Package com.sun.enterprise.common.iiop.security

Examples of com.sun.enterprise.common.iiop.security.SecurityContext


    public SecurityContext selectSecurityContext(IOR ior)
        throws InvalidIdentityTokenException,
            InvalidMechanismException, SecurityMechanismException
    {
        SecurityContext context = null;  
  ConnectionContext cc = new ConnectionContext();
        //print CSIv2 mechanism definition in IOR
        if (traceIORs()) {
            _logger.info("\nCSIv2 Mechanism List:" +
                    getSecurityMechanismString(ctc,ior));
View Full Code Here


                        boolean clientAuthOccurred,
                        CompoundSecMech mechanism)
        throws InvalidMechanismException, InvalidIdentityTokenException,
                            SecurityMechanismException {

        SecurityContext ctx = null;
        if(!sslUsed) {
      ctx = propagateIdentity(false, ci, mechanism);
  } else {
      ctx = propagateIdentity(clientAuthOccurred, ci, mechanism);
  }
View Full Code Here

    private SecurityContext sendUsernameAndPassword(ComponentInvocation ci,
                boolean sslUsed,
                boolean clientAuthOccurred,
                                                    CompoundSecMech mechanism)
                throws SecurityMechanismException {
        SecurityContext ctx = null;
        if(mechanism == null) {
            return null;
        }
        AS_ContextSec asContext = mechanism.as_context_mech;
        if( isSet(asContext.target_requires, EstablishTrustInClient.value)
View Full Code Here

    private SecurityContext propagateIdentity(boolean clientAuth,
                                              ComponentInvocation ci,
                                              CompoundSecMech mechanism)
        throws InvalidIdentityTokenException, InvalidMechanismException, SecurityMechanismException {
           
        SecurityContext ctx = null;
        if(mechanism == null) {
            return null;
        }
        AS_ContextSec asContext = mechanism.as_context_mech;
        SAS_ContextSec sasContext = mechanism.sas_context_mech;
View Full Code Here

                    s = getSubjectFromSecurityCurrent();
                    // TODO check if username/password is available
                    // if not throw exception
                }
            }
            SecurityContext ctx = new SecurityContext();
            final Subject sub = s;
            ctx.subject = s;
            // determining if run-as has been used
            Set<PasswordCredential> privateCredSet =
                AccessController.doPrivileged(new PrivilegedAction<Set>() {
View Full Code Here

            throws SecurityMechanismException {
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "Getting PRINCIPAL/DN from TLS");
        }

        SecurityContext ctx = new SecurityContext();
        final SecurityContext sCtx = ctx;
  // get stuff from the SecurityContext class
        com.sun.enterprise.security.SecurityContext scontext =
            com.sun.enterprise.security.SecurityContext.getCurrent();
        if ((scontext == null) ||
             scontext.didServerGenerateCredentials()){ 
View Full Code Here

     * Called by the target to interpret client credentials after validation.
     */
    public SecurityContext evaluateTrust(SecurityContext ctx, byte[] object_id, Socket socket)
        throws SecurityMechanismException
    {
        SecurityContext ssc = null;

        // ssl_used is true if SSL was used.       
        boolean ssl_used        = false ;

        // X509 Certificicate chain is non null if client has authenticated at
        // the SSL level.

        X509Certificate[] certChain = null ;

        // First gather all the information and then check the
        // conformance of the client to the security policies.
        // If the test for client conformance passes, then set the
        // security context.
        if ((socket != null) && (socket instanceof SSLSocket)) {
            ssl_used = true; // SSL was used
            // checkif there is a transport principal
            SSLSocket sslSock = (SSLSocket) socket;
            SSLSession sslSession = sslSock.getSession();
            try {
                certChain = (X509Certificate[]) sslSession.getPeerCertificates();
            } catch (Exception e) {
                if (_logger.isLoggable(Level.FINE)) {
                    _logger.log(Level.FINE, "iiop.cannot_get_peercert", e);
                }
            }
        }
       

        // For a local invocation - we don't need to check the security
        // policies. The following condition guarantees the call is local
        // and thus bypassing policy checks.
       
