geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a..@apache.org
Subject svn commit: r329036 [4/7] - in /geronimo/trunk/sandbox/freeorb: ./ geronimo-orb/ geronimo-orb/src/ geronimo-orb/src/main/ geronimo-orb/src/main/java/ geronimo-orb/src/main/java/org/ geronimo-orb/src/main/java/org/apache/ geronimo-orb/src/main/java/org/...
Date Fri, 28 Oct 2005 02:00:22 GMT
Added: geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/channel/nio/SyncNIOTransport.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/channel/nio/SyncNIOTransport.java?rev=329036&view=auto
==============================================================================
--- geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/channel/nio/SyncNIOTransport.java (added)
+++ geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/channel/nio/SyncNIOTransport.java Thu Oct 27 19:00:06 2005
@@ -0,0 +1,181 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation or its licensors, as applicable.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.corba.channel.nio;
+
+import java.io.IOException;
+import java.nio.channels.SocketChannel;
+
+import org.apache.geronimo.corba.channel.InputChannel;
+import org.apache.geronimo.corba.channel.InputHandler;
+import org.apache.geronimo.corba.channel.OutputChannel;
+import org.apache.geronimo.corba.channel.RingByteBuffer;
+import org.apache.geronimo.corba.channel.Transport;
+
+
+public class SyncNIOTransport extends Transport {
+
+    private final SyncNIOTransportManager manager;
+
+    private final SocketChannel chan;
+
+    private final InputHandler handler;
+
+    private ParticipationExecutor executor;
+
+    private RingByteBuffer receiveBuffer;
+
+    private RingByteBuffer sendBuffer;
+
+    static final int RCV_BUFFER_SIZE = getIntProperty(
+            "org.freeorb.rcv_buffer_size", 64 * 1024);
+
+    static final int SND_BUFFER_SIZE = getIntProperty(
+            "org.freeorb.snd_buffer_size", 64 * 1024);
+
+    private static int getIntProperty(String string, int defaultValue) {
+        try {
+            return Integer.parseInt(System.getProperty(string, ""));
+        }
+        catch (NumberFormatException ex) {
+            return defaultValue;
+        }
+    }
+
+    public SyncNIOTransport(SyncNIOTransportManager manager,
+                            final SocketChannel chan, InputHandler handler)
+    {
+        this.manager = manager;
+        this.chan = chan;
+        this.handler = handler;
+
+        this.executor = new ParticipationExecutor(manager.getExecutor());
+
+        receiveBuffer = new RingByteBuffer(RCV_BUFFER_SIZE, true) {
+
+            public String getName() {
+                return "receive buffer for " + chan.toString();
+            }
+
+            protected void bufferFullHook(String how) {
+                // do nothing //
+            }
+
+            protected void bufferEmptyHook(String how) throws IOException {
+                if (!isClosedForPut()) {
+                    fillReceiveBuffer();
+                }
+            }
+
+            protected void readEOFHook() {
+                // the client just read the EOF marker //
+            }
+
+            protected void relinquishInput() {
+                releaseInputChannel();
+            }
+
+            protected void relinquishOutput() {
+                throw new InternalError();
+            }
+
+
+        };
+
+        sendBuffer = new RingByteBuffer("send" + chan.socket(), SND_BUFFER_SIZE) {
+
+            protected void bufferFullHook(String how) throws IOException {
+                if (!chan.socket().isOutputShutdown()) {
+                    flushSendBuffer();
+                }
+            }
+
+            protected void bufferEmptyHook(String how) {
+                // what do we care? //
+            }
+
+            /**
+             * the send buffer was closed(), and we have send everything
+             */
+            protected void readEOFHook() {
+                // do nothing //
+                try {
+                    chan.socket().shutdownOutput();
+                }
+                catch (IOException e) {
+                    e.printStackTrace();
+                }
+            }
+
+        };
+
+
+        try {
+            executor.execute(inputListener);
+        }
+        catch (InterruptedException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    private Runnable inputListener = new Runnable() {
+
+        public void run() {
+
+            while (true) {
+
+                while (receiveBuffer.isEmpty()) {
+                    try {
+                        fillReceiveBuffer();
+                    }
+                    catch (IOException e) {
+                        System.out.println("loop reached EOF");
+                        return;
+                    }
+
+                    if (receiveBuffer.isClosedForPut()) {
+                        System.out.println("END OF INPUT");
+                        return;
+                    }
+                }
+
+                handler.inputAvailable(SyncNIOTransport.this);
+            }
+
+        }
+
+    };
+
+
+    public OutputChannel getOutputChannel() {
+        return sendBuffer.getOutputChannel();
+    }
+
+    public InputChannel getInputChannel() {
+        return receiveBuffer.getInputChannel();
+    }
+
+    public void close() throws IOException {
+        chan.close();
+    }
+
+    public void releaseInputChannel() {
+        // TODO Auto-generated method stub
+
+    }
+
+}

Added: geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/channel/nio/SyncNIOTransportManager.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/channel/nio/SyncNIOTransportManager.java?rev=329036&view=auto
==============================================================================
--- geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/channel/nio/SyncNIOTransportManager.java (added)
+++ geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/channel/nio/SyncNIOTransportManager.java Thu Oct 27 19:00:06 2005
@@ -0,0 +1,73 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation or its licensors, as applicable.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.corba.channel.nio;
+
+import java.io.IOException;
+import java.net.SocketAddress;
+import java.nio.channels.SocketChannel;
+import java.nio.channels.spi.SelectorProvider;
+
+import EDU.oswego.cs.dl.util.concurrent.Executor;
+
+import org.apache.geronimo.corba.channel.InputHandler;
+import org.apache.geronimo.corba.channel.Transport;
+import org.apache.geronimo.corba.channel.TransportManager;
+
+
+public class SyncNIOTransportManager implements TransportManager {
+
+    private final SelectorProvider provider;
+
+    private final Executor executor;
+
+    SyncNIOTransportManager(Executor executor) throws IOException {
+        this(executor, SelectorProvider.provider());
+    }
+
+    SyncNIOTransportManager(Executor executor, SelectorProvider provider)
+            throws IOException
+    {
+        this.executor = executor;
+        this.provider = provider;
+    }
+
+    public Transport createTransport(SocketAddress addr, InputHandler handler) throws IOException {
+        SocketChannel ch = provider.openSocketChannel();
+        ch.configureBlocking(true);
+        ch.connect(addr);
+        SyncNIOTransport t = new SyncNIOTransport(this, ch, handler);
+
+        // executor.execute(inputListener);
+
+        return t;
+    }
+
+    public void start() throws InterruptedException {
+        // TODO Auto-generated method stub
+
+    }
+
+    public void shutdown() throws IOException {
+        // TODO Auto-generated method stub
+
+    }
+
+    public Executor getExecutor() {
+        return executor;
+    }
+
+}

Added: geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/concurrency/IOSemaphoreClosedException.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/concurrency/IOSemaphoreClosedException.java?rev=329036&view=auto
==============================================================================
--- geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/concurrency/IOSemaphoreClosedException.java (added)
+++ geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/concurrency/IOSemaphoreClosedException.java Thu Oct 27 19:00:06 2005
@@ -0,0 +1,37 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.corba.concurrency;
+
+import java.io.IOException;
+
+
+/**
+ * @version $Rev: $ $Date: $
+ */
+public class IOSemaphoreClosedException extends IOException {
+
+    private final int number;
+
+    public IOSemaphoreClosedException(int number) {
+        this.number = number;
+    }
+
+    public int getNumber() {
+        return number;
+    }
+}

Added: geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/AuthenticationInfo.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/AuthenticationInfo.java?rev=329036&view=auto
==============================================================================
--- geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/AuthenticationInfo.java (added)
+++ geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/AuthenticationInfo.java Thu Oct 27 19:00:06 2005
@@ -0,0 +1,49 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation or its licensors, as applicable.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.corba.csi;
+
+import javax.security.auth.Subject;
+import javax.security.auth.x500.X500Principal;
+
+
+public interface AuthenticationInfo {
+
+    void setX500Principal(X500Principal principal);
+
+    X500Principal getX500Principal();
+
+    void setPrincipalName(String name);
+
+    String getPrincipalName();
+
+    void setPassword(String name);
+
+    String getPassword();
+
+    void setRealm(String realm);
+
+    String getRealm();
+
+    void setAnonymous(boolean value);
+
+    boolean isAnonymous();
+
+    void setSubject(Subject subject);
+
+    Subject getSubject();
+
+}

