| Methods Summary |
|---|
| public boolean | allMechanismsRequireSSL(java.util.Set iorDescSet)This method determines if all the mechanisms defined in the
CSIV2 CompoundSecMechList structure require protected
invocations.
int size = iorDescSet.size();
if(size == 0) {
return false;
}
Iterator<EjbIORConfigurationDescriptor> itr =
iorDescSet.iterator();
for(int i = 0; i < size; i++) {
EjbIORConfigurationDescriptor iorDesc = itr.next();
int target_requires = getTargetRequires(iorDesc);
if(target_requires == 0) {
return false;
}
}
return true;
|
| public com.sun.corba.ee.org.omg.CSIIOP.AS_ContextSec | createASContextSec(com.sun.enterprise.deployment.EjbIORConfigurationDescriptor iorDesc)Create the AS layer context within a compound mechanism definition.
AS_ContextSec asContext = null;
int target_supports = 0;
int target_requires = 0;
byte[] client_authentication_mechanism = {};
byte[] target_name = {} ;
String authMethod = null;
boolean authMethodRequired = false;
if(_logger.isLoggable(Level.FINE)){
_logger.log(Level.FINE, "IIOP: Creating AS_Context");
}
// If AS_ContextSec is not required to be generated in an IOR,
// then optimize the code by not generating and filling in fields that are
// irrelevant.
if (iorDesc != null) {
authMethod = iorDesc.getAuthenticationMethod();
authMethodRequired = iorDesc.isAuthMethodRequired();
}
if ((authMethod != null) &&
(authMethod.equalsIgnoreCase(EjbIORConfigurationDescriptor.NONE))) {
asContext = new AS_ContextSec((short)target_supports,
(short)target_requires, client_authentication_mechanism,
target_name);
return asContext;
}
/** Functionality for Realm Per App
* Try to get the realm from the descriptor, else fill in default
*/
if(_realm_name == null){// realm name should be populated at this point
if(iorDesc != null){
_realm_name = iorDesc.getRealmName();
}
if(_realm_name == null){
_realm_name = DEFAULT_REALM;
if(_logger.isLoggable(Level.FINE)){
_logger.log(Level.FINE, "IIOP:AS_Context: Realm Name = null,"
+ " setting default realm for logging in");
}
}
}
if(_logger.isLoggable(Level.FINE)){
_logger.log(Level.FINE, "IIOP:AS_Context: Realm Name for login = "+
_realm_name);
}
_realm_name_bytes = _realm_name.getBytes();
target_name = GSSUtils.createExportedName(
GSSUtils.GSSUP_MECH_OID,
_realm_name_bytes);
target_supports = EstablishTrustInClient.value;
if (authMethodRequired){
target_requires = EstablishTrustInClient.value;
}
client_authentication_mechanism = Utility.getMechanism();
asContext = new AS_ContextSec((short)target_supports,
(short)target_requires,
client_authentication_mechanism,
target_name);
return asContext;
|
| private org.omg.IOP.TaggedComponent | createCompoundSecMechListComponent(com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech[] mechList)
CDROutputStream out = (CDROutputStream) orb.create_output_stream();
out.putEndian();
boolean stateful = false;
CompoundSecMechList list = new CompoundSecMechList(
stateful, mechList);
CompoundSecMechListHelper.write(out, list);
byte[] buf = out.toByteArray();
org.omg.IOP.TaggedComponent tc = new org.omg.IOP.TaggedComponent(
TAG_CSI_SEC_MECH_LIST.value, buf ) ;
return tc;
|
| private com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech[] | createCompoundSecMechs(com.sun.enterprise.iiop.CSIV2TaggedComponentInfo$DescriptorMaker maker, com.sun.enterprise.deployment.EjbDescriptor desc)Create the security mechanisms. Only 1 such mechanism is created
although the spec allows multiple mechanisms (in decreasing order
of preference). Note that creating more than one CompoundSecMech
here will cause getSecurityMechanisms to fail, as it supports
only one CompoundSecMech.
