* [ adempiere-Bugs-1719617 ] Server bean allows remote unauthenticated queries
- Implemented jaas authentication for server bean
This commit is contained in:
Heng Sin Low
parent
e92cd37435
commit
899c9e0042
|
|
@ -7,5 +7,6 @@
|
|||
<classpathentry kind="src" path="/tools"/>
|
||||
<classpathentry kind="src" path="/base"/>
|
||||
<classpathentry combineaccessrules="false" kind="src" path="/looks"/>
|
||||
<classpathentry kind="lib" path="/lib/jboss.jar"/>
|
||||
<classpathentry kind="output" path="build/classes"/>
|
||||
</classpath>
|
||||
|
|
|
|||
|
|
@ -54,6 +54,8 @@
|
|||
<pathelement location="${xdoclet.home}/lib/xdoclet-ejb-module-1.2.3.jar" />
|
||||
<pathelement location="${xdoclet.home}/lib/xjavadoc-1.1.jar" />
|
||||
<pathelement location="${xdoclet.home}/lib/xdoclet-xdoclet-module-1.2.3.jar" />
|
||||
<pathelement location="${xdoclet.home}/lib/xdoclet-jboss-module-1.2.3.jar" />
|
||||
<pathelement location="${xdoclet.home}/lib/xdoclet-jmx-module-1.2.3.jar" />
|
||||
<pathelement location="${xdoclet.home}/lib/commons-collections-3.1.jar" />
|
||||
</path>
|
||||
|
||||
|
|
@ -100,6 +102,9 @@
|
|||
<localinterface/>
|
||||
<localhomeinterface/>
|
||||
<remoteinterface/>
|
||||
<jboss
|
||||
securityDomain="java:/jaas/adempiere"
|
||||
destdir="${build.dir}/META-INF"/>
|
||||
<deploymentdescriptor destdir="${build.dir}/META-INF"/>
|
||||
</ejbdoclet>
|
||||
</target>
|
||||
|
|
|
|||
|
|
@ -0,0 +1,95 @@
|
|||
package org.compiere.session;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.security.Identity;
|
||||
import java.security.Principal;
|
||||
import java.util.Map;
|
||||
|
||||
import javax.security.auth.Subject;
|
||||
import javax.security.auth.callback.Callback;
|
||||
import javax.security.auth.callback.CallbackHandler;
|
||||
import javax.security.auth.callback.NameCallback;
|
||||
import javax.security.auth.callback.PasswordCallback;
|
||||
import javax.security.auth.callback.UnsupportedCallbackException;
|
||||
import javax.security.auth.login.LoginException;
|
||||
import javax.security.auth.spi.LoginModule;
|
||||
|
||||
import org.compiere.util.Env;
|
||||
import org.compiere.util.KeyNamePair;
|
||||
import org.compiere.util.Login;
|
||||
import org.jboss.security.SimpleGroup;
|
||||
import org.jboss.security.SimplePrincipal;
|
||||
|
||||
public class AdempiereLoginModule implements LoginModule {
|
||||
|
||||
private String unauthenticatedIdentity;
|
||||
private CallbackHandler handler;
|
||||
private Subject subject;
|
||||
private KeyNamePair[] roles;
|
||||
private String name;
|
||||
|
||||
public boolean abort() throws LoginException {
|
||||
roles = null;
|
||||
name = null;
|
||||
return false;
|
||||
}
|
||||
|
||||
public boolean commit() throws LoginException {
|
||||
if (roles == null || roles.length == 0)
|
||||
{
|
||||
subject.getPrincipals().add(new SimplePrincipal(unauthenticatedIdentity));
|
||||
SimpleGroup roleGroup = new SimpleGroup("Roles");
|
||||
subject.getPrincipals().add(roleGroup);
|
||||
}
|
||||
else
|
||||
{
|
||||
subject.getPrincipals().add(new SimplePrincipal(name));
|
||||
SimpleGroup roleGroup = new SimpleGroup("Roles");
