ConfigXMLParser


1   /*
2    * The contents of this file are subject to the terms 
3    * of the Common Development and Distribution License 
4    * (the License).  You may not use this file except in
5    * compliance with the License.
6    * 
7    * You can obtain a copy of the license at 
8    * https://glassfish.dev.java.net/public/CDDLv1.0.html or
9    * glassfish/bootstrap/legal/CDDLv1.0.txt.
10   * See the License for the specific language governing 
11   * permissions and limitations under the License.
12   * 
13   * When distributing Covered Code, include this CDDL 
14   * Header Notice in each file and include the License file 
15   * at glassfish/bootstrap/legal/CDDLv1.0.txt.  
16   * If applicable, add the following below the CDDL Header, 
17   * with the fields enclosed by brackets [] replaced by
18   * you own identifying information: 
19   * "Portions Copyrighted [year] [name of copyright owner]"
20   * 
21   * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
22   */
23  
24  package com.sun.enterprise.security.jauth;
25  
26  import java.util.ArrayList  ;
27  import java.util.HashMap  ;
28  import java.io.IOException  ;
29  import javax.security.auth.login.AppConfigurationEntry  ;
30  
31  import sun.security.util.Debug;
32  import sun.security.util.PropertyExpander;
33  
34  import com.sun.enterprise.config.ConfigContext;
35  import com.sun.enterprise.config.ConfigException;
36  import com.sun.enterprise.config.ConfigFactory;
37  import com.sun.enterprise.config.clientbeans.ClientBeansResolver;
38  import com.sun.enterprise.config.clientbeans.ClientContainer;
39  import com.sun.enterprise.config.serverbeans.Server;
40  import com.sun.enterprise.config.serverbeans.SecurityService;
41  import com.sun.enterprise.config.serverbeans.ServerBeansFactory;
42  import com.sun.enterprise.server.ApplicationServer;
43  import com.sun.enterprise.Switch;
44  
45  import com.sun.logging.*;
46  import java.util.logging.*;
47  
48  /**
49   * Parser for message-security-config in domain.xml or sun-acc.xml
50   */
51  class ConfigXMLParser implements ConfigParser {
52  
53      private static Logger _logger=null;
54      static {
55          _logger = LogDomains.getLogger(LogDomains.SECURITY_LOGGER);
56      }
57  
58      // configuration info
59      private HashMap   configMap;
60  
61      // system property guaranteed to be set in appclient/Main.java,
62      // and is guaranteed to be non-null
63      private static final String   SUNACC_XML_URL = "sun-acc.xml.url";
64  
65      private static final Debug debug =
66          Debug.getInstance("configxmlparser", "[ConfigXMLParser]");
67  
68      ConfigXMLParser() throws IOException   {
69  
70      // first read the module config from message-security-config
71  
72      HashMap   newConfig = new HashMap  ();
73  
74      if (Switch.getSwitch().getContainerType() == Switch.EJBWEB_CONTAINER) {
75          readDomainXML(newConfig);
76      } else {
77          // container == Switch.APPCLIENT_CONTAINER
78          readSunAccXML(newConfig);
79      }
80      configMap = newConfig;
81      }
82  
83      private static void readDomainXML(HashMap   newConfig) throws IOException   {
84  
85      // auth-layer
86      String   intercept = null;
87  
88      try {
89          ConfigContext configCtx = 
90                  ApplicationServer.getServerContext().getConfigContext();
91  
92          if (configCtx == null) {
93          return;
94          }
95  
96              Server configBean = ServerBeansFactory.getServerBean(configCtx);
97              SecurityService secService =
98                  ServerBeansFactory.getSecurityServiceBean(configCtx);
99  
100             com.sun.enterprise.config.serverbeans.MessageSecurityConfig[]
101                 msgConfigs = secService.getMessageSecurityConfig();
102 
103             for (int j = 0; msgConfigs != null &&
104                     j < msgConfigs.length; j++) {
105 
106                 // single message-security-config for each auth-layer
107                 //
108                 // auth-layer is synonymous with intercept
109 
110                 intercept = parseInterceptEntry(msgConfigs[j], newConfig);
111         com.sun.enterprise.config.serverbeans.ProviderConfig[]
112                     pConfigs = msgConfigs[j].getProviderConfig();
113 
114                 for (int k = 0; pConfigs != null &&
115                         k < pConfigs.length; k++) {
116                     parseIDEntry(pConfigs[k], newConfig, intercept);
117                 }
118             }
