geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vamsic...@apache.org
Subject svn commit: r480049 - in /geronimo/server/trunk/applications/console/geronimo-console-core/src/main/java/org/apache/geronimo/console/core/security: PropertiesFileLoginModuleNoCache.java PropertiesLoginModuleManager.java
Date Tue, 28 Nov 2006 14:06:46 GMT
Author: vamsic007
Date: Tue Nov 28 06:06:46 2006
New Revision: 480049

URL: http://svn.apache.org/viewvc?view=rev&rev=480049
Log:
Updated console application to account for the "digest" option introduced for "GERONIMO-1880
To Allow configurable password digests during REALM Deployment".  Rev 480046 in branches\1.2

Modified:
    geronimo/server/trunk/applications/console/geronimo-console-core/src/main/java/org/apache/geronimo/console/core/security/PropertiesFileLoginModuleNoCache.java
    geronimo/server/trunk/applications/console/geronimo-console-core/src/main/java/org/apache/geronimo/console/core/security/PropertiesLoginModuleManager.java

Modified: geronimo/server/trunk/applications/console/geronimo-console-core/src/main/java/org/apache/geronimo/console/core/security/PropertiesFileLoginModuleNoCache.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/applications/console/geronimo-console-core/src/main/java/org/apache/geronimo/console/core/security/PropertiesFileLoginModuleNoCache.java?view=diff&rev=480049&r1=480048&r2=480049
==============================================================================
--- geronimo/server/trunk/applications/console/geronimo-console-core/src/main/java/org/apache/geronimo/console/core/security/PropertiesFileLoginModuleNoCache.java
(original)
+++ geronimo/server/trunk/applications/console/geronimo-console-core/src/main/java/org/apache/geronimo/console/core/security/PropertiesFileLoginModuleNoCache.java
Tue Nov 28 06:06:46 2006
@@ -20,6 +20,8 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.net.URI;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
 import java.util.Enumeration;
 import java.util.HashMap;
 import java.util.HashSet;
@@ -46,7 +48,11 @@
 import org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal;
 import org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal;
 import org.apache.geronimo.system.serverinfo.ServerInfo;
+import org.apache.geronimo.util.encoders.HexTranslator;
 
+/**
+ * @version $Rev$ $Date$
+ */
 public class PropertiesFileLoginModuleNoCache implements LoginModule {
 
     Kernel kernel;
@@ -61,6 +67,8 @@
 
     public final static String GROUPS_URI = "groupsURI";
 
+    public final static String DIGEST = "digest";
+
     private static Log log = LogFactory
             .getLog(PropertiesFileLoginModuleNoCache.class);
 
@@ -68,6 +76,8 @@
 
     final Map groups = new HashMap();
 
+    private String digest;
+
     Subject subject;
 
     CallbackHandler handler;
@@ -87,6 +97,16 @@
                     .get(JaasLoginModuleUse.SERVERINFO_LM_OPTION);
             usersURI = new URI((String) options.get(USERS_URI));
             groupsURI = new URI((String) options.get(GROUPS_URI));
+            digest = (String) options.get(DIGEST);
+            if(digest != null && !digest.equals("")) {
+                // Check if the digest algorithm is available
+                try {
+                    MessageDigest.getInstance(digest);
+                } catch(NoSuchAlgorithmException e) {
+                    log.error("Initialization failed. Digest algorithm "+digest+" is not
available.", e);
+                    throw new IllegalArgumentException("Unable to configure properties file
login module: "+e.getMessage());
+                }
+            }
         } catch (Exception e) {
             log.error(e);
             throw new IllegalArgumentException(
@@ -156,8 +176,7 @@
         }
         password = users.getProperty(username);
 
-        return new String(((PasswordCallback) callbacks[1]).getPassword())
-                .equals(password);
+        return checkPassword(password, new String((((PasswordCallback) callbacks[1]).getPassword())));
     }
 
     public boolean commit() throws LoginException {
@@ -220,5 +239,33 @@
                     + className);
         }
         return (String[]) s.toArray(new String[s.size()]);
+    }
+
+    /**
+     * This method checks if the provided password is correct.  The original password may
have been digested.
+     * @param real      Original password in digested form if applicable
+     * @param provided  User provided password in clear text
+     * @return true     If the password is correct
+     */
+    private boolean checkPassword(String real, String provided){
+        if(digest == null || digest.equals("")) {
+            // No digest algorithm is used
+            return real.equals(provided);
+        }
+        try {
+            // Digest the user provided password
+            MessageDigest md = MessageDigest.getInstance(digest);
+            byte[] data = md.digest(provided.getBytes());
+            // Convert bytes to hex digits
+            byte[] hexData = new byte[data.length * 2];
+            HexTranslator ht = new HexTranslator();
+            ht.encode(data, 0, data.length, hexData, 0);
+            // Compare the digested provided password with the actual one
+            return real.equalsIgnoreCase(new String(hexData));
+        } catch (NoSuchAlgorithmException e) {
+            // Should not occur.  Availability of algorithm has been checked at initialization
+            log.error("Should not occur.  Availability of algorithm has been checked at initialization.",
e);
+        }
+        return false;
     }
 }

