Examples of com.sun.enterprise.common.iiop.security.SecurityContext

Package com.sun.enterprise.common.iiop.security

Examples of com.sun.enterprise.common.iiop.security.SecurityContext

com.sun.enterprise.common.iiop.security.SecurityContext
A subject is used a container for passing the security context information in the service context field. The security context information in the subject must be stored either as a private or a public credential according to the following convention: PasswordCredential: Client authentication will be performed using the username and password in the PasswordCredential. PasswordCredential must be passed as a PrivateCredential. X500Name: DN name specified in X500Name will be asserted. X500Name must be passed as a PublicCredential. GSSUPName: Identity specified in GSSUPName will be asserted. GSSUPName must be passed as a PublicCredential. X509CertificateCredential: The certificate chain in the credential will be asserted. The credential must be passed as a PublicCredential. AnonCredential: Anonymous identity will be asserted. Credential must be passed as a PublicCredential. Class fields in the SecurityContext are used for credential selection. There are two class fields: authcls and identcls. authcls is a Class object that identifies the credential for client authentication. identcls is a Class object that identifies the credential for identity assertion. The following semantics must be observed: 1. A client authentication token is always passed as a private credential. authcls set to the class of the authentication token 2. An identity token is always passed as a public credential. identcls is set to the class of the identity token. 3. authcls is set to null if there is no client auth token 4. identcls is set to null if there is no ident token 5. There must not be more than one instance of class identified by authcls or identcls. However, there can be one instance of identcls *and* authcls (this allows both a client auth token and an identity token to be passed across the interface).

    _logger.log(Level.FINE,"Constructing a PasswordCredential from client authentication token");
        /* create a GSSUPToken from the authentication token */
        GSSUPToken tok  = GSSUPToken.getServerSideInstance(orb, codec, authtok);


        final PasswordCredential pwdcred = tok.getPwdcred();
        final SecurityContext fsc = sc;
      if(_logger.isLoggable(Level.FINE)) {
    _logger.log(Level.FINE,"Password credential = " + pwdcred.toString());
    _logger.log(Level.FINE,"Adding PasswordCredential to subject's PrivateCredentials");
  }
        java.security.AccessController.doPrivileged(new java.security.PrivilegedAction() {

View Full Code Here

    }
     
    public void receive_request(ServerRequestInfo ri) 
         throws ForwardRequest  
    {
        SecurityContext seccontext = null;   // SecurityContext to be sent
        ServiceContext  sc = null;           // service context
        int status = 0;
        boolean  raise_no_perm = false;


        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "++++ Entered " + prname + "receive_request");
        }
        
       // secsvc  = Csiv2Manager.getSecurityService();
        ORB orb = orbHelper.getORB();


        try {
            sc = ri.get_request_service_context(SECURITY_ATTRIBUTE_SERVICE_ID);
            if (sc == null) {
                handle_null_service_context(ri, orb);
                return;
            }
        } catch (org.omg.CORBA.BAD_PARAM e) {
            handle_null_service_context(ri, orb);
            return;
        }


        if(_logger.isLoggable(Level.FINE)){
    _logger.log(Level.FINE,"Received a non null SAS context element");
        }
        /* Decode the service context field */
        Any SasAny;
        try {        
            SasAny = codec.decode_value(sc.context_data, SASContextBodyHelper.type());
        } catch (Exception e) {
        _logger.log(Level.SEVERE,"iiop.decode_exception",e);
            throw new SecurityException(
                localStrings.getLocalString("secserverreqinterceptor.err_cdr_decode",
                                            "CDR Decoding error for SAS context element."));
        }


        if(_logger.isLoggable(Level.FINE)){
    _logger.log(Level.FINE,"Successfully decoded CDR encoded SAS context element.");
        }
        SASContextBody sasctxbody = SASContextBodyHelper.extract(SasAny);


        short sasdiscr = sasctxbody.discriminator();
        if(_logger.isLoggable(Level.FINE)){
    _logger.log(Level.FINE,"SAS context element is a/an " + SvcContextUtils.getMsgname(sasdiscr)+ " message");
        }
        /* Check message type received */


        /**
         *  CSIV2 SPEC NOTE:
         *
         *  Section 4.3 "TSS State Machine" , table 4-4 "TSS State Table" 
         *  shows that a MessageInContext can be received. In this case
         *  the table is somewhat unclear. But in this case a ContextError
         *  with the status code "No Context" ( specified in  
         *  section 4.5 "ContextError Values and Exceptions" must be sent back.
         *  A NO_PERMISSION exception must also be raised.
         *
         *  ISSUE: should setSecurityContext(null) be called ?
         */


        if (sasdiscr == MTMessageInContext.value) {
             sasctxbody = createContextError(SvcContextUtils.MessageInContextMinor);
             sc = createSvcContext(sasctxbody, orb);
        if(_logger.isLoggable(Level.FINE)){
    _logger.log(Level.FINE,"Adding ContextError message to service context list");
    _logger.log(Level.FINE,"SecurityContext set to null");
        }
             ri.add_reply_service_context(sc, NO_REPLACE);
             // no need to set the security context
//              secsvc.setSecurityContext(null, ri.object_id(), ri.operation());


             throw new NO_PERMISSION();
        }


        /**
         * CSIV2 SPEC NOTE:
         * 
         * CSIV2 spec does not specify the actions for any message other than
         * a MessageInContext and EstablishContext message.So for such messages,
         * this implementation simply drops the message on the floor. No
         * other message is sent back. Neither is an exception raised.
         * 
         * ISSUE: Should there be some other action ?
         */


        if (sasdiscr != MTEstablishContext.value) {
            _logger.log(Level.SEVERE,"iiop.not_establishcontext_msg");
            throw new SecurityException(
                localStrings.getLocalString("secserverreqinterceptor.err_not_ec_msg",
                                            "Received message not an EstablishContext message."));
        }
 
        EstablishContext ec = sasctxbody.establish_msg();


        seccontext = new SecurityContext();
        seccontext.subject = new Subject();
        
        try {
            if (ec.client_authentication_token.length != 0) {
                if(_logger.isLoggable(Level.FINE)){

View Full Code Here

0 1 2 3 4

TOP

Related Classes of com.sun.enterprise.common.iiop.security.SecurityContext

com.sun.enterprise.iiop.security.SecClientRequestInterceptor

com.sun.enterprise.iiop.security.SecServerRequestInterceptor

com.sun.enterprise.iiop.security.SecurityContextUtil

com.sun.enterprise.iiop.security.SecurityMechanismSelector

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.