* [ adempiere-Bugs-1719617 ] Server bean allows remote unauthenticated queries
- Implemented jaas authentication for server bean
This commit is contained in:
Heng Sin Low
parent
7f8ef7f43b
commit
6c59ed5784
|
|
@ -27,6 +27,8 @@ import javax.swing.JOptionPane;
|
|||
import org.compiere.*;
|
||||
import org.compiere.interfaces.*;
|
||||
import org.compiere.util.*;
|
||||
import org.jboss.security.SecurityAssociation;
|
||||
import org.jboss.security.SimplePrincipal;
|
||||
|
||||
/**
|
||||
* Adempiere Connection Descriptor
|
||||
|
|
@ -236,6 +238,11 @@ public class CConnection implements Serializable
|
|||
/** Had application server been query **/
|
||||
private boolean m_queryAppsServer = false;
|
||||
|
||||
/** application server authentication principal **/
|
||||
private String m_principal = null;
|
||||
/** application server authentication password **/
|
||||
private String m_credential = null;
|
||||
|
||||
|
||||
/*************************************************************************
|
||||
* Get Name
|
||||
|
|
@ -1408,7 +1415,7 @@ public class CConnection implements Serializable
|
|||
|
||||
// Set Environment
|
||||
if (m_env == null || !useCache)
|
||||
m_env = getInitialEnvironment(getAppsHost(), getAppsPort(), isRMIoverHTTP());
|
||||
m_env = getInitialEnvironment(getAppsHost(), getAppsPort(), isRMIoverHTTP(), m_principal, m_credential);
|
||||
String connect = (String)m_env.get(Context.PROVIDER_URL);
|
||||
Env.setContext(Env.getCtx(), Context.PROVIDER_URL, connect);
|
||||
|
||||
|
|
@ -1433,15 +1440,23 @@ public class CConnection implements Serializable
|
|||
return m_iContext;
|
||||
} // getInitialContext
|
||||
|
||||
public static Hashtable getInitialEnvironment (String AppsHost, int AppsPort,
|
||||
boolean RMIoverHTTP)
|
||||
{
|
||||
return getInitialEnvironment(AppsHost, AppsPort, RMIoverHTTP, null, null);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get Initial Environment
|
||||
* @param AppsHost host
|
||||
* @param AppsPort port
|
||||
* @param RMIoverHTTP true if tunnel through HTTP
|
||||
* @param principal
|
||||
* @param credential
|
||||
* @return environment
|
||||
*/
|
||||
public static Hashtable getInitialEnvironment (String AppsHost, int AppsPort,
|
||||
boolean RMIoverHTTP)
|
||||
boolean RMIoverHTTP, String principal, String credential)
|
||||
{
|
||||
// Set Environment
|
||||
Hashtable<String,String> env = new Hashtable<String,String>();
|
||||
|
|
@ -1467,6 +1482,18 @@ public class CConnection implements Serializable
|
|||
env.put (org.jnp.interfaces.TimedSocketFactory.JNP_SO_TIMEOUT, "5000");
|
||||
// JNP - default timeout 5 sec
|
||||
env.put(org.jnp.interfaces.NamingContext.JNP_DISCOVERY_TIMEOUT, "5000");
|
||||
|
||||
if (principal != null && credential != null)
|
||||
{
|
||||
SecurityAssociation.setPrincipal(new SimplePrincipal(principal));
|
||||
SecurityAssociation.setCredential(credential);
|
||||
}
|
||||
else
|
||||
{
|
||||
SecurityAssociation.setPrincipal(null);
|
||||
SecurityAssociation.setCredential(null);
|
||||
}
|
||||
|
||||
return env;
|
||||
} // getInitialEnvironment
|
||||
|
||||
|
|
@ -1643,6 +1670,14 @@ public class CConnection implements Serializable
|
|||
return "<?" + transactionIsolation + "?>";
|
||||
} // getTransactionIsolationInfo
|
||||
|
||||
public void setAppServerCredential(String principal, String credential)
|
||||
{
|
||||
m_principal = principal;
|
||||
m_credential = credential;
|
||||
m_iContext = null;
|
||||
m_env = null;
|
||||
m_server = null;
|
||||
}
|
||||
|
||||
/**************************************************************************
|
||||
* Testing
|
||||
|
|
|
|||
|
|
@ -193,4 +193,11 @@ public interface Server
|
|||
public java.util.ArrayList getFields( org.compiere.model.GridTabVO gridTabVO )
|
||||
throws java.rmi.RemoteException;
|
||||
|
||||
/**
|
||||
