IorSecurityConfigMetaData


1   /*
2   * JBoss, Home of Professional Open Source
3   * Copyright 2005, JBoss Inc., and individual contributors as indicated
4   * by the @authors tag. See the copyright.txt in the distribution for a
5   * full listing of individual contributors.
6   *
7   * This is free software; you can redistribute it and/or modify it
8   * under the terms of the GNU Lesser General Public License as
9   * published by the Free Software Foundation; either version 2.1 of
10  * the License, or (at your option) any later version.
11  *
12  * This software is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15  * Lesser General Public License for more details.
16  *
17  * You should have received a copy of the GNU Lesser General Public
18  * License along with this software; if not, write to the Free
19  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21  */
22  package org.jboss.metadata;
23  
24  import java.io.Serializable  ;
25  
26  import org.jboss.deployment.DeploymentException;
27  import org.w3c.dom.Element  ;
28  
29  /**
30   * Describes the security configuration information for the IOR.
31   *
32   * @author <a HREF="mailto:alex@jboss.org">Alexey Loubyansky</a>
33   * @author <a HREF="mailto:dimitris@jboss.org">Dimitris Andreadis</a>
34   * @version <tt>$Revision: 58231 $</tt>
35   */
36  public class IorSecurityConfigMetaData
37     implements Serializable  
38  {
39     /** @since 1.7 */
40     private static final long serialVersionUID = -3341898910508715334L;
41  
42     /**
43      * The root element for security between the end points.
44      * Optional element.
45      */
46     private TransportConfig transportConfig;
47  
48     /**
49      * as-context (CSIv2 authentication service) is the element describing the authentication
50      * mechanism that will be used to authenticate the client. If specified it will be the
51      * username-password mechanism.
52      * Optional element.
53      */
54     private AsContext asContext;
55  
56     /**
57      * sas-context (related to CSIv2 security attribute service) element describes the sas-context fields.
58      */
59     private SasContext sasContext;
60  
61     /** Create a default security configuration.
62      * TransportConfig[integrity=supported, confidentiality=supported,
63      * establish-trust-in-target=supported,establish-trust-in-client=supported,
64      * detect-misordering=supported, detect-replay=supported]
65      * AsContext[auth-method=USERNAME_PASSWORD, realm=default, required=false]
66      * SasContext[caller-propagation=NONE]
67      */
68     public IorSecurityConfigMetaData()
69     {
70        transportConfig = new TransportConfig();
71        asContext = new AsContext();
72        sasContext = new SasContext();
73     }
74  
75     /**
76      * @param element ior-security-config element.
77      */
78     public IorSecurityConfigMetaData(Element   element) throws DeploymentException
79     {
80        Element   child = MetaData.getOptionalChild(element, "transport-config");
81        if(child != null)
82        {
83           transportConfig = new TransportConfig(child);
84        }
85  
86        child = MetaData.getOptionalChild(element, "as-context");
87        if(child != null)
88        {
89           asContext = new AsContext(child);
90        }
91  
92        child = MetaData.getOptionalChild(element, "sas-context");
93        if(child != null)
94        {
95           sasContext = new SasContext(child);
96        }
97     }
98  
99     public TransportConfig getTransportConfig()
100    {
101       return transportConfig;
102    }
103    public void setTransportConfig(TransportConfig config)
104    {
105       this.transportConfig = config;
106    }
107 
108    public AsContext getAsContext()
109    {
110       return asContext;
111    }
112    public void setAsContext(AsContext context)
113    {
114       this.asContext = context;
115    }
116 
117    public SasContext getSasContext()
118    {
119       return sasContext;
