Produced by Araxis Merge on 7/10/2017 1:01:45 PM Central Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
| # | Location | File | Last Modified |
|---|---|---|---|
| 1 | C:\AraxisMergeCompare\Pri_un\IV-ehmp_cif\ImagingVistaRealm\main\src\java\gov\va\med\imaging\tomcat\vistarealm | CertificateRealm.java | Thu Jun 29 17:23:03 2017 UTC |
| 2 | C:\AraxisMergeCompare\Pri_re\IV-ehmp_cif\ImagingVistaRealm\main\src\java\gov\va\med\imaging\tomcat\vistarealm | CertificateRealm.java | Thu Jul 6 15:03:42 2017 UTC |
| Description | Between Files 1 and 2 |
|
|---|---|---|
| Text Blocks | Lines | |
| Unchanged | 2 | 1054 |
| Changed | 1 | 2 |
| Inserted | 0 | 0 |
| Removed | 0 | 0 |
| Whitespace | |
|---|---|
| Character case | Differences in character case are significant |
| Line endings | Differences in line endings (CR and LF characters) are ignored |
| CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
| 1 | package go v.va.med.i maging.tom cat.vistar ealm; | |
| 2 | ||
| 3 | import jav a.security .Principal ; | |
| 4 | import jav a.security .cert.Cert ificateExp iredExcept ion; | |
| 5 | import jav a.security .cert.Cert ificateNot YetValidEx ception; | |
| 6 | import jav a.security .cert.X509 Certificat e; | |
| 7 | import jav a.util.Arr ayList; | |
| 8 | import jav a.util.Lis t; | |
| 9 | ||
| 10 | import org .apache.ca talina.Lif ecycleStat e; | |
| 11 | import org .apache.ca talina.Cre dentialHan dler; | |
| 12 | import org .apache.ca talina.Con tainer; | |
| 13 | import org .apache.ca talina.Rea lm; | |
| 14 | import org .apache.lo g4j.Logger ; | |
| 15 | import org .ietf.jgss .GSSContex t; | |
| 16 | ||
| 17 | ||
| 18 | /** | |
| 19 | * This cl ass implem ents a Tom cat Realm that accep ts only X. 509 certif icates. | |
| 20 | * Otherwi se it is s imilar to the VistaR ealm in th at the cre ated Princ ipal | |
| 21 | * instanc es are Vis taRealmPri ncipal and compatibl e with the Transacti onContext | |
| 22 | * mechani sm in VIX. | |
| 23 | * | |
| 24 | * This re alm implem entation i s intended to be use d when a s ervice acc ount is | |
| 25 | * availab le for the local Vis tA install ation. | |
| 26 | * | |
| 27 | * This Re alm will N OT delegat e authenti cation to its contai ner parent realm lik e | |
| 28 | * VistaRe alm does. | |
| 29 | * | |
| 30 | * Portion s of this code and t he comment s are copi ed verbati m from | |
| 31 | * Tomcat/ Catalina s ource. | |
| 32 | * | |
| 33 | * A quick discussio n of Realm calling s equence in Tomcat (o r at least how I | |
| 34 | * think t hey work). -startup- 1.) const ructor() 2 .) setCont ainer() 3. ) | |
| 35 | * MBeanRe gistration .preRegist er() 4.) M BeanRegist ration.pos tRegister( ) 5.) | |
| 36 | * Lifecyc le.start() 6.) backg roundProce ss() runs periodical ly from he re to | |
| 37 | * Lifecyc le.stop() | |
| 38 | * | |
| 39 | * -on cli ent call- 1.) findSe curityCons traints() - determin es if the web.xml | |
| 40 | * file ha s defined security-c onstraint elements f or the res ource shou ld return | |
| 41 | * an arra y of appli cable cons traints (i n descendi ng order o f specific ity) 2.) | |
| 42 | * hasUser DataPermis sion() - t o check th e web.xml specified requiremen ts for | |
| 43 | * data in tegrity an d security in transm ission 3.) authentic ate() - de pending on | |
| 44 | * the pre sented cre dentials, may call o ne of the four authe nticate me thods if | |
| 45 | * the use r exists, should ret urn a Prin cipal real ization 4. ) | |
