* [ adempiere-Bugs-1719617 ] Server bean allows remote unauthenticated queries

- Implemented jaas authentication for server bean
This commit is contained in:
Heng Sin Low 2007-05-25 06:38:28 +00:00
parent 7f8ef7f43b
commit 6c59ed5784
6 changed files with 89 additions and 23 deletions

View File

@ -27,6 +27,8 @@ import javax.swing.JOptionPane;
import org.compiere.*; import org.compiere.*;
import org.compiere.interfaces.*; import org.compiere.interfaces.*;
import org.compiere.util.*; import org.compiere.util.*;
import org.jboss.security.SecurityAssociation;
import org.jboss.security.SimplePrincipal;
/** /**
* Adempiere Connection Descriptor * Adempiere Connection Descriptor
@ -236,6 +238,11 @@ public class CConnection implements Serializable
/** Had application server been query **/ /** Had application server been query **/
private boolean m_queryAppsServer = false; private boolean m_queryAppsServer = false;
/** application server authentication principal **/
private String m_principal = null;
/** application server authentication password **/
private String m_credential = null;
/************************************************************************* /*************************************************************************
* Get Name * Get Name
@ -1408,7 +1415,7 @@ public class CConnection implements Serializable
// Set Environment // Set Environment
if (m_env == null || !useCache) if (m_env == null || !useCache)
m_env = getInitialEnvironment(getAppsHost(), getAppsPort(), isRMIoverHTTP()); m_env = getInitialEnvironment(getAppsHost(), getAppsPort(), isRMIoverHTTP(), m_principal, m_credential);
String connect = (String)m_env.get(Context.PROVIDER_URL); String connect = (String)m_env.get(Context.PROVIDER_URL);
Env.setContext(Env.getCtx(), Context.PROVIDER_URL, connect); Env.setContext(Env.getCtx(), Context.PROVIDER_URL, connect);
@ -1433,15 +1440,23 @@ public class CConnection implements Serializable
return m_iContext; return m_iContext;
} // getInitialContext } // getInitialContext
public static Hashtable getInitialEnvironment (String AppsHost, int AppsPort,
boolean RMIoverHTTP)
{
return getInitialEnvironment(AppsHost, AppsPort, RMIoverHTTP, null, null);
}
/** /**
* Get Initial Environment * Get Initial Environment
* @param AppsHost host * @param AppsHost host
* @param AppsPort port * @param AppsPort port
* @param RMIoverHTTP true if tunnel through HTTP * @param RMIoverHTTP true if tunnel through HTTP
* @param principal
* @param credential
* @return environment * @return environment
*/ */
public static Hashtable getInitialEnvironment (String AppsHost, int AppsPort, public static Hashtable getInitialEnvironment (String AppsHost, int AppsPort,
boolean RMIoverHTTP) boolean RMIoverHTTP, String principal, String credential)
{ {
// Set Environment // Set Environment
Hashtable<String,String> env = new Hashtable<String,String>(); Hashtable<String,String> env = new Hashtable<String,String>();
@ -1467,6 +1482,18 @@ public class CConnection implements Serializable
env.put (org.jnp.interfaces.TimedSocketFactory.JNP_SO_TIMEOUT, "5000"); env.put (org.jnp.interfaces.TimedSocketFactory.JNP_SO_TIMEOUT, "5000");
// JNP - default timeout 5 sec // JNP - default timeout 5 sec
env.put(org.jnp.interfaces.NamingContext.JNP_DISCOVERY_TIMEOUT, "5000"); env.put(org.jnp.interfaces.NamingContext.JNP_DISCOVERY_TIMEOUT, "5000");
if (principal != null && credential != null)
{
SecurityAssociation.setPrincipal(new SimplePrincipal(principal));
SecurityAssociation.setCredential(credential);
}
else
{
SecurityAssociation.setPrincipal(null);
SecurityAssociation.setCredential(null);
}
return env; return env;
} // getInitialEnvironment } // getInitialEnvironment
@ -1643,6 +1670,14 @@ public class CConnection implements Serializable
return "<?" + transactionIsolation + "?>"; return "<?" + transactionIsolation + "?>";
} // getTransactionIsolationInfo } // getTransactionIsolationInfo
public void setAppServerCredential(String principal, String credential)
{
m_principal = principal;
m_credential = credential;
m_iContext = null;
m_env = null;
m_server = null;
}
/************************************************************************** /**************************************************************************
* Testing * Testing

