geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vamsic...@apache.org
Subject svn commit: r548735 - in /geronimo/server/trunk: applications/console/geronimo-console-core/src/main/java/org/apache/geronimo/console/core/security/ applications/console/geronimo-console-standard/src/main/webapp/WEB-INF/classes/ applications/console/ge...
Date Tue, 19 Jun 2007 14:12:59 GMT
Author: vamsic007
Date: Tue Jun 19 07:12:58 2007
New Revision: 548735

URL: http://svn.apache.org/viewvc?view=rev&rev=548735
Log:
GERONIMO-3251 PropertiesFile and SQL LoginModules should provide configurable "encoding" option
for digest
  o Added an encoding option to support hex and base64 encoding of passwords.

Modified:
    geronimo/server/trunk/applications/console/geronimo-console-core/src/main/java/org/apache/geronimo/console/core/security/PropertiesFileLoginModuleNoCache.java
    geronimo/server/trunk/applications/console/geronimo-console-core/src/main/java/org/apache/geronimo/console/core/security/PropertiesLoginModuleManager.java
    geronimo/server/trunk/applications/console/geronimo-console-standard/src/main/webapp/WEB-INF/classes/login-modules.properties
    geronimo/server/trunk/applications/console/geronimo-console-standard/src/main/webapp/WEB-INF/view/realmwizard/_sql.jsp
    geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java
    geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java

Modified: geronimo/server/trunk/applications/console/geronimo-console-core/src/main/java/org/apache/geronimo/console/core/security/PropertiesFileLoginModuleNoCache.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/applications/console/geronimo-console-core/src/main/java/org/apache/geronimo/console/core/security/PropertiesFileLoginModuleNoCache.java?view=diff&rev=548735&r1=548734&r2=548735
==============================================================================
--- geronimo/server/trunk/applications/console/geronimo-console-core/src/main/java/org/apache/geronimo/console/core/security/PropertiesFileLoginModuleNoCache.java
(original)
+++ geronimo/server/trunk/applications/console/geronimo-console-core/src/main/java/org/apache/geronimo/console/core/security/PropertiesFileLoginModuleNoCache.java
Tue Jun 19 07:12:58 2007
@@ -48,6 +48,7 @@
 import org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal;
 import org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal;
 import org.apache.geronimo.system.serverinfo.ServerInfo;
+import org.apache.geronimo.util.encoders.Base64;
 import org.apache.geronimo.util.encoders.HexTranslator;
 
 /**
@@ -69,6 +70,8 @@
 
     public final static String DIGEST = "digest";
 
+    public final static String ENCODING = "encoding";
+
     private static Log log = LogFactory
             .getLog(PropertiesFileLoginModuleNoCache.class);
 
@@ -78,6 +81,8 @@
 
     private String digest;
 
+    private String encoding;
+
     Subject subject;
 
     CallbackHandler handler;
@@ -98,6 +103,7 @@
             usersURI = new URI((String) options.get(USERS_URI));
             groupsURI = new URI((String) options.get(GROUPS_URI));
             digest = (String) options.get(DIGEST);
+            encoding = (String) options.get(ENCODING);
             if(digest != null && !digest.equals("")) {
                 // Check if the digest algorithm is available
                 try {
@@ -106,6 +112,10 @@
                     log.error("Initialization failed. Digest algorithm "+digest+" is not
available.", e);
                     throw new IllegalArgumentException("Unable to configure properties file
login module: "+e.getMessage(), e);
                 }
+                if(encoding != null && !"hex".equalsIgnoreCase(encoding) &&
!"base64".equalsIgnoreCase(encoding)) {
+                    log.error("Initialization failed. Digest Encoding "+encoding+" is not
supported.");
+                    throw new IllegalArgumentException("Unable to configure properties file
login module. Digest Encoding "+encoding+" not supported.");
+                }
             }
         } catch (Exception e) {
             log.error(e);
@@ -256,12 +266,16 @@
             // Digest the user provided password
             MessageDigest md = MessageDigest.getInstance(digest);
             byte[] data = md.digest(provided.getBytes());
-            // Convert bytes to hex digits
-            byte[] hexData = new byte[data.length * 2];
-            HexTranslator ht = new HexTranslator();
-            ht.encode(data, 0, data.length, hexData, 0);
-            // Compare the digested provided password with the actual one
-            return real.equalsIgnoreCase(new String(hexData));
+            if(encoding == null || "hex".equalsIgnoreCase(encoding)) {
+                // Convert bytes to hex digits
+                byte[] hexData = new byte[data.length * 2];
+                HexTranslator ht = new HexTranslator();
+                ht.encode(data, 0, data.length, hexData, 0);
+                // Compare the digested provided password with the actual one
+                return real.equalsIgnoreCase(new String(hexData));
+            } else if("base64".equalsIgnoreCase(encoding)) {
+                return real.equals(new String(Base64.encode(data)));
+            }
         } catch (NoSuchAlgorithmException e) {
             // Should not occur.  Availability of algorithm has been checked at initialization
             log.error("Should not occur.  Availability of algorithm has been checked at initialization.",
e);

