From: Mathieu Baudier <mbaudier@argeo.org>
Date: Thu, 6 May 2010 07:36:39 +0000 (+0000)
Subject: Add ActiveMQ security support
X-Git-Tag: argeo-commons-2.1.30~1609
X-Git-Url: http://git.argeo.org/?a=commitdiff_plain;h=08df8f5be3b57b3d13e03fb6bd578992eff642b7;p=lgpl%2Fargeo-commons.git

Add ActiveMQ security support

git-svn-id: https://svn.argeo.org/commons/trunk@3555 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc
---

diff --git a/security/runtime/org.argeo.security.core/pom.xml b/security/runtime/org.argeo.security.core/pom.xml
index 29b4283e8..61548b429 100644
--- a/security/runtime/org.argeo.security.core/pom.xml
+++ b/security/runtime/org.argeo.security.core/pom.xml
@@ -35,7 +35,7 @@
 						<Import-Package>*,
 							org.springframework.context,
 							org.argeo.server.json;resolution:=optional,
-							org.springframework.ldap.core.support;resolution:=optional
+							org.springframework.ldap.core.support;resolution:=optional,
 						</Import-Package>
 					</instructions>
 				</configuration>
diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/activemq/SecuredActiveMqConnectionFactory.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/activemq/SecuredActiveMqConnectionFactory.java
index 3860d6770..c873d063d 100644
--- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/activemq/SecuredActiveMqConnectionFactory.java
+++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/activemq/SecuredActiveMqConnectionFactory.java
@@ -1,9 +1,7 @@
 package org.argeo.security.activemq;
 
 import java.io.InputStream;
-import java.net.URL;
 import java.security.KeyStore;
-import java.security.Principal;
 import java.security.SecureRandom;
 
 import javax.jms.Connection;
@@ -11,9 +9,9 @@ import javax.jms.ConnectionFactory;
 import javax.jms.JMSException;
 import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.TrustManagerFactory;
-import javax.security.auth.Subject;
-import javax.security.auth.login.LoginContext;
-import javax.security.auth.login.LoginException;
+import javax.swing.UIManager;
+import javax.swing.UnsupportedLookAndFeelException;
+import javax.swing.plaf.metal.MetalLookAndFeel;
 
 import org.apache.activemq.ActiveMQSslConnectionFactory;
 import org.apache.commons.logging.Log;
@@ -32,7 +30,7 @@ public class SecuredActiveMqConnectionFactory implements ConnectionFactory,
 	public final static String AUTHMODE_UI = "ui";
 	public final static String AUTHMODE_OS = "os";
 	public final static String AUTHMODE_DEFAULT = AUTHMODE_OS;
-	private final static String LOGIN_CONFIG_PROPERTY = "java.security.auth.login.config";
+//	private final static String LOGIN_CONFIG_PROPERTY = "java.security.auth.login.config";
 
 	private final static Log log = LogFactory
 			.getLog(SecuredActiveMqConnectionFactory.class);
@@ -78,62 +76,75 @@ public class SecuredActiveMqConnectionFactory implements ConnectionFactory,
 			authenticationMode = AUTHMODE_DEFAULT;
 