Added: geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/CSIClientRequestInterceptor.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/CSIClientRequestInterceptor.java?rev=329036&view=auto
==============================================================================
--- geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/CSIClientRequestInterceptor.java (added)
+++ geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/CSIClientRequestInterceptor.java Thu Oct 27 19:00:06 2005
@@ -0,0 +1,284 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation or its licensors, as applicable.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.corba.csi;
+
+import org.omg.CORBA.Any;
+import org.omg.CORBA.CompletionStatus;
+import org.omg.CORBA.MARSHAL;
+import org.omg.CORBA.UserException;
+import org.omg.CSI.*;
+import org.omg.CSIIOP.*;
+import org.omg.GSSUP.InitialContextToken;
+import org.omg.IOP.Codec;
+import org.omg.IOP.SecurityAttributeService;
+import org.omg.IOP.ServiceContext;
+import org.omg.IOP.TaggedComponent;
+import org.omg.PortableInterceptor.ClientRequestInfo;
+import org.omg.PortableInterceptor.ForwardRequest;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+
+public class CSIClientRequestInterceptor extends CSIInterceptorBase
+        implements org.omg.PortableInterceptor.ClientRequestInterceptor
+{
+
+    CSIClientRequestInterceptor(Codec codec) {
+        super(codec);
+    }
+
+    private static final Log log = LogFactory
+            .getLog(CSIClientRequestInterceptor.class);
+
+    //
+    // CLIENT REQUEST API
+    //
+
+    public void send_request(ClientRequestInfo ri) throws ForwardRequest {
+        org.omg.CORBA.Object target = ri.effective_target();
+
+        if (target instanceof org.omg.CORBA.portable.ObjectImpl) {
+            boolean isLocal = ((org.omg.CORBA.portable.ObjectImpl) target)
+                    ._is_local();
+
+            // save value of isLocal
+            if (ri.response_expected())
+                CallStatus.pushIsLocal(isLocal);
+
+            // ignore CSI for local calls
+            if (isLocal) {
+                return;
+            }
+        }
+
+        boolean target_supports_gssup = false;
+        boolean target_requires_gssup = false;
+
+        CompoundSecMech mech = null;
+
+        try {
+            TaggedComponent tc = ri
+                    .get_effective_component(TAG_CSI_SEC_MECH_LIST.value);
+
+            byte[] data = tc.component_data;
+
+            Any sl_any = codec.decode_value(data, CompoundSecMechListHelper
+                    .type());
+            CompoundSecMechList sl = CompoundSecMechListHelper.extract(sl_any);
+
+            if (sl.mechanism_list.length == 0) {
+                log.debug("empty sec mech list");
+                return;
+            }
+
+            mech = sl.mechanism_list[0];
+
+        }
+        catch (org.omg.CORBA.BAD_PARAM ex) {
+            log.debug("no security mechanism");
+            return;
+        }
+        catch (UserException e) {
+            MARSHAL me = new MARSHAL("cannot decode local security descriptor",
+                                     0, CompletionStatus.COMPLETED_NO);
+            me.initCause(e);
+            throw me;
+        }
+
+        log.debug("transport_mech tag = " + mech.transport_mech.tag);
+
+        String target_name = null;
+
+        AS_ContextSec as = mech.as_context_mech;
+        if (as != null) {
+            if (java.util.Arrays.equals(GSSUP_OID,
+                                        as.client_authentication_mech))
+            {
+                target_requires_gssup = (as.target_requires & EstablishTrustInClient.value) != 0;
+                target_supports_gssup = (as.target_supports & EstablishTrustInClient.value) != 0;
+
+                target_name = decodeGSSExportedName(as.target_name);
+
+                if (log.isDebugEnabled()) {
+                    log.debug("decoded target name = " + target_name);
+                }
+            }
+        }
+
+        boolean support_gssup_delegation = false;
+        boolean support_x500_delegation = false;
+
+        if (!target_supports_gssup) {
+
+            SAS_ContextSec sas = mech.sas_context_mech;
+            for (int i = 0; i < sas.supported_naming_mechanisms.length; i++) {
+                if (java.util.Arrays.equals(GSSUP_OID,
+                                            sas.supported_naming_mechanisms[i])
+                    && (sas.supported_identity_types & ITTPrincipalName.value) != 0)
+                {
+                    support_gssup_delegation = true;
+                    log.debug("target supports GSSUP identity delegation");
+                    break;
+                }
+            }
+
+            if ((sas.supported_identity_types & ITTDistinguishedName.value) != 0) {
+                support_x500_delegation = true;
+            }
+
+            if (!support_gssup_delegation && !support_x500_delegation) {
+                if (log.isDebugEnabled()) {
+                    log.debug("target supports security, but not GSSUP/X500");
+                }
+
+                return;
+            }
+
+        } else {
+            if (log.isDebugEnabled()) {
+                log.debug("AS SPEC:" + " target_supports="
+                          + target_supports_gssup + " target_requires="
+                          + target_requires_gssup);
+            }
+        }
+
+        AuthenticationInfo authInfo = SecurityContext.getAuthenticationInfo();
+
+        if (authInfo == null) {
+            if (log.isDebugEnabled()) {
+                log.debug("no auth info");
+            }
+            return;
+        }
+
+        String name = authInfo.getPrincipalName();
+        String realm = authInfo.getRealm();
+        String password = authInfo.getPassword();
+
+        SASContextBody sasBody = new SASContextBody();
+
+        EstablishContext establishMsg = new EstablishContext();
+
+        // Indicate stateless CSS
+        establishMsg.client_context_id = 0;
+
+        // Make empty authorization token list
+        establishMsg.authorization_token = EMPTY_AUTH_ELEMENT;
+
+        String scopedUserName = name + "@" + realm;
+
+        if (support_gssup_delegation) {
+
+            establishMsg.client_authentication_token = EMPTY_BARR;
+
+            //
+            // indicate identitytoken as ITTPrincipalName
+            //
+            IdentityToken identityToken = new IdentityToken();
+            identityToken
+                    .principal_name(encapsulateByteArray(encodeGSSExportedName(scopedUserName)));
+            establishMsg.identity_token = identityToken;
+
+            if (log.isDebugEnabled()) {
+                log.debug("send_request, name: \"" + scopedUserName + "\"");
+            }
+
+        } else {
+
+            // Make GSSUP InitialContextToken
+            InitialContextToken gssupToken = new InitialContextToken();
+            gssupToken.username = utf8encode(scopedUserName);
+            gssupToken.target_name = encodeGSSExportedName(realm);
+            gssupToken.password = utf8encode(password);
+
+            establishMsg.client_authentication_token = encodeGSSUPToken(gssupToken);
+
+            // Indicate identity token is ITTAbsent
+            IdentityToken identityToken = new IdentityToken();
+            identityToken.absent(true);
+            establishMsg.identity_token = identityToken;
+
+            if (log.isDebugEnabled()) {
+                log.debug("send_request, name: \"" + scopedUserName
+                          + "\", pw: \"" + password + "\"");
+            }
+        }
+
+        sasBody.establish_msg(establishMsg);
+
+        ri.add_request_service_context(encodeSASContextBody(sasBody), true);
+    }
+
+    public void send_poll(ClientRequestInfo ri) {
+    }
+
+    public void receive_reply(ClientRequestInfo ri) {
+        // ignore tx for local calls
+        if (CallStatus.popIsLocal()) {
+            return;
+        }
+
+        ServiceContext serviceContext;
+        try {
+            serviceContext = ri
+                    .get_reply_service_context(SecurityAttributeService.value);
+        }
+        catch (org.omg.CORBA.BAD_PARAM ex) {
+            serviceContext = null;
+        }
+
+        SASContextBody sasBody = null;
+
+        if (serviceContext != null) {
+            sasBody = decodeSASContextBody(serviceContext);
+
+            switch (sasBody.discriminator()) {
+                case MTEstablishContext.value:
+                case MTMessageInContext.value:
+                    // Unexpected
+                    log.error("Unexpected message of type "
+                              + sasBody.discriminator());
+                    break;
+                case MTCompleteEstablishContext.value:
+                    // Things went well
+                    break;
+                case MTContextError.value:
+                    // Things did not go well
+                    break;
+            }
+        }
+    }
+
+    public void receive_exception(ClientRequestInfo ri) throws ForwardRequest {
+        if (log.isDebugEnabled()) {
+            log.debug("receive_exception");
+        }
+        receive_reply(ri);
+    }
+
+    public void receive_other(ClientRequestInfo ri) throws ForwardRequest {
+        if (log.isDebugEnabled()) {
+            log.debug("receive_other");
+        }
+        receive_reply(ri);
+    }
+
+    public String name() {
+        return "CSI Client Interceptor";
+    }
+
+}

