KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > jacorb > security > level2 > CurrentImpl


1 package org.jacorb.security.level2;
2
3 /*
4  * JacORB - a free Java ORB
5  *
6  * Copyright (C) 1997-2004 Gerald Brose.
7  *
8  * This library is free software; you can redistribute it and/or
9  * modify it under the terms of the GNU Library General Public
10  * License as published by the Free Software Foundation; either
11  * version 2 of the License, or (at your option) any later version.
12  *
13  * This library is distributed in the hope that it will be useful,
14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16  * Library General Public License for more details.
17  *
18  * You should have received a copy of the GNU Library General Public
19  * License along with this library; if not, write to the Free
20  * Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21  */
22
23 import org.omg.Security.*;
24 import org.omg.SecurityLevel2.*;
25
26 import org.apache.avalon.framework.logger.Logger;
27 import org.apache.avalon.framework.configuration.*;
28
29 import java.util.*;
30 import java.io.*;
31 import java.lang.reflect.*;
32
33 import org.jacorb.util.ObjectUtil;
34
35 /**
36  *
37  * @author Nicolas Noffke, Gerald Brose, Andrư Benvenuti
38  * @version $Id: CurrentImpl.java,v 1.16 2004/05/06 12:40:01 nicolas Exp $
39  *
40  */
41
42 public class CurrentImpl
43     extends org.omg.CORBA.LocalObject JavaDoc
44     implements org.omg.SecurityLevel2.Current, Configurable
45 {
46     private CredentialsImpl[] own_credentials;
47
48     private PrincipalAuthenticator principalAuthenticator;
49     private AccessDecision access_decision = null;
50     private Hashtable policies = null;
51
52     private SecAttributeManager attrib_mgr = null;
53     
54     //thread specific credentials
55 private Hashtable ts_credentials = null;
56     private Hashtable ts_received_credentials = null;
57     
58     private String JavaDoc defaultSecurityName = null;
59     private String JavaDoc defaultPassword = null;
60     private List authenticators = new Vector();
61
62     private org.omg.CORBA.ORB JavaDoc orb = null;
63     private Logger logger;
64     private org.jacorb.config.Configuration configuration;
65
66     public CurrentImpl(org.omg.CORBA.ORB JavaDoc orb)
67     {
68         this.orb = orb;
69         attrib_mgr = SecAttributeManager.getInstance();
70
71         ts_credentials = new Hashtable();
72         ts_received_credentials = new Hashtable();
73         policies = new Hashtable();
74     }
75
76     public void configure(Configuration myConfiguration)
77         throws ConfigurationException
78     {
79         configuration =
80             (org.jacorb.config.Configuration)myConfiguration;
81
82         logger = configuration.getNamedLogger("jacorb.security.current");
83
84         defaultSecurityName =
85             configuration.getAttribute("jacorb.security.default_user","" );
86         defaultPassword =
87             configuration.getAttribute( "jacorb.security.default_password","" );
88
89         String JavaDoc accDecClassName =
90             configuration.getAttribute("jacorb.security.access_decision", null);
91
92         if ( accDecClassName != null )
93         {
94             //build access decision
95 try
96             {
97                 Class JavaDoc ad_class = ObjectUtil.classForName(accDecClassName);
98                 access_decision = (AccessDecision) ad_class.newInstance();
99             }
100             catch (Exception JavaDoc e)
101             {
102                 if (logger.isWarnEnabled())
103                 {
104                     logger.warn("Class " + accDecClassName +
105                                 " not found! Please check property \"jacorb.security.access_decision\"" );
106                 }
107                 access_decision = new AccessDecisionImpl();
108             }
109         }
110         else
111             access_decision = new AccessDecisionImpl();
112
113         String JavaDoc s =
114             configuration.getAttribute("jacorb.security.principal_authenticator",null);
115  
116         if( s != null )
117         {
118             StringTokenizer st = new StringTokenizer( s, "," );
119             
120             while( st.hasMoreTokens() )
121             {
122                 PrincipalAuthenticator pa =
123                     createAuthenticator( st.nextToken() );
124                 
125                 if( pa != null )
126                 {
127                     authenticators.add( pa );
128                 }
129             }
130         }
131     }
132
133     public void init()
134     {
135     authenticate();
136     }
137
138     /**
139      * used by interceptors
140      */
141
142     public Logger getLogger()
143     {
144         return logger;
145     }
146
147
148     /**
149      * Create a PrincipalAuthenticator for a given class name.