| 46 | * hasReso urcePermis sion() - d etermines if the aut henticated user has permission | |
| 47 | * to the specific r esource na med - on s erver stop - 1.) Lif ecycle.sto p() | |
| 48 | * | |
| 49 | * Initial ization Se quence: | |
| 50 | * | |
| 51 | * ======= ========== ========== ========== ========== ========== ========== ====== | |
| 52 | * server. xml Realm element ex ample with just requ ired prope rties spec ified | |
| 53 | * <Realm | |
| 54 | * classNa me="gov.va .med.imagi ng.tomcat. vistarealm .Certifica teRealm" | |
| 55 | * siteNum ber = "660 " | |
| 56 | * siteAbb reviation = "SLC" | |
| 57 | * siteNam e = "Salt Lake City, UT" | |
| 58 | * service AccountUID ="userId" | |
| 59 | * service AccountPWD ="password " | |
| 60 | * /> | |
| 61 | * | |
| 62 | * ======= ========== ========== ========== ========== ========== ========== ====== | |
| 63 | * server. xml Realm element ex ample with all prope rties spec ified | |
| 64 | * <Realm | |
| 65 | * classNa me="gov.va .med.imagi ng.tomcat. vistarealm .Certifica teRealm" | |
| 66 | * siteNum ber="660" | |
| 67 | * siteAbb reviation= "SLC" | |
| 68 | * siteNam e="Salt La ke City, U T" | |
| 69 | * usingPr incipalCac he="true" | |
| 70 | * princip alCacheLif espan="600 00" | |
| 71 | * refresh PrincipalC acheEntryO nUse="true " | |
| 72 | * vistaCo nnectDelay Kludge="10 00" | |
| 73 | * service AccountUID ="userId" | |
| 74 | * service AccountPWD ="password " | |
| 75 | * /> | |
| 76 | * | |
| 77 | * @author
|
|
| 78 | * | |
| 79 | */ | |
| 80 | public cla ss Certifi cateRealm | |
| 81 | extends Ab stractVist aRealmImpl | |
| 82 | implements Realm, or g.apache.c atalina.Li fecycle, A bstractVis taRealm, C ertificate RealmMBean | |
| 83 | { | |
| 84 | // Known Rol es are now defined i n the Vist aRealmRole s Enum in the | |
| 85 | // VistaReal mClient pr oject. | |
| 86 | // Partially this was for a code cleanup, and partia lly to mak e them | |
| 87 | // available | |
| 88 | // outside o f the real m itself. | |
| 89 | ||
| 90 | pr ivate Logg er logger = Logger.g etLogger(t his.getCla ss()); | |
| 91 | ||
| 92 | pr ivate Cont ainer pare ntContaine r; | |
| 93 | pr ivate Real m parentCo ntainerRea lm; | |
| 94 | ||
| 95 | pr ivate Stri ng service AccountUID ; | |
| 96 | pr ivate Stri ng service AccountPWD ; | |
| 97 | pr ivate List <VistaReal mRoles> se rviceAccou ntRoles; | |
| 98 | pr ivate Cred entialHand ler creden tialHandle r; | |
| 99 | ||
| 100 | ||
| 101 | /* * | |
| 102 | * | |
| 103 | * / | |
| 104 | pu blic Certi ficateReal m() | |
| 105 | { | |
| 106 | logg er.info(Ce rtificateR ealm.class .getCanoni calName() + " ctor() "); | |
| 107 | } | |
| 108 | ||
| 109 | pu blic synch ronized Co ntainer ge tParentCon tainer() | |
| 110 | { | |
| 111 | if(p arentConta iner == nu ll) | |
| 112 | parent Container = getConta iner() == null ? nul l : getCon tainer().g etParent() ; | |
| 113 | ||
| 114 | retu rn parentC ontainer; | |
| 115 | } | |
| 116 | ||
| 117 | pu blic synch ronized Re alm getPar entContain erRealm() | |
| 118 | { | |
| 119 | if(p arentConta inerRealm == null) | |
| 120 | { | |
| 121 | Contai ner parent Container = getParen tContainer (); | |
| 122 | parent ContainerR ealm = par entContain er == null ? null : parentCont ainer.getR ealm(); | |
| 123 | } | |
| 124 | ||
| 125 | retu rn parentC ontainerRe alm; | |
| 126 | } | |
| 127 | ||
| 128 | ||
| 129 | /* (non-Java doc) | |
| 130 | * @see gov. va.med.ima ging.tomca t.vistarea lm.Abstrac tVistaReal mImpl#getS iteAbbrevi ation() | |
