Java > Open Source Codes > org > objectweb > jonas > security > iiop > Csiv2ServerInterceptor


1 /**
2  * JOnAS: Java(TM) Open Application Server
3  * Copyright (C) 2004 Bull S.A.
4  * Contact: jonas-team@objectweb.org
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, write to the Free Software
18  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
19  * USA
20  *
21  * --------------------------------------------------------------------------
22  * $Id: Csiv2ServerInterceptor.java,v 1.3 2005/04/28 08:43:26 benoitf Exp $
23  * --------------------------------------------------------------------------
24  */
25
26 package org.objectweb.jonas.security.iiop;
27
28 import org.omg.CORBA.Any ;
29 import org.omg.CORBA.BAD_PARAM ;
30 import org.omg.CORBA.NO_PERMISSION ;
31 import org.omg.CSI.CompleteEstablishContext;
32 import org.omg.CSI.EstablishContext;
33 import org.omg.CSI.GSS_NT_ExportedNameHelper;
34 import org.omg.CSI.ITTPrincipalName;
35 import org.omg.CSI.IdentityToken;
36 import org.omg.CSI.MTEstablishContext;
37 import org.omg.CSI.MTMessageInContext;
38 import org.omg.CSI.SASContextBody;
39 import org.omg.CSI.SASContextBodyHelper;
40 import org.omg.GSSUP.InitialContextToken;
41 import org.omg.GSSUP.InitialContextTokenHelper;
42 import org.omg.IOP.Codec ;
43 import org.omg.IOP.SecurityAttributeService;
44 import org.omg.IOP.ServiceContext ;
45 import org.omg.IOP.CodecPackage.FormatMismatch ;
46 import org.omg.IOP.CodecPackage.InvalidTypeForEncoding ;
47 import org.omg.IOP.CodecPackage.TypeMismatch ;
48 import org.omg.PortableInterceptor.ForwardRequest ;
49 import org.omg.PortableInterceptor.ServerRequestInfo ;
50 import org.omg.PortableInterceptor.ServerRequestInterceptor ;
51
52 import org.objectweb.carol.util.csiv2.gss.GSSHelper;
53
54 import org.objectweb.util.monolog.api.BasicLevel;
55 import org.objectweb.util.monolog.api.Logger;
56
57 /**
58  * SAS context interceptor on server side
59  * @see Csiv2 spec : A target security service (TSS) is the security service associated with the ORB that hosts the target object.
60  * @see Common Secure Interoperability V2 Specification (July 23,2001)
61  * @author Florent Benoit
62  */
63 public class Csiv2ServerInterceptor extends org.omg.CORBA.LocalObject implements ServerRequestInterceptor {
64
65     /**
66      * Name
67      */
68     private static final String NAME = "Csiv2ServerInterceptor";
69
70  /**
71      * Codec to use
72      */
73     private Codec codec = null;
74
75     /**
76      * Logger to use
77      */
78     private Logger logger = null;
79
80     /**
81      * Logger details (On catching exception)
82      */
83     private Logger loggerDetails = null;
84
85     /**
86      * Constructor
87      * @param codec used for encoding any objects
88      * @param logger used for logging useful information
89      * @param loggerDetails for all information (useless for most time :)
90      */
91     public Csiv2ServerInterceptor(Codec codec, Logger logger, Logger loggerDetails) {
92         this.codec = codec;
93         this.logger = logger;
94         this.loggerDetails = loggerDetails;
95     }
96
97     /**
98      * Allows an Interceptor to query request information after all the
99      * information, including operation parameters, are available. This
100      * interception point shall execute in the same thread as the target
101      * invocation.
102      * @param ri Information about the current request being intercepted.
103      * @exception ForwardRequest If thrown, indicates to the ORB that a
104      * retry of the request should occur with the new object given in
105      * the exception.
106      */
107     public void receive_request(ServerRequestInfo ri) throws ForwardRequest {
108
109         // Is there a security attribute service context (Csiv2 16.2 protocol message definition)
110 ServiceContext receiveServiceContext = null;
111         try {
112             // Csiv2 16.9.1 / Type defined for security attribute service
113 receiveServiceContext = ri.get_request_service_context(SecurityAttributeService.value);
114             if (logger.isLoggable(BasicLevel.DEBUG)) {
115                 logger.log(BasicLevel.DEBUG, "Got security service context = " + receiveServiceContext);
116             }
117         } catch (BAD_PARAM e) {
118             if (loggerDetails.isLoggable(BasicLevel.DEBUG)) {
119                 loggerDetails.log(BasicLevel.DEBUG, "No security service context found");
120             }
121         }
122
123         // No serviceContext, just return
124 if (receiveServiceContext == null) {
125             return;
126         }
127
128         // Analyze service context
129 SASContextBody receivedSASContextBody = null;
130         Any receiveAny = null;
131         try {
132             receiveAny = codec.decode_value(receiveServiceContext.context_data, SASContextBodyHelper.type());
133         } catch (FormatMismatch fm) {
134             logger.log(BasicLevel.ERROR, "Format mismatch while decoding value :" + fm.getMessage());
135             return;
136         } catch (TypeMismatch tm) {
137             logger.log(BasicLevel.ERROR, "Type mismatch while decoding value :" + tm.getMessage());
138             return;