120    }
121    public void setSasContext(SasContext context)
122    {
123       this.sasContext = context;
124    }
125 
126    public String   toString()
127    {
128       return
129          "[transport-config=" + transportConfig +
130          ", as-context=" + asContext +
131          ", sas-context=" + sasContext + "]";
132    }
133 
134    // Inner
135 
136    /**
137     * The root element for security between the end points
138     */
139    public static class TransportConfig
140    {
141       public static final String   INTEGRITY_NONE = "NONE";
142       public static final String   INTEGRITY_SUPPORTED = "SUPPORTED";
143       public static final String   INTEGRITY_REQUIRED = "REQUIRED";
144 
145       public static final String   CONFIDENTIALITY_NONE = "NONE";
146       public static final String   CONFIDENTIALITY_SUPPORTED = "SUPPORTED";
147       public static final String   CONFIDENTIALITY_REQUIRED = "REQUIRED";
148 
149       public static final String   DETECT_MISORDERING_NONE = "NONE";
150       public static final String   DETECT_MISORDERING_SUPPORTED = "SUPPORTED";
151       public static final String   DETECT_MISORDERING_REQUIRED = "REQUIRED";
152 
153       public static final String   DETECT_REPLAY_NONE = "NONE";
154       public static final String   DETECT_REPLAY_SUPPORTED = "SUPPORTED";
155       public static final String   DETECT_REPLAY_REQUIRED = "REQUIRED";
156 
157       public static final String   ESTABLISH_TRUST_IN_TARGET_NONE = "NONE";
158       public static final String   ESTABLISH_TRUST_IN_TARGET_SUPPORTED = "SUPPORTED";
159 
160       public static final String   ESTABLISH_TRUST_IN_CLIENT_NONE = "NONE";
161       public static final String   ESTABLISH_TRUST_IN_CLIENT_SUPPORTED = "SUPPORTED";
162       public static final String   ESTABLISH_TRUST_IN_CLIENT_REQUIRED = "REQUIRED";
163 
164       /**
165        * integrity element indicates if the server (target) supports integrity protected messages.
166        * The valid values are NONE, SUPPORTED or REQUIRED.
167        * Required element.
168        */
169       private String   integrity;
170 
171       /**
172        * confidentiality element indicates if the server (target) supports privacy protected
173        * messages. The values are NONE, SUPPORTED or REQUIRED.
174        * Required element.
175        */
176       private String   confidentiality;
177 
178       /**
179        * detect-misordering indicates if the server (target) supports detection
180        * of message sequence errors. The values are NONE, SUPPORTED or REQUIRED.
181        * Optional element.
182        */
183       private String   detectMisordering;
184 
185       /**
186        * detect-replay indicates if the server (target) supports detection
187        * of message replay attempts. The values are NONE, SUPPORTED or REQUIRED.
188        * Optional element.
189        */
190       private String   detectReplay;
191 
192       /**
193        * establish-trust-in-target element indicates if the target is capable of authenticating to a client.
194        * The values are NONE or SUPPORTED.
195        * Required element.
196        */
197       private String   establishTrustInTarget;
198 
199       /**
200        * establish-trust-in-client element indicates if the target is capable of authenticating a client. The
201        * values are NONE, SUPPORTED or REQUIRED.
202        * Required element.
203        */
204       private String   establishTrustInClient;
205 
206       public TransportConfig()
207       {
208          integrity = INTEGRITY_SUPPORTED;
209          confidentiality = CONFIDENTIALITY_SUPPORTED;
210          establishTrustInTarget = ESTABLISH_TRUST_IN_TARGET_SUPPORTED;
211          establishTrustInClient = ESTABLISH_TRUST_IN_CLIENT_SUPPORTED;
212          this.detectMisordering = DETECT_MISORDERING_SUPPORTED;
213          this.detectReplay = DETECT_REPLAY_SUPPORTED;
214       }
215 
216       /**
217        * @param element  transport-config element.