* Get table id from ad_table by table name
|
||||
* @param tableName
|
||||
* @return tableName */
|
||||
public int getTableID( java.lang.String tableName )
|
||||
throws java.rmi.RemoteException;
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -172,4 +172,10 @@ public interface ServerLocal
|
|||
* @return ArrayList */
|
||||
public java.util.ArrayList getFields( org.compiere.model.GridTabVO gridTabVO ) ;
|
||||
|
||||
/**
|
||||
* Get table id from ad_table by table name
|
||||
* @param tableName
|
||||
* @return tableName */
|
||||
public int getTableID( java.lang.String tableName ) ;
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -21,6 +21,9 @@ import java.lang.reflect.*;
|
|||
import java.sql.*;
|
||||
import java.util.*;
|
||||
import java.util.logging.*;
|
||||
|
||||
import org.compiere.db.CConnection;
|
||||
import org.compiere.interfaces.Server;
|
||||
import org.compiere.util.*;
|
||||
|
||||
/**
|
||||
|
|
@ -667,13 +670,21 @@ public class MTable extends X_AD_Table
|
|||
String SQL = "SELECT AD_Table_ID FROM AD_Table WHERE tablename = ?";
|
||||
try
|
||||
{
|
||||
PreparedStatement pstmt = DB.prepareStatement(SQL, null);
|
||||
pstmt.setString(1, tableName);
|
||||
ResultSet rs = pstmt.executeQuery();
|
||||
if (rs.next())
|
||||
retValue = rs.getInt(1);
|
||||
rs.close();
|
||||
pstmt.close();
|
||||
if (DB.isRemoteObjects())
|
||||
{
|
||||
Server server = CConnection.get().getServer();
|
||||
retValue = server.getTableID(tableName);
|
||||
}
|
||||
else
|
||||
{
|
||||
PreparedStatement pstmt = DB.prepareStatement(SQL, null);
|
||||
pstmt.setString(1, tableName);
|
||||
ResultSet rs = pstmt.executeQuery();
|
||||
if (rs.next())
|
||||
retValue = rs.getInt(1);
|
||||
rs.close();
|
||||
pstmt.close();
|
||||
}
|
||||
}
|
||||
catch (Exception e)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -85,6 +85,8 @@ public final class Env
|
|||
//
|
||||
reset(true); // final cache reset
|
||||
//
|
||||
|
||||
CConnection.get().setAppServerCredential(null, null);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -216,7 +216,9 @@ public class Login
|
|||
}
|
||||
|
||||
// Authentification
|
||||
boolean authenticated = false;
|
||||
boolean authenticated = false;
|
||||
if (Ini.isClient())
|
||||
CConnection.get().setAppServerCredential(app_user, app_pwd);
|
||||
MSystem system = MSystem.get(m_ctx);
|
||||
if (system == null)
|
||||
throw new IllegalStateException("No System Info");
|
||||
|
|
@ -286,21 +288,24 @@ public class Login
|
|||
Env.setContext(m_ctx, "#AD_User_Name", app_user);
|
||||
Env.setContext(m_ctx, "#AD_User_ID", rs.getInt(1));
|
||||
Env.setContext(m_ctx, "#SalesRep_ID", rs.getInt(1));
|
||||
//
|
||||
Ini.setProperty(Ini.P_UID, app_user);
|
||||
if (Ini.isPropertyBool(Ini.P_STORE_PWD))
|
||||
Ini.setProperty(Ini.P_PWD, app_pwd);
|
||||
|
||||
m_connectionProfile = rs.getString(4); // User Based
|
||||
if (m_connectionProfile != null)
|
||||
//
|
||||
if (Ini.isClient())
|
||||
{
|
||||
CConnection cc = CConnection.get();
|
||||
if (!cc.getConnectionProfile().equals(m_connectionProfile))
|
||||
Ini.setProperty(Ini.P_UID, app_user);
|
||||
if (Ini.isPropertyBool(Ini.P_STORE_PWD))
|
||||
Ini.setProperty(Ini.P_PWD, app_pwd);
|
||||
|
||||
m_connectionProfile = rs.getString(4); // User Based
|
||||
if (m_connectionProfile != null)
|
||||
{
|
||||
cc.setConnectionProfile(m_connectionProfile);
|
||||
Ini.setProperty(Ini.P_CONNECTION, cc.toStringLong());
|
||||
Ini.saveProperties(false);
|
||||
}
|
||||
CConnection cc = CConnection.get();
|
||||
if (!cc.getConnectionProfile().equals(m_connectionProfile))
|
||||
{
|
||||
cc.setConnectionProfile(m_connectionProfile);
|
||||
Ini.setProperty(Ini.P_CONNECTION, cc.toStringLong());
|
||||
Ini.saveProperties(false);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
do // read all roles
|
||||
|
|
|
|||
Loading…
Reference in New Issue