KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > jboss > iiop > csiv2 > SASClientInterceptor


1 /*
2 * JBoss, Home of Professional Open Source
3 * Copyright 2005, JBoss Inc., and individual contributors as indicated
4 * by the @authors tag. See the copyright.txt in the distribution for a
5 * full listing of individual contributors.
6 *
7 * This is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU Lesser General Public License as
9 * published by the Free Software Foundation; either version 2.1 of
10 * the License, or (at your option) any later version.
11 *
12 * This software is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this software; if not, write to the Free
19 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20 * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21 */
22 package org.jboss.iiop.csiv2;
23
24 /***************************************
25  * *
26  * JBoss: The OpenSource J2EE WebOS *
27  * *
28  * Distributable under LGPL license. *
29  * See terms of license at gnu.org. *
30  * *
31  ***************************************/
32
33 import java.security.Principal JavaDoc;
34
35 import org.omg.CORBA.Any JavaDoc;
36 import org.omg.CORBA.BAD_PARAM JavaDoc;
37 import org.omg.CORBA.MARSHAL JavaDoc;
38 import org.omg.CORBA.NO_PERMISSION JavaDoc;
39 import org.omg.CORBA.ORB JavaDoc;
40 import org.omg.CORBA.CompletionStatus JavaDoc;
41 import org.omg.CORBA.LocalObject JavaDoc;
42 import org.omg.CSI.AuthorizationElement;
43 import org.omg.CSI.EstablishContext;
44 import org.omg.CSI.IdentityToken;
45 import org.omg.CSI.MTContextError;
46 import org.omg.CSI.SASContextBody;
47 import org.omg.CSI.SASContextBodyHelper;
48
49 import org.omg.CSIIOP.CompoundSecMech;
50 import org.omg.CSIIOP.EstablishTrustInClient;
51
52 import org.omg.GSSUP.InitialContextToken;
53 import org.omg.IOP.Codec JavaDoc;
54 import org.omg.IOP.CodecPackage.FormatMismatch JavaDoc;
55 import org.omg.IOP.CodecPackage.TypeMismatch JavaDoc;
56 import org.omg.IOP.ServiceContext JavaDoc;
57 import org.omg.PortableInterceptor.ClientRequestInfo JavaDoc;
58 import org.omg.PortableInterceptor.ClientRequestInterceptor JavaDoc;
59 import org.jacorb.orb.MinorCodes;
60
61 import org.jboss.logging.Logger;
62 import org.jboss.security.SecurityAssociation;
63
64 /**
65  * This implementation of
66  * <code>org.omg.PortableInterceptor.ClientRequestInterceptor</code> inserts
67  * the security attribute service (SAS) context into outgoing IIOP requests
68  * and handles the SAS messages received from the target security service
69  * in the SAS context of incoming IIOP replies.
70  *
71  * @author <a HREF="mailto:reverbel@ime.usp.br">Francisco Reverbel</a>
72  * @version $Revision: 37459 $
73  */
74 public class SASClientInterceptor
75    extends LocalObject JavaDoc
76    implements ClientRequestInterceptor JavaDoc
77 {
78    // Constants ------------------------------------------------------
79 private static final int sasContextId =
80       org.omg.IOP.SecurityAttributeService.value;
81
82    private static final IdentityToken absentIdentityToken;
83    static {
84       absentIdentityToken = new IdentityToken();
85       absentIdentityToken.absent(true);
86    }
87    private static final AuthorizationElement[] noAuthorizationToken = {};
88
89    private static final Logger log =
90       Logger.getLogger(SASTargetInterceptor.class);
91    private static final boolean traceEnabled = log.isTraceEnabled();
92
93
94    // Fields ---------------------------------------------------------
95
96    private Codec JavaDoc codec;
97
98    // Constructor ---------------------------------------------------
99
100    public SASClientInterceptor(Codec JavaDoc codec)
101    {
102       this.codec = codec;
103    }
104     
105    // Methods -------------------------------------------------------
106
107     
108    // org.omg.PortableInterceptor.Interceptor operations ------------
109
110    public String JavaDoc name()
111    {
112       return "SASClientInterceptor";
113    }
114
115    public void destroy()
116    {
117       // do nothing
118 }
119     
120    // ClientRequestInterceptor operations ---------------------------
121
122    public void send_request(ClientRequestInfo JavaDoc ri)
123    {
124       try
125       {
126          CompoundSecMech secMech =
127             CSIv2Util.getMatchingSecurityMech(
128                ri,
129                codec,
130                EstablishTrustInClient.value, /* client supports */
131                (short)0 /* client requires */);
132          if (secMech == null)
133             return;
134
135          if ((secMech.as_context_mech.target_supports
136               & EstablishTrustInClient.value) != 0)
137          {
138             Principal JavaDoc p = SecurityAssociation.getPrincipal();
139             if (p != null)
140             {
141                byte[] encodedTargetName = secMech.as_context_mech.target_name;
142
143                // The name scope needs to be externalized
144 String JavaDoc name = p.getName();
145                if (name.indexOf('@') < 0)
146                {
147                   byte[] decodedTargetName =
148                      CSIv2Util.decodeGssExportedName(encodedTargetName);
149                   String JavaDoc targetName = new String JavaDoc(decodedTargetName, "UTF-8");
150                   name += "@" + targetName; // "@default"
151 }
152                byte[] username = name.getBytes("UTF-8");
153                // I don't know why there is not a better way
154 // to go from char[] -> byte[]
155 Object JavaDoc credential = SecurityAssociation.getCredential();
156                byte[] password = {};
157                if (credential instanceof char[])
158                {
