Examples of com.sun.enterprise.common.iiop.security.SecurityContext

• com.sun.enterprise.common.iiop.security.SecurityContext
  A subject is used a container for passing the security context information in the service context field. The security context information in the subject must be stored either as a private or a public credential according to the following convention: PasswordCredential: Client authentication will be performed using the username and password in the PasswordCredential. PasswordCredential must be passed as a PrivateCredential. X500Name: DN name specified in X500Name will be asserted. X500Name must be passed as a PublicCredential. GSSUPName: Identity specified in GSSUPName will be asserted. GSSUPName must be passed as a PublicCredential. X509CertificateCredential: The certificate chain in the credential will be asserted. The credential must be passed as a PublicCredential. AnonCredential: Anonymous identity will be asserted. Credential must be passed as a PublicCredential. Class fields in the SecurityContext are used for credential selection. There are two class fields: authcls and identcls. authcls is a Class object that identifies the credential for client authentication. identcls is a Class object that identifies the credential for identity assertion. The following semantics must be observed: 1. A client authentication token is always passed as a private credential. authcls set to the class of the authentication token 2. An identity token is always passed as a public credential. identcls is set to the class of the identity token. 3. authcls is set to null if there is no client auth token 4. identcls is set to null if there is no ident token 5. There must not be more than one instance of class identified by authcls or identcls. However, there can be one instance of identcls *and* authcls (this allows both a client auth token and an identity token to be passed across the interface).

    }

    public void receive_request(ServerRequestInfo ri)
         throws ForwardRequest
    {
        SecurityContext seccontext = null;   // SecurityContext to be sent
        ServiceContext  sc = null;           // service context
        int status = 0;
        boolean  raise_no_perm = false;

        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "++++ Entered " + prname + "receive_request");
        }

       // secsvc  = Csiv2Manager.getSecurityService();
        ORB orb = orbHelper.getORB();

        try {
            sc = ri.get_request_service_context(SECURITY_ATTRIBUTE_SERVICE_ID);
            if (sc == null) {
                handle_null_service_context(ri, sc, orb);
                return;
            }
        } catch (org.omg.CORBA.BAD_PARAM e) {
            handle_null_service_context(ri,sc, orb);
            return;
        }

        if(_logger.isLoggable(Level.FINE)){
    _logger.log(Level.FINE,"Received a non null SAS context element");
        }
        /* Decode the service context field */
        Any SasAny = orb.create_any();
        try {
            SasAny = codec.decode_value(sc.context_data, SASContextBodyHelper.type());
        } catch (Exception e) {
        _logger.log(Level.SEVERE,"iiop.decode_exception",e);
            throw new SecurityException(
                localStrings.getLocalString("secserverreqinterceptor.err_cdr_decode",
                                            "CDR Decoding error for SAS context element."));
        }

        if(_logger.isLoggable(Level.FINE)){
    _logger.log(Level.FINE,"Successfully decoded CDR encoded SAS context element.");
        }
        SASContextBody sasctxbody = SASContextBodyHelper.extract(SasAny);

        short sasdiscr = sasctxbody.discriminator();
        if(_logger.isLoggable(Level.FINE)){
    _logger.log(Level.FINE,"SAS context element is a/an " + SvcContextUtils.getMsgname(sasdiscr)+ " message");
        }
        /* Check message type received */

        /**
         *  CSIV2 SPEC NOTE:
         *
         *  Section 4.3 "TSS State Machine" , table 4-4 "TSS State Table"
         *  shows that a MessageInContext can be received. In this case
         *  the table is somewhat unclear. But in this case a ContextError
         *  with the status code "No Context" ( specified in
         *  section 4.5 "ContextError Values and Exceptions" must be sent back.
         *  A NO_PERMISSION exception must also be raised.
         *
         *  ISSUE: should setSecurityContext(null) be called ?
         */

        if (sasdiscr == MTMessageInContext.value) {
             sasctxbody = createContextError(SvcContextUtils.MessageInContextMinor);
             sc = createSvcContext(sasctxbody, orb);
        if(_logger.isLoggable(Level.FINE)){
    _logger.log(Level.FINE,"Adding ContextError message to service context list");
    _logger.log(Level.FINE,"SecurityContext set to null");
        }
             ri.add_reply_service_context(sc, NO_REPLACE);
             // no need to set the security context
//              secsvc.setSecurityContext(null, ri.object_id(), ri.operation());

             throw new NO_PERMISSION();
        }

        /**
         * CSIV2 SPEC NOTE:
         *
         * CSIV2 spec does not specify the actions for any message other than
         * a MessageInContext and EstablishContext message.So for such messages,
         * this implementation simply drops the message on the floor. No
         * other message is sent back. Neither is an exception raised.
         *
         * ISSUE: Should there be some other action ?
         */

        if (sasdiscr != MTEstablishContext.value) {
            _logger.log(Level.SEVERE,"iiop.not_establishcontext_msg");
            throw new SecurityException(
                localStrings.getLocalString("secserverreqinterceptor.err_not_ec_msg",
                                            "Received message not an EstablishContext message."));
        }