| 131 | * / | |
| 132 | @O verride | |
| 133 | pu blic Strin g getSiteA bbreviatio n() | |
| 134 | { | |
| 135 | // i f the site abbreviat ion has no t been set , attempt to get it from the p arent Vist aAccessVer ifyRealm | |
| 136 | if(s uper.getSi teAbbrevia tion() == null) | |
| 137 | { | |
| 138 | logger .debug("Re alm site a bbreviatio n is null, attemptin g to set f rom parent "); | |
| 139 | Realm parentReal m = getPar entContain erRealm(); | |
| 140 | if(par entRealm i nstanceof gov.va.med .imaging.t omcat.vist arealm.Vis taAccessVe rifyRealm) | |
| 141 | { | |
| 142 | gov.va.m ed.imaging .tomcat.vi starealm.V istaAccess VerifyReal m accessVe rifyRealm = (gov.va. med.imagin g.tomcat.v istarealm. VistaAcces sVerifyRea lm)parentR ealm; | |
| 143 | logger.d ebug("Sett ing site a bbreviatio n from par ent VistaA ccessVerif yRealm to [" + acces sVerifyRea lm.getSite Abbreviati on() + "]" ); | |
| 144 | this.set SiteAbbrev iation(acc essVerifyR ealm.getSi teAbbrevia tion()); | |
| 145 | } | |
| 146 | } | |
| 147 | retu rn super.g etSiteAbbr eviation() ; | |
| 148 | } | |
| 149 | ||
| 150 | /* (non-Java doc) | |
| 151 | * @see gov. va.med.ima ging.tomca t.vistarea lm.Abstrac tVistaReal mImpl#getS iteName() | |
| 152 | * / | |
| 153 | @O verride | |
| 154 | pu blic Strin g getSiteN ame() | |
| 155 | { | |
| 156 | // i f the site name has not been s et, attemp t to get i t from the parent Vi staAccessV erifyRealm | |
| 157 | if(s uper.getSi teName() = = null) | |
| 158 | { | |
| 159 | logger .debug("Re alm site n ame is nul l, attempt ing to set from pare nt"); | |
| 160 | Realm parentReal m = getPar entContain erRealm(); | |
| 161 | if(par entRealm i nstanceof gov.va.med .imaging.t omcat.vist arealm.Vis taAccessVe rifyRealm) | |
| 162 | { | |
| 163 | gov.va.m ed.imaging .tomcat.vi starealm.V istaAccess VerifyReal m accessVe rifyRealm = (gov.va. med.imagin g.tomcat.v istarealm. VistaAcces sVerifyRea lm)parentR ealm; | |
| 164 | logger.d ebug("Sett ing site n ame from p arent Vist aAccessVer ifyRealm t o [" + acc essVerifyR ealm.getSi teName() + "]"); | |
| 165 | this.set SiteName(a ccessVerif yRealm.get SiteName() ); | |
| 166 | } | |
| 167 | } | |
| 168 | retu rn super.g etSiteName (); | |
| 169 | } | |
| 170 | ||
| 171 | /* (non-Java doc) | |
| 172 | * @see gov. va.med.ima ging.tomca t.vistarea lm.Abstrac tVistaReal mImpl#getS iteNumber( ) | |
| 173 | * / | |
| 174 | @O verride | |
| 175 | pu blic Strin g getSiteN umber() | |
| 176 | { | |
| 177 | // i f the site number ha s not been set, atte mpt to get it from t he parent VistaAcces sVerifyRea lm | |
| 178 | if(s uper.getSi teNumber() == null) | |
| 179 | { | |
| 180 | logger .debug("Re alm site n umber is n ull, attem pting to s et from pa rent"); | |
| 181 | Realm parentReal m = getPar entContain erRealm(); | |
| 182 | if(par entRealm i nstanceof gov.va.med .imaging.t omcat.vist arealm.Vis taAccessVe rifyRealm) | |
| 183 | { | |
| 184 | gov.va.m ed.imaging .tomcat.vi starealm.V istaAccess VerifyReal m accessVe rifyRealm = (gov.va. med.imagin g.tomcat.v istarealm. VistaAcces sVerifyRea lm)parentR ealm; | |
| 185 | logger.d ebug("Sett ing site n umber from parent Vi staAccessV erifyRealm to [" + a ccessVerif yRealm.get SiteNumber () + "]"); | |
| 186 | this.set SiteNumber (accessVer ifyRealm.g etSiteNumb er()); | |
| 187 | } | |
| 188 | } | |
| 189 | retu rn super.g etSiteNumb er(); | |
| 190 | } | |
| 191 | ||
