/** * <p> * Create the bitmask of what the target requires. * </p> * * @param tc the transport configuration metadata. * @return an {@code int} representing the transport mechanism required by the target. */ public static int createTargetRequires(IORTransportConfigMetaData tc) { int requires = 0; if (tc != null) { if (tc.getIntegrity().equals(IORTransportConfigMetaData.INTEGRITY_REQUIRED)) { requires = requires | Integrity.value; } if (tc.getConfidentiality().equals(IORTransportConfigMetaData.CONFIDENTIALITY_REQUIRED)) { requires = requires | Confidentiality.value; } if (tc.getDetectMisordering().equalsIgnoreCase(IORTransportConfigMetaData.DETECT_MISORDERING_REQUIRED)) { requires = requires | DetectMisordering.value; } if (tc.getDetectReplay().equalsIgnoreCase(IORTransportConfigMetaData.DETECT_REPLAY_REQUIRED)) { requires = requires | DetectReplay.value; } // no EstablishTrustInTarget required - client decides if (tc.getEstablishTrustInClient().equals(IORTransportConfigMetaData.ESTABLISH_TRUST_IN_CLIENT_REQUIRED)) { requires = requires | EstablishTrustInClient.value; } } return requires; }
private IORSecurityConfigMetaData createIORSecurityConfigMetaData(final OperationContext context, final ModelNode resourceModel, final boolean sslConfigured, final boolean serverRequiresSsl) throws OperationFailedException { final IORSecurityConfigMetaData securityConfigMetaData = new IORSecurityConfigMetaData(); final IORSASContextMetaData sasContextMetaData = new IORSASContextMetaData(); sasContextMetaData.setCallerPropagation(IIOPRootDefinition.CALLER_PROPAGATION.resolveModelAttribute(context, resourceModel).asString()); securityConfigMetaData.setSasContext(sasContextMetaData); final IORASContextMetaData asContextMetaData = new IORASContextMetaData(); asContextMetaData.setAuthMethod(IIOPRootDefinition.AUTH_METHOD.resolveModelAttribute(context, resourceModel).asString()); if (resourceModel.hasDefined(IIOPRootDefinition.REALM.getName())) { asContextMetaData.setRealm(IIOPRootDefinition.REALM.resolveModelAttribute(context, resourceModel).asString()); asContextMetaData.setRequired(IIOPRootDefinition.REQUIRED.resolveModelAttribute(context, resourceModel).asBoolean()); securityConfigMetaData.setAsContext(asContextMetaData); final IORTransportConfigMetaData transportConfigMetaData = new IORTransportConfigMetaData(); final ModelNode integrityNode = IIOPRootDefinition.INTEGRITY.resolveModelAttribute(context, resourceModel); if(integrityNode.isDefined()){ transportConfigMetaData.setIntegrity(integrityNode.asString()); } else { transportConfigMetaData.setIntegrity(sslConfigured ? (serverRequiresSsl ? Constants.IOR_REQUIRED : Constants.IOR_SUPPORTED) : Constants.NONE); transportConfigMetaData.setConfidentiality(confidentialityNode.asString()); } else { transportConfigMetaData.setConfidentiality(sslConfigured ? (serverRequiresSsl ? Constants.IOR_REQUIRED: Constants.IOR_SUPPORTED) : Constants.IOR_NONE); transportConfigMetaData.setEstablishTrustInTarget(confidentialityNode.asString()); } else { transportConfigMetaData.setEstablishTrustInTarget(sslConfigured ? Constants.IOR_SUPPORTED : Constants.NONE);
byte[] targetName = {}; IORASContextMetaData asMeta = metadata.getAsContext(); if (asMeta == null || asMeta.getAuthMethod().equals(IORASContextMetaData.AUTH_METHOD_NONE)) { context = new AS_ContextSec((short) support, (short) require, clientAuthMech, targetName); } else { if (asMeta.isRequired()) { require = EstablishTrustInClient.value; String realm = asMeta.getRealm(); targetName = createGSSExportedName(clientAuthMech, realm.getBytes(StandardCharsets.UTF_8));