150      * The class must have exactly one constructor ant that must
151      * have either a constructor with no arg or a constructor with
152      * exactly one arg of type org.omg.CORBA.ORB.
153      *
154      * @return The newly created PA or null, if anything failed.
155      */
156     private PrincipalAuthenticator createAuthenticator( String JavaDoc class_name )
157     {
158         try
159         {
160             Class JavaDoc pa_class = ObjectUtil.classForName( class_name );
161             Constructor[] constructors = pa_class.getConstructors();
162             
163             if( constructors.length != 1 )
164             {
165                 if (logger.isErrorEnabled())
166                 {
167                     logger.error("PrincAuth " + class_name +
168                                 " must have exactly one constructor that takes either no args or org.omg.CORBA.ORB" );
169                 }
170                 return null;
171             }
172
173             Class JavaDoc[] params = constructors[0].getParameterTypes();
174             if( params.length == 0 )
175             {
176                 PrincipalAuthenticator pa =
177                     (PrincipalAuthenticator)pa_class.newInstance();
178                 ((Configurable)pa).configure(configuration);
179                 return pa;
180             }
181             else if( params.length == 1 )
182             {
183                 if( params[0].equals( org.omg.CORBA.ORB JavaDoc.class ))
184                 {
185                     return (PrincipalAuthenticator)
186                         constructors[0].newInstance( new Object JavaDoc[]{ orb } );
187                 }
188                 else
189                 {
190                     if (logger.isErrorEnabled())
191                     {
192                         logger.error("PrincAuth " + class_name +
193                                      "\'s constructor has an arg of type " +
194                                      params[0].getName() +
195                                      " but it must have an arg of type org.omg.CORBA.ORB" );
196                     }
197                 }
198             }
199             else
200             {
201                     if (logger.isErrorEnabled())
202                     {
203                         logger.error("PrincAuth " + class_name +
204                                      " must have exactly one constructor that takes either no arg or one arg of type org.omg.CORBA.ORB" );
205                     }
206             }
207         }
208         catch( Exception JavaDoc e )
209         {
210             if (logger.isWarnEnabled())
211             {
212                 logger.warn("Exception " + e.getMessage() + " in CurrentImpl");
213             }
214         }
215
216         return null;
217     }
218
219     /**
220      * This method does the following things:
221      * 1.) take the property "jacorb.security.principal_authenticator", which
222      * contains a comma separated list of PA class names.
223      * 2.) create a PA Instance for each class name.
224      * 3.) call authenticate() on each PA with the value of the property
225      * "jacorb.security.default_user" as the arg "security_name", the value
226      * of the property "jacorb.security.default_password" as the arg
227      * "auth_data" and a CredentialsHolder. All other args are null.
