);
- Principal primaryRealmPrincipal = new
PrimaryRealmPrincipal(realmName, basePrincipal);
+ Principal principal = null;
+ Principal primaryPrincipal = null;
+
+ if (realmName != null && domainName != null) {
+ principal = new RealmPrincipal(realmName, domainName,
basePrincipal);
+ primaryPrincipal = new PrimaryRealmPrincipal(realmName,
domainName, basePrincipal);
+ } else if (domainName != null) {
+ principal = new DomainPrincipal(domainName, basePrincipal);
+ primaryPrincipal = new PrimaryDomainPrincipal(domainName,
basePrincipal);
+ }
+
Subject subject = new Subject();
subject.getPrincipals().add(basePrincipal);
- subject.getPrincipals().add(realmPrincipal);
- subject.getPrincipals().add(primaryRealmPrincipal);
+ if (principal != null) {
+ subject.getPrincipals().add(principal);
+ subject.getPrincipals().add(primaryPrincipal);
+ }
+
return subject;
}
}
1.4 +4 -2
openejb/modules/core/src/java/org/openejb/corba/security/config/tss/TSSITTX509CertChain.java
Index: TSSITTX509CertChain.java
===================================================================
RCS file:
/scm/openejb/openejb/modules/core/src/java/org/openejb/corba/security/config/tss/TSSITTX509CertChain.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- TSSITTX509CertChain.java 20 Jun 2005 22:28:31 -0000 1.3
+++ TSSITTX509CertChain.java 27 Oct 2005 19:10:12 -0000 1.4
@@ -61,9 +61,11 @@
public static final String OID = "";
private final String realmName;
+ private final String domainName;
- public TSSITTX509CertChain(String realmName) {
+ public TSSITTX509CertChain(String realmName, String domainName) {
this.realmName = realmName;
+ this.domainName = domainName;
}
public short getType() {
1.6 +2 -2
openejb/modules/core/src/java/org/openejb/corba/security/config/tss/TSSSASMechConfig.java
Index: TSSSASMechConfig.java
===================================================================
RCS file:
/scm/openejb/openejb/modules/core/src/java/org/openejb/corba/security/config/tss/TSSSASMechConfig.java,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- TSSSASMechConfig.java 17 Jun 2005 07:25:10 -0000 1.5
+++ TSSSASMechConfig.java 27 Oct 2005 19:10:12 -0000 1.6
@@ -97,7 +97,7 @@
//TODO is this needed?
if (TSSITTPrincipalNameGSSUP.OID.equals(oid)) {
//TODO this doesn't make sense if we plan to use this for
identity check.
- addIdentityToken(new TSSITTPrincipalNameGSSUP(null));
+ addIdentityToken(new TSSITTPrincipalNameGSSUP(null, null));
}
}