        EstablishContext ec = sasctxbody.establish_msg();

        seccontext = new SecurityContext();
        seccontext.subject = new Subject();

        try {
            if (ec.client_authentication_token.length != 0) {
                if(_logger.isLoggable(Level.FINE)){

        java.lang.Object  cred = null ; // A single JAAS credential

  if(_logger.isLoggable(Level.FINE))
                _logger.log(Level.FINE,"++++ Entered " + prname + "send_request" + "()");
        SecurityContext secctxt = null;       // SecurityContext to be sent
  ORB orb = orbHelper.getORB();
  org.omg.CORBA.Object effective_target = ri.effective_target();
  try{
      secctxt = secContextUtil.getSecurityContext(effective_target);
  }catch(InvalidMechanismException ime){
               _logger.log(Level.SEVERE,"iiop.sec_context_exception",ime);
      throw new RuntimeException(ime.getMessage());
  }catch(InvalidIdentityTokenException iite){
                _logger.log(Level.SEVERE,"iiop.runtime_exception",iite);
      throw new RuntimeException(iite.getMessage());
  }

        /**
         * In an unprotected invocation, there is nothing to be sent to
         * the service context field. Check for this case.
         */
        if (secctxt == null) {
            if(_logger.isLoggable(Level.FINE)){
                _logger.log(Level.FINE,"Security context is null (nothing to add to service context)");
            }
            return;
  }

  final SecurityContext sCtx = secctxt;
        /* Construct an authentication token */
        if (secctxt.authcls != null) {
            cred = AccessController.doPrivileged(new PrivilegedAction() {
                public java.lang.Object run() {
                    return getCred(sCtx.subject.getPrivateCredentials(sCtx.authcls), sCtx.authcls);

        java.lang.Object  cred = null ; // A single JAAS credential

  if(_logger.isLoggable(Level.FINE))
                _logger.log(Level.FINE,"++++ Entered " + prname + "send_request" + "()");
        SecurityContext secctxt = null;       // SecurityContext to be sent
  ORB orb = orbHelper.getORB();
  org.omg.CORBA.Object effective_target = ri.effective_target();
  try{
      secctxt = secContextUtil.getSecurityContext(effective_target);
  }catch(InvalidMechanismException ime){
               _logger.log(Level.SEVERE,"iiop.sec_context_exception",ime);
      throw new RuntimeException(ime.getMessage());
  }catch(InvalidIdentityTokenException iite){
                _logger.log(Level.SEVERE,"iiop.runtime_exception",iite);
      throw new RuntimeException(iite.getMessage());
  }

        /**
         * In an unprotected invocation, there is nothing to be sent to
         * the service context field. Check for this case.
         */
        if (secctxt == null) {
            if(_logger.isLoggable(Level.FINE)){
                _logger.log(Level.FINE,"Security context is null (nothing to add to service context)");
            }
            return;
  }

  final SecurityContext sCtx = secctxt;
        /* Construct an authentication token */
        if (secctxt.authcls != null) {
            cred = AccessController.doPrivileged(new PrivilegedAction() {
                public java.lang.Object run() {
                    return getCred(sCtx.subject.getPrivateCredentials(sCtx.authcls), sCtx.authcls);

    public SecurityContext selectSecurityContext(IOR ior)
        throws InvalidIdentityTokenException,
            InvalidMechanismException, SecurityMechanismException
    {
        SecurityContext context = null;
  ConnectionContext cc = new ConnectionContext();
        //print CSIv2 mechanism definition in IOR
        if (traceIORs()) {
            _logger.info("\nCSIv2 Mechanism List:" +
                    getSecurityMechanismString(ctc,ior));

                        boolean clientAuthOccurred,
                        CompoundSecMech mechanism)
        throws InvalidMechanismException, InvalidIdentityTokenException,
                            SecurityMechanismException {

