org.jboss.security.PicketBoxMessages Java Examples

private String getUserNameFromConsole(String prompt)
{
   String uName = "";
   System.out.print(prompt);
   InputStreamReader isr = new InputStreamReader(System.in);
   BufferedReader br = new BufferedReader(isr);
   try
   {
      uName = br.readLine(); 
   }
   catch(IOException e)
   {
      throw PicketBoxMessages.MESSAGES.failedToObtainUsername(e);
   }
   return uName;
}
 

public boolean removeRegistration(String registrationID)
{
   if (registrationID == null)
      throw PicketBoxMessages.MESSAGES.invalidNullArgument("registrationID");

   RegistrationListener listener = this.keyToRegistrationListenerMap.get(registrationID);
   RegistrationContext rc = this.keyToRegistrationContextMap.get(registrationID);

   // remove the provider and notify listener of the change.
   boolean removed = this.keyToAuthConfigProviderMap.containsKey(registrationID);
   this.keyToAuthConfigProviderMap.remove(registrationID);
   if (removed && listener != null)
      listener.notify(rc.getMessageLayer(), rc.getAppContext());
   this.keyToRegistrationContextMap.remove(registrationID);

   return removed;
}
 

/**
 * Get the Keystore given the URL to the keystore
 * @param keyStoreType or null for default
 * @param url
 * @param storePass
 * @return
 * @throws GeneralSecurityException
 * @throws IOException
 */
public static KeyStore getKeyStore(String keyStoreType, URL url, char[] storePass) throws GeneralSecurityException, IOException
{
   if (url == null)
      throw PicketBoxMessages.MESSAGES.invalidNullArgument("url");

   InputStream is = null;
   try
   {
      is = url.openStream();
      return getKeyStore(keyStoreType, is, storePass);
   }
   finally
   {
      safeClose(is);
   }      
}
 

public static void main(String[] args) throws Exception
{
   if( args.length != 4 )
   {
      System.err.println(PicketBoxMessages.MESSAGES.pbeUtilsMessage());
   }

   byte[] salt = args[0].substring(0, 8).getBytes();
   int count = Integer.parseInt(args[1]);
   char[] password = args[2].toCharArray();
   byte[] passwordToEncode = args[3].getBytes("UTF-8");
   PBEParameterSpec cipherSpec = new PBEParameterSpec(salt, count);
   PBEKeySpec keySpec = new PBEKeySpec(password);
   SecretKeyFactory factory = SecretKeyFactory.getInstance("PBEwithMD5andDES");
   SecretKey cipherKey = factory.generateSecret(keySpec);
   String encodedPassword = encode64(passwordToEncode, "PBEwithMD5andDES",
      cipherKey, cipherSpec);
   System.err.println("Encoded password: "+encodedPassword);
}
 

/**
 * Perform hasRole check 
 * @param principal
 * @param roleName
 * @param roles
 * @return
 */
private boolean hasRole(Principal principal, String roleName, 
      Set<Principal> roles, String servletName)
{ 
   if(servletName == null)
      throw PicketBoxMessages.MESSAGES.invalidNullArgument("servletName");

   WebRoleRefPermission perm = new WebRoleRefPermission(servletName, roleName);
   Principal[] principals = {principal}; 
   if( roles != null )
   {
      principals = new Principal[roles.size()];
      roles.toArray(principals);
   }
   boolean allowed = checkPolicy(perm, principals);
   PicketBoxLogger.LOGGER.traceHasRolePermission(perm.toString(), allowed);
   return allowed;
}
 

/**
 * @see PolicyRegistration#registerPolicyConfig(String, String, Object)
 */ 
public <P> void registerPolicyConfig(String contextId, String type, P objectModel)
{
   if (PolicyRegistration.XACML.equalsIgnoreCase(type))
   {
      if(objectModel instanceof JAXBElement == false)
         throw PicketBoxMessages.MESSAGES.invalidType(JAXBElement.class.getName());

      try
      {
         JAXBElement<?> jaxbModel = (JAXBElement<?>) objectModel;
         JBossPDP pdp = new JBossPDP(jaxbModel);
         this.contextIDToJBossPDP.put(contextId, pdp);
      }
      catch (Exception e)
      {
         throw new RuntimeException(e);
      }
   }
}
 