| 192 | pu blic Strin g getServi ceAccountU ID() | |
| 193 | { | |
| 194 | retu rn this.se rviceAccou ntUID; | |
| 195 | } | |
| 196 | ||
| 197 | pu blic void setService AccountUID (String se rviceAccou ntUID) | |
| 198 | { | |
| 199 | this .serviceAc countUID = serviceAc countUID; | |
| 200 | } | |
| 201 | ||
| 202 | pu blic Strin g getServi ceAccountP WD() | |
| 203 | { | |
| 204 | retu rn this.se rviceAccou ntPWD; | |
| 205 | } | |
| 206 | ||
| 207 | pu blic void setService AccountPWD (String se rviceAccou ntPWD) | |
| 208 | { | |
| 209 | this .serviceAc countPWD = serviceAc countPWD; | |
| 210 | } | |
| 211 | ||
| 212 | /* * | |
| 213 | * ServiceAc countRoles are store d as a lis t of enume rations, b ut externa lly they | |
| 214 | * are set/g et as a co mma delimi ted String . | |
| 215 | * @return | |
| 216 | * / | |
| 217 | pu blic Strin g getServi ceAccountR oles() | |
| 218 | { | |
| 219 | if(t his.servic eAccountRo les == nul l) | |
| 220 | return null; | |
| 221 | Stri ngBuilder sb = new S tringBuild er(); | |
| 222 | for( VistaRealm Roles role : this.se rviceAccou ntRoles) | |
| 223 | { | |
| 224 | if(sb. length() > 0) | |
| 225 | sb.appen d(','); | |
| 226 | sb.app end(role.t oString()) ; | |
| 227 | } | |
| 228 | ||
| 229 | retu rn sb.toSt ring(); | |
| 230 | } | |
| 231 | ||
| 232 | pu blic List< String> ge tServiceAc countRoles Names() | |
| 233 | { | |
| 234 | if(t his.servic eAccountRo les == nul l) | |
| 235 | return null; | |
| 236 | List <String> r oleNames = new Array List<Strin g>(service AccountRol es.size()) ; | |
| 237 | for( VistaRealm Roles role : this.se rviceAccou ntRoles) | |
| 238 | roleNa mes.add(ro le.getRole Name()); | |
| 239 | retu rn roleNam es; | |
| 240 | } | |
| 241 | ||
| 242 | pu blic void setService AccountRol es(String serviceAcc ountRoles) | |
| 243 | { | |
| 244 | if(s erviceAcco untRoles = = null) | |
| 245 | return ; | |
| 246 | Stri ng[] servi ceAccountR oleNames = serviceAc countRoles .split("," ); | |
| 247 | this .serviceAc countRoles = new Arr ayList<Vis taRealmRol es>(servic eAccountRo leNames.le ngth); | |
| 248 | for( String ser viceAccoun tRoleName : serviceA ccountRole Names) | |
| 249 | { | |
| 250 | VistaR ealmRoles role = Vis taRealmRol es.getRole ByName(ser viceAccoun tRoleName) ; | |
| 251 | if(rol e == null) | |
| 252 | logger.e rror("Unkn own role n ame '" + s erviceAcco untRoleNam e + "' con figured in Certifica teRealm.") ; | |
| 253 | else | |
| 254 | this.ser viceAccoun tRoles.add (role); | |
| 255 | } | |
| 256 | } | |
| 257 | ||
| 258 | @O verride | |
| 259 | protec ted Logger getLogger () | |
| 260 | { | |
| 261 | return l ogger; | |
| 262 | } | |
| 263 | ||
| 264 | /* * | |
| 265 | * Is the re alm initia lized (i.e . capable of authent icating/au thorizing | |
| 266 | * users). | |
| 267 | * | |
| 268 | * @return | |
| 269 | * / | |
| 270 | pu blic boole an isIniti alized() | |
| 271 | { | |
| 272 | bool ean result = true; | |
| 273 | Cont ainer cont ainer = th is.getCont ainer(); | |
| 274 | Stri ng contain erName = c ontainer = = null ? n ull : cont ainer.getN ame(); | |
| 275 | ||
| 276 | if ( getSiteAbb reviation( ) == null) | |
| 277 | { | |
| 278 | logger .warn("Vis taRealm[" + containe rName + "] - site ab breviation is not se t and must be before authentic ation will succeed." ); | |
| 279 | result = false; | |
| 280 | } | |
| 281 | if ( getSiteNam e() == nul l) | |
| 282 | { | |