        SecurityContext ctx = null;
        if(!sslUsed) {
      ctx = propagateIdentity(false, ci, mechanism);
  } else {
      ctx = propagateIdentity(clientAuthOccurred, ci, mechanism);
  }

    private SecurityContext sendUsernameAndPassword(ComponentInvocation ci,
                boolean sslUsed,
                boolean clientAuthOccurred,
                                                    CompoundSecMech mechanism)
                throws SecurityMechanismException {
        SecurityContext ctx = null;
        if(mechanism == null) {
            return null;
        }
        AS_ContextSec asContext = mechanism.as_context_mech;
        if( isSet(asContext.target_requires, EstablishTrustInClient.value)

    private SecurityContext propagateIdentity(boolean clientAuth,
                                              ComponentInvocation ci,
                                              CompoundSecMech mechanism)
        throws InvalidIdentityTokenException, InvalidMechanismException, SecurityMechanismException {

        SecurityContext ctx = null;
        if(mechanism == null) {
            return null;
        }
        AS_ContextSec asContext = mechanism.as_context_mech;
        SAS_ContextSec sasContext = mechanism.sas_context_mech;

                    s = getSubjectFromSecurityCurrent();
                    // TODO check if username/password is available
                    // if not throw exception
                }
            }
            SecurityContext ctx = new SecurityContext();
            final Subject sub = s;
            ctx.subject = s;
            // determining if run-as has been used
            Set<PasswordCredential> privateCredSet =
                AccessController.doPrivileged(new PrivilegedAction<Set>() {

            throws SecurityMechanismException {
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "Getting PRINCIPAL/DN from TLS");
        }

        SecurityContext ctx = new SecurityContext();
        final SecurityContext sCtx = ctx;
  // get stuff from the SecurityContext class
        com.sun.enterprise.security.SecurityContext scontext =
            com.sun.enterprise.security.SecurityContext.getCurrent();
        if ((scontext == null) ||
             scontext.didServerGenerateCredentials()){

     * Called by the target to interpret client credentials after validation.
     */
    public SecurityContext evaluateTrust(SecurityContext ctx, byte[] object_id, Socket socket)
        throws SecurityMechanismException
    {
        SecurityContext ssc = null;

        // ssl_used is true if SSL was used.
        boolean ssl_used        = false ;

        // X509 Certificicate chain is non null if client has authenticated at
        // the SSL level.

        X509Certificate[] certChain = null ;

        // First gather all the information and then check the
        // conformance of the client to the security policies.
        // If the test for client conformance passes, then set the
        // security context.
        if ((socket != null) && (socket instanceof SSLSocket)) {
            ssl_used = true; // SSL was used
            // checkif there is a transport principal
            SSLSocket sslSock = (SSLSocket) socket;
            SSLSession sslSession = sslSock.getSession();
            try {
                certChain = (X509Certificate[]) sslSession.getPeerCertificates();
            } catch (Exception e) {
                if (_logger.isLoggable(Level.FINE)) {
                    _logger.log(Level.FINE, "iiop.cannot_get_peercert", e);
                }
            }
        }


        // For a local invocation - we don't need to check the security
        // policies. The following condition guarantees the call is local
        // and thus bypassing policy checks.

        // XXX: Workaround for non-null connection object ri for local invocation.
        // if (socket == null && ctx == null)
        Long ClientID = ConnectionExecutionContext.readClientThreadID();
        if (ClientID != null && ClientID == Thread.currentThread().getId() && ctx == null)
            return null;

        if ( evaluate_client_conformance(ctx, object_id, ssl_used, certChain)
                                                                     == false) {
            String msg = "Trust evaluation failed because ";
            msg = msg + "client does not conform to configured security policies";
            throw new SecurityMechanismException(msg);
        }

        if ( ctx == null ) {
            if ( socket == null || !ssl_used || certChain == null )  {
                // Transport info is null and security context is null.
                // No need to set the anonymous credential here,
                // it will get set if any security operations
                // (e.g. getCallerPrincipal) are done.
                // Note: if the target object is not an EJB,
                // no security ctx is needed.
                return null;
            }  else {
                // Set the transport principal in subject and
                // return the X500Name class
                ssc = new SecurityContext();
                X500Name x500Name = (X500Name) certChain[0].getSubjectDN();
                ssc.subject = new Subject();
                ssc.subject.getPublicCredentials().add(x500Name);
                ssc.identcls = X500Name.class;
                ssc.authcls = null;