directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pamarce...@apache.org
Subject svn commit: r1092704 - in /directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api: LdapNetworkConnection.java SaslRequest.java
Date Fri, 15 Apr 2011 13:45:15 GMT
Author: pamarcelot
Date: Fri Apr 15 13:45:15 2011
New Revision: 1092704

URL: http://svn.apache.org/viewvc?rev=1092704&view=rev
Log:
Redo for commit '1071709' which was lost after an errorneous merge at commit '1072787' 

Initial commit log was:
Fix for DIRAPI-42 (Add additional classes and clean method arguments for SASL binds (CRAM-MD5,
DIGEST-MD5, GSS-API)).
Added support for specifying:
o krb5.conf file path
o a Configuration class for LoginModule

Modified:
    directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
    directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/SaslRequest.java

Modified: directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java?rev=1092704&r1=1092703&r2=1092704&view=diff
==============================================================================
--- directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
(original)
+++ directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
Fri Apr 15 13:45:15 2011
@@ -28,6 +28,7 @@ import java.net.SocketAddress;
 import java.security.PrivilegedExceptionAction;
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
@@ -1389,30 +1390,52 @@ public class LdapNetworkConnection exten
     public BindFuture bindAsync( GssApiRequest request )
         throws LdapException, IOException
     {
-        System.clearProperty( "java.security.krb5.conf" );
-        String krbConfPath = createKrbConfFile( request.getRealmName(), request.getKdcHost(),
request.getKdcPort() );
-        System.setProperty( "java.security.krb5.conf", krbConfPath );
+        // Krb5.conf file
+        if ( request.getKrb5ConfFilePath() != null )
+        {
+            // Using the krb5.conf file provided by the user
+            System.setProperty( "java.security.krb5.conf", request.getKrb5ConfFilePath()
);
+        }
+        else if ( ( request.getRealmName() != null ) && ( request.getKdcHost() !=
null )
+                        && ( request.getKdcPort() != 0 ) )
+        {
+            // Using a custom krb5.conf we create from the settings provided by the user
+            String krb5ConfPath = createKrb5ConfFile( request.getRealmName(), request.getKdcHost(),
request.getKdcPort() );
+            System.setProperty( "java.security.krb5.conf", krb5ConfPath );
+        }
+        else
+        {
+            // Using the system Kerberos configuration
+            System.clearProperty( "java.security.krb5.conf" );
+        }
 
-        Configuration.setConfiguration( new Krb5LoginConfiguration() );
-        System.setProperty( "javax.security.auth.useSubjectCredsOnly", "true" );
+        // Login Module configuration
+        if ( request.getLoginModuleConfiguration() != null )
+        {
+            // Using the configuration provided by the user
+            Configuration.setConfiguration( request.getLoginModuleConfiguration() );
+        }
+        else
+        {
+            // Using the default configuration
+            Configuration.setConfiguration( new Krb5LoginConfiguration() );
+        }
 
         try
         {
             System.setProperty( "javax.security.auth.useSubjectCredsOnly", "true" );
             LoginContext loginContext = new LoginContext( "ldapnetworkconnection",
-                        new SaslCallbackHandler( request ) );
+                                    new SaslCallbackHandler( request ) );
             loginContext.login();
 
             final GssApiRequest requetFinal = request;
-
-            return ( BindFuture ) Subject.doAs( loginContext.getSubject(),
-                        new PrivilegedExceptionAction<Object>()
+            return ( BindFuture ) Subject.doAs( loginContext.getSubject(), new PrivilegedExceptionAction<Object>()
+                {
+                    public Object run() throws Exception
                     {
-                        public Object run() throws Exception
-                        {
-                            return bindSasl( requetFinal );
-                        }
-                    } );
+                        return bindSasl( requetFinal );
+                    }
+                } );
         }
         catch ( Exception e )
         {
@@ -3633,6 +3656,28 @@ public class LdapNetworkConnection exten
             byte[] response = null;
             ResultCodeEnum result = null;
 
+            // Creating a map for SASL properties
+            Map<String, Object> properties = new HashMap<String, Object>();
+
+            // Quality of Protection SASL property
+            if ( saslRequest.getQualityOfProtection() != null )
+            {
+
+                properties.put( Sasl.QOP, saslRequest.getQualityOfProtection().getValue()
);
+            }
+
+            // Security Strength SASL property
+            if ( saslRequest.getSecurityStrength() != null )
+            {
+                properties.put( Sasl.STRENGTH, saslRequest.getSecurityStrength().getValue()
);
+            }
+
+            // Mutual Authentication SASL property
+            if ( saslRequest.isMutualAuthentication() )
+            {
+                properties.put( Sasl.SERVER_AUTH, "true" );
+            }
+
             // Creating a SASL Client
             SaslClient sc = Sasl.createSaslClient(
                 new String[]
@@ -3640,7 +3685,7 @@ public class LdapNetworkConnection exten
                 saslRequest.getAuthorizationId(),
                 "ldap",
                 config.getLdapHost(),
-                null,
+                properties,
                 new SaslCallbackHandler( saslRequest ) );
 