if (iiopMetaData != null && iiopMetaData.getBindingName() != null) { name = iiopMetaData.getBindingName(); } else if (useQualifiedName) { if (component.getDistinctName() == null || component.getDistinctName().isEmpty()) { if (this.iiopMetaData != null && this.iiopMetaData.getIorSecurityConfigMetaData() != null) iorSecurityConfigMetaData = this.iiopMetaData.getIorSecurityConfigMetaData(); if (iorSecurityConfigMetaData != null && iorSecurityConfigMetaData.getTransportConfig() != null) { IORTransportConfigMetaData tc = iorSecurityConfigMetaData.getTransportConfig(); sslRequired = IORTransportConfigMetaData.INTEGRITY_REQUIRED.equals(tc.getIntegrity()) || IORTransportConfigMetaData.CONFIDENTIALITY_REQUIRED.equals(tc.getConfidentiality()) || IORTransportConfigMetaData.ESTABLISH_TRUST_IN_CLIENT_REQUIRED.equals(tc.getEstablishTrustInClient());
protected void wireOverrides() { if( primary != null ) { JBossEnterpriseBeansMetaData beans = (JBossEnterpriseBeansMetaData) primary.getEnterpriseBeans(); beans.setJBossMetaData(this); } } }
/** * Get the assembly descriptor * * @return the ejbJarMetaData. */ protected JBossAssemblyDescriptorMetaData getAssemblyDescriptor() { JBossMetaData ejbJar = getEjbJarMetaData(); if (ejbJar == null) return null; return ejbJar.getAssemblyDescriptor(); }
IORSASContextMetaData sasMeta = metadata.getSasContext(); if (sasMeta == null || sasMeta.getCallerPropagation().equals(IORSASContextMetaData.CALLER_PROPAGATION_NONE)) { context = new SAS_ContextSec((short) support, (short) require, privilAuth, supNamMechs, supIdenTypes); } else {
/** * <p> * Create a {@code org.omg.CSIIOP.CompoundSecMechanisms} which is a sequence of {@code CompoundSecMech}. Here we only * support one security mechanism. * </p> * * @param metadata the metadata object that contains the CSIv2 security configuration info. * @param codec the {@code Codec} used to encode the CSIv2 security component. * @param sslPort an {@code int} representing the SSL port. * @param orb a reference to the running {@code ORB}. * @return the constructed {@code CompoundSecMech} array. */ public static CompoundSecMech[] createCompoundSecMechanisms(IORSecurityConfigMetaData metadata, Codec codec, int sslPort, ORB orb) { // support just 1 security mechanism for now (and ever). CompoundSecMech[] csmList = new CompoundSecMech[1]; // a CompoundSecMech contains: target_requires, transport_mech, as_context_mech, sas_context_mech. TaggedComponent transport_mech = createTransportMech(metadata.getTransportConfig(), codec, sslPort, orb); // create AS Context. AS_ContextSec asContext = createAuthenticationServiceContext(metadata); // create SAS Context. SAS_ContextSec sasContext = createSecureAttributeServiceContext(metadata); // create target_requires bit field (AssociationOption) can't read directly the transport_mech TaggedComponent. int target_requires = createTargetRequires(metadata.getTransportConfig()) | asContext.target_requires | sasContext.target_requires; CompoundSecMech csm = new CompoundSecMech((short) target_requires, transport_mech, asContext, sasContext); csmList[0] = csm; return csmList; }
public JBossMetaDataWrapper(JBossMetaData primary, JBossMetaData defaults) { this.primary = primary; this.defaults = defaults; configurationsWrapper = new ContainerConfigurationsMetaDataWrapper(primary.getContainerConfigurations(), defaults.getContainerConfigurations()); wireOverrides(); }
/** * Get the transaction timeout for the method * * @param methodName the method name * @return the transaction timeout */ public int getMethodTransactionTimeout(String methodName) { MethodAttributeMetaData attribute = getMethodAttribute(methodName); return attribute.getTransactionTimeout(); }
/** * Is this method a read-only method * * @param methodName the method name * @return true for read only */ public boolean isMethodReadOnly(String methodName) { MethodAttributeMetaData attribute = getMethodAttribute(methodName); return attribute.isReadOnly(); }