| 283 | logger .warn("Vis taRealm[" + containe rName + "] - site na me is not set and mu st be befo re authent ication wi ll succeed ."); | |
| 284 | result = false; | |
| 285 | } | |
| 286 | if ( getSiteNum ber() == n ull) | |
| 287 | { | |
| 288 | logger .warn("Vis taRealm[" + containe rName + "] - site nu mber is no t set and must be be fore authe ntication will succe ed."); | |
| 289 | result = false; | |
| 290 | } | |
| 291 | if ( getService AccountUID () == null ) | |
| 292 | { | |
| 293 | logger .warn("Vis taRealm[" + containe rName + "] - service account U ID is not set and mu st be befo re authent ication wi ll succeed ."); | |
| 294 | result = false; | |
| 295 | } | |
| 296 | if ( getService AccountPWD () == null ) | |
| 297 | { | |
| 298 | logger .warn("Vis taRealm[" + containe rName + "] - service account P WD is not set and mu st be befo re authent ication wi ll succeed ."); | |
| 299 | result = false; | |
| 300 | } | |
| 301 | if ( getService AccountRol esNames() == null) | |
| 302 | { | |
| 303 | logger .warn("Vis taRealm[" + containe rName + "] - service account r ole names is not set and must be before authentica tion will succeed.") ; | |
| 304 | result = false; | |
| 305 | } | |
| 306 | ||
| 307 | retu rn result; | |
| 308 | } | |
| 309 | ||
| 310 | /* | |
| 311 | /* | |
| 312 | * ========= ========== ========== ========== ========== ========== ========== ========== ======= | |
| 313 | * Authentic ation Meth ods | |
| 314 | * ========= ========== ========== ========== ========== ========== ========== ========== ======= | |
| 315 | * / | |
| 316 | ||
| 317 | /* * | |
| 318 | * Return th e Principa l associat ed with th e specifie d username and | |
| 319 | * credentia ls, if the re is one; otherwise return <c ode>null</ code>. | |
| 320 | * | |
| 321 | * @param us ername | |
| 322 | * Username of the Pr incipal to look up, A valid Vi staImaging | |
| 323 | * access c ode | |
| 324 | * @param cr edentials | |
| 325 | * Password or other credential s to use i n authenti cating thi s | |
| 326 | * username , The veri fy code ma tching the given acc ess code | |
| 327 | * / | |
| 328 | pu blic Princ ipal authe nticate(St ring usern ame, Strin g password ) | |
| 329 | { | |
| 330 | logg er.info("a uthenticat e (" + use rname + ", password) "); | |
| 331 | retu rn null; | |
| 332 | } | |
| 333 | ||
| 334 | /* * | |
| 335 | * Return th e Principa l associat ed with th e specifie d username and | |
| 336 | * credentia ls, if the re is one; otherwise return <c ode>null</ code>. | |
| 337 | * | |
| 338 | * @param us ername | |
| 339 | * Username of the Pr incipal to look up | |
| 340 | * @param cr edentials | |
| 341 | * Password or other credential s to use i n authenti cating thi s | |
| 342 | * username | |
| 343 | * / | |
| 344 | pu blic Princ ipal authe nticate(St ring usern ame, byte[ ] credenti als) | |
| 345 | { | |
| 346 | logg er.info("a uthenticat e (" + use rname + ", byte[])") ; | |
| 347 | retu rn null; | |
| 348 | } | |
| 349 | ||
| 350 | /* (non-Java doc) | |
| 351 | * @see org. apache.cat alina.Real m#authenti cate(java. lang.Strin g) | |
| 352 | * / | |
| 353 | @O verride | |
| 354 | pu blic Princ ipal authe nticate(St ring uid) | |
| 355 | { | |
| 356 | retu rn null; | |
| 357 | } | |
| 358 | ||
| 359 | /* (non-Java doc) | |
| 360 | * @see org. apache.cat alina.Real m#authenti cate(org.i etf.jgss.G SSContext; , java.lan g.String) | |
| 361 | * / | |
| 362 | @O verride | |
| 363 | pu blic Princ ipal authe nticate(GS SContext g ssContext, boolean s toreCreds) | |