139         }
140         receivedSASContextBody = SASContextBodyHelper.extract(receiveAny);
141         if (receivedSASContextBody == null) {
142             logger.log(BasicLevel.ERROR, "Received Sascontext body is null");
143             return;
144         }
145         short discriminator = receivedSASContextBody.discriminator();
146
147         if (discriminator == MTEstablishContext.value) {
148             // Analyze the establish context message
149 EstablishContext receivedEstablishContext = receivedSASContextBody.establish_msg();
150
151             // client authentication token
152 byte[] clientAuthenticationToken = receivedEstablishContext.client_authentication_token;
153             // identity token
154 IdentityToken identityToken = receivedEstablishContext.identity_token;
155
156             // client authentication token case
157 if (clientAuthenticationToken != null && clientAuthenticationToken.length != 0) {
158                 Any pAny = null;
159                 try {
160                     pAny = codec.decode_value(GSSHelper.decodeToken(receivedEstablishContext.client_authentication_token), InitialContextTokenHelper.type());
161                 } catch (FormatMismatch fm) {
162                     logger.log(BasicLevel.ERROR, "Format mismatch while decoding value :" + fm.getMessage());
163                     return;
164                 } catch (TypeMismatch tm) {
165                     logger.log(BasicLevel.ERROR, "Type mismatch while decoding value :" + tm.getMessage());
166                     return;
167                 }
168                 InitialContextToken initialContextToken = InitialContextTokenHelper.extract(pAny);
169                 String userName = new String (initialContextToken.username);
170                 String password = new String (initialContextToken.password);
171                 if (logger.isLoggable(BasicLevel.DEBUG)) {
172                     logger.log(BasicLevel.DEBUG, "Received InitialContextToken, login = '" + userName + "' and password = '" + password + "'.");
173                 }
174                 SecurityContextHelper.getInstance().loginAuthenticationToken(userName, password);
175
176             } else if (identityToken != null) { // identity token case
177 try {
178                     // Principal name case
179 if (identityToken.discriminator() == ITTPrincipalName.value) {
180                         Any a = codec.decode_value(receivedEstablishContext.identity_token.principal_name(), GSS_NT_ExportedNameHelper.type());
181                         byte[] encodedName = GSS_NT_ExportedNameHelper.extract(a);
182
183                         // Decode the principal name
184 String principalName = GSSHelper.decodeExported(encodedName);
185                         if (logger.isLoggable(BasicLevel.DEBUG)) {
186                             logger.log(BasicLevel.DEBUG, "Received identityToken, principalName = " + principalName);
187                         }
188                         SecurityContextHelper.getInstance().loginIdentiyToken(principalName);
189                     }
190                 } catch (Exception e) {
191                     logger.log(BasicLevel.ERROR, "Error = " + e.getMessage());
192                     return;
193                 }
194             }
195
196         } else if (discriminator == MTMessageInContext.value) { // not handle
197 throw new NO_PERMISSION ();
198         }
199
200         // Make CompleteEstablish context message
201 /**
202          * CompleteEstablishContext Message Format [23] <br>
203          * A CompleteEstablishContext message is sent by a TSS in response to an
204          * EstablishContext message to indicate that the context was
205          * established. The CompleteEstablishContext message contains the
206          * following fields:
207          * <ul>
208          * <li>client_context_id The CSS allocated identifier for the security
209          * attribute context. It is returned by the target so that a stateful
210          * CSS can link this message to the EstablishContext request. A TSS
211          * shall always return the value of the client_context_id it received in
212          * the EstablishContext message.</li>
213          * <li>context_stateful The value returned by the TSS to indicate
214          * whether or not the established context is stateful, and thus
215          * reusable. A stateless TSS shall always return false. A stateful TSS
216          * shall return true if the established context is reusable. Otherwise a
217          * stateful TSS shall return false.</li>
218          * <li>final_context_token The GSS mechanism-specific final context
219          * token that is returned by a TSS if the client requests mutual
220          * authentication. When a TSS accepts an EstablishContext message
221          * containing an initial context token that requires mutual
222          * authentication, the TSS shall return a mechanism-specific final
223          * context token. Not all GSS mechanisms support mutual authentication,
224          * and thus not all responses to initial context tokens may include
225          * final (or output) context tokens.5 When a CompleteEstablishContext
