directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pamarce...@apache.org
Subject svn commit: r1072035 - /directory/studio/branches/m1/plugins/connection.core/src/main/java/org/apache/directory/studio/connection/core/io/api/DirectoryApiConnectionWrapper.java
Date Fri, 18 Feb 2011 16:05:19 GMT
Author: pamarcelot
Date: Fri Feb 18 16:05:19 2011
New Revision: 1072035

URL: http://svn.apache.org/viewvc?rev=1072035&view=rev
Log:
Fix for DIRAPI-42 (Add additional classes and clean method arguments for SASL binds (CRAM-MD5,
DIGEST-MD5, GSS-API)).
Added support for the 'PREFERENCE_USE_KRB5_SYSTEM_PROPERTIES' pref property when connecting
via GSSAPI.

Modified:
    directory/studio/branches/m1/plugins/connection.core/src/main/java/org/apache/directory/studio/connection/core/io/api/DirectoryApiConnectionWrapper.java

Modified: directory/studio/branches/m1/plugins/connection.core/src/main/java/org/apache/directory/studio/connection/core/io/api/DirectoryApiConnectionWrapper.java
URL: http://svn.apache.org/viewvc/directory/studio/branches/m1/plugins/connection.core/src/main/java/org/apache/directory/studio/connection/core/io/api/DirectoryApiConnectionWrapper.java?rev=1072035&r1=1072034&r2=1072035&view=diff
==============================================================================
--- directory/studio/branches/m1/plugins/connection.core/src/main/java/org/apache/directory/studio/connection/core/io/api/DirectoryApiConnectionWrapper.java
(original)
+++ directory/studio/branches/m1/plugins/connection.core/src/main/java/org/apache/directory/studio/connection/core/io/api/DirectoryApiConnectionWrapper.java
Fri Feb 18 16:05:19 2011
@@ -23,6 +23,7 @@ package org.apache.directory.studio.conn
 import java.security.KeyStore;
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.HashMap;
 import java.util.List;
 
 import javax.naming.ContextNotEmptyException;
@@ -35,6 +36,9 @@ import javax.naming.ldap.Control;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.TrustManagerFactory;
 import javax.net.ssl.X509TrustManager;
+import javax.security.auth.login.AppConfigurationEntry;
+import javax.security.auth.login.Configuration;
+import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;
 
 import org.apache.directory.ldap.client.api.CramMd5Request;
 import org.apache.directory.ldap.client.api.DigestMd5Request;
@@ -57,6 +61,7 @@ import org.apache.directory.studio.conne
 import org.apache.directory.studio.connection.core.ConnectionCorePlugin;
 import org.apache.directory.studio.connection.core.ConnectionParameter;
 import org.apache.directory.studio.connection.core.ConnectionParameter.EncryptionMethod;
+import org.apache.directory.studio.connection.core.ConnectionCoreConstants;
 import org.apache.directory.studio.connection.core.IAuthHandler;
 import org.apache.directory.studio.connection.core.ICredentials;
 import org.apache.directory.studio.connection.core.IJndiLogger;
@@ -66,6 +71,7 @@ import org.apache.directory.studio.conne
 import org.apache.directory.studio.connection.core.io.StudioTrustManager;
 import org.apache.directory.studio.connection.core.io.jndi.CancelException;
 import org.apache.directory.studio.connection.core.io.jndi.ReferralsInfo;
+import org.eclipse.core.runtime.Preferences;
 import org.eclipse.osgi.util.NLS;
 
 
@@ -322,8 +328,10 @@ public class DirectoryApiConnectionWrapp
                             cramMd5Request.setUsername( bindPrincipal );
                             cramMd5Request.setCredentials( bindPassword );
                             cramMd5Request.setQualityOfProtection( connection.getConnectionParameter().getSaslQop()
);
-                            cramMd5Request.setSecurityStrength( connection.getConnectionParameter().getSaslSecurityStrength()
);
-                            cramMd5Request.setMutualAuthentication( connection.getConnectionParameter().isSaslMutualAuthentication()
);
+                            cramMd5Request.setSecurityStrength( connection.getConnectionParameter()
+                                .getSaslSecurityStrength() );
+                            cramMd5Request.setMutualAuthentication( connection.getConnectionParameter()
+                                .isSaslMutualAuthentication() );
 
                             bindResponse = ldapConnection.bind( cramMd5Request );
                         }
@@ -335,8 +343,10 @@ public class DirectoryApiConnectionWrapp
                             digestMd5Request.setCredentials( bindPassword );
                             digestMd5Request.setRealmName( connection.getConnectionParameter().getSaslRealm()
);
                             digestMd5Request.setQualityOfProtection( connection.getConnectionParameter().getSaslQop()
);
-                            digestMd5Request.setSecurityStrength( connection.getConnectionParameter().getSaslSecurityStrength()
);
-                            digestMd5Request.setMutualAuthentication( connection.getConnectionParameter().isSaslMutualAuthentication()
);
+                            digestMd5Request.setSecurityStrength( connection.getConnectionParameter()
+                                .getSaslSecurityStrength() );
+                            digestMd5Request.setMutualAuthentication( connection.getConnectionParameter()
+                                .isSaslMutualAuthentication() );
 