119     } catch (ConfigException ce) {
120         IOException   ioe = new IOException  ();
121         ioe.initCause(ce);
122         throw ioe;
123     }
124     }
125 
126     private static void readSunAccXML(HashMap   newConfig) throws IOException   {
127 
128     // auth-layer
129     String   intercept = null;
130 
131     try {
132         // ConfigContext configCtx = ConfigFactory.createConfigContext(url);
133 
134         ConfigContext configCtx = ConfigFactory.createConfigContext
135                                (System.getProperty(SUNACC_XML_URL),
136                     true,
137                     false,
138                     false,
139                     ClientContainer.class,
140                     new ClientBeansResolver());
141         ClientContainer cc = (ClientContainer)configCtx.getRootConfigBean();
142         com.sun.enterprise.config.clientbeans.MessageSecurityConfig[]
143         msgConfigs = cc.getMessageSecurityConfig();
144 
145         for (int j = 0; msgConfigs != null && j < msgConfigs.length; j++) {
146 
147         // single message-security-config for each auth-layer
148         //
149         // auth-layer is synonymous with intercept
150 
151         intercept = parseInterceptEntry(msgConfigs[j], newConfig);
152         com.sun.enterprise.config.clientbeans.ProviderConfig[]
153             pConfigs = msgConfigs[j].getProviderConfig();
154 
155         for (int k = 0; pConfigs != null && k < pConfigs.length; k++) {
156             parseIDEntry(pConfigs[k], newConfig, intercept);
157         }
158         }
159     } catch (ConfigException ce) {
160         IOException   ioe = new IOException  ();
161         ioe.initCause(ce);
162         throw ioe;
163     }
164     }
165 
166     public HashMap   getConfigMap() {
167     return configMap;
168     }
169 
170     /**
171      * XXX must duplicate for client and server side code
172      *     because MessageSecurityConfig and subelements
173      *     are in different packages
174      */
175 
176     /**
177      * XXX server-side XML duplicate methods
178      */
179 
180     private static String   parseInterceptEntry
181     (com.sun.enterprise.config.serverbeans.MessageSecurityConfig msgConfig,
182     HashMap   newConfig)
183         throws IOException   {
184 
185     String   intercept = msgConfig.getAuthLayer();
186     String   defaultServerID = msgConfig.getDefaultProvider();
187     String   defaultClientID = msgConfig.getDefaultClientProvider();
188 
189     if (debug != null) {
190         debug.println("Intercept Entry: " +
191             "\n    intercept: " + intercept +
192             "\n    defaultServerID: " + defaultServerID +
193             "\n    defaultClientID:  " + defaultClientID);
194     }
195 
196     ConfigFile.InterceptEntry intEntry = (ConfigFile.InterceptEntry)
197                         newConfig.get(intercept);
198     if (intEntry != null) {
199         throw new IOException  ("found multiple MessageSecurityConfig " +
200                 "entries with the same auth-layer");
201     }
202 
203     // create new intercept entry
204     intEntry = new ConfigFile.InterceptEntry(defaultClientID,
205                     defaultServerID,
206                     null);
207     newConfig.put(intercept, intEntry);
208     return intercept;
209     }
210 
211     private static void parseIDEntry
212     (com.sun.enterprise.config.serverbeans.ProviderConfig pConfig,
213     HashMap   newConfig,
214     String   intercept)
215         throws IOException   {
216 
217     String   id = pConfig.getProviderId();
218     String   type = pConfig.getProviderType();
219     String   moduleClass = pConfig.getClassName();
220     ArrayList   modules = new ArrayList  ();
221 
222     AuthPolicy requestPolicy =
223         parseRequestPolicy(pConfig.getRequestPolicy());
224     AuthPolicy responsePolicy =
225         parseResponsePolicy(pConfig.getResponsePolicy());
226 
227     // get the module options
228 
229     HashMap   options = new HashMap  ();
230     String   key;
231     String   value;
232 
233     for (int i = 0; i < pConfig.sizeElementProperty(); i++) {
234         try {
235         options.put(pConfig.getElementProperty(i).getName(),
236                 PropertyExpander.expand
237                 (pConfig.getElementProperty(i).getValue(),
238                  false));
239         } catch (sun.security.util.PropertyExpander.ExpandException ee) {
240         // log warning and give the provider a chance to 
241         // interpret value itself.