if(_logger.isLoggable(Level.FINE)){
_logger.log(Level.FINE, "IIOP: Creating CompoundSecMech");
}
Set iorDescSet = getIORConfigurationDescriptors( desc ) ;
CompoundSecMech[] mechList = new CompoundSecMech[iorDescSet.size()];
Iterator<EjbIORConfigurationDescriptor> itr = iorDescSet.iterator();
if(_logger.isLoggable(Level.FINE)){
_logger.log(Level.FINE,"IORDescSet SIZE:" + iorDescSet.size());
}
for(int i = 0; i < iorDescSet.size(); i++) {
EjbIORConfigurationDescriptor iorDesc = itr.next();
int target_requires = getTargetRequires(iorDesc);
org.omg.IOP.TaggedComponent comp = maker.evaluate( iorDesc ) ;
// Create AS_Context
AS_ContextSec asContext = createASContextSec(iorDesc);
// Create SAS_Context
SAS_ContextSec sasContext = createSASContextSec(iorDesc);
// update the target requires value
int targ_req = target_requires | asContext.target_requires
| sasContext.target_requires;
// Convert Profile.TaggedComponent to org.omg.IOP.TaggedComponent
mechList[i] = new CompoundSecMech((short)targ_req,
comp, asContext, sasContext);
}
return mechList;
|
| private com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech[] | createCompoundSecMechs(java.util.List socketInfos, com.sun.enterprise.deployment.EjbDescriptor desc)
DescriptorMaker maker = new DescriptorMaker() {
public org.omg.IOP.TaggedComponent evaluate( EjbIORConfigurationDescriptor desc ) {
return createSSLInfo( socketInfos, desc, false ) ;
}
} ;
return createCompoundSecMechs( maker, desc ) ;
|
| private com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech[] | createCompoundSecMechs(int sslPort, com.sun.enterprise.deployment.EjbDescriptor desc)
DescriptorMaker maker = new DescriptorMaker() {
public org.omg.IOP.TaggedComponent evaluate( EjbIORConfigurationDescriptor desc ) {
return createSSLInfo( sslPort, desc, false ) ;
}
} ;
return createCompoundSecMechs( maker, desc ) ;
|
| public com.sun.corba.ee.org.omg.CSIIOP.SAS_ContextSec | createSASContextSec(com.sun.enterprise.deployment.EjbIORConfigurationDescriptor iorDesc)Create the SAS layer context within a compound mechanism definition.
SAS_ContextSec sasContext = null;
// target_supports = 0 means that target supports ITTAbsent
int target_supports = 0;
int target_requires = 0;
ServiceConfiguration[] priv = new ServiceConfiguration[0];
String callerPropagation = null;
byte[][] mechanisms = {};
if(_logger.isLoggable(Level.FINE)){
_logger.log(Level.FINE, "IIOP: Creating SAS_Context");
}
// this shall be non-zero if target_supports is non-zero
int supported_identity_token_type = 0;
if (iorDesc != null) {
callerPropagation = iorDesc.getCallerPropagation();
}
if ((callerPropagation != null)
&& (callerPropagation.equalsIgnoreCase(EjbIORConfigurationDescriptor.NONE))){
sasContext = new SAS_ContextSec((short)target_supports,
(short)target_requires,
priv, mechanisms,
supported_identity_token_type);
return sasContext;
}
target_supports = IdentityAssertion.value;
byte[] upm = Utility.getMechanism(); // Only username_password mechanism
mechanisms = new byte[1][upm.length];
for(int i = 0; i < upm.length; i++) {
mechanisms[0][i] = upm[i];
}
// para 166 of CSIv2 spec says that the bit corresponding to the
// ITTPrincipalName is non-zero if supported_mechanism has atleast
// 1 element. Supported_mechanism has the value of GSSUP OID
if (target_supports != 0){
supported_identity_token_type = SUPPORTED_IDENTITY_TOKEN_TYPES;
}
sasContext = new SAS_ContextSec((short)target_supports,
(short)target_requires,
priv, mechanisms,
supported_identity_token_type);
return sasContext;
|
| private org.omg.IOP.TaggedComponent | createSSLInfo(int sslport, com.sun.enterprise.deployment.EjbIORConfigurationDescriptor iorDesc, boolean sslRequired)Create the SSL tagged component within a compound mechanism
definition.
int targetSupports = getTargetSupportsDefault( iorDesc ) ;
int targetRequires = getTargetRequiresDefault( iorDesc, sslRequired ) ;
boolean mutualAuthRequired = (iorDesc != null) &&
((targetRequires & EstablishTrustInClient.value) ==
EstablishTrustInClient.value) ;
int ssl_port = mutualAuthRequired ? sslMutualAuthPort : sslport;
if(_logger.isLoggable(Level.FINE)){
_logger.log(Level.FINE, "IIOP: Creating Transport Mechanism for sslport "
+ ssl_port );
}
/*
* if both targetSupports and targetRequires are zero, then the
* mechanism does not support a transport_mechanism and hence
* a TAG_NULL_TAG must be generated.