Modified: geronimo/server/trunk/applications/console/geronimo-console-core/src/main/java/org/apache/geronimo/console/core/security/PropertiesLoginModuleManager.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/applications/console/geronimo-console-core/src/main/java/org/apache/geronimo/console/core/security/PropertiesLoginModuleManager.java?view=diff&rev=548735&r1=548734&r2=548735
==============================================================================
--- geronimo/server/trunk/applications/console/geronimo-console-core/src/main/java/org/apache/geronimo/console/core/security/PropertiesLoginModuleManager.java
(original)
+++ geronimo/server/trunk/applications/console/geronimo-console-core/src/main/java/org/apache/geronimo/console/core/security/PropertiesLoginModuleManager.java
Tue Jun 19 07:12:58 2007
@@ -39,6 +39,7 @@
 import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
 import org.apache.geronimo.security.jaas.LoginModuleSettings;
 import org.apache.geronimo.system.serverinfo.ServerInfo;
+import org.apache.geronimo.util.encoders.Base64;
 import org.apache.geronimo.util.encoders.HexTranslator;
 
 /**
@@ -60,6 +61,8 @@
 
     private static final String digestKey = "digest";
 
+    private final static String encodingKey = "encoding";
+
     public PropertiesLoginModuleManager(ServerInfo serverInfo, LoginModuleSettings loginModule)
{
         this.serverInfo = serverInfo;
         this.loginModule = loginModule;
@@ -155,7 +158,7 @@
             String user = (String) properties.get("UserName");
             String password = (String) properties.get("Password");
             if(digest != null && !digest.equals("")) {
-                password = digestPassword(password, digest);
+                password = digestPassword(password, digest, getEncoding());
             }
             users.setProperty(user, password);
             store(users, serverInfo.resolveServer(getUsersURI()).toURL());
@@ -186,7 +189,7 @@
             String user = (String) properties.get("UserName");
             String password = (String) properties.get("Password");
             if(digest != null && !digest.equals("")) {
-                password = digestPassword(password, digest);
+                password = digestPassword(password, digest, getEncoding());
             }
             users.setProperty(user, password);
             store(users, serverInfo.resolveServer(getUsersURI()).toURL());
@@ -284,6 +287,10 @@
         return loginModule.getOptions().getProperty(digestKey);
     }
 
+    private String getEncoding() {
+        return loginModule.getOptions().getProperty(encodingKey);
+    }
+
     private void store(Properties props, URL url) throws Exception {
         OutputStream out = null;
         try {
@@ -314,17 +321,23 @@
      * This method returns the message digest of a specified string.
      * @param password  The string that is to be digested
      * @param algorithm Name of the Message Digest algorithm
-     * @return Hex encoding of the digest bytes
+     * @param encoding  Encoding to be used for digest data.  Hex by default.
+     * @return encoded digest bytes
      * @throws NoSuchAlgorithmException if the Message Digest algorithm is not available
      */
-    private String digestPassword(String password, String algorithm) throws NoSuchAlgorithmException
{
+    private String digestPassword(String password, String algorithm, String encoding) throws
NoSuchAlgorithmException {
         MessageDigest md = MessageDigest.getInstance(algorithm);
         byte[] data = md.digest(password.getBytes());
-        // Convert bytes to hex digits
-        byte[] hexData = new byte[data.length * 2];
-        HexTranslator ht = new HexTranslator();
-        ht.encode(data, 0, data.length, hexData, 0);
-        return new String(hexData);
+        if(encoding == null || "hex".equalsIgnoreCase(encoding)) {
+            // Convert bytes to hex digits
+            byte[] hexData = new byte[data.length * 2];
+            HexTranslator ht = new HexTranslator();
+            ht.encode(data, 0, data.length, hexData, 0);
+            return new String(hexData);
+        } else if("base64".equalsIgnoreCase(encoding)) {
+            return new String(Base64.encode(data));
+        }
+        return "";
     }
 
     public static final GBeanInfo GBEAN_INFO;