242         _logger.warning("Container-auth: unable to expand provider property value - unexpanded value passed to provider");
243         options.put(pConfig.getElementProperty(i).getName(),
244                 pConfig.getElementProperty(i).getValue());
245         }
246     }
247 
248     if (debug != null) {
249         debug.println("ID Entry: " +
250             "\n    id: " + id +
251             "\n    type: " + type +
252             "\n    request policy: " + requestPolicy +
253             "\n    response policy: " + responsePolicy +
254             "\n    module class: " + moduleClass +
255             "\n        options: " + options);
256     }
257 
258     // create module entry
259 
260     AppConfigurationEntry   entry = new AppConfigurationEntry  
261             (pConfig.getClassName(),
262             AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
263             options);
264     modules.add(entry);
265 
266     // create ID entry
267 
268     ConfigFile.IDEntry idEntry = new ConfigFile.IDEntry(type,
269                 requestPolicy,
270                 responsePolicy,
271                 modules);
272 
273     ConfigFile.InterceptEntry intEntry = (ConfigFile.InterceptEntry)
274                     newConfig.get(intercept);
275     if (intEntry == null) {
276         throw new IOException  
277         ("intercept entry for " + intercept +
278         " must be specified before ID entries");
279     }
280 
281     if (intEntry.idMap == null) {
282         intEntry.idMap = new HashMap  ();
283     }
284 
285     // map id to Intercept
286     intEntry.idMap.put(id, idEntry);
287     }
288 
289     private static AuthPolicy parseRequestPolicy
290     (com.sun.enterprise.config.serverbeans.RequestPolicy policy) {
291 
292     // XXX identical source as parseResponsePolicy
293 
294     if (policy == null) {
295         return null;
296     }
297 
298     int sourceAuthType = AuthPolicy.SOURCE_AUTH_NONE;
299     boolean foundSource = true;
300     String   authType = policy.getAuthSource();
301 
302     if (AuthPolicy.SENDER.equals(authType)) {
303         sourceAuthType = AuthPolicy.SOURCE_AUTH_SENDER;
304     } else if (AuthPolicy.CONTENT.equals(authType)) {
305         sourceAuthType = AuthPolicy.SOURCE_AUTH_CONTENT;
306     } else {
307         if (debug != null) {
308         debug.println("invalid or null auth source: " + authType);
309         }
310         foundSource = false;
311     }
312     
313     boolean recipientAuth = false;
314     boolean beforeContent = false;
315     boolean foundRecipient = true;
316     String   recipient = policy.getAuthRecipient();
317 
318     if (AuthPolicy.BEFORE_CONTENT.equals(recipient)) {
319         recipientAuth = true;
320         beforeContent = true;
321     } else if (AuthPolicy.AFTER_CONTENT.equals(recipient)) {
322         recipientAuth = true;
323         beforeContent = false;
324     } else {
325         if (debug != null) {
326         debug.println("invalid or null auth recipient: " + recipient);
327         }
328         foundRecipient = false;
329     }
330 
331     if (!foundSource && !foundRecipient) {
332         return null;
333     }
334 
335     return new AuthPolicy(sourceAuthType,
336                 recipientAuth,
337                 beforeContent);
338     }
339 
340     private static AuthPolicy parseResponsePolicy
341     (com.sun.enterprise.config.serverbeans.ResponsePolicy policy) {
342 
343     // XXX identical source as parseRequestPolicy
344 
345     if (policy == null) {
346         return null;
347     }
348 
349     int sourceAuthType = AuthPolicy.SOURCE_AUTH_NONE;
350     boolean foundSource = true;
351     String   authType = policy.getAuthSource();
352 