Added: geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/CSIInterceptorBase.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/CSIInterceptorBase.java?rev=329036&view=auto
==============================================================================
--- geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/CSIInterceptorBase.java (added)
+++ geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/CSIInterceptorBase.java Thu Oct 27 19:00:06 2005
@@ -0,0 +1,400 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation or its licensors, as applicable.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.corba.csi;
+
+import org.omg.CORBA.Any;
+import org.omg.CORBA.CompletionStatus;
+import org.omg.CORBA.LocalObject;
+import org.omg.CORBA.MARSHAL;
+import org.omg.CORBA.ORB;
+import org.omg.CORBA.OctetSeqHelper;
+import org.omg.CORBA.UserException;
+import org.omg.CSIIOP.CompoundSecMechList;
+import org.omg.CSIIOP.CompoundSecMechListHelper;
+import org.omg.CSIIOP.CompoundSecMechanismsHelper;
+import org.omg.GSSUP.InitialContextToken;
+import org.omg.GSSUP.InitialContextTokenHelper;
+import org.omg.IOP.Codec;
+import org.omg.IOP.CodecPackage.FormatMismatch;
+import org.omg.IOP.CodecPackage.InvalidTypeForEncoding;
+import org.omg.IOP.CodecPackage.TypeMismatch;
+import org.omg.IOP.SecurityAttributeService;
+import org.omg.IOP.ServiceContext;
+import org.omg.IOP.TaggedComponent;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+
+public abstract class CSIInterceptorBase extends LocalObject {
+
+    private static final Log log = LogFactory.getLog(CSIInterceptorBase.class);
+
+    static final AuthorizationElement[] EMPTY_AUTH_ELEMENT = new AuthorizationElement[0];
+
+    static final byte[] EMPTY_BARR = new byte[0];
+
+    ORB orb;
+
+    final protected Codec codec;
+
+    CSIInterceptorBase(Codec codec) {
+        this.codec = codec;
+    }
+
+    /**
+     * we need to ORB to be able to create the Any's into which we encode
+     * various info
+     */
+    protected final ORB getOrb() {
+        if (orb == null) {
+            orb = ORB.init();
+        }
+
+        return orb;
+    }
+
+    SASContextBody decodeSASContextBody(ServiceContext sasSC) {
+        //
+        // Decode encapsulated SAS context body
+        //
+        /*
+           * org.omg.CORBA.portable.InputStream in =
+           * Porting.open_encapsulated_input_stream( sasSC.context_data, 0,
+           * sasSC.context_data.length, getOrb());
+           *
+           * return SASContextBodyHelper.read(in);
+           */
+        Any any;
+        try {
+            any = codec.decode_value(sasSC.context_data, SASContextBodyHelper
+                    .type());
+        }
+        catch (FormatMismatch ex) {
+            throw new org.omg.CORBA.INTERNAL(ex.getMessage());
+        }
+        catch (TypeMismatch ex) {
+            throw new org.omg.CORBA.INTERNAL(ex.getMessage());
+        }
+        return SASContextBodyHelper.extract(any);
+    }
+
+    CompoundSecMechList decodeCompoundSecMechList(TaggedComponent seccomp)
+            throws FormatMismatch, TypeMismatch
+    {
+        /*
+           * org.omg.CORBA.portable.InputStream in = openEncapsulatedInputStream(
+           * seccomp.component_data, 0, seccomp.component_data.length, getOrb());
+           *
+           * return CompoundSecMechListHelper.read(in);
+           */
+        Any any = codec.decode_value(seccomp.component_data,
+                                     CompoundSecMechanismsHelper.type());
+        return CompoundSecMechListHelper.extract(any);
+    }
+
+    byte[] utf8encode(String text) {
+        if (text == null) {
+            return EMPTY_BARR;
+        } else {
+            try {
+                return text.getBytes("UTF8");
+            }
+            catch (java.io.UnsupportedEncodingException ex) {
+                throw new org.omg.CORBA.INTERNAL(ex.getMessage());
+            }
+        }
+    }
+
+    String utf8decode(byte[] data) {
+        try {
+            return new String(data, "UTF8");
+        }
+        catch (java.io.UnsupportedEncodingException ex) {
+            throw new org.omg.CORBA.INTERNAL(ex.getMessage());
+        }
+    }
+
+    static final byte[] GSSUP_OID = {0x06, // OBJECT IDENTIFIER
+            6, // length of OID
+            (2 * 40 + 23), // ISO[2]*40 + INTERNATIONAL[23]
+            (byte) 0x81, // 0x80 | (OMG[130] >> 7)
+            130 & 0x7f, // OMG[130] & 0x7f
+            1, // SECURITY[1]
+            1, // AUTHENTICATION[1]
+            1 // GSSUP-MECH[1]
+    };
+
+    byte[] encapsulateByteArray(byte[] data) {
+        // org.omg.CORBA.portable.OutputStream out =
+        // Porting.create_encapsulated_output_stream();
+        //
+        // out.write_long(data.length);
+        // out.write_octet_array(data, 0, data.length);
+        //
+        // return Porting.extract_data(out);
+
+        Any a = getOrb().create_any();
+        OctetSeqHelper.insert(a, data);
+
+        try {
+            return codec.encode_value(a);
+        }
+        catch (InvalidTypeForEncoding e) {
+            MARSHAL me = new MARSHAL("cannot encode security descriptor", 0,
+                                     CompletionStatus.COMPLETED_NO);
+            me.initCause(e);
+            throw me;
+        }
+    }
+
+    byte[] encodeGSSUPToken(InitialContextToken gssupToken) {
+
+        // first, create the Any encoding of the token
+        Any a = getOrb().create_any();
+        InitialContextTokenHelper.insert(a, gssupToken);
+
+        //OutputStream out = a.create_output_stream();
+        //a.type(InitialContextTokenHelper.type());
+        //InitialContextTokenHelper.write(out, gssupToken);
+        //InputStream in = out.create_input_stream();
+        //a.read_value(in, InitialContextTokenHelper.type());
+
+        byte[] data;
+        try {
+            data = codec.encode_value(a);
+        }
+        catch (InvalidTypeForEncoding e) {
+            MARSHAL me = new MARSHAL("cannot encode security descriptor", 0,
+                                     CompletionStatus.COMPLETED_NO);
+            me.initCause(e);
+            throw me;
+        }
+
+        //
+        // next, wrap the byte encoding in the ASN.1 magic
+        //
+        int len = data.length + GSSUP_OID.length;
+        if (len < (1 << 7)) {
+            byte[] result = new byte[len + 2];
+            result[0] = 0x60;
+            result[1] = (byte) len;
+            System.arraycopy(GSSUP_OID, 0, result, 2, GSSUP_OID.length);
+            System.arraycopy(data, 0, result, 10, data.length);
+            return result;
+
+        } else if (len < (1 << 14)) {
+            byte[] result = new byte[len + 3];
+            result[0] = 0x60;
+            result[1] = (byte) ((byte) (len >> 7) | (byte) 0x80);
+            result[2] = ((byte) (len & 0x7f));
+            System.arraycopy(GSSUP_OID, 0, result, 3, GSSUP_OID.length);
+            System.arraycopy(data, 0, result, 11, data.length);
+            return result;
+
+        } else if (len < (1 << 21)) {
+            byte[] result = new byte[len + 4];
+            result[0] = 0x60;
+            result[2] = (byte) ((byte) 0x80 | (byte) (0x7f & (len >> 14)));
+            result[1] = (byte) ((byte) 0x80 | (byte) (0x7f & (len >> 7)));
+            result[3] = (byte) (len & 0x7f);
+            System.arraycopy(GSSUP_OID, 0, result, 4, GSSUP_OID.length);
+            System.arraycopy(data, 0, result, 12, data.length);
+            return result;
+
+        } else {
+            throw new org.omg.CORBA.INTERNAL("user/password too long");
+        }
+
+        // return data;
+    }
+
+    InitialContextToken decodeGSSUPToken(byte[] data) {
+        if (data[0] != 0x60)
+            throw new org.omg.CORBA.MARSHAL("Invalid Token");
+
+        int idx = 1;
+        int len = 0;
+        byte b;
+
+        // collect length
+        do {
+            len <<= 7;
+            len |= (b = data[idx++]) & 0x7f;
+        }
+        while ((b & 0x80) == 0x80);
+
+        if ((len + idx) != data.length)
+            throw new org.omg.CORBA.MARSHAL("Bad Token Size");
+
+        for (int i = 0; i < GSSUP_OID.length; i++) {
+            if (data[idx + i] != GSSUP_OID[i]) {
+                throw new org.omg.CORBA.NO_PERMISSION("Not GSSUP_OID");
+            }
+        }
+
+        idx += GSSUP_OID.length;
+
+        byte[] token = new byte[data.length - idx];
+        System.arraycopy(data, idx, token, 0, data.length - idx);
+
+        try {
+            Any a = codec.decode_value(data, InitialContextTokenHelper.type());
+            return InitialContextTokenHelper.extract(a);
+        }
+        catch (UserException e) {
+            MARSHAL me = new MARSHAL("cannot decode local security descriptor",
+                                     0, CompletionStatus.COMPLETED_NO);
+            me.initCause(e);
+            throw me;
+        }
+    }
+
+    ServiceContext encodeSASContextBody(SASContextBody sasBody) {
+        //
+        // Create encapsulation for SAS context body
+        //
+
+        Any a = getOrb().create_any();
+        SASContextBodyHelper.insert(a, sasBody);
+
+        // wrap the ANY in an encapsulation
+        byte[] data;
+        try {
+            data = codec.encode_value(a);
+        }
+        catch (UserException ex) {
+            MARSHAL me = new MARSHAL("cannot encode local security descriptor",
+                                     0, CompletionStatus.COMPLETED_NO);
+            me.initCause(ex);
+            throw me;
+        }
+        return new ServiceContext(SecurityAttributeService.value, data);
+    }
+
+
+    //
+    // thread-local mechanism to shortcut local calls
+    //
+    static class CallStatus {
+
+        boolean isLocal;
+
+        CallStatus prev;
+
+        CallStatus(boolean l, CallStatus p) {
+            isLocal = l;
+            prev = p;
+        }
+
+        static ThreadLocal status = new ThreadLocal();
+
+        static void pushIsLocal(boolean isLocal) {
+            CallStatus cs = new CallStatus(isLocal, (CallStatus) status.get());
+            status.set(cs);
+        }
+
+        static boolean peekIsLocal() {
+            CallStatus cs = (CallStatus) status.get();
+            if (cs == null)
+                return false;
+            else
+                return cs.isLocal;
+        }
+
+        static boolean popIsLocal() {
+            CallStatus cs = (CallStatus) status.get();
+            if (cs == null)
+                return false;
+
+            status.set(cs.prev);
+            return cs.isLocal;
+        }
+    }
+
+    /**
+     * RFC 2743, Section 3.2. Construct a GSS_ExportedName for a GSSUP domain
+     * given a String
+     */
+    byte[] encodeGSSExportedName(String value) {
+        byte[] name_data = utf8encode(value);
+
+        int len = 8 + name_data.length + GSSUP_OID.length;
+
+        byte[] result = new byte[len];
+
+        result[0] = 0x04; // Token Identifier
+        result[1] = 0x01;
+
+        result[2] = 0x00; // 2-byte Length of GSSUP_OID
+        result[3] = (byte) GSSUP_OID.length;
+
+        // the OID
+        for (int i = 0; i < GSSUP_OID.length; i++) {
+            result[4 + i] = GSSUP_OID[i];
+        }
+
+        int name_len = name_data.length;
+        int idx = 4 + GSSUP_OID.length;
+
+        // 4-byte length of name
+        result[idx + 0] = (byte) ((name_len >> 24) & 0xff);
+        result[idx + 1] = (byte) ((name_len >> 16) & 0xff);
+        result[idx + 2] = (byte) ((name_len >> 8) & 0xff);
+        result[idx + 3] = (byte) ((name_len) & 0xff);
+
+        for (int i = 0; i < name_len; i++) {
+            result[idx + 4 + i] = name_data[i];
+        }
+
+        return result;
+    }
+
+    String decodeGSSExportedName(byte[] data) {
+        if (data.length < 8 + GSSUP_OID.length) {
+            log.debug("exported name too short len=" + data.length);
+            return null;
+        }
+
+        if (data[0] != 0x04 || data[1] != 0x01 || data[2] != 0x00
+            || data[3] != GSSUP_OID.length)
+        {
+            log.debug("wrong name header");
+            return null;
+        }
+
+        for (int i = 0; i < GSSUP_OID.length; i++) {
+            if (data[4 + i] != GSSUP_OID[i]) {
+                log.debug("wrong name OID @ " + i);
+                return null;
+            }
+        }
+
+        int idx = 4 + GSSUP_OID.length;
+        int len = (((int) data[idx + 0] << 24) & 0xff000000)
+                  | (((int) data[idx + 1] << 16) & 0x00ff0000)
+                  | (((int) data[idx + 2] << 8) & 0x0000ff00)
+                  | (((int) data[idx + 3] << 0) & 0x000000ff);
+
+        try {
+            return new String(data, idx + 4, data.length - (idx + 4), "UTF8");
+        }
+        catch (java.io.UnsupportedEncodingException ex) {
+            throw new org.omg.CORBA.INTERNAL(ex.getMessage());
+        }
+    }
+
+}