*/
if ( (targetSupports | targetRequires) == 0 || ssl_port == -1) {
return NULL_TAGGED_COMPONENT ;
}
TransportAddress[] listTa = generateTransportAddresses( ssl_port ) ;
return createTlsSecTransComponent( targetSupports, targetRequires, listTa ) ;
|
| private org.omg.IOP.TaggedComponent | createSSLInfo(java.util.List socketInfos, com.sun.enterprise.deployment.EjbIORConfigurationDescriptor iorDesc, boolean sslRequired)
int targetSupports = getTargetSupportsDefault( iorDesc ) ;
int targetRequires = getTargetRequiresDefault( iorDesc, sslRequired ) ;
if(_logger.isLoggable(Level.FINE)){
_logger.log(Level.FINE, "IIOP: Creating Transport Mechanism for socketInfos "
+ socketInfos );
}
/*
* if both targetSupports and targetRequires are zero, then the
* mechanism does not support a transport_mechanism and hence
* a TAG_NULL_TAG must be generated.
*/
if ( (targetSupports | targetRequires) == 0 ) {
return NULL_TAGGED_COMPONENT ;
}
TransportAddress[] listTa = generateTransportAddresses(socketInfos);
return createTlsSecTransComponent( targetSupports, targetRequires, listTa ) ;
|
| public org.omg.IOP.TaggedComponent | createSecurityTaggedComponent(int sslPort, com.sun.enterprise.deployment.EjbDescriptor desc)Create the security mechanism list tagged component based
on the deployer specified configuration information.
This method is on the server side for all ejbs in the
non-cluster app server case.
org.omg.IOP.TaggedComponent tc = null;
try {
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "IIOP: Creating a Security Tagged Component");
}
// get the realm from the application object.
_realm_name = desc.getApplication().getRealm();
CompoundSecMech[] mechList = createCompoundSecMechs(sslPort, desc);
tc = createCompoundSecMechListComponent(mechList);
} catch(Exception e) {
_logger.log(Level.SEVERE,"iiop.createcompund_exception",e);
}
return tc;
|
| public org.omg.IOP.TaggedComponent | createSecurityTaggedComponent(java.util.List socketInfos, com.sun.enterprise.deployment.EjbDescriptor desc)Create the CSIv2 tagged component for a clustered app server.
org.omg.IOP.TaggedComponent tc = null;
try {
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "IIOP: Creating a Security Tagged Component");
}
// get the realm from the application object.
_realm_name = desc.getApplication().getRealm();
CompoundSecMech[] mechList = createCompoundSecMechs( socketInfos, desc ) ;
tc = createCompoundSecMechListComponent(mechList);
} catch(Exception e) {
_logger.log(Level.SEVERE,"iiop.createcompund_exception",e);
}
return tc;
|
| public org.omg.IOP.TaggedComponent | createSecurityTaggedComponent(int sslPort)This method is called on the server side for all non-EJB POAs.
org.omg.IOP.TaggedComponent tc = null;
try {
Properties props = ORBManager.getCSIv2Props() ;
boolean sslRequired = getBooleanValue( props,
ORBManager.ORB_SSL_SERVER_REQUIRED ) ;
boolean clientAuthRequired = getBooleanValue( props,
ORBManager.ORB_CLIENT_AUTH_REQUIRED ) ;
CompoundSecMech[] mechList = new CompoundSecMech[1];
org.omg.IOP.TaggedComponent transportMech = createSSLInfo(
sslPort, null, sslRequired);
// Create AS_Context
AS_ContextSec asContext = createASContextSec(null);
// Create SAS_Context
SAS_ContextSec sasContext = createSASContextSec(null);
short targetRequires =
(clientAuthRequired ? EstablishTrustInClient.value : 0);
// Convert Profile.TaggedComponent to org.omg.IOP.TaggedComponent
mechList[0] = new CompoundSecMech(targetRequires,
transportMech, asContext, sasContext);
tc = createCompoundSecMechListComponent(mechList);
} catch(Exception e) {
_logger.log(Level.SEVERE,"iiop.createcompund_exception",e);
}
return tc;
|
| private org.omg.IOP.TaggedComponent | createTlsSecTransComponent(int targetSupports, int targetRequires, com.sun.corba.ee.org.omg.CSIIOP.TransportAddress[] listTa)
TLS_SEC_TRANS tls_sec = new TLS_SEC_TRANS(
(short)targetSupports, (short)targetRequires, listTa);
CDROutputStream out = (CDROutputStream) orb.create_output_stream();
out.putEndian() ;