353     if (AuthPolicy.SENDER.equals(authType)) {
354         sourceAuthType = AuthPolicy.SOURCE_AUTH_SENDER;
355     } else if (AuthPolicy.CONTENT.equals(authType)) {
356         sourceAuthType = AuthPolicy.SOURCE_AUTH_CONTENT;
357     } else {
358         if (debug != null) {
359         debug.println("invalid or null auth source: " + authType);
360         }
361         foundSource = false;
362     }
363 
364     boolean recipientAuth = false;
365     boolean beforeContent = false;
366     boolean foundRecipient = true;
367     String   recipient = policy.getAuthRecipient();
368 
369     if (AuthPolicy.BEFORE_CONTENT.equals(recipient)) {
370         recipientAuth = true;
371         beforeContent = true;
372     } else if (AuthPolicy.AFTER_CONTENT.equals(recipient)) {
373         recipientAuth = true;
374         beforeContent = false;
375     } else {
376         if (debug != null) {
377         debug.println("invalid or null auth recipient: " + recipient);
378         }
379         foundRecipient = false;
380     }
381 
382     if (!foundSource && !foundRecipient) {
383         return null;
384     }
385 
386     return new AuthPolicy(sourceAuthType,
387                 recipientAuth,
388                 beforeContent);
389     }
390 
391     // XXX client-side XML duplicate methods
392 
393     private static String   parseInterceptEntry
394     (com.sun.enterprise.config.clientbeans.MessageSecurityConfig msgConfig,
395     HashMap   newConfig)
396         throws IOException   {
397 
398     String   intercept = msgConfig.getAuthLayer();
399     String   defaultServerID = msgConfig.getDefaultProvider();
400     String   defaultClientID = msgConfig.getDefaultClientProvider();
401 
402     if (debug != null) {
403         debug.println("Intercept Entry: " +
404             "\n    intercept: " + intercept +
405             "\n    defaultServerID: " + defaultServerID +
406             "\n    defaultClientID:  " + defaultClientID);
407     }
408 
409     ConfigFile.InterceptEntry intEntry = (ConfigFile.InterceptEntry)
410                         newConfig.get(intercept);
411     if (intEntry != null) {
412         throw new IOException  ("found multiple MessageSecurityConfig " +
413                 "entries with the same auth-layer");
414     }
415 
416     // create new intercept entry
417     intEntry = new ConfigFile.InterceptEntry(defaultClientID,
418                     defaultServerID,
419                     null);
420     newConfig.put(intercept, intEntry);
421     return intercept;
422     }
423 
424     private static void parseIDEntry
425     (com.sun.enterprise.config.clientbeans.ProviderConfig pConfig,
426     HashMap   newConfig,
427     String   intercept)
428         throws IOException   {
429 
430     String   id = pConfig.getProviderId();
431     String   type = pConfig.getProviderType();
432     String   moduleClass = pConfig.getClassName();
433     ArrayList   modules = new ArrayList  ();
434 
435     AuthPolicy requestPolicy =
436         parseRequestPolicy(pConfig.getRequestPolicy());
437     AuthPolicy responsePolicy =
438         parseResponsePolicy(pConfig.getResponsePolicy());
439 
440     // get the module options
441 
442     HashMap   options = new HashMap  ();
443     String   key;
444     String   value;
445 
446     for (int i = 0; i < pConfig.sizeElementProperty(); i++) {
447         try {
448         options.put(pConfig.getElementProperty(i).getName(),
449                 PropertyExpander.expand
450                 (pConfig.getElementProperty(i).getValue(),
451                  false));
452         } catch (sun.security.util.PropertyExpander.ExpandException ee) {
453         // log warning and give the provider a chance to 
454         // interpret value itself.