218        */
219       private TransportConfig(Element   element) throws DeploymentException
220       {
221          String   value = MetaData.getUniqueChildContent(element, "integrity");
222          setIntegrity(value);
223 
224          value = MetaData.getUniqueChildContent(element, "confidentiality");
225          setConfidentiality(value);
226 
227          value = MetaData.getUniqueChildContent(element, "establish-trust-in-target");
228          setEstablishTrustInTarget(value);
229 
230          value = MetaData.getUniqueChildContent(element, "establish-trust-in-client");
231          setEstablishTrustInClient(value);
232 
233          value = MetaData.getOptionalChildContent(element, "detect-misordering");
234          setDetectMisordering(value);
235 
236          value = MetaData.getOptionalChildContent(element, "detect-replay");
237          setDetectReplay(value);
238       }
239 
240       public void setDetectReplay(String   value)
241       {
242          if( DETECT_REPLAY_NONE.equalsIgnoreCase(value) )
243          {
244             this.detectReplay = DETECT_REPLAY_NONE;
245          }
246          else if( DETECT_REPLAY_REQUIRED.equalsIgnoreCase(value) )
247          {
248             this.detectReplay = DETECT_REPLAY_REQUIRED;
249          }
250          else if( DETECT_REPLAY_SUPPORTED.equalsIgnoreCase(value) )
251          {
252             this.detectReplay = DETECT_REPLAY_SUPPORTED;
253          }
254          else
255          {
256             this.detectReplay = DETECT_REPLAY_NONE;
257          }
258       }
259 
260       public void setDetectMisordering(String   value)
261       {
262          if( DETECT_MISORDERING_NONE.equalsIgnoreCase(value) )
263          {
264             this.detectMisordering = DETECT_MISORDERING_NONE;
265          }
266          else if( DETECT_MISORDERING_REQUIRED.equalsIgnoreCase(value) )
267          {
268             this.detectMisordering = DETECT_MISORDERING_REQUIRED;
269          }
270          else if( DETECT_MISORDERING_SUPPORTED.equalsIgnoreCase(value) )
271          {
272             this.detectMisordering = DETECT_MISORDERING_SUPPORTED;
273          }
274          else
275          {
276             this.detectMisordering = DETECT_MISORDERING_NONE;
277          }
278       }
279 
280       public void setEstablishTrustInClient(String   value)
281       {
282          if(ESTABLISH_TRUST_IN_CLIENT_NONE.equalsIgnoreCase(value))
283          {
284             establishTrustInClient = ESTABLISH_TRUST_IN_CLIENT_NONE;
285          }
286          else if(ESTABLISH_TRUST_IN_CLIENT_SUPPORTED.equalsIgnoreCase(value))
287          {
288             establishTrustInClient = ESTABLISH_TRUST_IN_CLIENT_SUPPORTED;
289          }
290          else if(ESTABLISH_TRUST_IN_CLIENT_REQUIRED.equalsIgnoreCase(value))
291          {
292             establishTrustInClient = ESTABLISH_TRUST_IN_CLIENT_REQUIRED;
293          }
294          else
295          {
296             throw new IllegalStateException  ("Allowed values for establish-trust-in-client are " +
297                ESTABLISH_TRUST_IN_CLIENT_NONE + ", " + ESTABLISH_TRUST_IN_CLIENT_SUPPORTED + " and " +
298                ESTABLISH_TRUST_IN_CLIENT_REQUIRED + " but got " + value);
299          }
300       }
301 
302       public void setEstablishTrustInTarget(String   value)
303       {
304          if(ESTABLISH_TRUST_IN_TARGET_NONE.equalsIgnoreCase(value))
305          {
306             establishTrustInTarget = ESTABLISH_TRUST_IN_TARGET_NONE;
307          }
308          else if(ESTABLISH_TRUST_IN_TARGET_SUPPORTED.equalsIgnoreCase(value))
309          {
310             establishTrustInTarget = ESTABLISH_TRUST_IN_TARGET_SUPPORTED;
311          }
312          else
313          {
314             throw new IllegalStateException  ("Allowed values for establish-trust-in-target are " +
315                ESTABLISH_TRUST_IN_TARGET_NONE + " and " + ESTABLISH_TRUST_IN_TARGET_SUPPORTED +
316                " but got " + value);
317          }
318       }
319 
320       public void setConfidentiality(String   value)
321       {
322          if(CONFIDENTIALITY_NONE.equalsIgnoreCase(value))
323          {