Modified: geronimo/server/trunk/applications/console/geronimo-console-core/src/main/java/org/apache/geronimo/console/core/security/PropertiesLoginModuleManager.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/applications/console/geronimo-console-core/src/main/java/org/apache/geronimo/console/core/security/PropertiesLoginModuleManager.java?view=diff&rev=480049&r1=480048&r2=480049
==============================================================================
--- geronimo/server/trunk/applications/console/geronimo-console-core/src/main/java/org/apache/geronimo/console/core/security/PropertiesLoginModuleManager.java
(original)
+++ geronimo/server/trunk/applications/console/geronimo-console-core/src/main/java/org/apache/geronimo/console/core/security/PropertiesLoginModuleManager.java
Tue Nov 28 06:06:46 2006
@@ -25,6 +25,8 @@
 import java.net.URL;
 import java.net.URLConnection;
 import java.net.UnknownServiceException;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
 import java.util.Arrays;
 import java.util.HashSet;
 import java.util.Hashtable;
@@ -37,7 +39,11 @@
 import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
 import org.apache.geronimo.security.jaas.LoginModuleSettings;
 import org.apache.geronimo.system.serverinfo.ServerInfo;
+import org.apache.geronimo.util.encoders.HexTranslator;
 
+/**
+ * @version $Rev$ $Date$
+ */
 public class PropertiesLoginModuleManager {
 
     private ServerInfo serverInfo;
@@ -52,6 +58,8 @@
 
     private static final String groupsKey = "groupsURI";
 
+    private static final String digestKey = "digest";
+
     public PropertiesLoginModuleManager(ServerInfo serverInfo, LoginModuleSettings loginModule)
{
         this.serverInfo = serverInfo;
         this.loginModule = loginModule;
@@ -143,8 +151,13 @@
         }
         try {
             refreshUsers();
-            users.setProperty((String) properties.get("UserName"),
-                    (String) properties.get("Password"));
+            String digest = getDigest();
+            String user = (String) properties.get("UserName");
+            String password = (String) properties.get("Password");
+            if(digest != null && !digest.equals("")) {
+                password = digestPassword(password, digest);
+            }
+            users.setProperty(user, password);
             store(users, serverInfo.resolve(getUsersURI()).toURL());
         } catch (Exception e) {
             throw new GeronimoSecurityException("Cannot add user principal: "
@@ -166,11 +179,16 @@
 
     public void updateUserPrincipal(Hashtable properties)
             throws GeronimoSecurityException {
-        //same as add pricipal overriding the property
+        //same as add principal overriding the property
         try {
             refreshUsers();
-            users.setProperty((String) properties.get("UserName"),
-                    (String) properties.get("Password"));
+            String digest = getDigest();
+            String user = (String) properties.get("UserName");
+            String password = (String) properties.get("Password");
+            if(digest != null && !digest.equals("")) {
+                password = digestPassword(password, digest);
+            }
+            users.setProperty(user, password);
             store(users, serverInfo.resolve(getUsersURI()).toURL());
         } catch (Exception e) {
             throw new GeronimoSecurityException("Cannot add user principal: "
@@ -262,6 +280,10 @@
         return loginModule.getOptions().getProperty(groupsKey);
     }
 
+    private String getDigest() {
+        return loginModule.getOptions().getProperty(digestKey);
+    }
+
     private void store(Properties props, URL url) throws Exception {
         OutputStream out = null;
         try {
@@ -286,6 +308,23 @@
                 }
             }
         }
+    }
+
+    /**
+     * This method returns the message digest of a specified string.
+     * @param password  The string that is to be digested
+     * @param algorithm Name of the Message Digest algorithm
+     * @return Hex encoding of the digest bytes
+     * @throws NoSuchAlgorithmException if the Message Digest algorithm is not available
+     */
+    private String digestPassword(String password, String algorithm) throws NoSuchAlgorithmException
{
+        MessageDigest md = MessageDigest.getInstance(algorithm);
+        byte[] data = md.digest(password.getBytes());
+        // Convert bytes to hex digits
+        byte[] hexData = new byte[data.length * 2];
+        HexTranslator ht = new HexTranslator();
+        ht.encode(data, 0, data.length, hexData, 0);
+        return new String(hexData);
     }
 
     public static final GBeanInfo GBEAN_INFO;



Mime
View raw message