| 364 | { | |
| 365 | retu rn null; | |
| 366 | } | |
| 367 | ||
| 368 | ||
| 369 | /* * | |
| 370 | * Return th e Principa l associat ed with th e specifie d username , which | |
| 371 | * matches t he digest calculated using the given par ameters us ing the me thod | |
| 372 | * described in RFC 20 69; otherw ise return <code>nul l</code>. | |
| 373 | * | |
| 374 | * @param us ername | |
| 375 | * Username of the Pr incipal to look up | |
| 376 | * @param di gest | |
| 377 | * Digest w hich has b een submit ted by the client | |
| 378 | * @param no nce | |
| 379 | * Unique ( or suppose dly unique ) token wh ich has be en used fo r | |
| 380 | * this req uest | |
| 381 | * @param re alm | |
| 382 | * Realm na me | |
| 383 | * @param md 5a2 | |
| 384 | * Second M D5 digest used to ca lculate th e digest : MD5(Metho d + | |
| 385 | * ":" + ur i) | |
| 386 | * / | |
| 387 | pu blic Princ ipal authe nticate(St ring usern ame, Strin g clientDi gest, Stri ng nOnce, String nc, String cn once, Stri ng qop, St ring realm , | |
| 388 | Stri ng md5a2) | |
| 389 | { | |
| 390 | logg er.info("a uthenticat e (" + use rname + ", digest)") ; | |
| 391 | retu rn null; | |
| 392 | } | |
| 393 | ||
| 394 | /* * | |
| 395 | * Return th e Principa l associat ed with th e specifie d chain of X509 clie nt | |
| 396 | * certifica tes. If th ere is non e, return <code>null </code>. | |
| 397 | * | |
| 398 | * For this method to be called the client must have presented an X509 | |
| 399 | * certifica te, which has been s igned by a trusted C ertificate Authority . At | |
| 400 | * this poin t, all we need to do is get th e user nam e from the certifica te | |
| 401 | * and assig n the role . | |
| 402 | * | |
| 403 | * @param ce rts | |
| 404 | * Array of client ce rtificates , with the first one in the ar ray | |
| 405 | * being th e certific ate of the client it self. | |
| 406 | * / | |
| 407 | pu blic Princ ipal authe nticate(X5 09Certific ate certs[ ]) | |
| 408 | { | |
| 409 | logg er.debug(" Authentica ting using X509 cert ificate.") ; | |
| 410 | Vist aRealmPrin cipal prin cipal = nu ll; | |
| 411 | List <java.secu rity.cert. X509Certif icate> cer tsList = n ew ArrayLi st<java.se curity.cer t.X509Cert ificate>() ; | |
| 412 | bool ean posses sesTrusted Certificat e = false; | |
| 413 | Stri ng certifi cateDistin guishedNam e = null; | |
| 414 | ||
| 415 | // c heck all o f the cert ificates, if one is valid then that beco mes the | |
| 416 | // s ource for the Princi pal inform ation | |
| 417 | for (X509Certi ficate cer t : certs) | |
| 418 | { | |
| 419 | logger .debug("X5 09Certific ate subjec t '" + cer t.getSubje ctDN().get Name() + " ."); | |
| 420 | certsL ist.add(ce rt); // bu ild the li st that wi ll populat e the | |
| 421 | // Pri ncipal | |
| 422 | // we may not us e this lis t but buil ding it no w | |
| 423 | // avo ids a seco nd iterato r | |
| 424 | try | |
| 425 | { | |
| 426 | // the v alidity ch eck will t hrow an ex ception if it is inv alid | |
| 427 | cert.che ckValidity (); | |
| 428 | certific ateDisting uishedName = cert.ge tSubjectX5 00Principa l().getNam e(); | |
| 429 | possesse sTrustedCe rtificate = true; | |
| 430 | logger.d ebug("X509 Certificat e is valid ."); | |
| 431 | } | |
| 432 | catch (Certifica teExpiredE xception e ) | |
| 433 | { | |
| 434 | logger.w arn("Authe ntication by certifi cate of " + cert.get SubjectX50 0Principal ().getName () + " fai led due to " | |