228      */
229
230     private void authenticate()
231     {
232         if( authenticators.size() == 0 )
233         {
234             if (logger.isWarnEnabled())
235             {
236                 logger.warn("No PrincipalAuthenticator set. Will not authenticate!");
237             }
238             own_credentials = new CredentialsImpl[ 0 ];
239             return;
240         }
241
242         principalAuthenticator = (PrincipalAuthenticator)authenticators.get(0);
243         byte[] pwd = (defaultPassword == null)? null : defaultPassword.getBytes();
244         Vector own_creds = new Vector();
245
246         for( int i = 0; i < authenticators.size(); i++ )
247         {
248             PrincipalAuthenticator pa =
249                 (PrincipalAuthenticator)authenticators.get( i );
250
251             CredentialsHolder coh = new CredentialsHolder();
252         
253             if( pa.authenticate( 0,
254                                  null,
255                                  defaultSecurityName,
256                                  pwd,
257                                  null,
258                                  coh,
259                                  null,
260                                  null )
261                 == AuthenticationStatus.SecAuthSuccess)
262             {
263                 own_creds.add( (CredentialsImpl) coh.value );
264
265                 own_credentials = new CredentialsImpl[ own_creds.size() ];
266                 own_creds.copyInto( own_credentials );
267
268                 if (logger.isInfoEnabled())
269                 {
270                     logger.info("PrincAuth " + i + ": AuthenticationStatus.SecAuthSuccess");
271                 }
272             }
273             else
274             {
275                 if (logger.isInfoEnabled())
276                 {
277                     logger.info("PrincAuth " + i + ": AuthenticationStatus.SecAuthFailure");
278                 }
279             }
280         }
281     }
282
283     /**
284      * thread specific, from SecurityLevel1
285      */
286     public SecAttribute[] get_attributes(AttributeType[] types)
287     {
288         CredentialsImpl[] tsc = getTSCredentials();
289         
290         if( tsc != null && tsc.length > 0)
291         {
292             return tsc[0].get_attributes( types );
293         }
294         else if ( own_credentials != null &&
295                   own_credentials.length > 0 )
296         {
297             return own_credentials[0].get_attributes( types );
298         }
299         else
300         {
301             return new SecAttribute[0];
302         }
303     }
304
305     /* thread specific*/
306
307     public ReceivedCredentials received_credentials()
308     {
309         return (ReceivedCredentials)ts_received_credentials.get( Thread.currentThread() );
310     }
311     
312     /* thread specific*/
313     public void set_credentials( CredentialType cred_type,
314                                  Credentials[] creds,
315                                  org.omg.SecurityLevel2.DelegationMode del )
316     {
317         //ignoring DelegationMode
318 ts_credentials.put( Thread.currentThread(),
319                             creds );
320     }
321
322     /* thread specific*/
323
324     public void set_received_credentials( ReceivedCredentials creds )
325     {
326         //ignoring DelegationMode
327 ts_received_credentials.put( Thread.currentThread(),
328                             creds );
329     }
330
331     public void remove_received_credentials()
332     {
333         //ignoring DelegationMode
334 ts_received_credentials.remove( Thread.currentThread() );
335     }
336    
337
338     /* thread specific*/
339     public Credentials[] get_credentials(CredentialType cred_type)
340     {
341         CredentialsImpl[] tsc = getTSCredentials();
342
343         if ( tsc == null )
344         {
345             tsc = own_credentials;
346         }
347
348         Vector found_creds = new Vector();
349
350         for( int i = 0; i < tsc.length; i++ )
351         {
352             if ( cred_type.value() == tsc[i].credentials_type().value() )
353             {
354                 found_creds.addElement( tsc[i] );
355             }
356         }
357
358         Credentials[] creds = new Credentials[found_creds.size()];
359
360         for( int i = 0; i < creds.length; i++ )
361         {
362             creds[i] = (Credentials)
363                 found_creds.elementAt( i );
364         }
365
366         return creds;
367     }
368   
369     /* application specific */
370     public Credentials[] own_credentials()
371     {
372         return own_credentials;
373     }
374   
375     /* application specific */
376     /**
377      * This will remove the passed Credentials from the list
378      * of own_credentials.
379      * The passed object has to be the same instance as the one
380      * to be removed.