226          * message contains a final_context_token, the token shall be applied
227          * (with GSS_Init_sec_context) to the client-side GSS state machine
228          * </li>
229          * </ul>
230          */
231         CompleteEstablishContext completeEstablishContext = new CompleteEstablishContext(Csiv2Const.STATELESS_CONTEXT_ID, Csiv2Const.STATEFUL_MODE, Csiv2Const.EMPTY_BYTES);
232
233
234         /**
235          * And then, this message should be added. see 16.2.1 The Security
236          * Attribute Service Context Element [10] This specification defines a
237          * new GIOP service context element type, the security attribute service
238          * (SAS) element. <br>
239          * [11] The SAS context element may be used to associate any or all of
240          * the following contexts with GIOP request and reply messages: "
241          * Identity context, to be accepted based on trust " Authorization
242          * context, including authorization-based delegation context " Client
243          * authentication context <br>
244          * [12] A new context_id has been defined for the SAS element. const
245          * ServiceId SecurityAttributeService = 15
246          */
247         Any pAny = null;
248         try {
249             pAny = ORBHelper.getOrb().create_any();
250         } catch (Csiv2InterceptorException csie) {
251             logger.log(BasicLevel.ERROR, "Cannot get orb for any = " + csie.getMessage());
252             return;
253         }
254
255         // Generate contextData of service context with EstablishContext
256 SASContextBody sasContextBody = new SASContextBody();
257         sasContextBody.complete_msg(completeEstablishContext);
258         SASContextBodyHelper.insert(pAny, sasContextBody);
259         byte[] contextData = null;
260
261         try {
262             contextData = codec.encode_value(pAny);
263         } catch (InvalidTypeForEncoding itfe) {
264             logger.log(BasicLevel.ERROR, "Cannot encode a given any corba object : " + itfe.getMessage());
265             return;
266         }
267
268         // build service context and add it
269 ServiceContext serviceContext = new ServiceContext (SecurityAttributeService.value, contextData);
270         ri.add_reply_service_context(serviceContext, Csiv2Const.REPLACE_SECURITY_ATTRIBUTE_SERVICE);
271
272
273     }
274
275     /**
276      * Allows the interceptor to process service context information.
277      * @param ri Information about the current request being intercepted.
278      * @exception ForwardRequest If thrown, indicates to the ORB that a
279      * retry of the request should occur with the new object given in
280      * the exception.
281      */
282     public void receive_request_service_contexts(ServerRequestInfo ri) throws ForwardRequest {
283         // TODO Auto-generated method stub
284
285     }
286
287     /**
288      * Allows an Interceptor to query the exception information and modify
289      * the reply service context before the exception is thrown to the client.
290      * When an exception occurs, this interception point is called. This
291      * interception point shall execute in the same thread as the target
292      * invocation.
293      * @param ri Information about the current request being intercepted.
294      * @exception ForwardRequest If thrown, indicates to the ORB that a
295      * retry of the request should occur with the new object given in
296      * the exception.
297      */
298     public void send_exception(ServerRequestInfo ri) throws ForwardRequest {
299         // TODO Auto-generated method stub
300
301     }
302
303     /**
304      * Allows an Interceptor to query the information available when a
305      * request results in something other than a normal reply or an
306      * exception.
307      * @param ri Information about the current request being intercepted.
308      * @exception ForwardRequest If thrown, indicates to the ORB that a
309      * retry of the request should occur with the new object given in
310      * the exception.
311      */
312     public void send_other(ServerRequestInfo ri) throws ForwardRequest {
313         // TODO Auto-generated method stub
314
315     }
316
317     /**
318      * Allows an Interceptor to query reply information and modify the
319      * reply service context after the target operation has been invoked
320      * and before the reply is returned to the client. This interception
321      * point shall execute in the same thread as the target invocation.
322      * @param ri Information about the current request being intercepted.
323      */
324     public void send_reply(ServerRequestInfo ri) {
325
326     }
327
328     /**
329      * Provides an opportunity to destroy this interceptor.
330      */
331     public void destroy() {
332
333     }
334
335     /**
336      * Returns the name of the interceptor.
337      * @return the name of the interceptor.
338      */
339     public String name() {
340         return NAME;
341     }
342 }
343

A to Z: JavaDoc & Examples

---

Daily Java News & Articles

---

Open Source Projects

---

Open Source Codes

---

Free Computer Books

---

Remove Frame

---

Popular Tags