KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > jboss > ejb > plugins > SSLSessionInterceptor


1 /*
2  * JBoss, Home of Professional Open Source
3  * Copyright 2005, JBoss Inc., and individual contributors as indicated
4  * by the @authors tag. See the copyright.txt in the distribution for a
5  * full listing of individual contributors.
6  *
7  * This is free software; you can redistribute it and/or modify it
8  * under the terms of the GNU Lesser General Public License as
9  * published by the Free Software Foundation; either version 2.1 of
10  * the License, or (at your option) any later version.
11  *
12  * This software is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15  * Lesser General Public License for more details.
16  *
17  * You should have received a copy of the GNU Lesser General Public
18  * License along with this software; if not, write to the Free
19  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21  */
22 package org.jboss.ejb.plugins;
23
24 import java.security.Principal JavaDoc;
25 import javax.net.ssl.SSLSession;
26 import javax.net.ssl.SSLPeerUnverifiedException;
27 import java.security.cert.X509Certificate JavaDoc;
28 import org.jboss.invocation.Invocation;
29
30 import org.jboss.security.ssl.DomainServerSocketFactory;
31 import org.jboss.security.CertificatePrincipal;
32 import org.jboss.security.auth.certs.SubjectDNMapping;
33
34 /**
35  * An interceptor that looks for the peer certificates from the SSLSession
36  * associated with the sessionIDKey(defaults to SESSION_ID) of the invocation.
37  *
38  * @see org.jboss.security.ssl.DomainServerSocketFactory
39  *
40  * @author <a HREF="mailto:Scott.Stark@jboss.org">Scott Stark</a>.
41  * @version $Revision: 41002 $
42  */
43 public class SSLSessionInterceptor extends AbstractInterceptor
44 {
45    /** The certificate to principal mapping interface */
46    private CertificatePrincipal cpMapping = new SubjectDNMapping();
47    /** The name of the invocation key with the session id */
48    private String JavaDoc sessionIDKey = "SESSION_ID";
49
50    public Object JavaDoc invokeHome(Invocation mi) throws Exception JavaDoc
51    {
52       extractSessionPrincipal(mi);
53       Object JavaDoc returnValue = getNext().invoke(mi);
54       return returnValue;
55    }
56
57    public CertificatePrincipal getPrincialMapping()
58    {
59       return cpMapping;
60    }
61
62    public void setPrincialMapping(CertificatePrincipal cpMapping)
63    {
64       this.cpMapping = cpMapping;
65    }
66
67    public String JavaDoc getSessionIDKey()
68    {
69       return sessionIDKey;
70    }
71
72    public void setSessionIDKey(String JavaDoc sessionIDKey)
73    {
74       this.sessionIDKey = sessionIDKey;
75    }
76
77    public Object JavaDoc invoke(Invocation mi) throws Exception JavaDoc
78    {
79       extractSessionPrincipal(mi);
80       Object JavaDoc returnValue = getNext().invoke(mi);
81       return returnValue;
82    }
83
84    /**
85     * Look for the session id in the invocation and if there is an associated
86     * session in DomainServerSocketFactory, use the client cert as the
87     * credential, and the cert principal mapping as the principal.
88     *
89     * @param mi - the method invocation
90     * @throws SSLPeerUnverifiedException
91     */
92    private void extractSessionPrincipal(Invocation mi)
93       throws SSLPeerUnverifiedException
94    {
95       String JavaDoc sessionID = (String JavaDoc) mi.getValue(sessionIDKey);
96       if( sessionID != null )
97       {
98          SSLSession session = DomainServerSocketFactory.getSSLSession(sessionID);
99          if( session != null )
100          {
101             X509Certificate JavaDoc[] certs = (X509Certificate JavaDoc[]) session.getPeerCertificates();
102             Principal JavaDoc caller = cpMapping.toPrinicipal(certs);
103             mi.setPrincipal(caller);
104             mi.setCredential(certs);
105          }
106       }
107    }
108 }
109
Popular Tags