Added: geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/CSIInterceptorLoader.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/CSIInterceptorLoader.java?rev=329036&view=auto
==============================================================================
--- geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/CSIInterceptorLoader.java (added)
+++ geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/CSIInterceptorLoader.java Thu Oct 27 19:00:06 2005
@@ -0,0 +1,93 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation or its licensors, as applicable.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.corba.csi;
+
+import org.omg.IOP.Codec;
+import org.omg.IOP.CodecFactoryPackage.UnknownEncoding;
+import org.omg.IOP.ENCODING_CDR_ENCAPS;
+import org.omg.IOP.Encoding;
+import org.omg.PortableInterceptor.ORBInitInfo;
+import org.omg.PortableInterceptor.ORBInitializer;
+import org.omg.PortableInterceptor.PolicyFactory;
+import org.omg.Security.*;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import org.apache.geronimo.corba.csi.gssup.SecGSSUPPolicy;
+
+
+/**
+ * @author Jeppe Sommer (jso@eos.dk)
+ */
+public class CSIInterceptorLoader extends org.omg.CORBA.LocalObject implements
+                                                                    ORBInitializer
+{
+
+    static Log log = LogFactory.getLog(CSIInterceptorLoader.class);
+
+    CSIClientRequestInterceptor client_interceptor;
+    CSIServerRequestInterceptor server_interceptor;
+    GSSUPIORInterceptor ior_interceptor;
+
+    public void pre_init(ORBInitInfo info) {
+        if (log.isDebugEnabled()) {
+            log.debug("********  Running PortableCSILoader ******** ");
+        }
+
+        Codec codec = null;
+        try {
+            codec = info.codec_factory()
+                    .create_codec(
+                            new Encoding(ENCODING_CDR_ENCAPS.value, (byte) 1,
+                                         (byte) 2));
+        }
+        catch (UnknownEncoding ex) {
+            log.error("Could not get codec: ", ex);
+            return;
+        }
+
+        client_interceptor = new CSIClientRequestInterceptor(codec);
+        server_interceptor = new CSIServerRequestInterceptor(codec);
+        ior_interceptor = new GSSUPIORInterceptor(codec);
+
+        // Install factory for security policies...
+        PolicyFactory factory = new CSIPolicyFactory();
+        info.register_policy_factory(SecMechanismsPolicy.value, factory);
+        info.register_policy_factory(SecInvocationCredentialsPolicy.value,
+                                     factory);
+        info.register_policy_factory(SecQOPPolicy.value, factory);
+        info.register_policy_factory(SecEstablishTrustPolicy.value, factory);
+        info.register_policy_factory(SecGSSUPPolicy.value, factory);
+        info.register_policy_factory(SecDelegationDirectivePolicy.value,
+                                     factory);
+
+        try {
+            info.add_client_request_interceptor(client_interceptor);
+            info.add_server_request_interceptor(server_interceptor);
+            info.add_ior_interceptor(ior_interceptor);
+
+        }
+        catch (org.omg.PortableInterceptor.ORBInitInfoPackage.DuplicateName ex) {
+            throw new org.omg.CORBA.INITIALIZE(ex.toString());
+        }
+
+    }
+
+    public void post_init(ORBInitInfo info) {
+    }
+
+}