Modified: geronimo/server/trunk/applications/console/geronimo-console-standard/src/main/webapp/WEB-INF/classes/login-modules.properties
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/applications/console/geronimo-console-standard/src/main/webapp/WEB-INF/classes/login-modules.properties?view=diff&rev=548735&r1=548734&r2=548735
==============================================================================
--- geronimo/server/trunk/applications/console/geronimo-console-standard/src/main/webapp/WEB-INF/classes/login-modules.properties
(original)
+++ geronimo/server/trunk/applications/console/geronimo-console-standard/src/main/webapp/WEB-INF/classes/login-modules.properties
Tue Jun 19 07:12:58 2007
@@ -36,6 +36,11 @@
 module.props.field.digest.description=Message Digest algorithm (e.g. MD5, SHA1, etc.) used
on the passwords.  Leave this field empty if no digest algorithm is used.
 module.props.field.digest.length=10
 module.props.field.digest.blankAllowed=true
+module.props.field.encoding.displayOrder=4
+module.props.field.encoding.displayName=Digest Encoding
+module.props.field.encoding.description=Encoding to use for digests (e.g. hex, base64). 
This is used only if a Message Digest algorithm is specified.  If no encoding is specified,
hex will be used.
+module.props.field.encoding.length=10
+module.props.field.encoding.blankAllowed=true
 # LDAP
 module.ldap.name=LDAP Realm
 module.ldap.class=org.apache.geronimo.security.realm.providers.LDAPLoginModule

Modified: geronimo/server/trunk/applications/console/geronimo-console-standard/src/main/webapp/WEB-INF/view/realmwizard/_sql.jsp
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/applications/console/geronimo-console-standard/src/main/webapp/WEB-INF/view/realmwizard/_sql.jsp?view=diff&rev=548735&r1=548734&r2=548735
==============================================================================
--- geronimo/server/trunk/applications/console/geronimo-console-standard/src/main/webapp/WEB-INF/view/realmwizard/_sql.jsp
(original)
+++ geronimo/server/trunk/applications/console/geronimo-console-standard/src/main/webapp/WEB-INF/view/realmwizard/_sql.jsp
Tue Jun 19 07:12:58 2007
@@ -73,6 +73,17 @@
       </tr>
 
       <tr>
+        <th><div align="right">Digest Encoding:</div></th>
+        <td><input name="option-encoding" type="text"
+                   size="10" value="${realm.options['encoding']}"></td>
+      </tr>
+      <tr>
+        <td></td>
+        <td>Encoding to use for digests (e.g. hex, base64).  This is used only if a
Message Digest algorithm is specified.
+          If no encoding is specified, hex will be used.</td>
+      </tr>
+
+      <tr>
         <td></td>
         <td><i>A SQL security realm must either have a database pool or JDBC
connectivity settings to
           connect to the database.  Please select EITHER the database pool, OR the rest of
the JDBC

Modified: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java?view=diff&rev=548735&r1=548734&r2=548735
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java
(original)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java
Tue Jun 19 07:12:58 2007
@@ -22,6 +22,7 @@
 import org.apache.geronimo.common.GeronimoSecurityException;
 import org.apache.geronimo.security.jaas.JaasLoginModuleUse;
 import org.apache.geronimo.system.serverinfo.ServerInfo;
+import org.apache.geronimo.util.encoders.Base64;
 import org.apache.geronimo.util.encoders.HexTranslator;
 
 import javax.security.auth.Subject;
@@ -58,10 +59,13 @@
     public final static String USERS_URI = "usersURI";
     public final static String GROUPS_URI = "groupsURI";
     public final static String DIGEST = "digest";
+    public final static String ENCODING = "encoding";
+
     private static Log log = LogFactory.getLog(PropertiesFileLoginModule.class);
     final Properties users = new Properties();
     final Map groups = new HashMap();
     private String digest;
+    private String encoding;    
 
