001: /*
002: * Copyright 2001 Sun Microsystems, Inc. All rights reserved.
003: * PROPRIETARY/CONFIDENTIAL. Use of this product is subject to license terms.
004: */
005:
006: package com.sun.portal.search.rdmserver;
007:
008: import com.iplanet.am.util.AdminUtils;
009: import com.sun.portal.search.rdm.*;
010: import com.sun.portal.search.db.SToken;
011: import javax.servlet.http.*;
012: import com.iplanet.sso.*;
013: import java.security.AccessController;
014: import com.sun.identity.security.DecryptAction;
015: import com.sun.identity.security.*;
016: import com.sun.portal.search.community.CommunityDatabaseSecurityModule;
017: import com.sun.portal.search.db.DatabaseSecurityModule;
018: import com.sun.portal.search.db.RDMAuthenticationModule;
019: import com.sun.portal.search.util.SearchLogger;
020: import java.util.logging.Level;
021: import com.sun.portal.admin.common.util.AdminUtil;
022:
023: /**
024: * Implementation of RDMAuthenticationModule in DSame
025: */
026: public class DSameSecurityManager implements RDMAuthenticationModule {
027:
028: static boolean group_support = false;
029: static final String ADMIN_CN = "cn=Top-level Admin Role";
030: static String role_admin = null;
031:
032: public DSameSecurityManager() {
033: }
034:
035: public String toString() {
036: return "DSame -RDMAuthenticationModule";
037: }
038:
039: /** Setup the RDMRequest Security Token
040: * Security infomation in req proceed request
041: * @param request the HttpServletRequest Object for checking cookies
042: * @param req the RDMRequest Object
043: */
044: public boolean initRDMSToken(Object request, RDMRequest req)
045: throws Exception {
046: SSOTokenManager manager = SSOTokenManager.getInstance();
047: SSOToken token = null;
048: String proxyDN = null;
049: final String user = req.getHeader().getUser();
050: String pw = req.getHeader().getPassword();
051: String rdmsso = req.getHeader().getAccessToken();
052: if (user != null) {
053: if (pw == null)
054: pw = ""; /* no password */
055: String cleanTextPw = new String(AccessController
056: .doPrivileged(new DecryptAction(pw)).toString());
057: try {
058: token = com.sun.portal.util.SSOUtil.createSSOToken(
059: user, cleanTextPw);
060: } catch (SSOException e) {
061: SearchLogger.getLogger().log(
062: Level.WARNING,
063: "Failed to create stoken by user/password ["
064: + user + ":" + pw + "] with exception:"
065: + e);
066: }
067: } else if (rdmsso != null) {
068: try {
069: token = manager.createSSOToken(rdmsso);
070: } catch (SSOException e) {
071: SearchLogger.getLogger().log(
072: Level.WARNING,
073: "Failed to create stoken by sessionid ["
074: + rdmsso + "] with exception:" + e);
075: }
076: }
077: if (token == null || manager.isValidToken(token) == false) {
078:
079: if (request != null
080: && request instanceof HttpServletRequest) {
081: try {
082: token = manager
083: .createSSOToken((HttpServletRequest) request);
084: proxyDN = (String) ((HttpServletRequest) request)
085: .getParameter("proxyDN");
086: } catch (SSOException e) {
087: SearchLogger.getLogger().log(
088: Level.WARNING,
089: "Failed to create stoken by httprequest with exception:"
090: + e);
091: }
092: }
093: }
094: if (token != null && manager.isValidToken(token) == true) {
095: SToken st = new SToken((Object) token, true, true, true);
096: // setting the proxying context from external request
097: if (proxyDN != null) {
098: st.setProxyDN(proxyDN);
099: }
100: req.setSToken(st);
101: return true;
102: }
103: return false;
104:
105: }
106:
107: public DatabaseSecurityModule[] getAssociatedSecurityModules() {
108: DatabaseSecurityModule[] myModules = new DatabaseSecurityModule[2];
109: myModules[0] = (DatabaseSecurityModule) new DSameDatabaseSecurityModule();
110: myModules[1] = (DatabaseSecurityModule) new CommunityDatabaseSecurityModule();
111: return myModules;
112: }
113:
114: public String getDefaultDatabaseSecurityModuleName() {
115: return DSameDatabaseSecurityModule.myName;
116: }
117:
118: //
119: // Check if the current user is super user kinds
120: //
121: public boolean isPrivilegedUser(SToken stoken) throws Exception {
122: String domainSuperUserDN = AdminUtil.getPortalDomainContext()
123: .getSuperUser();
124:
125: SSOToken ssoToken = (SSOToken) stoken.getNativeToken();
126: if (ssoToken != null) {
127: String userDN = ssoToken.getPrincipal().getName();
128:
129: if (userDN.equals(AdminUtils.getAdminDN())
130: || userDN.equals(domainSuperUserDN)) {
131: return true;
132: }
133: }
134: return false;
135: }
136:
137: }
|