/**
 * Reads object from the ObjectInputStream. This method needs to be changed when implementing 
 * changes in data and {@link VERSION} is changed.
 *  
 * @param ois
 * @throws IOException
 * @throws ClassNotFoundException
 */
@SuppressWarnings("unchecked")
private void readObject(ObjectInputStream ois) throws IOException, ClassNotFoundException {
    int version = (Integer) ois.readObject();
    
    if (PicketBoxLogger.LOGGER.isDebugEnabled()) {
        PicketBoxLogger.LOGGER.securityVaultContentVersion(String.valueOf(version), String.valueOf(VERSION));
    }
    
    if (version == 1) {
        this.vaultData = (Map<String, byte[]>)ois.readObject();
    }
    else {
        throw PicketBoxMessages.MESSAGES.unrecognizedVaultContentVersion(String.valueOf(version), "1", String.valueOf(VERSION));
    }
}
 

/**
 * Returns the main jboss MBeanServer.
 * 
 * If there is one set using setJBoss(), it will be returned.
 * Otherwise the strategy is to return the first MBeanServer
 * registered under the "jboss" id (or else, default domain name)
 * 
 * @return the main jboss MBeanServer
 * @throws IllegalStateException when no MBeanServer can be found
 */
public static MBeanServer locateJBoss()
{
   synchronized (MBeanServerLocator.class)
   {
      if (instance != null)
      {
         return instance;
      }
   }      
   for (Iterator<?> i = MBeanServerFactory.findMBeanServer(null).iterator(); i.hasNext(); )
   {
      MBeanServer server = (MBeanServer) i.next();
      String domain = server.getDefaultDomain();
      if (domain != null && (domain.equals("jboss") || domain.equals("DefaultDomain")))
      { 
         return server;
      }
   }
   throw PicketBoxMessages.MESSAGES.unableToLocateMBeanServer();
}
 

protected void setPasswordCallbackValue(Object thePass, PasswordCallback passwdCallback)
{
	String tmp;
	if(thePass instanceof String)
	{
	    tmp = (String) thePass;
		passwdCallback.setPassword(tmp.toCharArray());
	}
	else if(thePass instanceof char[])
	{
		passwdCallback.setPassword((char[])thePass);
	}
	else if(thePass instanceof byte[])
	{
		byte[] theBytes = (byte[]) thePass;
		passwdCallback.setPassword((new String(theBytes).toCharArray()));
	}
	else
	{
		throw PicketBoxMessages.MESSAGES.invalidPasswordType(thePass != null ? thePass.getClass() : null);
	}
}
 

@SuppressWarnings("deprecation")
public <T> MappingContext<T> getMappingContext(Class<T> mappingType)
{
   //Apply Mapping Logic
   ApplicationPolicy aPolicy = SecurityConfiguration.getApplicationPolicy(securityDomain);

   if(aPolicy == null)
   {
      String defaultDomain = SecurityConstants.DEFAULT_APPLICATION_POLICY;
      aPolicy = SecurityConfiguration.getApplicationPolicy(defaultDomain);
   }
   if(aPolicy == null )
      throw PicketBoxMessages.MESSAGES.failedToObtainApplicationPolicy(securityDomain);

   MappingContext<T> mc = null;
   MappingInfo rmi = aPolicy.getMappingInfo(mappingType);
   if( rmi != null)
     mc = generateMappingContext(mc, rmi);

   return mc;
}
 

public char[] retrieve(String vaultBlock, String attributeName, byte[] sharedKey) throws SecurityVaultException
{
   if(StringUtil.isNullOrEmpty(vaultBlock))
      throw PicketBoxMessages.MESSAGES.invalidNullArgument("vaultBlock");
   if(StringUtil.isNullOrEmpty(attributeName))
      throw PicketBoxMessages.MESSAGES.invalidNullArgument("attributeName");

   byte[] encryptedValue = vaultContent.getVaultData(alias, vaultBlock, attributeName);
    
   SecretKeySpec secretKeySpec = new SecretKeySpec(adminKey.getEncoded(), encryptionAlgorithm);
   EncryptionUtil encUtil = new EncryptionUtil(encryptionAlgorithm, keySize);
   try
   {
      return (new String(encUtil.decrypt(encryptedValue, secretKeySpec))).toCharArray();
   }
   catch (Exception e)
   { 
      throw new SecurityVaultException(e);
   } 
}
 