             // If the SaslClient wasn't created, that means we can't create the SASL client
@@ -3791,7 +3836,7 @@ public class LdapNetworkConnection exten
      *
      * @return the full path of the config file
      */
-    private String createKrbConfFile( String realmName, String kdcHost, int kdcPort ) throws
IOException
+    private String createKrb5ConfFile( String realmName, String kdcHost, int kdcPort ) throws
IOException
     {
         StringBuilder sb = new StringBuilder();
 
@@ -3819,10 +3864,10 @@ public class LdapNetworkConnection exten
         fw.write( sb.toString() );
         fw.close();
 
-        String krbConfPath = krb5Conf.getAbsolutePath();
+        String krb5ConfPath = krb5Conf.getAbsolutePath();
 
-        LOG.debug( "krb config file created at {}", krbConfPath );
+        LOG.debug( "krb 5 config file created at {}", krb5ConfPath );
 
-        return krbConfPath;
+        return krb5ConfPath;
     }
 }

Modified: directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/SaslRequest.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/SaslRequest.java?rev=1092704&r1=1092703&r2=1092704&view=diff
==============================================================================
--- directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/SaslRequest.java
(original)
+++ directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/SaslRequest.java
Fri Apr 15 13:45:15 2011
@@ -25,6 +25,8 @@ import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
 
+import org.apache.directory.shared.ldap.model.constants.SaslQoP;
+import org.apache.directory.shared.ldap.model.constants.SaslSecurityStrength;
 import org.apache.directory.shared.ldap.model.message.Control;
 import org.apache.directory.shared.util.StringConstants;
 import org.apache.directory.shared.util.Strings;
@@ -35,8 +37,7 @@ import org.apache.directory.shared.util.
  *  
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  */
-// TODO make this class abstract
-public class SaslRequest
+public abstract class SaslRequest
 {
     /** The mechanism used to decode user identity */
     protected String saslMechanism;
@@ -56,6 +57,15 @@ public class SaslRequest
     /** The authorization ID of the entity */
     protected String authorizationId;
 
+    /** The quality of protection */
+    protected SaslQoP qualityOfProtection;
+
+    /** The security strength */
+    protected SaslSecurityStrength securityStrength;
+
+    /** Require mutual authentication */
+    protected boolean mutualAuthentication = false;
+
 
     /**
      * Creates a new instance of SaslRequest.
@@ -132,6 +142,17 @@ public class SaslRequest
 
 
     /**
+     * Gets the quality of protection.
+     *
+     * @return the quality of protection
+     */
+    public SaslQoP getQualityOfProtection()
+    {
+        return qualityOfProtection;
+    }
+
+
+    /**
      * Gets realm name.
      *
      * @return the realm name
@@ -154,6 +175,17 @@ public class SaslRequest
 
 
     /**
+     * Gets the security strength.
+     *
+     * @return the security strength
+     */
+    public SaslSecurityStrength getSecurityStrength()
+    {
+        return securityStrength;
+    }
+
+
+    /**
      * Gets the username.
      *
      * @return the username
@@ -165,6 +197,17 @@ public class SaslRequest
 
 
     /**
+     * Indicates if mutual authentication is required.
+     *
+     * @return the flag indicating if mutual authentication is required
+     */
+    public boolean isMutualAuthentication()
+    {
+        return mutualAuthentication;
+    }
+
+
+    /**
      * Sets the Authorization ID
      *
      * @param authorizationId The authorization ID
@@ -198,6 +241,28 @@ public class SaslRequest
 
 
     /**
+     * Sets the flag indicating if mutual authentication is required.
+     *
+     * @param mutualAuthentication the flag indicating if mutual authentication is required
+     */
+    public void setMutualAuthentication( boolean mutualAuthentication )
+    {
+        this.mutualAuthentication = mutualAuthentication;
+    }
+
+
+    /**
+     * Sets the quality of protection.
+     *
+     * @param qualityOfProtection the quality of protection
+     */
+    public void setQualityOfProtection( SaslQoP qualityOfProtection )
+    {
+        this.qualityOfProtection = qualityOfProtection;
+    }
+
+
+    /**
      * Sets the realm name.
      * 
      * @param realmName The realm name
@@ -220,6 +285,17 @@ public class SaslRequest
 
 
     /**
+     * Sets the security strength.
+     *
+     * @param securityStrength the security strength
+     */
+    public void setSecurityStrength( SaslSecurityStrength securityStrength )
+    {
+        this.securityStrength = securityStrength;
+    }
+
+
+    /**
      * Sets the username.
      *
      * @param username the username



Mime
View raw message