159                   String JavaDoc tmp = new String JavaDoc((char[]) credential);
160                   password = tmp.getBytes("UTF-8");
161                }
162                else if (credential instanceof byte[])
163                   password = (byte[])credential;
164                else if (credential != null)
165                {
166                   String JavaDoc tmp = credential.toString();
167                   password = tmp.getBytes("UTF-8");
168                }
169
170                // create authentication token
171 InitialContextToken authenticationToken =
172                   new InitialContextToken(username,
173                                           password,
174                                           encodedTargetName);
175                // ASN.1-encode it, as defined in RFC 2743
176 byte[] encodedAuthenticationToken =
177                   CSIv2Util.encodeInitialContextToken(authenticationToken,
178                                                       codec);
179
180                // create EstablishContext message with the encoded token
181 EstablishContext message =
182                   new EstablishContext(0, // stateless ctx id
183 noAuthorizationToken,
184                                        absentIdentityToken,
185                                        encodedAuthenticationToken);
186
187                // create SAS context with the EstablishContext message
188 SASContextBody contextBody = new SASContextBody();
189                contextBody.establish_msg(message);
190
191                // stuff the SAS context into the outgoing request
192 Any JavaDoc any = ORB.init().create_any();
193                SASContextBodyHelper.insert(any, contextBody);
194                ServiceContext JavaDoc sc =
195                   new ServiceContext JavaDoc(sasContextId, codec.encode_value(any));
196                ri.add_request_service_context(sc,
197                                               true /*replace existing context*/);
198             }
199          }
200       }
201       catch (java.io.UnsupportedEncodingException JavaDoc e)
202       {
203          throw new MARSHAL JavaDoc("Unexpected exception: " + e);
204       }
205       catch (org.omg.IOP.CodecPackage.InvalidTypeForEncoding JavaDoc e)
206       {
207          throw new MARSHAL JavaDoc("Unexpected exception: " + e);
208       }
209    }
210
211    public void send_poll(ClientRequestInfo JavaDoc ri)
212    {
213       // do nothing
214 }
215
216    public void receive_reply(ClientRequestInfo JavaDoc ri)
217    {
218       try
219       {
220          ServiceContext JavaDoc sc = ri.get_reply_service_context(sasContextId);
221          Any JavaDoc msg = codec.decode_value(sc.context_data,
222             SASContextBodyHelper.type());
223          SASContextBody contextBody = SASContextBodyHelper.extract(msg);
224
225          // At this point contextBody should contain a
226 // CompleteEstablishContext message, which does not require any
227 // treatment. ContextError messages should arrive via
228 // receive_exception().
229
230          if (traceEnabled)
231             log.trace("receive_reply: got SAS reply, type " +
232                       contextBody.discriminator());
233
234          if (contextBody.discriminator() == MTContextError.value)
235          {
236             // should not happen
237 log.warn("Unexpected ContextError in SAS reply");
238             throw new NO_PERMISSION JavaDoc("Unexpected ContextError in SAS reply",
239                MinorCodes.SAS_CSS_FAILURE,
240                CompletionStatus.COMPLETED_YES);
241          }
242       }
243       catch (BAD_PARAM JavaDoc e)
244       {
245          // no service context with sasContextId: do nothing
246 }
247       catch (FormatMismatch JavaDoc e)
248       {
249          throw new MARSHAL JavaDoc("Could not parse SAS reply: " + e,
250             0,
251             CompletionStatus.COMPLETED_YES);
252       }
253       catch (TypeMismatch JavaDoc e)
254       {
255          throw new MARSHAL JavaDoc("Could not parse SAS reply: " + e,
256             0,
257             CompletionStatus.COMPLETED_YES);
258       }
259    }
260
261    public void receive_exception(ClientRequestInfo JavaDoc ri)
262    {
263       try
264       {
265          ServiceContext JavaDoc sc = ri.get_reply_service_context(sasContextId);
266          Any JavaDoc msg = codec.decode_value(sc.context_data,
267             SASContextBodyHelper.type());
268          SASContextBody contextBody = SASContextBodyHelper.extract(msg);
269
270          // At this point contextBody may contain a either a
271 // CompleteEstablishContext message or a ContextError message.
272 // Neither message requires any treatment. We decoded the context
273 // body just to check that it contains a well-formed message.
274
275          if (traceEnabled)
276             log.trace("receive_exception: got SAS reply, type " +
277                       contextBody.discriminator());
278       }
279       catch (BAD_PARAM JavaDoc e)
280       {
281          // no service context with sasContextId: do nothing
282 }
283       catch (FormatMismatch JavaDoc e)
284       {
285          throw new MARSHAL JavaDoc("Could not parse SAS reply: " + e,
286             MinorCodes.SAS_CSS_FAILURE,
287             CompletionStatus.COMPLETED_MAYBE);
288       }
289       catch (TypeMismatch JavaDoc e)
290       {
291          throw new MARSHAL JavaDoc("Could not parse SAS reply: " + e,
292             MinorCodes.SAS_CSS_FAILURE,
293             CompletionStatus.COMPLETED_MAYBE);
294       }
295    }
296
297    public void receive_other(ClientRequestInfo JavaDoc ri)
298    {
299       // do nothing
300 }
301
302 }
303
Popular Tags