/**
 * Get an instance of {@link SecurityVault}
 * Remember to initialize the vault by checking {@link SecurityVault#isInitialized()}
 * @param fqn fully qualified name of the vault implementation
 * @return an instance of {@link SecurityVault}
 * @throws SecurityVaultException
 */
public static SecurityVault get(String fqn) throws SecurityVaultException
{
   SecurityManager sm = System.getSecurityManager();
   if (sm != null) {
      sm.checkPermission(new RuntimePermission(SecurityVaultFactory.class.getName() + ".get"));
   }
   if(fqn == null)
      return get();

   if(vault == null)
   {
      Class<?> vaultClass = SecurityActions.loadClass(SecurityVaultFactory.class,fqn);
      if(vaultClass == null)
         throw new SecurityVaultException(PicketBoxMessages.MESSAGES.unableToLoadVaultMessage());
      try
      {
         vault = (SecurityVault) vaultClass.newInstance();
      }
      catch (Exception e)
      {
         throw new SecurityVaultException(PicketBoxMessages.MESSAGES.unableToCreateVaultMessage(), e);
      }
   }
   return vault;
}
 

/**
 * <p>
 * Builds and returns an identity from the specified {@code String} representation. It parses the 
 * {@code identityString} argument, and passes the parsed identity class, and identity name to
 * the {@code IdentityFactory} to retrieve an instance of {@code Identity}.
 * </p>
 * 
 * @param identityString a {@code String} representation of the identity to be created.
 * @return   the constructed {@code Identity} instance.
 */
public static Identity getIdentityFromString(String identityString)
{
   Identity identity = null;
   if (identityString != null)
   {
      String[] identityParts = identityString.split(":");
      if (identityParts.length != 2)
         throw PicketBoxMessages.MESSAGES.malformedIdentityString(identityString);
      try
      {
         identity = IdentityFactory.createIdentity(identityParts[0], identityParts[1]);
      }
      catch (Exception e)
      {
         throw new RuntimeException(e);
      }
   }
   return identity;
}
 

/**
 * Get the Subject roles by looking for a Group called 'Roles'
 * @param theSubject - the Subject to search for roles
 * @return the Group contain the subject roles if found, null otherwise
 */
private Group getGroupFromSubject(Subject theSubject)
{
   if(theSubject == null)
      throw PicketBoxMessages.MESSAGES.invalidNullArgument("theSubject");
   Set<Group> subjectGroups = theSubject.getPrincipals(Group.class);
   Iterator<Group> iter = subjectGroups.iterator();
   Group roles = null;
   while( iter.hasNext() )
   {
      Group grp = iter.next();
      String name = grp.getName();
      if( name.equals(ROLES_IDENTIFIER) )
         roles = grp;
   }
   return roles;
}
 

/** Build the JACC policy configuration state machine from the
 * jacc-policy-config-states.xml file.
 * 
 */ 
public JBossPolicyConfigurationFactory()
{
   try
   {
      // Setup the state machine config
      ClassLoader loader = SecurityActions.getContextClassLoader();
      URL states = SecurityActions.getResource(loader,"org/jboss/security/jacc/jacc-policy-config-states.xml");
      StateMachineParser smp = new StateMachineParser();
      configStateMachine = smp.parse(states);        
   }
   catch(Exception e)
   {
      throw PicketBoxMessages.MESSAGES.failedToParseJACCStatesConfigFile(e);
   }
   // Get the DelegatingPolicy
   Policy p = SecurityActions.getPolicy();
   if( (p instanceof DelegatingPolicy) == false )
   {
      // Assume that the installed policy delegates to the DelegatingPolicy
      p = DelegatingPolicy.getInstance();
   }
   policy = (DelegatingPolicy) p;
}
 

protected JBossPolicyConfiguration(String contextID, DelegatingPolicy policy, StateMachine configStateMachine)
   throws PolicyContextException
{
   this.contextID = contextID;
   this.policy = policy;
   this.configStateMachine = configStateMachine;

   if (contextID == null)
      throw PicketBoxMessages.MESSAGES.invalidNullArgument("contextID");
   if (policy == null)
      throw PicketBoxMessages.MESSAGES.invalidNullArgument("policy");
   if (configStateMachine == null)
      throw PicketBoxMessages.MESSAGES.invalidNullArgument("configStateMachine");

   validateState("getPolicyConfiguration");
   PicketBoxLogger.LOGGER.debugJBossPolicyConfigurationConstruction(contextID);
}
 

public void performMapping(Map<String,Object> contextMap, Principal principal)
{
   if(principal instanceof X500Principal == false)
      return;
   if(contextMap == null)
      throw PicketBoxMessages.MESSAGES.invalidNullArgument("contextMap");

   X509Certificate[] certs = (X509Certificate[]) contextMap.get("X509");
   if(certs != null)
   {
     SubjectCNMapping sdn = new SubjectCNMapping();
     principal = sdn.toPrinicipal(certs);
     PicketBoxLogger.LOGGER.traceMappedX500Principal(principal);
   }
   
   result.setMappedObject(principal);
}
 

public void performMapping(Map<String, Object> contextMap, RoleGroup mappedObject)
{
   if (contextMap == null || contextMap.isEmpty())
      throw PicketBoxMessages.MESSAGES.invalidNullArgument("contextMap");