 		if (AUTHMODE_OS.equals(authenticationMode)) {
-			// Cache previous value of login conf location
-			String oldLoginConfLocation = System
-					.getProperty(LOGIN_CONFIG_PROPERTY);
-			// Find OS family
-			String osName = System.getProperty("os.name");
-			final String auth;
-			if (osName.startsWith("Windows"))
-				auth = "Windows";
-			else if (osName.startsWith("SunOS") || osName.startsWith("Solaris"))
-				auth = "Solaris";
-			else
-				auth = "Unix";
-
-			Subject subject;
-			try {
-
-				URL url = getClass().getResource(
-						"/org/argeo/security/activemq/osLogin.conf");
-
-				System.setProperty(LOGIN_CONFIG_PROPERTY, url.toString());
-				LoginContext lc = new LoginContext(auth);
-				lc.login();
-				subject = lc.getSubject();
-			} catch (LoginException le) {
-				throw new ArgeoException("OS authentication failed", le);
-			} finally {
-				if (oldLoginConfLocation != null)
-					System.setProperty(LOGIN_CONFIG_PROPERTY,
-							oldLoginConfLocation);
-			}
-
-			// Extract user name
-			String osUsername = null;
-			for (Principal principal : subject.getPrincipals()) {
-				String className = principal.getClass().getName();
-				if ("Unix".equals(auth)
-						&& "com.sun.security.auth.UnixPrincipal"
-								.equals(className))
-					osUsername = principal.getName();
-				else if ("Windows".equals(auth)
-						&& "com.sun.security.auth.NTUserPrincipal"
-								.equals(className))
-					osUsername = principal.getName();
-				else if ("Solaris".equals(auth)
-						&& "com.sun.security.auth.SolarisPrincipal"
-								.equals(className))
-					osUsername = principal.getName();
-			}
-
-			if (osUsername == null)
-				throw new ArgeoException("Could not find OS user name");
-
-			uccfa.setUsername(osUsername);
+//			if (false) {
+//				// Cache previous value of login conf location
+//				String oldLoginConfLocation = System
+//						.getProperty(LOGIN_CONFIG_PROPERTY);
+//				// Find OS family
+//				String osName = System.getProperty("os.name");
+//				final String auth;
+//				if (osName.startsWith("Windows"))
+//					auth = "Windows";
+//				else if (osName.startsWith("SunOS")
+//						|| osName.startsWith("Solaris"))
+//					auth = "Solaris";
+//				else
+//					auth = "Unix";
+//
+//				Subject subject;
+//				// see http://old.nabble.com/osgi-and-jaas-td23485885.html
+//				ClassLoader ccl = Thread.currentThread()
+//						.getContextClassLoader();
+//				try {
+//					Thread.currentThread().setContextClassLoader(
+//							getClass().getClassLoader());
+//					URL url = getClass().getResource(
+//							"/org/argeo/security/activemq/osLogin.conf");
+//
+//					System.setProperty(LOGIN_CONFIG_PROPERTY, url.toString());
+//					LoginContext lc = new LoginContext(auth);
+//					lc.login();
+//					subject = lc.getSubject();
+//				} catch (LoginException le) {
+//					throw new ArgeoException("OS authentication failed", le);
+//				} finally {
+//					if (oldLoginConfLocation != null)
+//						System.setProperty(LOGIN_CONFIG_PROPERTY,
+//								oldLoginConfLocation);
+//					Thread.currentThread().setContextClassLoader(ccl);
+//				}
+//				// Extract user name
+//				String osUsername = null;
+//				for (Principal principal : subject.getPrincipals()) {
+//					String className = principal.getClass().getName();
+//					if ("Unix".equals(auth)
+//							&& "com.sun.security.auth.UnixPrincipal"
+//									.equals(className))
+//						osUsername = principal.getName();
+//					else if ("Windows".equals(auth)
+//							&& "com.sun.security.auth.NTUserPrincipal"
+//									.equals(className))
+//						osUsername = principal.getName();
+//					else if ("Solaris".equals(auth)
+//							&& "com.sun.security.auth.SolarisPrincipal"
+//									.equals(className))
+//						osUsername = principal.getName();
+//				}
+//
+//				if (osUsername == null)
+//					throw new ArgeoException("Could not find OS user name");
+//			}
+
+			uccfa.setUsername(System.getProperty("user.name"));
 			uccfa.setPassword(null);
 
 		} else if (AUTHMODE_UI.equals(authenticationMode)) {
+			try {
+				UIManager.setLookAndFeel(new MetalLookAndFeel());
+			} catch (UnsupportedLookAndFeelException e) {
+				throw new ArgeoException("Cannot load look and feel", e);
+			}
+			UIManager.put("ClassLoader", getClass().getClassLoader());
 			UserPasswordDialog dialog = new UserPasswordDialog() {
 				private static final long serialVersionUID = -891646559691412088L;