001: /*
002: * JBoss, Home of Professional Open Source.
003: * Copyright 2006, Red Hat Middleware LLC, and individual contributors
004: * as indicated by the @author tags. See the copyright.txt file in the
005: * distribution for a full listing of individual contributors.
006: *
007: * This is free software; you can redistribute it and/or modify it
008: * under the terms of the GNU Lesser General Public License as
009: * published by the Free Software Foundation; either version 2.1 of
010: * the License, or (at your option) any later version.
011: *
012: * This software is distributed in the hope that it will be useful,
013: * but WITHOUT ANY WARRANTY; without even the implied warranty of
014: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
015: * Lesser General Public License for more details.
016: *
017: * You should have received a copy of the GNU Lesser General Public
018: * License along with this software; if not, write to the Free
019: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
020: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
021: */
022: package org.jboss.test.security.interceptors;
023:
024: import java.security.Principal;
025: import java.util.Arrays;
026: import javax.naming.InitialContext;
027: import javax.management.MBeanInfo;
028:
029: import org.jboss.mx.interceptor.AbstractInterceptor;
030: import org.jboss.mx.server.MBeanInvoker;
031: import org.jboss.mx.server.Invocation;
032: import org.jboss.logging.Logger;
033: import org.jboss.security.srp.SRPSessionKey;
034: import org.jboss.security.srp.SRPServerSession;
035: import org.jboss.security.srp.jaas.SRPPrincipal;
036: import org.jboss.util.CachePolicy;
037:
038: /** An interceptor that validates that the calling context has a valid SRP session
039: *
040: * @author Scott.Stark@jboss.org
041: * @version $Revision: 57211 $
042: */
043: public class SRPCacheInterceptor extends AbstractInterceptor {
044: private static Logger log = Logger
045: .getLogger(SRPCacheInterceptor.class);
046: private String cacheJndiName;
047:
048: public SRPCacheInterceptor() {
049: super ("SRPCacheInterceptor");
050: }
051:
052: public void setAuthenticationCacheJndiName(String cacheJndiName) {
053: this .cacheJndiName = cacheJndiName;
054: }
055:
056: // Interceptor overrides -----------------------------------------
057: public Object invoke(Invocation invocation) throws Throwable {
058: String opName = invocation.getName();
059: log.info("invoke, opName=" + opName);
060: if (opName == null || opName.equals("testSession") == false) {
061: Object value = invocation.nextInterceptor().invoke(
062: invocation);
063: return value;
064: }
065:
066: Object[] args = invocation.getArgs();
067: Principal userPrincipal = (Principal) args[0];
068: String username = userPrincipal.getName();
069: byte[] clientChallenge = (byte[]) args[1];
070:
071: try {
072: InitialContext iniCtx = new InitialContext();
073: CachePolicy cache = (CachePolicy) iniCtx
074: .lookup(cacheJndiName);
075: SRPSessionKey key;
076: if (userPrincipal instanceof SRPPrincipal) {
077: SRPPrincipal srpPrincpal = (SRPPrincipal) userPrincipal;
078: key = new SRPSessionKey(username, srpPrincpal
079: .getSessionID());
080: } else {
081: key = new SRPSessionKey(username);
082: }
083: Object cacheCredential = cache.get(key);
084: if (cacheCredential == null) {
085: throw new SecurityException(
086: "No SRP session found for: " + key);
087: }
088: log.debug("Found SRP cache credential: " + cacheCredential);
089: /** The cache object should be the SRPServerSession object used in the
090: authentication of the client.
091: */
092: if (cacheCredential instanceof SRPServerSession) {
093: SRPServerSession session = (SRPServerSession) cacheCredential;
094: byte[] challenge = session.getClientResponse();
095: boolean isValid = Arrays.equals(challenge,
096: clientChallenge);
097: if (isValid == false)
098: throw new SecurityException(
099: "Failed to validate SRP session key for: "
100: + key);
101: } else {
102: throw new SecurityException(
103: "Unknown type of cache credential: "
104: + cacheCredential.getClass());
105: }
106: log.debug("Validated SRP cache credential for: " + key);
107: } catch (Exception e) {
108: log.error("Invocation failed", e);
109: throw e;
110: }
111:
112: Object value = invocation.nextInterceptor().invoke(invocation);
113: return value;
114: }
115: }
|