@Override public InvokerProxyBindingsMetaData getInvokerProxyBindings() { if(mergedInvokerBindings == null) { mergedInvokerBindings = new InvokerProxyBindingsMetaDataWrapper( this.primary.getInvokerProxyBindings(), this.defaults.getInvokerProxyBindings()); } return mergedInvokerBindings; }
/** * <p> * Creates an instance of {@code CSIv2IORInterceptor} with the specified codec. * </p> * * @param codec the {@code Codec} used to encode the IOR security components. */ public CSIv2IORInterceptor(Codec codec) { String sslPortString = CorbaORBService.getORBProperty(Constants.ORB_SSL_PORT); int sslPort = sslPortString == null ? 0 : Integer.parseInt(sslPortString); try { SSL ssl = new SSL((short) MIN_SSL_OPTIONS, (short) 0, /* required options */ (short) sslPort); ORB orb = ORB.init(); Any any = orb.create_any(); SSLHelper.insert(any, ssl); byte[] componentData = codec.encode_value(any); defaultSSLComponent = new TaggedComponent(TAG_SSL_SEC_TRANS.value, componentData); IORSecurityConfigMetaData iorSecurityConfigMetaData = IORSecConfigMetaDataService.getCurrent(); if (iorSecurityConfigMetaData == null) iorSecurityConfigMetaData = new IORSecurityConfigMetaData(); defaultCSIComponent = CSIv2Util.createSecurityTaggedComponent(iorSecurityConfigMetaData, codec, sslPort, orb); } catch (InvalidTypeForEncoding e) { throw IIOPLogger.ROOT_LOGGER.unexpectedException(e); } }
if (iiopMetaDatas != null && iiopMetaDatas.size() > 0) { for (IIOPMetaData metaData : iiopMetaDatas) { iiopMetaDataMap.put(metaData.getEjbName(), metaData);
if (!tc.getIntegrity().equals(IORTransportConfigMetaData.INTEGRITY_NONE)) { supports = supports | Integrity.value; if (!tc.getConfidentiality().equals(IORTransportConfigMetaData.CONFIDENTIALITY_NONE)) { supports = supports | Confidentiality.value; if (!tc.getDetectMisordering().equalsIgnoreCase(IORTransportConfigMetaData.DETECT_MISORDERING_NONE)) { supports = supports | DetectMisordering.value; if (!tc.getDetectReplay().equalsIgnoreCase(IORTransportConfigMetaData.DETECT_REPLAY_NONE)) { supports = supports | DetectReplay.value; if (!tc.getEstablishTrustInTarget().equals(IORTransportConfigMetaData.ESTABLISH_TRUST_IN_TARGET_NONE)) { supports = supports | EstablishTrustInTarget.value; if (!tc.getEstablishTrustInClient().equals(IORTransportConfigMetaData.ESTABLISH_TRUST_IN_CLIENT_NONE)) { supports = supports | EstablishTrustInClient.value;
int supports = createTargetSupports(metadata.getTransportConfig()); int requires = createTargetRequires(metadata.getTransportConfig()); SSL ssl = new SSL((short) supports, (short) requires, (short) sslPort); Any any = orb.create_any();
public JBossMetaDataWrapper(JBossMetaData primary, JBossMetaData defaults) { this.primary = primary; this.defaults = defaults; configurationsWrapper = new ContainerConfigurationsMetaDataWrapper(primary.getContainerConfigurations(), defaults.getContainerConfigurations()); wireOverrides(); }
/** * Get the transaction timeout for the method * * @param methodName the method name * @return the transaction timeout */ public int getMethodTransactionTimeout(String methodName) { MethodAttributeMetaData attribute = getMethodAttribute(methodName); return attribute.getTransactionTimeout(); }
/** * Is this method a read-only method * * @param methodName the method name * @return true for read only */ public boolean isMethodReadOnly(String methodName) { MethodAttributeMetaData attribute = getMethodAttribute(methodName); return attribute.isReadOnly(); }
@Override public InvokerProxyBindingsMetaData getInvokerProxyBindings() { if(mergedInvokerBindings == null) { mergedInvokerBindings = new InvokerProxyBindingsMetaDataWrapper( this.primary.getInvokerProxyBindings(), this.defaults.getInvokerProxyBindings()); } return mergedInvokerBindings; }