   //Obtain the principal to roles mapping
   Principal principal = getCallerPrincipal(contextMap);

   if (principal != null && rolesQuery != null)
   {
      String username = principal.getName();
      Util.addRolesToGroup(username, mappedObject, dsJndiName, rolesQuery, suspendResume, tm);
      result.setMappedObject(mappedObject);
   }

}
 

private char[] getPasswordFromConsole(String prompt)
{
   String pwd = "";
   //Prompt the user for the username
   System.out.print(prompt);
   InputStreamReader isr = new InputStreamReader(System.in);
   BufferedReader br = new BufferedReader(isr);
   try
   {
      pwd = br.readLine();   
   }
   catch(IOException e)
   {
      throw PicketBoxMessages.MESSAGES.failedToObtainPassword(e);
   }
   return pwd.toCharArray();
}
 

private void invokeAbort( List<AuthorizationModule> modules,
      List<ControlFlag> controlFlags ) throws AuthorizationException
{
   int length = modules.size();
   for (int i = 0; i < length; i++)
   {
      AuthorizationModule module = modules.get(i);
      boolean bool = module.abort();
      if (!bool)
         throw new AuthorizationException(PicketBoxMessages.MESSAGES.moduleAbortFailedMessage());
   }
}
 

synchronized ContextPolicy getContextPolicy(String contextID)
   throws PolicyContextException
{
   ContextPolicy policy = openPolicies.get(contextID);
   if (policy == null)
      throw new PolicyContextException(PicketBoxMessages.MESSAGES.noPolicyContextForIdMessage(contextID));
   return policy;
}
 

public Object getAttribute(String name)
   throws AttributeNotFoundException, MBeanException, ReflectionException
{
   if( name.equals("AuthConfig") )
      return getAuthConfig();
   throw PicketBoxMessages.MESSAGES.invalidMBeanAttribute(name);
}
 

/**
 * Validate that the access check is made only for one of the 
 * following
 * @param resourceCheck
 * @param userDataCheck
 * @param roleRefCheck
 */
private void validatePermissionChecks(Boolean resourceCheck,
      Boolean userDataCheck, Boolean roleRefCheck)
{
   if((resourceCheck == Boolean.TRUE && userDataCheck == Boolean.TRUE && roleRefCheck == Boolean.TRUE )
        || (resourceCheck == Boolean.TRUE && userDataCheck == Boolean.TRUE) 
        || (userDataCheck == Boolean.TRUE && roleRefCheck == Boolean.TRUE))
       throw PicketBoxMessages.MESSAGES.invalidPermissionChecks();
}
 

/**
 * @see AuthorizationModuleDelegate#authorize(org.jboss.security.authorization.Resource, javax.security.auth.Subject, org.jboss.security.identity.RoleGroup)
 */
public int authorize(Resource resource, Subject callerSubject, RoleGroup role)
{
   if(resource instanceof EJBResource == false)
      throw PicketBoxMessages.MESSAGES.invalidType(EJBResource.class.getName());

   EJBResource ejbResource = (EJBResource) resource;
   
   //Get the context map
   Map<String,Object> map = resource.getMap();
   if(map == null)
      throw PicketBoxMessages.MESSAGES.invalidNullProperty("resourceMap");

   this.policyRegistration = (PolicyRegistration) map.get(ResourceKeys.POLICY_REGISTRATION);  
   if(this.policyRegistration == null)
      throw PicketBoxMessages.MESSAGES.invalidNullProperty(ResourceKeys.POLICY_REGISTRATION);

   this.callerRunAs = ejbResource.getCallerRunAsIdentity();
   this.ejbName = ejbResource.getEjbName();
   this.ejbMethod = ejbResource.getEjbMethod();
   this.ejbPrincipal = ejbResource.getPrincipal();
   this.policyContextID = ejbResource.getPolicyContextID();
   if(policyContextID == null)
      throw PicketBoxMessages.MESSAGES.invalidNullProperty("contextID");

   this.securityRoleReferences = ejbResource.getSecurityRoleReferences();
   
   //isCallerInRole checks
   this.roleName = (String)map.get(ResourceKeys.ROLENAME); 
   
   Boolean roleRefCheck = checkBooleanValue((Boolean)map.get(ResourceKeys.ROLEREF_PERM_CHECK)); 
   if(roleRefCheck)
      return checkRoleRef(role); //Base class handles this
   
   return process(role);
}
 

public void setUserName(String theUserName)
{
	if(theUserName == null)
	{
		throw PicketBoxMessages.MESSAGES.invalidNullArgument("userName");
	}
	userName = theUserName;
}
 