TLS_SEC_TRANSHelper.write((org.omg.CORBA.portable.OutputStream)out, tls_sec);
byte[] buf = out.toByteArray() ;
// create new Tagged Component for SSL
org.omg.IOP.TaggedComponent tc = new org.omg.IOP.TaggedComponent(
TAG_TLS_SEC_TRANS.value, buf ) ;
return tc;
|
| private com.sun.corba.ee.org.omg.CSIIOP.TransportAddress[] | generateTransportAddresses(int sslPort)
String hostName = Utility.getLocalAddress();
short shortPort = Utility.intToShort(sslPort);
TransportAddress ta = new TransportAddress(hostName, shortPort);
TransportAddress[] listTa = new TransportAddress[] { ta } ;
return listTa;
|
| private com.sun.corba.ee.org.omg.CSIIOP.TransportAddress[] | generateTransportAddresses(java.util.List socketInfos)
TransportAddress[] listTa = new TransportAddress[socketInfos.size()];
for(int i=0; i<socketInfos.size(); i++){
SocketInfo socketInfo = socketInfos.get(i);
int sslport = socketInfo.port;
String host = socketInfo.host;
short short_port = Utility.intToShort(sslport);
TransportAddress ta = new TransportAddress(host, short_port);
listTa[i] = ta;
}
return listTa;
|
| private boolean | getBooleanValue(java.util.Properties props, java.lang.String name)
String val = props.getProperty( name, "false" ) ;
boolean result = val.equals( "true" ) ;
return result ;
|
| public static com.sun.enterprise.deployment.EjbDescriptor | getEjbDescriptor(org.omg.PortableInterceptor.IORInfo iorInfo)
CSIv2Policy csiv2Policy = null;
try {
csiv2Policy = (CSIv2Policy)iorInfo.get_effective_policy(
POARemoteReferenceFactory.CSIv2_POLICY_TYPE);
} catch ( INV_POLICY ex ) {
_logger.log(Level.FINE,
"CSIV2TaggedComponentInfo.getEjbDescriptor: CSIv2Policy not present");
}
// Add CSIv2 tagged component for this EJB type.
if(_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE,
"TxSecIORInterceptor.establish_components: CSIv2Policy: " + csiv2Policy);
}
EjbDescriptor ejbDesc = null ;
if (csiv2Policy != null)
ejbDesc = csiv2Policy.getEjbDescriptor() ;
return ejbDesc ;
|
| private java.util.Set | getIORConfigurationDescriptors(com.sun.enterprise.deployment.EjbDescriptor desc)
Set iorDescSet = desc.getIORConfigurationDescriptors();
int size = iorDescSet.size();
if (size == 0) {
// No IOR config descriptors:
// Either none were configured or 1.2.x app.
// Create an IOR config desc with SSL supported
EjbIORConfigurationDescriptor eDesc =
new EjbIORConfigurationDescriptor();
eDesc.setIntegrity(
EjbIORConfigurationDescriptor.SUPPORTED);
eDesc.setConfidentiality(
EjbIORConfigurationDescriptor.SUPPORTED);
eDesc.setEstablishTrustInClient(
EjbIORConfigurationDescriptor.SUPPORTED);
iorDescSet.add(eDesc);
size = 1;
// Check if method permissions are set on the descriptor.
// If they are then enable username_password mechanism in as_context
Set permissions = desc.getPermissionedRoles();
if (permissions.size() > 0) {
if(_logger.isLoggable(Level.FINE)){
_logger.log(Level.FINE,"IIOP:Application has protected methods");
}
eDesc.setAuthMethodRequired(true);
if (_realm_name != null) {
eDesc.setRealmName(_realm_name);
}
}
}
return (Set<EjbIORConfigurationDescriptor>)iorDescSet ;
|
| private com.sun.corba.ee.org.omg.CSIIOP.TLS_SEC_TRANS | getSSLComponent(org.omg.IOP.TaggedComponent comp)
TLS_SEC_TRANS ssl = null;
// a TAG_NULL_TAG implies that SSL is not required
if (comp.tag == TAG_NULL_TAG.value){
ssl = null;
} else {
byte[] b = comp.component_data;
CDRInputStream in = (CDRInputStream) new EncapsInputStream(orb, b, b.length);
in.consumeEndian();
ssl = TLS_SEC_TRANSHelper.read(in);
}
return ssl;
|
| public com.sun.corba.ee.org.omg.CSIIOP.TLS_SEC_TRANS | getSSLInformation(com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech mech)Retrieve the SSL tagged component from the compound security
mechanism.
org.omg.IOP.TaggedComponent pcomp = mech.transport_mech;
TLS_SEC_TRANS ssl = getSSLComponent(pcomp);
return ssl;
|
| public com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech[] | getSecurityMechanisms(com.sun.corba.ee.spi.ior.IOR ior)Get the Compound security mechanism list from the given IOR.