        // XXX: Workaround for non-null connection object ri for local invocation.
        // if (socket == null && ctx == null)
        Long ClientID = ConnectionExecutionContext.readClientThreadID();
        if (ClientID != null && ClientID == Thread.currentThread().getId() && ctx == null)
            return null;

        if ( evaluate_client_conformance(ctx, object_id, ssl_used, certChain)
                                                                     == false) {
            String msg = "Trust evaluation failed because ";
            msg = msg + "client does not conform to configured security policies";
            throw new SecurityMechanismException(msg);
        }           

        if ( ctx == null ) {
            if ( socket == null || !ssl_used || certChain == null )  {
                // Transport info is null and security context is null.
                // No need to set the anonymous credential here,
                // it will get set if any security operations
                // (e.g. getCallerPrincipal) are done.
                // Note: if the target object is not an EJB,
                // no security ctx is needed.
                return null;
            else {
                // Set the transport principal in subject and
                // return the X500Name class
                ssc = new SecurityContext();
                X500Name x500Name = (X500Name) certChain[0].getSubjectDN();
                ssc.subject = new Subject();
                ssc.subject.getPublicCredentials().add(x500Name);
                ssc.identcls = X500Name.class;
                ssc.authcls = null;
View Full Code Here

     * by the CSIv2 interceptor.
     */
    public SecurityContext getSecurityContext(
            org.omg.CORBA.Object effective_target)
            throws InvalidMechanismException, InvalidIdentityTokenException {
        SecurityContext context = null;
        assert(orbHelper != null);
        IOR ior =  ((com.sun.corba.ee.spi.orb.ORB)orbHelper.getORB()).getIOR(effective_target, false);
        if (StubAdapter.isStub(effective_target)) {
            if (StubAdapter.isLocal(effective_target)) {
                // XXX: Workaround for non-null connection object ri for local invocation.
View Full Code Here

        try {
            // First check if the client sent the credentials
            // as required by the object's CSIv2 policy.
            // evaluateTrust will throw an exception if client did not
            // conform to security policy.
            SecurityContext ssc = sms.evaluateTrust(context, object_id, socket);

            Class cls = null;
            Subject s = null;
            if (ssc == null) {
                return STATUS_PASSED;
View Full Code Here

        java.lang.Object  cred = null ; // A single JAAS credential

  if(_logger.isLoggable(Level.FINE))
                _logger.log(Level.FINE,"++++ Entered " + prname + "send_request" + "()");
        SecurityContext secctxt = null;       // SecurityContext to be sent
  ORB orb = orbHelper.getORB();
  org.omg.CORBA.Object effective_target = ri.effective_target();
  try{
      secctxt = secContextUtil.getSecurityContext(effective_target);
  }catch(InvalidMechanismException ime){
               _logger.log(Level.SEVERE,"iiop.sec_context_exception",ime);
      throw new RuntimeException(ime.getMessage());
  }catch(InvalidIdentityTokenException iite){
                _logger.log(Level.SEVERE,"iiop.runtime_exception",iite);
      throw new RuntimeException(iite.getMessage());
  }

        /**
         * In an unprotected invocation, there is nothing to be sent to
         * the service context field. Check for this case.
         */
        if (secctxt == null) {
            if(_logger.isLoggable(Level.FINE)){
                _logger.log(Level.FINE,"Security context is null (nothing to add to service context)");
            }
            return;
  }

  final SecurityContext sCtx = secctxt;
        /* Construct an authentication token */
        if (secctxt.authcls != null) {
            cred = AccessController.doPrivileged(new PrivilegedAction() {
                public java.lang.Object run() {
                    return getCred(sCtx.subject.getPrivateCredentials(sCtx.authcls), sCtx.authcls);
View Full Code Here

TOP

Related Classes of com.sun.enterprise.common.iiop.security.SecurityContext

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.