/**
 * A ServerAuthModule may delegate its decision making to a stack
 * of LoginModules
 *
 * @param loginModuleStackHolder a stack of LoginModules
 */
public void setLoginModuleStackHolder(LoginModuleStackHolder loginModuleStackHolder)
{
   if(loginModuleStackHolder == null)
      throw PicketBoxMessages.MESSAGES.invalidNullArgument("loginModuleStackHolder");
   this.loginModuleStackHolder = loginModuleStackHolder;
   this.loginModuleStackHolderName = this.loginModuleStackHolder.getName();
}
 

private RoleGroup getRoleGroup(Group roleGroup)
{
   if(roleGroup == null)
      throw PicketBoxMessages.MESSAGES.invalidNullArgument("roleGroup");
   SimpleRoleGroup srg = new SimpleRoleGroup(roleGroup.getName());
   Enumeration<? extends Principal> principals = roleGroup.members();
   while(principals.hasMoreElements())
   {
      srg.addRole(new SimpleRole(principals.nextElement().getName()));
   }
   return srg;  
}
 

/** Write a password in opaque form to a file for use with the FilePassword
 * accessor in conjunction with the JaasSecurityDomain
 * {CLASS}org.jboss.security.plugins.FilePassword:password-file
 * format of the KeyStorePass attribute.
 * 
 * @param args
 */ 
public static void main(String[] args) throws Exception
{
   if( args.length != 4 )
   {
      System.err.println(PicketBoxMessages.MESSAGES.filePasswordUsageMessage());
   }
   byte[] salt = args[0].substring(0, 8).getBytes();
   int count = Integer.parseInt(args[1]);
   byte[] passwordBytes = args[2].getBytes("UTF-8");
   RandomAccessFile passwordFile = new RandomAccessFile(args[3], "rws");
   encode(passwordFile, salt, count, passwordBytes);
}
 

/**
 * <p>
 * Get the system property value if the string is of the format ${sysproperty}
 * </p>
 * <p>
 * You can insert default value when the system property is not set, by
 * separating it at the beginning with ::
 * </p>
 * <p>
 * <b>Examples:</b>
 * </p>
 * 
 * <p>
 * ${idp} should resolve to a value if the system property "idp" is set.
 * </p>
 * <p>
 * ${idp::http://localhost:8080} will resolve to http://localhost:8080 if the system property "idp" is not set.
 * </p>
 * @param str
 * @return
 */
public static String getSystemPropertyAsString(String str)
{
   if (str == null)
      throw PicketBoxMessages.MESSAGES.invalidNullArgument("str");
   if (str.contains("${"))
   {
      Pattern pattern = Pattern.compile("\\$\\{([^}]+)}");
      Matcher matcher = pattern.matcher(str);

      StringBuffer buffer = new StringBuffer();
      String sysPropertyValue = null;

      while (matcher.find())
      {
         String subString = matcher.group(1);
         String defaultValue = "";

         //Look for default value
         if (subString.contains(StringUtil.PROPERTY_DEFAULT_SEPARATOR))
         {
            int index = subString.indexOf(StringUtil.PROPERTY_DEFAULT_SEPARATOR);
            defaultValue = subString.substring(index + StringUtil.PROPERTY_DEFAULT_SEPARATOR.length());
            subString = subString.substring(0, index);
         }
         sysPropertyValue = SecurityActions.getSystemProperty(subString, defaultValue);
         if (sysPropertyValue.isEmpty())
         {
            throw PicketBoxMessages.MESSAGES.missingSystemProperty(matcher.group(1));
         }
         // in case of backslash on Win replace with double backslash
         matcher.appendReplacement(buffer, sysPropertyValue.replace("\\", "\\\\"));
      }

      matcher.appendTail(buffer);
      str = buffer.toString();
   }
   return str;
}
 

/**
 * @see SecurityContext#setSecurityManagement(ISecurityManagement)
 * 
 * @throws SecurityException  Under a security manager, caller does not have
 *  RuntimePermission("org.jboss.security.plugins.JBossSecurityContext.setSecurityManagement")
 */
public void setSecurityManagement(ISecurityManagement securityManagement)
{
   SecurityManager sm = System.getSecurityManager();
   if (sm != null)
      sm.checkPermission(setSecurityManagementPermission);
   
   if(securityManagement == null)
      throw PicketBoxMessages.MESSAGES.invalidNullArgument("securityManagement");
   this.iSecurityManagement = securityManagement;
}