IIOPProfile prof = ior.getProfile();
IIOPProfileTemplate ptemp = (IIOPProfileTemplate)prof.
getTaggedProfileTemplate();
Iterator<TaggedComponent> itr = ptemp.iteratorById(
TAG_CSI_SEC_MECH_LIST.value);
if(!itr.hasNext()) {
if(_logger.isLoggable(Level.FINE)){
String msg = "IIOP:TAG_CSI_SEC_MECH_LIST tagged component not found";
_logger.log(Level.FINE, msg);
}
return null;
}
TaggedComponent tcomp = itr.next();
if(_logger.isLoggable(Level.FINE)){
_logger.log(Level.FINE,"Component:" + tcomp);
}
if (itr.hasNext()) {
String msg = "More than one TAG_CSI_SEC_MECH_LIST tagged " +
"component found ";
_logger.log(Level.SEVERE,"iiop.many_tagged_component");
throw new RuntimeException(msg);
}
org.omg.IOP.TaggedComponent comp = tcomp.getIOPComponent(orb);
byte[] b = comp.component_data;
CDRInputStream in = (CDRInputStream) new EncapsInputStream(orb, b, b.length);
in.consumeEndian();
CompoundSecMechList l = CompoundSecMechListHelper.read(in);
CompoundSecMech[] list = l.mechanism_list;
return list;
|
| public int | getTargetRequires(com.sun.enterprise.deployment.EjbIORConfigurationDescriptor iorDesc)Get the value of target_requires for the transport layer.
if ( iorDesc == null ) {
return 0;
}
int requires = 0;
String integrity = iorDesc.getIntegrity();
if(integrity.equalsIgnoreCase(EjbIORConfigurationDescriptor.REQUIRED)) {
requires = requires | Integrity.value;
}
String confidentiality = iorDesc.getConfidentiality();
if(confidentiality.equalsIgnoreCase(EjbIORConfigurationDescriptor.REQUIRED)) {
requires = requires | Confidentiality.value;
}
String establishTrustInTarget = iorDesc.getEstablishTrustInTarget();
if(establishTrustInTarget.equalsIgnoreCase(EjbIORConfigurationDescriptor.REQUIRED)) {
requires = requires | EstablishTrustInTarget.value;
}
String establishTrustInClient = iorDesc.getEstablishTrustInClient();
if(establishTrustInClient.equalsIgnoreCase(EjbIORConfigurationDescriptor.REQUIRED)) {
requires = requires | EstablishTrustInClient.value;
}
return requires;
|
| private int | getTargetRequiresDefault(com.sun.enterprise.deployment.EjbIORConfigurationDescriptor desc, boolean sslRequired)
int targetRequires = 0 ;
if (desc == null) {
if (sslRequired)
targetRequires = Integrity.value | Confidentiality.value
| EstablishTrustInClient.value;
} else {
targetRequires = getTargetRequires(desc);
}
return targetRequires ;
|
| public int | getTargetSupports(com.sun.enterprise.deployment.EjbIORConfigurationDescriptor iorDesc)Get the value of target_supports for the transport layer.
if ( iorDesc == null ) {
return 0;
}
int supports = 0;
String integrity = iorDesc.getIntegrity();
if(!integrity.equalsIgnoreCase(EjbIORConfigurationDescriptor.NONE)) {
supports = supports | Integrity.value;
}
String confidentiality = iorDesc.getConfidentiality();
if(!confidentiality.equalsIgnoreCase(EjbIORConfigurationDescriptor.NONE)) {
supports = supports | Confidentiality.value;
}
String establishTrustInTarget = iorDesc.getEstablishTrustInTarget();
if(!establishTrustInTarget.equalsIgnoreCase(EjbIORConfigurationDescriptor.NONE)) {
supports = supports | EstablishTrustInTarget.value;
}
String establishTrustInClient = iorDesc.getEstablishTrustInClient();
if(!establishTrustInClient.equalsIgnoreCase(EjbIORConfigurationDescriptor.NONE)) {
supports = supports | EstablishTrustInClient.value;
}
return supports;
|
| private int | getTargetSupportsDefault(com.sun.enterprise.deployment.EjbIORConfigurationDescriptor desc)
int targetSupports = 0 ;
if (desc == null)
targetSupports = Integrity.value | Confidentiality.value
| EstablishTrustInClient.value | EstablishTrustInTarget.value;
else
targetSupports = getTargetSupports(desc);
return targetSupports ;
|