324             confidentiality = CONFIDENTIALITY_NONE;
325          }
326          else if(CONFIDENTIALITY_SUPPORTED.equalsIgnoreCase(value))
327          {
328             confidentiality = CONFIDENTIALITY_SUPPORTED;
329          }
330          else if(CONFIDENTIALITY_REQUIRED.equalsIgnoreCase(value))
331          {
332             confidentiality = CONFIDENTIALITY_REQUIRED;
333          }
334          else
335          {
336             throw new IllegalStateException  ("Allowed values for confidentiality are " +
337                CONFIDENTIALITY_NONE + ", " + CONFIDENTIALITY_SUPPORTED + " and " + CONFIDENTIALITY_REQUIRED +
338                " but got " + value);
339          }
340       }
341 
342       public void setIntegrity(String   value)
343       {
344          if(INTEGRITY_NONE.equalsIgnoreCase(value))
345          {
346             integrity = INTEGRITY_NONE;
347          }
348          else if(INTEGRITY_SUPPORTED.equalsIgnoreCase(value))
349          {
350             integrity = INTEGRITY_SUPPORTED;
351          }
352          else if(INTEGRITY_REQUIRED.equalsIgnoreCase(value))
353          {
354             integrity = INTEGRITY_REQUIRED;
355          }
356          else
357          {
358             throw new IllegalStateException  ("Allowed values for integrity element are " +
359                INTEGRITY_NONE + ", " + INTEGRITY_REQUIRED + " and " + INTEGRITY_SUPPORTED +
360                " but got " + value);
361          }
362       }
363 
364       public String   getIntegrity()
365       {
366          return integrity;
367       }
368 
369       public String   getConfidentiality()
370       {
371          return confidentiality;
372       }
373       public String   getDetectMisordering()
374       {
375          return detectMisordering;
376       }
377 
378       public String   getDetectReplay()
379       {
380          return detectReplay;
381       }
382 
383       public String   getEstablishTrustInTarget()
384       {
385          return establishTrustInTarget;
386       }
387 
388       public boolean isEstablishTrustInTargetSupported()
389       {
390          return ESTABLISH_TRUST_IN_TARGET_SUPPORTED.equalsIgnoreCase(establishTrustInTarget);
391       }
392 
393       public String   getEstablishTrustInClient()
394       {
395          return establishTrustInClient;
396       }
397 
398       public String   toString()
399       {
400          return
401             "[integrity=" + integrity +
402             ", confidentiality=" + confidentiality +
403             ", establish-trust-in-target=" + establishTrustInTarget +
404             ", establish-trust-in-client=" + establishTrustInClient + 
405             ", detect-misordering=" + detectMisordering +
406             ", detect-replay=" + detectReplay + "]";
407       }
408    }
409 
410    /**
411     * as-context (CSIv2 authentication service) is the element describing the authentication
412     * mechanism that will be used to authenticate the client. It can be either
413     * the username-password mechanism, or none (default).
414     */
415    public static class AsContext
416    {
417       public static final String   AUTH_METHOD_USERNAME_PASSWORD = "USERNAME_PASSWORD";
418       public static final String   AUTH_METHOD_NONE = "NONE";
419 
420       /**
421        * auth-method element describes the authentication method. The only supported values
422        * are USERNAME_PASSWORD and NONE.
423        * Required element.
424        */
425       private String   authMethod;
426 
427       /**
428        * realm element describes the realm in which the user is authenticated. Must be
429        * a valid realm that is registered in server configuration.
430        * Required element.
431        */
432       private String   realm;
433 
434       /**
435        * required element specifies if the authentication method specified is required
436        * to be used for client authentication. If so the EstablishTrustInClient bit
437        * will be set in the target_requires field of the AS_Context. The element value
438        * is either true or false.
439        * Required element.