|
||||
roleGroup.addMember(new SimplePrincipal("adempiereUsers"));
|
||||
for(int i = 0; i < roles.length; i++)
|
||||
{
|
||||
roleGroup.addMember(new SimplePrincipal(roles[i].getName()));
|
||||
}
|
||||
subject.getPrincipals().add(roleGroup);
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
public void initialize(Subject subject, CallbackHandler callbackHandler,
|
||||
Map<String, ?> sharedState, Map<String, ?> options) {
|
||||
unauthenticatedIdentity = (String)options.get("unauthenticatedIdentity");
|
||||
handler = callbackHandler;
|
||||
this.subject = subject;
|
||||
}
|
||||
|
||||
public boolean login() throws LoginException {
|
||||
Callback callbacks[] = new Callback[]{new NameCallback("Login:"), new PasswordCallback("Password:", false)};
|
||||
try {
|
||||
handler.handle(callbacks);
|
||||
} catch (IOException e) {
|
||||
} catch (UnsupportedCallbackException e) {
|
||||
}
|
||||
name = ((NameCallback)callbacks[0]).getName();
|
||||
char[] pass = ((PasswordCallback)callbacks[1]).getPassword();
|
||||
String passwd = pass != null ? new String(pass) : null;
|
||||
if (name != null && passwd != null)
|
||||
{
|
||||
Login login = new Login(Env.getCtx());
|
||||
roles = login.getRoles(name, passwd);
|
||||
}
|
||||
else
|
||||
{
|
||||
roles = null;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
public boolean logout() throws LoginException {
|
||||
roles = null;
|
||||
name = null;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -51,6 +51,8 @@ import org.compiere.wf.*;
|
|||
* @ejb.ejb-ref ejb-name="adempiere/Server"
|
||||
* view-type="local"
|
||||
* ref-name="adempiere/ServerLocal"
|
||||
*
|
||||
* @ejb.permission role-name="adempiereUsers"
|
||||
*
|
||||
* @author Jorg Janke
|
||||
* @version $Id: ServerBean.java,v 1.3 2006/07/30 00:53:33 jjanke Exp $
|
||||
|
|
@ -134,6 +136,7 @@ public class ServerBean implements SessionBean
|
|||
{
|
||||
|
||||
validateSecurityToken(token);
|
||||
//log.finer(m_Context.getCallerPrincipal().getName() + " - " + info.getSql());
|
||||
|
||||
log.finer("[" + m_no + "]");
|
||||
m_stmt_rowSetCount++;
|
||||
|
|
@ -153,6 +156,7 @@ public class ServerBean implements SessionBean
|
|||
{
|
||||
validateSecurityToken(token);
|
||||
|
||||
//log.finer(m_Context.getCallerPrincipal().getName() + " - " + info.getSql());
|
||||
log.finer("[" + m_no + "]");
|
||||
m_stmt_rowSetCount++;
|
||||
CStatement stmt = new CStatement(info);
|
||||
|
|
@ -171,6 +175,7 @@ public class ServerBean implements SessionBean
|
|||
{
|
||||
validateSecurityToken(token);
|
||||
|
||||
//log.finer(m_Context.getCallerPrincipal().getName() + " - " + info.getSql());
|
||||
log.finer("[" + m_no + "]");
|
||||
m_stmt_updateCount++;
|
||||
if (info.getParameterCount() == 0)
|
||||
|
|
@ -527,6 +532,7 @@ public class ServerBean implements SessionBean
|
|||
/**************************************************************************
|
||||
* Describes the instance and its content for debugging purpose
|
||||
* @ejb.interface-method view-type="both"
|
||||
* @ejb.permission unchecked="true"
|
||||
* @return Debugging information about the instance and its content