455         _logger.warning("Container-auth: unable to expand provider property value - unexpanded value passed to provider");
456         options.put(pConfig.getElementProperty(i).getName(),
457                 pConfig.getElementProperty(i).getValue());
458         }
459     }
460 
461     if (debug != null) {
462         debug.println("ID Entry: " +
463             "\n    id: " + id +
464             "\n    type: " + type +
465             "\n    request policy: " + requestPolicy +
466             "\n    response policy: " + responsePolicy +
467             "\n    module class: " + moduleClass +
468             "\n        options: " + options);
469     }
470 
471     // create module entry
472 
473     AppConfigurationEntry   entry = new AppConfigurationEntry  
474             (pConfig.getClassName(),
475             AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
476             options);
477     modules.add(entry);
478 
479     // create ID entry
480 
481     ConfigFile.IDEntry idEntry = new ConfigFile.IDEntry(type,
482                 requestPolicy,
483                 responsePolicy,
484                 modules);
485 
486     ConfigFile.InterceptEntry intEntry = (ConfigFile.InterceptEntry)
487                     newConfig.get(intercept);
488     if (intEntry == null) {
489         throw new IOException  
490         ("intercept entry for " + intercept +
491         " must be specified before ID entries");
492     }
493 
494     if (intEntry.idMap == null) {
495         intEntry.idMap = new HashMap  ();
496     }
497 
498     // map id to Intercept
499     intEntry.idMap.put(id, idEntry);
500     }
501 
502     private static AuthPolicy parseRequestPolicy
503     (com.sun.enterprise.config.clientbeans.RequestPolicy policy) {
504 
505     if (policy == null) {
506         return null;
507     }
508 
509     int sourceAuthType = AuthPolicy.SOURCE_AUTH_NONE;
510     boolean foundSource = true;
511     String   authType = policy.getAuthSource();
512 
513     if (AuthPolicy.SENDER.equals(authType)) {
514         sourceAuthType = AuthPolicy.SOURCE_AUTH_SENDER;
515     } else if (AuthPolicy.CONTENT.equals(authType)) {
516         sourceAuthType = AuthPolicy.SOURCE_AUTH_CONTENT;
517     } else {
518         if (debug != null) {
519         debug.println("invalid or null auth source: " + authType);
520         }
521         foundSource = false;
522     }
523 
524     boolean recipientAuth = false;
525     boolean beforeContent = false;
526     boolean foundRecipient = true;
527     String   recipient = policy.getAuthRecipient();
528 
529     if (AuthPolicy.BEFORE_CONTENT.equals(recipient)) {
530         recipientAuth = true;
531         beforeContent = true;
532     } else if (AuthPolicy.AFTER_CONTENT.equals(recipient)) {
533         recipientAuth = true;
534         beforeContent = false;
535     } else {
536         if (debug != null) {
537         debug.println("invalid or null auth recipient: " + recipient);
538         }
539         foundRecipient = false;
540     }
541 
542     if (!foundSource && !foundRecipient) {
543         return null;
544     }
545 
546     return new AuthPolicy(sourceAuthType,
547                 recipientAuth,
548                 beforeContent);
549     }
550 
551     private static AuthPolicy parseResponsePolicy
552     (com.sun.enterprise.config.clientbeans.ResponsePolicy policy) {
553 
554     if (policy == null) {
555         return null;
556     }
557 
558     int sourceAuthType = AuthPolicy.SOURCE_AUTH_NONE;
559     boolean foundSource = true;
560     String   authType = policy.getAuthSource();
561 
562     if (AuthPolicy.SENDER.equals(authType)) {
563         sourceAuthType = AuthPolicy.SOURCE_AUTH_SENDER;
564     } else if (AuthPolicy.CONTENT.equals(authType)) {
565         sourceAuthType = AuthPolicy.SOURCE_AUTH_CONTENT;
566     } else {
567         if (debug != null) {
568         debug.println("invalid or null auth source: " + authType);
569         }
570         foundSource = false;
571     }
572 
573     boolean recipientAuth = false;
574     boolean beforeContent = false;
575     boolean foundRecipient = true;
576     String   recipient = policy.getAuthRecipient();
577 
578     if (AuthPolicy.BEFORE_CONTENT.equals(recipient)) {
579         recipientAuth = true;
580         beforeContent = true;
581     } else if (AuthPolicy.AFTER_CONTENT.equals(recipient)) {
582         recipientAuth = true;
583         beforeContent = false;
584     } else {
585         if (debug != null) {
586         debug.println("invalid or null auth recipient: " + recipient);
587         }
588         foundRecipient = false;
589     }
590 
591     if (!foundSource && !foundRecipient) {
592         return null;
593     }
594 
595     return new AuthPolicy(sourceAuthType,
596                 recipientAuth,
597                 beforeContent);
598     }
599 }
600
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags