@Override public Node writeDescriptor(Node parent, String nodeName, EjbIORConfigurationDescriptor iorDesc) { Node iorNode = appendChild(parent, nodeName); Node transportNode = appendChild(iorNode, RuntimeTagNames.TRANSPORT_CONFIG); appendTextChild(transportNode, RuntimeTagNames.INTEGRITY, iorDesc.getIntegrity()); appendTextChild(transportNode, RuntimeTagNames.CONFIDENTIALITY, iorDesc.getConfidentiality()); appendTextChild(transportNode, RuntimeTagNames.ESTABLISH_TRUST_IN_TARGET, iorDesc.getEstablishTrustInTarget()); appendTextChild(transportNode, RuntimeTagNames.ESTABLISH_TRUST_IN_CLIENT, iorDesc.getEstablishTrustInClient()); // These two sub-elements should only be added if needed. Node asContextNode = appendChild(iorNode, RuntimeTagNames.AS_CONTEXT); appendTextChild(asContextNode, RuntimeTagNames.AUTH_METHOD, iorDesc.getAuthenticationMethod()); appendTextChild(asContextNode, RuntimeTagNames.REALM, iorDesc.getRealmName()); appendTextChild(asContextNode, RuntimeTagNames.REQUIRED, Boolean.valueOf(iorDesc.isAuthMethodRequired()).toString()); Node sasContextNode = appendChild(iorNode, RuntimeTagNames.SAS_CONTEXT); appendTextChild(sasContextNode, RuntimeTagNames.CALLER_PROPAGATION, iorDesc.getCallerPropagation()); return iorNode; } }
new EjbIORConfigurationDescriptor(); eDesc.setIntegrity( EjbIORConfigurationDescriptor.SUPPORTED); eDesc.setConfidentiality( EjbIORConfigurationDescriptor.SUPPORTED); eDesc.setEstablishTrustInClient( EjbIORConfigurationDescriptor.SUPPORTED); iorDescSet.add(eDesc); eDesc.setAuthMethodRequired(true); String realmName = DEFAULT_REALM; realmName = DEFAULT_REALM; eDesc.setRealmName(realmName);
/** * Get the value of target_requires for the transport layer. */ public int getTargetRequires(EjbIORConfigurationDescriptor iorDesc) { if ( iorDesc == null ) { return 0; } int requires = 0; String integrity = iorDesc.getIntegrity(); if(integrity.equalsIgnoreCase(EjbIORConfigurationDescriptor.REQUIRED)) { requires = requires | Integrity.value; } String confidentiality = iorDesc.getConfidentiality(); if(confidentiality.equalsIgnoreCase(EjbIORConfigurationDescriptor.REQUIRED)) { requires = requires | Confidentiality.value; } String establishTrustInTarget = iorDesc.getEstablishTrustInTarget(); if(establishTrustInTarget.equalsIgnoreCase(EjbIORConfigurationDescriptor.REQUIRED)) { requires = requires | EstablishTrustInTarget.value; } String establishTrustInClient = iorDesc.getEstablishTrustInClient(); if(establishTrustInClient.equalsIgnoreCase(EjbIORConfigurationDescriptor.REQUIRED)) { requires = requires | EstablishTrustInClient.value; } return requires; }
/** if ejb requires no security - then skip checking the client-conformance */ private boolean skip_client_conformance (EjbIORConfigurationDescriptor ior){ String none = EjbIORConfigurationDescriptor.NONE; // sanity check if(ior == null){ return false; } // SSL is required and/or supported either if(!none.equalsIgnoreCase(ior.getIntegrity())){ return false; } if(!none.equalsIgnoreCase(ior.getConfidentiality())){ return false; } if(!none.equalsIgnoreCase(ior.getEstablishTrustInClient())){ return false; } // Username password is required if(ior.isAuthMethodRequired()){ return false; } // caller propagation is supported if(!none.equalsIgnoreCase(ior.getCallerPropagation())){ return false; } return true; } /**
(iorDesc.getConfidentiality())) { continue; (iorDesc.getConfidentiality())) { (iorDesc.getEstablishTrustInTarget())) { continue; (iorDesc.getEstablishTrustInClient())) { continue;
StringBuffer iorsb = new StringBuffer(); iorsb.append("realm="); iorsb.append(ior.getRealmName()); iorsb.append(", integrity="); iorsb.append(ior.getIntegrity()); iorsb.append(", trust-in-target="); iorsb.append(ior.getEstablishTrustInTarget()); iorsb.append(", trust-in-client="); iorsb.append(ior.getEstablishTrustInClient()); iorsb.append(", propagation="); iorsb.append(ior.getCallerPropagation()); iorsb.append(", auth-method="); iorsb.append(ior.getAuthenticationMethod()); logger.finest(iorsb.toString());
authMethod = iorDesc.getAuthenticationMethod(); authMethodRequired = iorDesc.isAuthMethodRequired(); realmName = iorDesc.getRealmName();
realmName = iorDesc.getRealmName();
callerPropagation = iorDesc.getCallerPropagation();
(EjbIORConfigurationDescriptor)iorconfig.next(); if(rlm != null){ desc.setRealmName(rlm);
StringBuffer iorsb = new StringBuffer(); iorsb.append("realm="); iorsb.append(ior.getRealmName()); iorsb.append(", integrity="); iorsb.append(ior.getIntegrity()); iorsb.append(", trust-in-target="); iorsb.append(ior.getEstablishTrustInTarget()); iorsb.append(", trust-in-client="); iorsb.append(ior.getEstablishTrustInClient()); iorsb.append(", propagation="); iorsb.append(ior.getCallerPropagation()); iorsb.append(", auth-method="); iorsb.append(ior.getAuthenticationMethod()); logger.finest(iorsb.toString());
/** * Get the value of target_supports for the transport layer. */ public int getTargetSupports(EjbIORConfigurationDescriptor iorDesc) { if ( iorDesc == null ) { return 0; } int supports = 0; String integrity = iorDesc.getIntegrity(); if(!integrity.equalsIgnoreCase(EjbIORConfigurationDescriptor.NONE)) { supports = supports | Integrity.value; } String confidentiality = iorDesc.getConfidentiality(); if(!confidentiality.equalsIgnoreCase(EjbIORConfigurationDescriptor.NONE)) { supports = supports | Confidentiality.value; } String establishTrustInTarget = iorDesc.getEstablishTrustInTarget(); if(!establishTrustInTarget.equalsIgnoreCase(EjbIORConfigurationDescriptor.NONE)) { supports = supports | EstablishTrustInTarget.value; } String establishTrustInClient = iorDesc.getEstablishTrustInClient(); if(!establishTrustInClient.equalsIgnoreCase(EjbIORConfigurationDescriptor.NONE)) { supports = supports | EstablishTrustInClient.value; } return supports; }
(iorDesc.getConfidentiality())) { continue; (iorDesc.getConfidentiality())) { (iorDesc.getEstablishTrustInTarget())) { continue; (iorDesc.getEstablishTrustInClient())) { continue;
realmName = iorDesc.getRealmName();
public void accept(EjbBundleDescriptor bundleDescriptor) { this.bundleDescriptor = bundleDescriptor; application = bundleDescriptor.getApplication(); super.accept(bundleDescriptor); /** set the realm name on each ejb to match the ones on this application * this is required right now to pass the stringent CSIv2 criteria * whereby the realm-name for the ejb being authenticated on * has to match the one on the application. We look at the IORConfigurator * descriptor * @todo: change the csiv2 layer so that it does not look at * IORConfiguratorDescriptor. * @see iiop/security/SecurityMechanismSelector.evaluateClientConformance. */ String rlm = application.getRealm(); if (rlm != null) { for(EjbDescriptor ejb : bundleDescriptor.getEjbs()) { for (EjbIORConfigurationDescriptor desc : ejb.getIORConfigurationDescriptors()) { desc.setRealmName(rlm); } } } }
Node transportNode = appendChild(iorNode, RuntimeTagNames.TRANSPORT_CONFIG); appendTextChild(transportNode, RuntimeTagNames.INTEGRITY, iorDesc.getIntegrity()); appendTextChild(transportNode, RuntimeTagNames.CONFIDENTIALITY, iorDesc.getConfidentiality()); appendTextChild(transportNode, RuntimeTagNames.ESTABLISH_TRUST_IN_TARGET, iorDesc.getEstablishTrustInTarget()); appendTextChild(transportNode, RuntimeTagNames.ESTABLISH_TRUST_IN_CLIENT, iorDesc.getEstablishTrustInClient()); appendTextChild(asContextNode, RuntimeTagNames.AUTH_METHOD, iorDesc.getAuthenticationMethod()); appendTextChild(asContextNode, RuntimeTagNames.REALM, iorDesc.getRealmName()); appendTextChild(asContextNode, RuntimeTagNames.REQUIRED, Boolean.valueOf(iorDesc.isAuthMethodRequired()).toString()); appendTextChild(sasContextNode, RuntimeTagNames.CALLER_PROPAGATION, iorDesc.getCallerPropagation()); return iorNode;
EjbIORConfigurationDescriptor iorConfig = (EjbIORConfigurationDescriptor) iter.next(); realmName = iorConfig.getRealmName();
realmName = iter.next().getRealmName();