Added: geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/CSIPolicyFactory.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/CSIPolicyFactory.java?rev=329036&view=auto
==============================================================================
--- geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/CSIPolicyFactory.java (added)
+++ geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/CSIPolicyFactory.java Thu Oct 27 19:00:06 2005
@@ -0,0 +1,201 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation or its licensors, as applicable.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+package org.apache.geronimo.corba.csi;
+
+import org.omg.CORBA.Any;
+import org.omg.CORBA.LocalObject;
+import org.omg.CORBA.Policy;
+import org.omg.Security.*;
+import org.omg.SecurityLevel2.Credentials;
+import org.omg.SecurityLevel2.CredentialsListHelper;
+
+
+class CSIPolicyFactory extends LocalObject
+        implements org.omg.PortableInterceptor.PolicyFactory
+{
+
+    public Policy create_policy(int type, Any value)
+            throws org.omg.CORBA.PolicyError
+    {
+        switch (type) {
+            case SecMechanismsPolicy.value:
+                return new MechanismPolicy(value);
+            case SecInvocationCredentialsPolicy.value:
+                return new InvocationCredentialsPolicy(value);
+            case SecQOPPolicy.value:
+                return new QOPPolicy(value);
+            case SecEstablishTrustPolicy.value:
+                return new EstablishTrustPolicy(value);
+            case SecDelegationDirectivePolicy.value:
+                return new DelegationDirectivePolicy(value);
+            case SecGSSUPPolicy.value:
+                return new GSSUPPolicy(value);
+        }
+
+        throw new org.omg.CORBA.PolicyError
+                (org.omg.CORBA.BAD_POLICY.value);
+    }
+
+    static abstract class SecurityPolicy
+            extends LocalObject
+            implements Policy, Cloneable
+    {
+
+        public Policy copy() {
+            try {
+                return (Policy) super.clone();
+            }
+            catch (CloneNotSupportedException ex) {
+                return null;
+            }
+        }
+
+        public void destroy() {
+            // do nothing //
+        }
+    }
+
+    static class MechanismPolicy extends SecurityPolicy
+            implements org.omg.SecurityLevel2.MechanismPolicy
+    {
+
+        String[] mechanisms;
+
+        MechanismPolicy(Any value) {
+            mechanisms = MechanismTypeListHelper.extract(value);
+        }
+
+        public int policy_type() {
+            return SecMechanismsPolicy.value;
+        }
+
+        public String[] mechanisms() {
+            return mechanisms;
+        }
+
+    }
+
+    static class InvocationCredentialsPolicy extends SecurityPolicy
+            implements org.omg.SecurityLevel2.InvocationCredentialsPolicy
+    {
+
+        Credentials[] creds;
+
+        InvocationCredentialsPolicy(Any value) {
+            creds = CredentialsListHelper.extract(value);
+        }
+
+        public int policy_type() {
+            return SecInvocationCredentialsPolicy.value;
+        }
+
+        public Credentials[] creds() {
+            return creds;
+        }
+
+    }
+
+    static class QOPPolicy extends SecurityPolicy
+            implements org.omg.SecurityLevel2.QOPPolicy
+    {
+
+        QOP qop;
+
+        QOPPolicy(Any value) {
+            qop = QOPHelper.extract(value);
+        }
+
+        public int policy_type() {
+            return SecQOPPolicy.value;
+        }
+
+        public QOP qop() {
+            return qop;
+        }
+
+    }
+
+    static class EstablishTrustPolicy extends SecurityPolicy
+            implements org.omg.SecurityLevel2.EstablishTrustPolicy
+    {
+
+        EstablishTrust trust;
+
+        EstablishTrustPolicy(Any value) {
+            trust = EstablishTrustHelper.extract(value);
+        }
+
+        public int policy_type() {
+            return SecEstablishTrustPolicy.value;
+        }
+
+        public EstablishTrust trust() {
+            return trust;
+        }
+
+    }
+
+    static class DelegationDirectivePolicy extends SecurityPolicy
+            implements org.omg.SecurityLevel2.DelegationDirectivePolicy
+    {
+
+        DelegationDirective directive;
+
+        DelegationDirectivePolicy(Any value) {
+            directive = DelegationDirectiveHelper.extract(value);
+        }
+
+        public int policy_type() {
+            return SecDelegationDirectivePolicy.value;
+        }
+
+        public DelegationDirective delegation_directive() {
+            return directive;
+        }
+
+    }
+
+    static class GSSUPPolicy extends SecurityPolicy
+            implements org.apache.geronimo.corba.csi.gssup.GSSUPPolicy
+    {
+
+        RequiresSupports mode;
+        String domain;
+
+        GSSUPPolicy(Any value) {
+            GSSUPPolicyValue val = GSSUPPolicyValueHelper.extract(value);
+            mode = val.mode;
+            domain = val.domain;
+        }
+
+        public int policy_type() {
+            return SecGSSUPPolicy.value;
+        }
+
+        public RequiresSupports mode() {
+            return mode;
+        }
+
+        public String domain() {
+            return domain;
+        }
+
+    }
+
+
+}