440        */
441       private boolean required;
442 
443       public AsContext()
444       {
445          authMethod = AUTH_METHOD_USERNAME_PASSWORD;
446          realm = "default";
447          required = false;
448       }
449 
450       private AsContext(Element   element) throws DeploymentException
451       {
452          String   value = MetaData.getUniqueChildContent(element, "auth-method");
453          setAuthMethod(value);
454 
455          realm = MetaData.getUniqueChildContent(element, "realm");
456          if(realm == null || realm.trim().length() == 0)
457          {
458             throw new DeploymentException("realm is not set for ior-security-config/as-context.");
459          }
460 
461          value = MetaData.getUniqueChildContent(element, "required");
462          if("true".equalsIgnoreCase(value))
463          {
464             required = true;
465          }
466          else if("false".equalsIgnoreCase(value))
467          {
468             required = false;
469          }
470          else
471          {
472             throw new DeploymentException("Allowed values for required in ior-security-config/as-context are " +
473                "true and false but got " + value);
474          }
475       }
476 
477       public void setAuthMethod(String   value)
478       {
479          if(AUTH_METHOD_USERNAME_PASSWORD.equalsIgnoreCase(value))
480          {
481             authMethod = AUTH_METHOD_USERNAME_PASSWORD;
482          }
483          else if (AUTH_METHOD_NONE.equalsIgnoreCase(value))
484          {
485             authMethod = AUTH_METHOD_NONE;
486          }
487          else
488          {
489             throw new IllegalStateException  ("The only allowed values for auth-method are "
490             + AUTH_METHOD_USERNAME_PASSWORD + ", " + AUTH_METHOD_NONE +
491                " but got " + value);
492          }
493       }
494 
495       public String   getAuthMethod()
496       {
497          return authMethod;
498       }
499 
500       public String   getRealm()
501       {
502          return realm;
503       }
504 
505       public boolean isRequired()
506       {
507          return required;
508       }
509 
510       public void setRealm(String   realm)
511       {
512          this.realm = realm;
513       }
514 
515       public void setRequired(boolean required)
516       {
517          this.required = required;
518       }
519 
520       public String   toString()
521       {
522          return
523             "[auth-method=" + authMethod +
524             ", realm=" + realm +
525             ", required=" + required + "]";
526       }
527    }
528 
529    /**
530     * sas-context (related to CSIv2 security attribute service) element describes
531     * the sas-context fields.
532     */
533    public static class SasContext
534    {
535       public static final String   CALLER_PROPAGATION_NONE = "NONE";
536       public static final String   CALLER_PROPAGATION_SUPPORTED = "SUPPORTED";
537 
538       /**
539        * caller-propagation element indicates if the target will accept propagated caller identities
540        * The values are NONE or SUPPORTED.
541        * Required element.
542        */
543       private String   callerPropagation;
544 
545       public SasContext()
546       {
547          callerPropagation = CALLER_PROPAGATION_NONE;
548       }
549 
550       private SasContext(Element   element) throws DeploymentException
551       {
552          String   value = MetaData.getUniqueChildContent(element, "caller-propagation");
553          setCallerPropagation(value);
554       }
555 
556       public void setCallerPropagation(String   value)
557       {
558          if(CALLER_PROPAGATION_NONE.equalsIgnoreCase(value))
559          {
560             callerPropagation = CALLER_PROPAGATION_NONE;
561          }
562          else if(CALLER_PROPAGATION_SUPPORTED.equalsIgnoreCase(value))
563          {
564             callerPropagation = CALLER_PROPAGATION_SUPPORTED;
565          }
566          else
567          {
568             throw new IllegalStateException  ("Allowed values for caller-propagation are " +
569                CALLER_PROPAGATION_NONE + " and " + CALLER_PROPAGATION_SUPPORTED + " but got " + value);
570          }
571       }
572 
573       public String   getCallerPropagation()
574       {
575          return callerPropagation;
576       }
577 
578       public boolean isCallerPropagationSupported()
579       {
580          return CALLER_PROPAGATION_SUPPORTED.equalsIgnoreCase(callerPropagation);
581       }
582 
583       public String   toString()
584       {
585          return "[caller-propagation=" + callerPropagation + "]";
586       }
587    }
588 }
589
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags