KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > jboss > test > security > interceptors > SRPCacheInterceptor


1 /*
2   * JBoss, Home of Professional Open Source
3   * Copyright 2005, JBoss Inc., and individual contributors as indicated
4   * by the @authors tag. See the copyright.txt in the distribution for a
5   * full listing of individual contributors.
6   *
7   * This is free software; you can redistribute it and/or modify it
8   * under the terms of the GNU Lesser General Public License as
9   * published by the Free Software Foundation; either version 2.1 of
10   * the License, or (at your option) any later version.
11   *
12   * This software is distributed in the hope that it will be useful,
13   * but WITHOUT ANY WARRANTY; without even the implied warranty of
14   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15   * Lesser General Public License for more details.
16   *
17   * You should have received a copy of the GNU Lesser General Public
18   * License along with this software; if not, write to the Free
19   * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20   * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21   */
22 package org.jboss.test.security.interceptors;
23
24 import java.security.Principal JavaDoc;
25 import java.util.Arrays JavaDoc;
26 import javax.naming.InitialContext JavaDoc;
27 import javax.management.MBeanInfo JavaDoc;
28
29 import org.jboss.mx.interceptor.AbstractInterceptor;
30 import org.jboss.mx.server.MBeanInvoker;
31 import org.jboss.mx.server.Invocation;
32 import org.jboss.logging.Logger;
33 import org.jboss.security.srp.SRPSessionKey;
34 import org.jboss.security.srp.SRPServerSession;
35 import org.jboss.security.srp.jaas.SRPPrincipal;
36 import org.jboss.util.CachePolicy;
37
38 /** An interceptor that validates that the calling context has a valid SRP session
39  *
40  * @author Scott.Stark@jboss.org
41  * @version $Revision: 37406 $
42  */
43 public class SRPCacheInterceptor
44    extends AbstractInterceptor
45 {
46    private static Logger log = Logger.getLogger(SRPCacheInterceptor.class);
47    private String JavaDoc cacheJndiName;
48
49    public SRPCacheInterceptor()
50    {
51       super("SRPCacheInterceptor");
52    }
53
54    public void setAuthenticationCacheJndiName(String JavaDoc cacheJndiName)
55    {
56       this.cacheJndiName = cacheJndiName;
57    }
58
59    // Interceptor overrides -----------------------------------------
60 public Object JavaDoc invoke(Invocation invocation) throws Throwable JavaDoc
61    {
62       String JavaDoc opName = invocation.getName();
63       log.info("invoke, opName=" + opName);
64       if( opName == null || opName.equals("testSession") == false )
65       {
66          Object JavaDoc value = invocation.nextInterceptor().invoke(invocation);
67          return value;
68       }
69
70       Object JavaDoc[] args = invocation.getArgs();
71       Principal JavaDoc userPrincipal = (Principal JavaDoc) args[0];
72       String JavaDoc username = userPrincipal.getName();
73       byte[] clientChallenge = (byte[]) args[1];
74
75       try
76       {
77          InitialContext JavaDoc iniCtx = new InitialContext JavaDoc();
78          CachePolicy cache = (CachePolicy) iniCtx.lookup(cacheJndiName);
79          SRPSessionKey key;
80          if (userPrincipal instanceof SRPPrincipal)
81          {
82             SRPPrincipal srpPrincpal = (SRPPrincipal) userPrincipal;
83             key = new SRPSessionKey(username, srpPrincpal.getSessionID());
84          }
85          else
86          {
87             key = new SRPSessionKey(username);
88          }
89          Object JavaDoc cacheCredential = cache.get(key);
90          if (cacheCredential == null)
91          {
92             throw new SecurityException JavaDoc("No SRP session found for: " + key);
93          }
94          log.debug("Found SRP cache credential: " + cacheCredential);
95          /** The cache object should be the SRPServerSession object used in the
96           authentication of the client.
97           */
98          if (cacheCredential instanceof SRPServerSession)
99          {
100             SRPServerSession session = (SRPServerSession) cacheCredential;
101             byte[] challenge = session.getClientResponse();
102             boolean isValid = Arrays.equals(challenge, clientChallenge);
103             if ( isValid == false )
104                throw new SecurityException JavaDoc("Failed to validate SRP session key for: " + key);
105          }
106          else
107          {
108             throw new SecurityException JavaDoc("Unknown type of cache credential: " + cacheCredential.getClass());
109          }
110          log.debug("Validated SRP cache credential for: "+key);
111       }
112       catch (Exception JavaDoc e)
113       {
114          log.error("Invocation failed", e);
115          throw e;
116       }
117
118       Object JavaDoc value = invocation.nextInterceptor().invoke(invocation);
119       return value;
120    }
121 }
122
Popular Tags