Added: geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/CSIServerRequestInterceptor.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/CSIServerRequestInterceptor.java?rev=329036&view=auto
==============================================================================
--- geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/CSIServerRequestInterceptor.java (added)
+++ geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/CSIServerRequestInterceptor.java Thu Oct 27 19:00:06 2005
@@ -0,0 +1,483 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation or its licensors, as applicable.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.corba.csi;
+
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.x500.X500Principal;
+
+import org.omg.CORBA.Any;
+import org.omg.CORBA.CompletionStatus;
+import org.omg.CORBA.MARSHAL;
+import org.omg.CORBA.OctetSeqHelper;
+import org.omg.CORBA.UserException;
+import org.omg.CSI.*;
+import org.omg.GSSUP.InitialContextToken;
+import org.omg.IOP.Codec;
+import org.omg.IOP.SecurityAttributeService;
+import org.omg.IOP.ServiceContext;
+import org.omg.PortableInterceptor.ForwardRequest;
+import org.omg.PortableInterceptor.ServerRequestInfo;
+import org.omg.Security.DelegationDirective;
+import org.omg.Security.RequiresSupports;
+import org.omg.Security.SecDelegationDirectivePolicy;
+import org.omg.SecurityLevel2.DelegationDirectivePolicy;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import org.apache.geronimo.corba.csi.gssup.GSSUPPolicy;
+import org.apache.geronimo.corba.csi.gssup.SecGSSUPPolicy;
+
+
+public class CSIServerRequestInterceptor extends CSIInterceptorBase
+        implements org.omg.PortableInterceptor.ServerRequestInterceptor
+{
+
+    CSIServerRequestInterceptor(Codec codec) {
+        super(codec);
+    }
+
+    private static final Log log = LogFactory
+            .getLog(CSIServerRequestInterceptor.class);
+
+    //
+    // SERVER REQUEST API
+    //
+
+    public void receive_request_service_contexts(ServerRequestInfo ri)
+            throws ForwardRequest
+    {
+
+        if (log.isDebugEnabled()) {
+            log.debug("receive_request_service_contexts " + ri.operation());
+        }
+
+        if (CallStatus.peekIsLocal()) {
+            if (log.isDebugEnabled()) {
+                log.debug("local call");
+            }
+
+            return;
+        }
+
+        // set null subject so that we won't run in context of some
+        // previous subject
+        // CSISubjectInfo.clear ();
+
+        boolean support_gssup_authorization = false;
+        boolean require_gssup_authorization = false;
+
+        String gssup_domain = null;
+
+        // if there is no GSSUP policy on this POA, then we won't try
+        // to validate the user.
+        try {
+            GSSUPPolicy gp = (GSSUPPolicy) ri
+                    .get_server_policy(SecGSSUPPolicy.value);
+
+            if (gp == null) {
+
+                if (log.isDebugEnabled()) {
+                    log.debug("null GSSUPPolicy");
+                }
+
+            } else {
+                support_gssup_authorization = true;
+
+                if (gp.mode() == RequiresSupports.SecRequires) {
+                    require_gssup_authorization = true;
+                }
+
+                gssup_domain = gp.domain();
+            }
+
+        }
+        catch (org.omg.CORBA.INV_POLICY ex) {
+
+            if (log.isDebugEnabled()) {
+                log.debug("no GSSUPPolicy");
+            }
+        }
+
+        boolean support_gssup_principal_identity = false;
+
+        try {
+            DelegationDirectivePolicy delegate = (DelegationDirectivePolicy) ri
+                    .get_server_policy(SecDelegationDirectivePolicy.value);
+            if (delegate != null) {
+                DelegationDirective dir = delegate.delegation_directive();
+                if (dir == DelegationDirective.Delegate) {
+                    support_gssup_principal_identity = true;
+                }
+            }
+        }
+        catch (org.omg.CORBA.INV_POLICY ex) {
+            // ignore //
+        }
+
+        if (log.isDebugEnabled()) {
+            log.debug("support gssup authorization: "
+                      + support_gssup_authorization);
+            log.debug("require gssup authorization: "
+                      + require_gssup_authorization);
+            log.debug("support gssup identity: "
+                      + support_gssup_principal_identity);
+        }
+
+        ServiceContext serviceContext;
+        try {
+            serviceContext = ri
+                    .get_request_service_context(SecurityAttributeService.value);
+        }
+        catch (org.omg.CORBA.BAD_PARAM ex) {
+            serviceContext = null;
+        }
+
+        if (log.isDebugEnabled()) {
+            log.debug("Received request service context: " + serviceContext);
+        }
+
+        if (require_gssup_authorization && serviceContext == null) {
+            throw new org.omg.CORBA.NO_PERMISSION(
+                    "GSSUP authorization required"
+                    + " (missing SAS EstablishContext message)");
+        }
+
+        SASContextBody sasBody = null;
+
+        if (serviceContext != null) {
+            sasBody = decodeSASContextBody(serviceContext);
+
+            if (log.isDebugEnabled()) {
+                log
+                        .debug("received request of type "
+                               + sasBody.discriminator());
+            }
+
+            switch (sasBody.discriminator()) {
+                case MTCompleteEstablishContext.value:
+                case MTContextError.value:
+                    // Unexpected
+                    log.error("Unexpected message of type "
+                              + sasBody.discriminator());
+                    throw new org.omg.CORBA.NO_PERMISSION("unexpected SAS message");
+
+                case MTMessageInContext.value:
+                    if (log.isDebugEnabled()) {
+                        log.debug("MTMessageInContext");
+                    }
+
+                    throw new org.omg.CORBA.NO_PERMISSION(
+                            "Stateful SAS not supported");
+
+                case MTEstablishContext.value:
+                    if (log.isDebugEnabled()) {
+                        log.debug("MTEstablishContext");
+                    }
+                    acceptContext(ri, sasBody.establish_msg(),
+                                  support_gssup_authorization,
+                                  require_gssup_authorization,
+                                  support_gssup_principal_identity, gssup_domain);
+                    break;
+            }
+        }
+    }
+
+    public void receive_request(ServerRequestInfo ri) throws ForwardRequest {
+    }
+
+    public void send_reply(ServerRequestInfo ri) {
+        if (CallStatus.peekIsLocal()) {
+            return;
+        }
+    }
+
+    public void send_exception(ServerRequestInfo ri) throws ForwardRequest {
+        send_reply(ri);
+    }
+
+    public void send_other(ServerRequestInfo ri) throws ForwardRequest {
+        send_reply(ri);
+    }
+
+    public String name() {
+        return "CSI Server Interceptor";
+    }
+
+
+    void acceptContext(ServerRequestInfo ri, EstablishContext establishMsg,
+                       boolean support_gssup_authorization,
+                       boolean require_gssup_authorization,
+                       boolean support_gssup_principal_identity, String gssup_domain)
+    {
+        if (establishMsg.client_context_id != 0) {
+            // Error, we do not support stateful mode
+            log.error("Stateful security contexts not supported");
+
+            throw new org.omg.CORBA.NO_PERMISSION(
+                    "Stateful security contexts not supported");
+        }
+
+        if (log.isDebugEnabled()) {
+            log.debug("accepting context...");
+        }
+
+        // Ignore authorization token list (not supported)
+        // establishMsg.authorization_token;
+
+        // Ignore identity token for now
+        // establishMsg.identity_token;
+
+        // Extract client authentication token
+        if (support_gssup_authorization
+            && establishMsg.identity_token.discriminator() == ITTAbsent.value
+            && establishMsg.client_authentication_token.length > 0)
+        {
+            InitialContextToken gssupToken = decodeGSSUPToken(establishMsg.client_authentication_token);
+
+            String useratrealm = utf8decode(gssupToken.username);
+
+            String name;
+            String realm;
+
+            int idx = useratrealm.lastIndexOf('@');
+            if (idx == -1) {
+                name = useratrealm;
+                realm = "default";
+            } else {
+                name = useratrealm.substring(0, idx);
+                realm = useratrealm.substring(idx + 1);
+            }
+
+            if (!realm.equals(gssup_domain)) {
+                returnContextError(ri, 1, 1);
+                throw new org.omg.CORBA.NO_PERMISSION("bad domain: \"" + realm
+                                                      + "\"");
+            }
+
+            String password = utf8decode(gssupToken.password);
+
+            if (log.isDebugEnabled()) {
+                log.debug("GSSUP initial context token name=" + name
+                          + "; realm=" + realm + "; password=" + password);
+            }
+
+            try {
+
+                Subject subject = SecurityContext.login(name, realm, password);
+
+                // Login succeeded
+                SecurityContext.setAuthenticatedSubject(subject);
+
+                if (log.isDebugEnabled()) {
+                    log.debug("Login succeeded");
+                }
+
+                returnCompleteEstablishContext(ri);
+
+            }
+            catch (LoginException ex) {
+                // Login failed
+                log.error("Login failed", ex);
+
+                returnContextError(ri, 1, 1);
+                throw new org.omg.CORBA.NO_PERMISSION("login failed");
+
+            }
+            catch (Exception ex) {
+                log.error("Exception occured: ", ex);
+            }
+
+        } else if (require_gssup_authorization) {
+
+            returnContextError(ri, 1, 1);
+            throw new org.omg.CORBA.NO_PERMISSION(
+                    "GSSUP authorization required");
+
+        } else if (support_gssup_principal_identity
+                   && establishMsg.identity_token.discriminator() == ITTPrincipalName.value)
+        {
+
+            if (log.isDebugEnabled()) {
+                log.debug("accepting ITTPrincipalName");
+            }
+
+            byte[] name = establishMsg.identity_token.principal_name();
+            Any aa;
+            try {
+                aa = codec.decode_value(name, OctetSeqHelper.type());
+            }
+            catch (UserException e) {
+                MARSHAL me = new MARSHAL("cannot decode security descriptor",
+                                         0, CompletionStatus.COMPLETED_NO);
+                me.initCause(e);
+                throw me;
+            }
+
+            byte[] exported_name = OctetSeqHelper.extract(aa);
+            // byte[] exported_name = uncapsulateByteArray(name);
+            String userAtDomain = decodeGSSExportedName(exported_name);
+
+            if (log.isDebugEnabled()) {
+                log.debug("establish ITTPrincipalName " + userAtDomain);
+            }
+
+            int idx = userAtDomain.indexOf('@');
+            String user = "";
+            String domain;
+
+            if (idx == -1) {
+                user = userAtDomain;
+                domain = "default";
+            } else {
+                user = userAtDomain.substring(0, idx);
+                domain = userAtDomain.substring(idx + 1);
+            }
+
+            if (gssup_domain != null && !domain.equals(gssup_domain)) {
+                returnContextError(ri, 1, 1);
+
+                log.warn("request designates wrong domain: " + userAtDomain);
+                throw new org.omg.CORBA.NO_PERMISSION("bad domain");
+            }
+
+            // CSISubjectInfo.setPropagatedCaller (user, domain);
+            Subject subject = SecurityContext.delegate(user, domain);
+            SecurityContext.setAuthenticatedSubject(subject);
+
+            returnCompleteEstablishContext(ri);
+
+        } else if (establishMsg.identity_token.discriminator() == ITTAnonymous.value) {
+            // establish anoynous identity
+
+            if (log.isDebugEnabled()) {
+                log.debug("accepting ITTAnonymous");
+            }
+
+            // CSISubjectInfo.setAnonymousSubject ();
+            try {
+                Subject subject = SecurityContext.anonymousLogin();
+                SecurityContext.setAuthenticatedSubject(subject);
+            }
+            catch (LoginException ex) {
+                // Won't happen
+            }
+
+            returnCompleteEstablishContext(ri);
+
+        } else if (establishMsg.identity_token.discriminator() == ITTDistinguishedName.value) {
+
+            if (log.isDebugEnabled()) {
+                log.debug("accepting ITTDistinguishedName");
+            }
+
+            byte[] name_data = establishMsg.identity_token.dn();
+
+            Any aa;
+            try {
+                aa = codec.decode_value(name_data, OctetSeqHelper.type());
+            }
+            catch (UserException e) {
+                MARSHAL me = new MARSHAL("cannot encode security descriptor",
+                                         0, CompletionStatus.COMPLETED_NO);
+                me.initCause(e);
+                throw me;
+            }
+            byte[] x500name_data = OctetSeqHelper.extract(aa);
+
+            // byte[] x500name_data = uncapsulateByteArray(name_data);
+
+            try {
+
+                Subject subject = new Subject();
+                subject.getPrincipals().add(new X500Principal(x500name_data));
+                SecurityContext.setAuthenticatedSubject(subject);
+
+            }
+            catch (IllegalArgumentException ex) {
+
+                if (log.isDebugEnabled()) {
+                    log.debug("cannot decode X500 name", ex);
+                }
+
+                returnContextError(ri, 1, 1);
+                throw new org.omg.CORBA.NO_PERMISSION("cannot decode X500 name");
+            }
+
+            returnCompleteEstablishContext(ri);
+
+        } else {
+
+            returnContextError(ri, 2, 1);
+            throw new org.omg.CORBA.NO_PERMISSION("Unsupported IdentityToken");
+
+        }
+    }
+
+
+    void returnCompleteEstablishContext(ServerRequestInfo ri) {
+        // Create CompleteEstablishContext
+        SASContextBody sasBody = new SASContextBody();
+
+        CompleteEstablishContext completeMsg = new CompleteEstablishContext();
+
+        completeMsg.client_context_id = 0;
+        completeMsg.context_stateful = false;
+        completeMsg.final_context_token = EMPTY_BARR;
+
+        sasBody.complete_msg(completeMsg);
+
+        if (log.isDebugEnabled()) {
+            log.debug("Adding SASContextBody, discriminator = "
+                      + sasBody.discriminator());
+        }
+
+        ri.add_reply_service_context(encodeSASContextBody(sasBody), true);
+    }
+
+    void returnContextError(ServerRequestInfo ri, int major, int minor) {
+        // Create CompleteEstablishContext
+        SASContextBody sasBody = new SASContextBody();
+
+        ContextError errorMsg = new ContextError();
+
+        errorMsg.client_context_id = 0;
+        errorMsg.major_status = major;
+        errorMsg.minor_status = minor;
+        errorMsg.error_token = EMPTY_BARR;
+
+        sasBody.error_msg(errorMsg);
+
+        if (log.isDebugEnabled()) {
+            log.debug("Adding SASContextBody, discriminator = "
+                      + sasBody.discriminator());
+        }
+
+        ri.add_reply_service_context(encodeSASContextBody(sasBody), true);
+    }
+
+    // void login(Subject subject, String realm, String name,
+    // String password) throws LoginException {
+
+    // LoginContext lc = new LoginContext
+    // ("EASSERVER", subject, new LoginCallbackHandler(name, password));
+
+    // lc.login();
+    // }
+
+
+}