View File

@ -193,4 +193,11 @@ public interface Server
public java.util.ArrayList getFields( org.compiere.model.GridTabVO gridTabVO ) public java.util.ArrayList getFields( org.compiere.model.GridTabVO gridTabVO )
throws java.rmi.RemoteException; throws java.rmi.RemoteException;
/**
* Get table id from ad_table by table name
* @param tableName
* @return tableName */
public int getTableID( java.lang.String tableName )
throws java.rmi.RemoteException;
} }

View File

@ -172,4 +172,10 @@ public interface ServerLocal
* @return ArrayList */ * @return ArrayList */
public java.util.ArrayList getFields( org.compiere.model.GridTabVO gridTabVO ) ; public java.util.ArrayList getFields( org.compiere.model.GridTabVO gridTabVO ) ;
/**
* Get table id from ad_table by table name
* @param tableName
* @return tableName */
public int getTableID( java.lang.String tableName ) ;
} }

View File

@ -21,6 +21,9 @@ import java.lang.reflect.*;
import java.sql.*; import java.sql.*;
import java.util.*; import java.util.*;
import java.util.logging.*; import java.util.logging.*;
import org.compiere.db.CConnection;
import org.compiere.interfaces.Server;
import org.compiere.util.*; import org.compiere.util.*;
/** /**
@ -666,6 +669,13 @@ public class MTable extends X_AD_Table
int retValue = 0; int retValue = 0;
String SQL = "SELECT AD_Table_ID FROM AD_Table WHERE tablename = ?"; String SQL = "SELECT AD_Table_ID FROM AD_Table WHERE tablename = ?";
try try
{
if (DB.isRemoteObjects())
{
Server server = CConnection.get().getServer();
retValue = server.getTableID(tableName);
}
else
{ {
PreparedStatement pstmt = DB.prepareStatement(SQL, null); PreparedStatement pstmt = DB.prepareStatement(SQL, null);
pstmt.setString(1, tableName); pstmt.setString(1, tableName);
@ -675,6 +685,7 @@ public class MTable extends X_AD_Table
rs.close(); rs.close();
pstmt.close(); pstmt.close();
} }
}
catch (Exception e) catch (Exception e)
{ {
retValue = -1; retValue = -1;

View File

@ -85,6 +85,8 @@ public final class Env
// //
reset(true); // final cache reset reset(true); // final cache reset
// //
CConnection.get().setAppServerCredential(null, null);
} }
/** /**

View File

@ -217,6 +217,8 @@ public class Login
// Authentification // Authentification
boolean authenticated = false; boolean authenticated = false;
if (Ini.isClient())
CConnection.get().setAppServerCredential(app_user, app_pwd);
MSystem system = MSystem.get(m_ctx); MSystem system = MSystem.get(m_ctx);
if (system == null) if (system == null)
throw new IllegalStateException("No System Info"); throw new IllegalStateException("No System Info");
@ -287,6 +289,8 @@ public class Login
Env.setContext(m_ctx, "#AD_User_ID", rs.getInt(1)); Env.setContext(m_ctx, "#AD_User_ID", rs.getInt(1));
Env.setContext(m_ctx, "#SalesRep_ID", rs.getInt(1)); Env.setContext(m_ctx, "#SalesRep_ID", rs.getInt(1));
// //
if (Ini.isClient())
{
Ini.setProperty(Ini.P_UID, app_user); Ini.setProperty(Ini.P_UID, app_user);
if (Ini.isPropertyBool(Ini.P_STORE_PWD)) if (Ini.isPropertyBool(Ini.P_STORE_PWD))
Ini.setProperty(Ini.P_PWD, app_pwd); Ini.setProperty(Ini.P_PWD, app_pwd);
@ -302,6 +306,7 @@ public class Login
Ini.saveProperties(false); Ini.saveProperties(false);
} }
} }
}
do // read all roles do // read all roles
{ {