| 435 | + e.getMes sage()); | |
| 436 | } | |
| 437 | catch (Certifica teNotYetVa lidExcepti on e) | |
| 438 | { | |
| 439 | logger.w arn("Authe ntication by certifi cate of " + cert.get SubjectX50 0Principal ().getName () + " fai led due to " | |
| 440 | + e.getMes sage()); | |
| 441 | } | |
| 442 | } | |
| 443 | ||
| 444 | // p ossessesTr ustedCerti ficate wil l be false unless at least one certifica te is vali d | |
| 445 | if ( possessesT rustedCert ificate) | |
| 446 | { | |
| 447 | logger .debug("Us er '" + ce rtificateD istinguish edName + " ' has been authentic ated by X5 09Certific ate."); | |
| 448 | princi pal = new VistaRealm Principal( getRealmNa me(), getS erviceAcco untUID(), getService AccountPWD (), certsL ist, getSe rviceAccou ntRolesNam es(), null ); | |
| 449 | princi pal.setPre emptiveAut horization (this); | |
| 450 | VistaR ealmSecuri tyContext. set(princi pal); | |
| 451 | getLog ger().info ("VistaRea lmSecurity Context se t on threa d (" + Thr ead.curren tThread(). getName() + ")"); | |
| 452 | } | |
| 453 | ||
| 454 | retu rn princip al; | |
| 455 | } | |
| 456 | ||
| 457 | ||
| 458 | /* (non-Java doc) | |
| 459 | * @see org. apache.cat alina.Real m#isAvaila ble() | |
| 460 | */ | |
| 461 | pu blic boole an isAvail able() | |
| 462 | { | |
| 463 | retu rn true; | |
| 464 | } | |
| 465 | ||
| 466 | /* (non-Java doc) | |
| 467 | * @see org. apache.cat alina.Real m#getRoles (java.secu rity.Princ ipal) | |
| 468 | * / | |
| 469 | pu blic Strin g[] getRol es(Princip al princip al) | |
| 470 | { | |
| 471 | retu rn null; | |
| 472 | } | |
| 473 | ||
| 474 | /* (non-Java doc) | |
| 475 | * @see org. apache.cat alina.Real m#setCrede ntialHandl er(org.apa che.catali na.Credent ialHandler ) | |
| 476 | */ | |
| 477 | @O verride | |
| 478 | pu blic void setCredent ialHandler (Credentia lHandler c redentialH andler) | |
| 479 | { | |
| 480 | this .credentia lHandler = credentia lHandler; | |
| 481 | } | |
| 482 | ||
| 483 | /* (non-Java doc) | |
| 484 | * @see org. apache.cat alina.Real m#getCrede ntialHandl er() | |
| 485 | */ | |
| 486 | @O verride | |
| 487 | pu blic Crede ntialHandl er getCred entialHand ler() | |
| 488 | { | |
| 489 | retu rn credent ialHandler ; | |
| 490 | } | |
| 491 | ||
| 492 | /* (non-Java doc) | |
| 493 | * @see org. apache.cat alina.Life cycle#getS tateName() | |
| 494 | */ | |
| 495 | @O verride | |
| 496 | pu blic Strin g getState Name() | |
| 497 | { | |
| 498 | retu rn null; / /getParent ContainerR ealm() == null ? nul l : getPar entContain erRealm(). getStateNa me(); | |
| 499 | } | |
| 500 | ||
| 501 | /* (non-Java doc) | |
| 502 | * @see org. apache.cat alina.Life cycle#getS tate() | |
| 503 | */ | |
| 504 | @O verride | |
| 505 | pu blic Lifec ycleState getState() | |
| 506 | { | |
| 507 | retu rn null; / /getParent ContainerR ealm() == null ? nul l : getPar entContain erRealm(). getState() ; | |
| 508 | } | |
| 509 | ||
| 510 | /* (non-Java doc) | |
| 511 | * @see org. apache.Lif ecycle.des troy() | |
| 512 | */ | |
| 513 | @O verride | |
| 514 | pu blic void destroy() | |
| 515 | { | |
| 516 | } | |
| 517 | ||
| 518 | /* (non-Java doc) | |
| 519 | * @see org. apache.Lif ecycle.ini t() | |
| 520 | */ | |
| 521 | @O verride | |
| 522 | pu blic void init() | |
| 523 | { | |
| 524 | } | |
| 525 | ||
| 526 | } | |
| 527 | ||
| 528 |
Araxis Merge (but not the data content of this report) is Copyright © 1993-2016 Araxis Ltd (www.araxis.com). All rights reserved.