Added: geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/GSSUPIORInterceptor.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/GSSUPIORInterceptor.java?rev=329036&view=auto
==============================================================================
--- geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/GSSUPIORInterceptor.java (added)
+++ geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/GSSUPIORInterceptor.java Thu Oct 27 19:00:06 2005
@@ -0,0 +1,190 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation or its licensors, as applicable.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.corba.csi;
+
+import org.omg.CORBA.Any;
+import org.omg.CORBA.CompletionStatus;
+import org.omg.CORBA.MARSHAL;
+import org.omg.CSI.*;
+import org.omg.CSIIOP.*;
+import org.omg.IOP.Codec;
+import org.omg.IOP.CodecPackage.InvalidTypeForEncoding;
+import org.omg.IOP.TaggedComponent;
+import org.omg.PortableInterceptor.IORInfo;
+import org.omg.Security.DelegationDirective;
+import org.omg.Security.RequiresSupports;
+import org.omg.Security.SecDelegationDirectivePolicy;
+import org.omg.SecurityLevel2.DelegationDirectivePolicy;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import org.apache.geronimo.corba.csi.gssup.GSSUPPolicy;
+import org.apache.geronimo.corba.csi.gssup.SecGSSUPPolicy;
+
+
+/**
+ * This interceptor adds GSSUP security information to the IOR, if the relevant
+ * policy is set.
+ */
+public class GSSUPIORInterceptor extends CSIInterceptorBase implements
+                                                            org.omg.PortableInterceptor.IORInterceptor
+{
+
+    private static final Log log = LogFactory.getLog(GSSUPIORInterceptor.class);
+
+    GSSUPIORInterceptor(Codec codec) {
+        super(codec);
+    }
+
+    public void establish_components(IORInfo info) {
+        try {
+            TaggedComponent mechanism_list = constructMechList(info);
+
+            if (mechanism_list != null) {
+                // add this component to all outgoing profiles!
+                info.add_ior_component(mechanism_list);
+            }
+        }
+        catch (NullPointerException ex) {
+            // ex.printStackTrace ();
+            throw ex;
+        }
+    }
+
+    public String name() {
+        return "CSI IOR Interceptor";
+    }
+
+    private TaggedComponent constructMechList(IORInfo info) {
+        short as_target_requires = (short) 0;
+        short as_target_supports = (short) 0;
+        short sas_target_requires = (short) 0;
+        short sas_target_supports = (short) 0;
+
+        GSSUPPolicy gp = null;
+        String gssup_realm = null;
+
+        boolean has_security = false;
+
+        try {
+            gp = (GSSUPPolicy) info.get_effective_policy(SecGSSUPPolicy.value);
+
+            if (gp.mode() == RequiresSupports.SecRequires) {
+                as_target_requires |= EstablishTrustInClient.value;
+            }
+
+            as_target_supports |= EstablishTrustInClient.value;
+
+            gssup_realm = gp.domain();
+            has_security = true;
+
+        }
+        catch (org.omg.CORBA.INV_POLICY ex) {
+            // ignore
+        }
+
+        try {
+            DelegationDirectivePolicy delegatePolicy = (DelegationDirectivePolicy) info
+                    .get_effective_policy(SecDelegationDirectivePolicy.value);
+
+            if (delegatePolicy != null
+                && delegatePolicy.delegation_directive() == DelegationDirective.Delegate)
+            {
+                sas_target_supports |= DelegationByClient.value
+                                       | IdentityAssertion.value;
+                has_security = true;
+            }
+        }
+        catch (org.omg.CORBA.INV_POLICY ex) {
+            // ignore
+        }
+
+        if (!has_security) {
+            return null;
+        }
+
+        CompoundSecMech mech = new CompoundSecMech();
+
+        AS_ContextSec as = new AS_ContextSec();
+        as.target_supports = as_target_supports;
+        as.target_requires = as_target_requires;
+
+        if (as_target_supports != 0) {
+            as.client_authentication_mech = GSSUP_OID;
+
+            if (gssup_realm != null) {
+                as.target_name = encodeGSSExportedName(gssup_realm);
+            } else {
+                as.target_name = EMPTY_BARR;
+            }
+        } else {
+            as.target_name = EMPTY_BARR;
+            as.client_authentication_mech = EMPTY_BARR;
+        }
+
+        if (log.isDebugEnabled()) {
+            log.debug("AS.target_requires=" + as_target_requires);
+            log.debug("AS.target_supports=" + as_target_supports);
+            log.debug("SAS.target_requires=" + sas_target_requires);
+            log.debug("SAS.target_supports=" + sas_target_supports);
+        }
+
+        SAS_ContextSec sas = new SAS_ContextSec();
+
+        sas.target_supports = sas_target_supports;
+        sas.target_requires = sas_target_requires;
+        sas.privilege_authorities = new ServiceConfiguration[0];
+        sas.supported_naming_mechanisms = new byte[][]{GSSUP_OID};
+
+        sas.supported_identity_types = ITTAnonymous.value;
+
+        if (as_target_supports != 0) {
+            sas.supported_identity_types |= ITTAbsent.value;
+        }
+
+        if (sas_target_supports != 0) {
+            sas.supported_identity_types |= ITTPrincipalName.value
+                                            | ITTDistinguishedName.value | ITTX509CertChain.value;
+        }
+
+        // transport mech is null here, this field is modified by code
+        // inside SSL server-side logic, adding SSL-specific information.
+        mech.transport_mech = new TaggedComponent(TAG_NULL_TAG.value,
+                                                  EMPTY_BARR);
+        mech.target_requires = (short) (as_target_requires | sas_target_requires);
+        mech.as_context_mech = as;
+        mech.sas_context_mech = sas;
+
+        CompoundSecMechList mech_list = new CompoundSecMechList(false,
+                                                                new CompoundSecMech[]{mech});
+
+        Any a = getOrb().create_any();
+        CompoundSecMechListHelper.insert(a, mech_list);
+        byte[] mech_data;
+        try {
+            mech_data = codec.encode_value(a);
+        }
+        catch (InvalidTypeForEncoding e) {
+            MARSHAL me = new MARSHAL("cannot encode security descriptor", 0,
+                                     CompletionStatus.COMPLETED_NO);
+            me.initCause(e);
+            throw me;
+        }
+        return new TaggedComponent(TAG_CSI_SEC_MECH_LIST.value, mech_data);
+    }
+
+}