381      */
382     public void remove_own_credentials(Credentials credentials)
383     {
384         boolean found_credentials = false;
385         Vector kept_credentials = new Vector();
386         
387         for (int i = 0; i < own_credentials.length; i++)
388         {
389             if ( credentials == own_credentials[i] )
390             {
391                 found_credentials = true;
392             }
393             else
394             {
395                 kept_credentials.addElement( own_credentials[i] );
396             }
397         }
398         
399         if ( found_credentials )
400         {
401             own_credentials = new CredentialsImpl[kept_credentials.size()];
402
403             for (int i = 0; i < kept_credentials.size(); i++)
404             {
405                 own_credentials[i] = (CredentialsImpl)
406                     kept_credentials.elementAt( i );
407             }
408         }
409         else
410         {
411             throw new org.omg.CORBA.BAD_PARAM JavaDoc();
412         }
413     }
414
415     /* application specific */
416     public SecurityFeature[] received_security_features()
417     {
418         return null;
419     }
420   
421     /* application specific */
422     public org.omg.CORBA.Policy JavaDoc get_policy(int policy_type)
423     {
424         return (org.omg.CORBA.Policy JavaDoc) policies.get(new Integer JavaDoc(policy_type));
425     }
426   
427     /* application specific */
428     public org.omg.Security.MechandOptions[] supported_mechanisms()
429     {
430         return null;
431     }
432
433     /* application specific */
434     public SecurityMechanismData[] get_security_mechanisms(org.omg.CORBA.Object JavaDoc obj_ref)
435     {
436         return null;
437     }
438
439     /* application specific */
440     public RequiredRights required_rights_object()
441     {
442         return null;
443     }
444   
445     /* application specific */
446     public PrincipalAuthenticator principal_authenticator()
447     {
448         return principalAuthenticator;
449     }
450   
451     /* application specific */
452     public AccessDecision access_decision()
453     {
454         return access_decision;
455     }
456   
457     /* application specific */
458     public AuditDecision audit_decision()
459     {
460         return null;
461     }
462   
463     /* application specific */
464     public QOPPolicy create_qop_policy(QOP qop)
465     {
466         return new QOPPolicyImpl(qop);
467     }
468   
469     /* application specific */
470     public MechanismPolicy create_mechanism_policy(String JavaDoc[] mechanisms)
471     {
472         return new MechanismPolicyImpl(mechanisms);
473     }
474   
475     /* application specific */
476     public InvocationCredentialsPolicy create_invoc_creds_policy(Credentials[] creds)
477     {
478         return new InvocationCredentialsPolicyImpl(creds);
479     }
480
481     private CredentialsImpl[] getTSCredentials()
482     {
483         return (CredentialsImpl[])
484             ts_credentials.get( Thread.currentThread() );
485     }
486
487     public KeyAndCert[] getSSLCredentials()
488     {
489         if( own_credentials == null ||
490             own_credentials.length == 0 )
491         {
492             return new KeyAndCert[0];
493         }
494
495         AttributeType access_id = new AttributeType
496             ( new ExtensibleFamily( (short) 0,
497                                     (short) 1 ),
498               AccessId.value );
499
500         AttributeType role = new AttributeType
501             ( new ExtensibleFamily( (short) 0,
502                                     (short) 1 ),
503               Role.value );
504
505         SecAttribute[] attribs =
506             own_credentials[0].get_attributes( new AttributeType[]{ access_id,
507                                                                     role } );
508             
509         KeyAndCert[] certs = new KeyAndCert[attribs.length];
510
511         for( int i = 0; i < certs.length; i++ )
512         {
513             certs[i] = attrib_mgr.getAttributeCertValue( attribs[i] );
514         }
515
516         return certs;
517     }
518
519
520     public void close()
521     {
522         if (logger.isDebugEnabled())
523             logger.debug("Closing Current");
524         
525     principalAuthenticator = null; // rt: use the gc for finalize
526 policies.clear();
527         ts_credentials.clear();
528         ts_received_credentials.clear();
529     }
530
531     public void finalize()
532     {
533         close();
534     }
535 }
536
537
538
539
Popular Tags