     Subject subject;
     CallbackHandler handler;
@@ -76,6 +80,8 @@
             final String users = (String)options.get(USERS_URI);
             final String groups = (String)options.get(GROUPS_URI);
             digest = (String) options.get(DIGEST);
+            encoding = (String) options.get(ENCODING);
+
             if(digest != null && !digest.equals("")) {
                 // Check if the digest algorithm is available
                 try {
@@ -84,6 +90,10 @@
                     log.error("Initialization failed. Digest algorithm "+digest+" is not
available.", e);
                     throw new IllegalArgumentException("Unable to configure properties file
login module: "+e.getMessage());
                 }
+                if(encoding != null && !"hex".equalsIgnoreCase(encoding) &&
!"base64".equalsIgnoreCase(encoding)) {
+                    log.error("Initialization failed. Digest Encoding "+encoding+" is not
supported.");
+                    throw new IllegalArgumentException("Unable to configure properties file
login module. Digest Encoding "+encoding+" not supported.");
+                }
             }
             if(users == null || groups == null) {
                 throw new IllegalArgumentException("Both "+USERS_URI+" and "+GROUPS_URI+"
must be provided!");
@@ -236,12 +246,16 @@
             // Digest the user provided password
             MessageDigest md = MessageDigest.getInstance(digest);
             byte[] data = md.digest(provided.getBytes());
-            // Convert bytes to hex digits
-            byte[] hexData = new byte[data.length * 2];
-            HexTranslator ht = new HexTranslator();
-            ht.encode(data, 0, data.length, hexData, 0);
-            // Compare the digested provided password with the actual one
-            return real.equalsIgnoreCase(new String(hexData));
+            if(encoding == null || "hex".equalsIgnoreCase(encoding)) {
+                // Convert bytes to hex digits
+                byte[] hexData = new byte[data.length * 2];
+                HexTranslator ht = new HexTranslator();
+                ht.encode(data, 0, data.length, hexData, 0);
+                // Compare the digested provided password with the actual one
+                return real.equalsIgnoreCase(new String(hexData));
+            } else if("base64".equalsIgnoreCase(encoding)) {
+                return real.equals(new String(Base64.encode(data)));
+            }
         } catch (NoSuchAlgorithmException e) {
             // Should not occur.  Availability of algorithm has been checked at initialization
             log.error("Should not occur.  Availability of algorithm has been checked at initialization.",
e);

Modified: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java?view=diff&rev=548735&r1=548734&r2=548735
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java
(original)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java
Tue Jun 19 07:12:58 2007
@@ -51,6 +51,7 @@
 import org.apache.geronimo.kernel.KernelRegistry;
 import org.apache.geronimo.management.geronimo.JCAManagedConnectionFactory;
 import org.apache.geronimo.security.jaas.JaasLoginModuleUse;
+import org.apache.geronimo.util.encoders.Base64;
 import org.apache.geronimo.util.encoders.HexTranslator;
 
 
@@ -86,6 +87,7 @@
     public final static String DATABASE_POOL_NAME = "dataSourceName";
     public final static String DATABASE_POOL_APP_NAME = "dataSourceApplication";
     public final static String DIGEST = "digest";
+    public final static String ENCODING = "encoding";
     private String connectionURL;
     private Properties properties;
     private Driver driver;
@@ -93,6 +95,7 @@
     private String userSelect;
     private String groupSelect;
     private String digest;
+    private String encoding;    
 
     private Subject subject;
     private CallbackHandler handler;
@@ -107,6 +110,7 @@
         groupSelect = (String) options.get(GROUP_SELECT);
 
         digest = (String) options.get(DIGEST);
+        encoding = (String) options.get(ENCODING);
         if(digest != null && !digest.equals("")) {
             // Check if the digest algorithm is available
             try {
@@ -115,6 +119,10 @@
                 log.error("Initialization failed. Digest algorithm "+digest+" is not available.",
e);
                 throw new IllegalArgumentException("Unable to configure SQL login module:
"+e.getMessage());
             }
+            if(encoding != null && !"hex".equalsIgnoreCase(encoding) && !"base64".equalsIgnoreCase(encoding))
{
+                log.error("Initialization failed. Digest Encoding "+encoding+" is not supported.");
+                throw new IllegalArgumentException("Unable to configure SQL login module.
Digest Encoding "+encoding+" not supported.");
+            }
         }
 
         String dataSourceName = (String) options.get(DATABASE_POOL_NAME);
@@ -311,12 +319,16 @@
             // Digest the user provided password
             MessageDigest md = MessageDigest.getInstance(digest);
             byte[] data = md.digest(provided.getBytes());
-            // Convert bytes to hex digits
-            byte[] hexData = new byte[data.length * 2];
-            HexTranslator ht = new HexTranslator();
-            ht.encode(data, 0, data.length, hexData, 0);
-            // Compare the digested provided password with the actual one
-            return real.equalsIgnoreCase(new String(hexData));
+            if(encoding == null || "hex".equalsIgnoreCase(encoding)) {
+                // Convert bytes to hex digits
+                byte[] hexData = new byte[data.length * 2];
+                HexTranslator ht = new HexTranslator();
+                ht.encode(data, 0, data.length, hexData, 0);
+                // Compare the digested provided password with the actual one
+                return real.equalsIgnoreCase(new String(hexData));
+            } else if("base64".equalsIgnoreCase(encoding)) {
+                return real.equals(new String(Base64.encode(data)));
+            }
         } catch (NoSuchAlgorithmException e) {
             // Should not occur.  Availability of algorithm has been checked at initialization
             log.error("Should not occur.  Availability of algorithm has been checked at initialization.",
e);



Mime
View raw message