Added: geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/SecurityContext.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/SecurityContext.java?rev=329036&view=auto
==============================================================================
--- geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/SecurityContext.java (added)
+++ geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/SecurityContext.java Thu Oct 27 19:00:06 2005
@@ -0,0 +1,71 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation or its licensors, as applicable.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.corba.csi;
+
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginException;
+
+
+public abstract class SecurityContext {
+
+    private static SecurityContextDelegate delegate;
+
+    public static void setAuthenticatedSubject(Subject subject) {
+        getDelegate().setAuthenticatedSubject(subject);
+    }
+
+    private static SecurityContextDelegate getDelegate() {
+
+        if (delegate == null) {
+            delegate = allocateDelegate();
+        }
+
+        return delegate;
+    }
+
+    private static SecurityContextDelegate allocateDelegate() {
+
+        String className = System.getProperty(
+                "org.freeorb.csi.SecurityContextClass",
+                "org.freeorb.csi.DefaultSecurityContextDelegate");
+
+        try {
+            Class c = Class.forName(className);
+            return (SecurityContextDelegate) c.newInstance();
+        }
+        catch (Exception ex) {
+            throw new InternalError("unable to attach to SecurityContext");
+        }
+    }
+
+    public static Subject anonymousLogin() throws LoginException {
+        return getDelegate().anonymousLogin();
+    }
+
+    public static Subject login(String name, String realm, String password) throws LoginException {
+        return getDelegate().login(name, realm, password);
+    }
+
+    public static Subject delegate(String user, String domain) {
+        return getDelegate().delegate(user, domain);
+    }
+
+    public static AuthenticationInfo getAuthenticationInfo() {
+        return getDelegate().getAuthenticationInfo();
+    }
+
+}

Added: geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/SecurityContextDelegate.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/SecurityContextDelegate.java?rev=329036&view=auto
==============================================================================
--- geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/SecurityContextDelegate.java (added)
+++ geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/SecurityContextDelegate.java Thu Oct 27 19:00:06 2005
@@ -0,0 +1,54 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation or its licensors, as applicable.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.corba.csi;
+
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginException;
+
+
+/**
+ * Interface to the application server logic needed by CSI
+ */
+
+public interface SecurityContextDelegate {
+
+    /**
+     * get info needed to construct an out-bound IIOP request with CSIv2
+     */
+    AuthenticationInfo getAuthenticationInfo();
+
+    /**
+     * do a login
+     */
+    Subject login(String name, String realm, String password) throws LoginException;
+
+    /**
+     * do an anonymous login
+     */
+    Subject anonymousLogin() throws LoginException;
+
+    /**
+     * set the current system subject
+     */
+    void setAuthenticatedSubject(Subject subject);
+
+    /**
+     * establish user
+     */
+    Subject delegate(String user, String domain);
+
+}

Added: geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/gssup/GSSUPPolicy.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/gssup/GSSUPPolicy.java?rev=329036&view=auto
==============================================================================
--- geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/gssup/GSSUPPolicy.java (added)
+++ geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/gssup/GSSUPPolicy.java Thu Oct 27 19:00:06 2005
@@ -0,0 +1,26 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation or its licensors, as applicable.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.corba.csi.gssup;
+
+/**
+ * Generated by the JacORB IDL compiler.
+ */
+public interface GSSUPPolicy
+        extends GSSUPPolicyOperations, org.omg.CORBA.Object, org.omg.CORBA.portable.IDLEntity, org.omg.CORBA.Policy
+{
+
+}

Added: geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/gssup/GSSUPPolicyHelper.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/gssup/GSSUPPolicyHelper.java?rev=329036&view=auto
==============================================================================
--- geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/gssup/GSSUPPolicyHelper.java (added)
+++ geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/gssup/GSSUPPolicyHelper.java Thu Oct 27 19:00:06 2005
@@ -0,0 +1,75 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation or its licensors, as applicable.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.corba.csi.gssup;
+
+/**
+ * Generated by the JacORB IDL compiler.
+ */
+public class GSSUPPolicyHelper {
+
+    public GSSUPPolicyHelper() {
+    }
+
+    public static void insert(org.omg.CORBA.Any any, GSSUPPolicy s) {
+        any.insert_Object(s);
+    }
+
+    public static GSSUPPolicy extract(org.omg.CORBA.Any any) {
+        return narrow(any.extract_Object());
+    }
+
+    public static org.omg.CORBA.TypeCode type() {
+        return org.omg.CORBA.ORB.init().create_interface_tc("IDL:com/trifork/eas/api/csi/GSSUPPolicy:1.0", "GSSUPPolicy");
+    }
+
+    public static String id() {
+        return "IDL:com/trifork/eas/api/csi/GSSUPPolicy:1.0";
+    }
+
+    public static GSSUPPolicy read(org.omg.CORBA.portable.InputStream in) {
+        return narrow(in.read_Object());
+    }
+
+    public static void write(org.omg.CORBA.portable.OutputStream _out, GSSUPPolicy s) {
+        _out.write_Object(s);
+    }
+
+    public static GSSUPPolicy narrow(org.omg.CORBA.Object obj) {
+        if (obj == null)
+            return null;
+        if (obj instanceof GSSUPPolicy)
+            return (GSSUPPolicy) obj;
+        else
+            throw new org.omg.CORBA.BAD_PARAM("Narrow failed, not a GSSUPPolicy");
+    }
+
+    public void write_Object(org.omg.CORBA.portable.OutputStream _out, java.lang.Object obj) {
+        throw new RuntimeException(" not implemented");
+    }
+
+    public java.lang.Object read_Object(org.omg.CORBA.portable.InputStream in) {
+        throw new RuntimeException(" not implemented");
+    }
+
+    public String get_id() {
+        return id();
+    }
+
+    public org.omg.CORBA.TypeCode get_type() {
+        return type();
+    }
+}

Added: geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/gssup/GSSUPPolicyHolder.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/gssup/GSSUPPolicyHolder.java?rev=329036&view=auto
==============================================================================
--- geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/gssup/GSSUPPolicyHolder.java (added)
+++ geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/gssup/GSSUPPolicyHolder.java Thu Oct 27 19:00:06 2005
@@ -0,0 +1,44 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation or its licensors, as applicable.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.corba.csi.gssup;
+
+/**
+ * Generated by the JacORB IDL compiler.
+ */
+public class GSSUPPolicyHolder implements org.omg.CORBA.portable.Streamable {
+
+    public GSSUPPolicy value;
+
+    public GSSUPPolicyHolder() {
+    }
+
+    public GSSUPPolicyHolder(GSSUPPolicy initial) {
+        value = initial;
+    }
+
+    public org.omg.CORBA.TypeCode _type() {
+        return GSSUPPolicyHelper.type();
+    }
+
+    public void _read(org.omg.CORBA.portable.InputStream in) {
+        value = GSSUPPolicyHelper.read(in);
+    }
+
+    public void _write(org.omg.CORBA.portable.OutputStream _out) {
+        GSSUPPolicyHelper.write(_out, value);
+    }
+}

Added: geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/gssup/GSSUPPolicyOperations.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/gssup/GSSUPPolicyOperations.java?rev=329036&view=auto
==============================================================================
--- geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/gssup/GSSUPPolicyOperations.java (added)
+++ geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/gssup/GSSUPPolicyOperations.java Thu Oct 27 19:00:06 2005
@@ -0,0 +1,29 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation or its licensors, as applicable.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.corba.csi.gssup;
+
+/**
+ * Generated by the JacORB IDL compiler.
+ */
+public interface GSSUPPolicyOperations
+        extends org.omg.CORBA.PolicyOperations
+{
+
+    public org.omg.Security.RequiresSupports mode();
+
+    public java.lang.String domain();
+}

Added: geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/gssup/GSSUPPolicyValue.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/gssup/GSSUPPolicyValue.java?rev=329036&view=auto
==============================================================================
--- geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/gssup/GSSUPPolicyValue.java (added)
+++ geronimo/trunk/sandbox/freeorb/geronimo-orb/src/main/java/org/apache/geronimo/corba/csi/gssup/GSSUPPolicyValue.java Thu Oct 27 19:00:06 2005
@@ -0,0 +1,33 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation or its licensors, as applicable.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.corba.csi.gssup;
+
+public final class GSSUPPolicyValue
+        implements org.omg.CORBA.portable.IDLEntity
+{
+
+    public GSSUPPolicyValue() {
+    }
+
+    public org.omg.Security.RequiresSupports mode;
+    public java.lang.String domain;
+
+    public GSSUPPolicyValue(org.omg.Security.RequiresSupports mode, java.lang.String domain) {
+        this.mode = mode;
+        this.domain = domain;
+    }
+}



Mime
View raw message