|
||||
*/
|
||||
public String getStatus()
|
||||
|
|
@ -658,6 +664,18 @@ public class ServerBean implements SessionBean
|
|||
return gridTabVO.getFields();
|
||||
}
|
||||
|
||||
/**
|
||||
* Get table id from ad_table by table name
|
||||
* @ejb.interface-method view-type="both"
|
||||
* @ejb.permission unchecked="true"
|
||||
* @param tableName
|
||||
* @return tableName
|
||||
*/
|
||||
public int getTableID(String tableName)
|
||||
{
|
||||
return MTable.getTable_ID(tableName);
|
||||
}
|
||||
|
||||
/**
|
||||
* String Representation
|
||||
* @return info
|
||||
|
|
@ -673,6 +691,7 @@ public class ServerBean implements SessionBean
|
|||
* @throws EJBException
|
||||
* @throws CreateException
|
||||
* @ejb.create-method view-type="both"
|
||||
* @ejb.permission unchecked="true"
|
||||
*/
|
||||
public void ejbCreate() throws EJBException, CreateException
|
||||
{
|
||||
|
|
@ -680,7 +699,7 @@ public class ServerBean implements SessionBean
|
|||
try
|
||||
{
|
||||
if (!Adempiere.startup(false))
|
||||
throw new CreateException("Compiere could not start");
|
||||
throw new CreateException("Adempiere could not start");
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -41,6 +41,7 @@ import org.compiere.util.*;
|
|||
* @ejb.ejb-ref ejb-name="adempiere/Status"
|
||||
* view-type="local"
|
||||
* ref-name="adempiere/StatusLocal"
|
||||
* @ejb.permission unchecked="true"
|
||||
*
|
||||
* @author Jorg Janke
|
||||
* @version $Id: StatusBean.java,v 1.3 2006/07/30 00:53:33 jjanke Exp $
|
||||
|
|
|
|||
|
|
@ -14,20 +14,16 @@
|
|||
<pathelement location="C:/Adempiere/adempiere-all2/tools/lib/activation.jar"/>
|
||||
<pathelement location="C:/Adempiere/adempiere-all2/tools/lib/standard.jar"/>
|
||||
<pathelement location="C:/Adempiere/adempiere-all2/tools/lib/ocrs12.jar"/>
|
||||
<pathelement location="C:/Adempiere/adempiere-all2/dbPort/lib"/>
|
||||
<pathelement location="C:/Adempiere/adempiere-all2/jboss/client/jbossall-client.jar"/>
|
||||
<pathelement location="C:/Adempiere/adempiere-all2/jboss/server/adempiere/lib/javax.servlet.jar"/>
|
||||
<pathelement location="C:/Adempiere/adempiere-all2/jboss/lib/jboss-jmx.jar"/>
|
||||
<pathelement location="C:/Adempiere/adempiere-all2/jboss/lib/jboss-system.jar"/>
|
||||
<pathelement location="C:/Adempiere/adempiere-all2/lib/oracle.jar"/>
|
||||
<pathelement location="C:/eclipse/plugins/org.junit_3.8.1/junit.jar"/>
|
||||
<pathelement location="C:/Adempiere/adempiere-all2/interfaces/Interfaces.jar"/>
|
||||
<pathelement location="C:/Adempiere/adempiere-all2/lib/postgresql.jar"/>
|
||||
<pathelement location="C:/Adempiere/adempiere-all2/server/lib"/>
|
||||
<pathelement location="C:/Adempiere/adempiere-all2/base/lib"/>
|
||||
<pathelement location="C:/Adempiere/adempiere-all2/print/lib"/>
|
||||
<pathelement location="C:/Adempiere/adempiere-all2/lib/jPDFPrinterDemo.jar"/>
|
||||
<pathelement location="C:/Adempiere/adempiere-all2/interfaces/classes"/>
|
||||
|
||||
<fileset dir="C:/eclipse/plugins/org.jboss.ide.eclipse.xdoclet.core_1.2.130/">
|
||||
<include name="*.jar"/>
|
||||
|
|
|
|||
Loading…
Reference in New Issue