                             bindResponse = ldapConnection.bind( digestMd5Request );
                         }
@@ -344,16 +354,29 @@ public class DirectoryApiConnectionWrapp
                         else if ( connection.getConnectionParameter().getAuthMethod() ==
ConnectionParameter.AuthenticationMethod.SASL_GSSAPI )
                         {
                             GssApiRequest gssApiRequest = new GssApiRequest();
-                            gssApiRequest.setUsername( bindPrincipal );
-                            gssApiRequest.setCredentials( bindPassword );
-                            gssApiRequest.setQualityOfProtection( connection.getConnectionParameter().getSaslQop()
);
-                            gssApiRequest.setSecurityStrength( connection.getConnectionParameter().getSaslSecurityStrength()
);
-                            gssApiRequest.setMutualAuthentication( connection.getConnectionParameter().isSaslMutualAuthentication()
);
-                            
-                            switch ( connection.getConnectionParameter().getKrb5Configuration()
)
+
+                            Preferences preferences = ConnectionCorePlugin.getDefault().getPluginPreferences();
+                            boolean useKrb5SystemProperties = preferences
+                                .getBoolean( ConnectionCoreConstants.PREFERENCE_USE_KRB5_SYSTEM_PROPERTIES
);
+                            String krb5LoginModule = preferences
+                                .getString( ConnectionCoreConstants.PREFERENCE_KRB5_LOGIN_MODULE
);
+
+                            if ( !useKrb5SystemProperties )
                             {
-                                case FILE:
-                                    gssApiRequest.setKrb5ConfFilePath( connection.getConnectionParameter().getKrb5ConfigurationFile()
);
+                                gssApiRequest.setUsername( bindPrincipal );
+                                gssApiRequest.setCredentials( bindPassword );
+                                gssApiRequest.setQualityOfProtection( connection.getConnectionParameter().getSaslQop()
);
+                                gssApiRequest.setSecurityStrength( connection.getConnectionParameter()
+                                    .getSaslSecurityStrength() );
+                                gssApiRequest.setMutualAuthentication( connection.getConnectionParameter()
+                                    .isSaslMutualAuthentication() );
+                                gssApiRequest.setLoginModuleConfiguration( new InnerConfiguration(
krb5LoginModule ) );
+
+                                switch ( connection.getConnectionParameter().getKrb5Configuration()
)
+                                {
+                                    case FILE:
+                                    gssApiRequest.setKrb5ConfFilePath( connection.getConnectionParameter()
+                                        .getKrb5ConfigurationFile() );
                                     break;
                                 case MANUAL:
                                     gssApiRequest.setRealmName( connection.getConnectionParameter().getKrb5Realm()
);
@@ -361,13 +384,14 @@ public class DirectoryApiConnectionWrapp
                                     gssApiRequest.setKdcPort( connection.getConnectionParameter().getKrb5KdcPort()
);
                                     break;
                             }
-
-                            bindResponse = ldapConnection.bind( gssApiRequest );
                         }
 
-                        checkResponse( bindResponse );
+                        bindResponse = ldapConnection.bind( gssApiRequest );
                     }
-                    catch ( Exception e )
+
+                    checkResponse( bindResponse );
+                }
+                catch ( Exception e )
                     {
                         exception = e;
                     }
@@ -1089,6 +1113,49 @@ public class DirectoryApiConnectionWrapp
         }
     }
 
+    private final class InnerConfiguration extends Configuration
+    {
+        private String krb5LoginModule;
+        private AppConfigurationEntry[] configList = null;
+
+
+        public InnerConfiguration( String krb5LoginModule )
+        {
+            this.krb5LoginModule = krb5LoginModule;
+        }
+
+
+        public AppConfigurationEntry[] getAppConfigurationEntry( String applicationName )
+        {
+            if ( configList == null )
+            {
+                HashMap<String, Object> options = new HashMap<String, Object>();
+
+                // TODO: this only works for Sun JVM
+                options.put( "refreshKrb5Config", "true" );
+                switch ( connection.getConnectionParameter().getKrb5CredentialConfiguration()
)
+                {
+                    case USE_NATIVE:
+                        options.put( "useTicketCache", "true" );
+                        options.put( "doNotPrompt", "true" );
+                        break;
+                    case OBTAIN_TGT:
+                        options.put( "doNotPrompt", "false" );
+                        break;
+                }
+
+                configList = new AppConfigurationEntry[1];
+                configList[0] = new AppConfigurationEntry( krb5LoginModule, LoginModuleControlFlag.REQUIRED,
options );
+            }
+            return configList;
+        }
+
+
+        public void refresh()
+        {
+        }
+    }
+
 
     private List<IJndiLogger> getJndiLoggers()
     {



Mime
View raw message