//***************************************************************************
// (c) Copyright IBM Corp. 2007 All rights reserved.
//
// The following sample of source code ("Sample") is owned by International
// Business Machines Corporation or one of its subsidiaries ("IBM") and is
// copyrighted and licensed, not sold. You may use, copy, modify, and
// distribute the Sample in any form without payment to IBM, for the purpose of
// assisting you in the development of your applications.
//
// The Sample code is provided to you on an "AS IS" basis, without warranty of
// any kind. IBM HEREBY EXPRESSLY DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR
// IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Some jurisdictions do
// not allow for the exclusion or limitation of implied warranties, so the above
// limitations or exclusions may not apply to you. IBM shall not be liable for
// any damages you suffer as a result of using, copying, modifying or
// distributing the Sample, even if IBM has been advised of the possibility of
// such damages.
//***************************************************************************
//
// SOURCE FILE NAME: JCCSimpleGSSPlugin.java
//
// SAMPLE: Implement a JCC GSS-API plugin sample which does a
// userid and password check
//
// This set of sample shows
//
// 1. How to implement a JCC GSS-API plugin sample which does a userid and password check
// 2. How to use this sample plugin to get a Connection
//
// In order to implement a JCC plugin in, user needs to extend com.ibm.db2.jcc.DB2JCCPlugin
// and implement the following method:
// public abstract byte[] getTicket (String username, String password,
// byte[] returnedToken) throws org.ietf.jgss.GSSException;
//
// Plugin users also need to implement some JGSS APIs. The following is a list of JGSS-APIs
// required for Java Security Plugin interface.
//
// GSSContext.requestMutualAuth(boolean state)
// GSSContext.getMutualAuthState()
// GSSContext.requestCredDeleg(boolean state)
// GSSContext.getCredDelegState()
// GSSContext.initSecContext (byte[] inputBuf, int offset, int len)
// GSSContext.dispose()
// GSSCredential.dispose()
//
// The APIs should follow the Generic Security Service Application Program Interface,
// Version 2 (IETF RFC2743) and Generic Security Service
// API Version 2: Java-Bindings (IETF RFC2853) specifications.
//
// This JCCSimpleGSSPlugin implements a sample that does a simple GSS-API plugin
// that performs userid and password checking. It corresponds to the c sample plugin
// gssapi_simple in sqllib\samples\securtiy\plugins\
//
// The implementation of this JCCSimpleGSSPlugin contains the following 5 files:
//
// JCCSimpleGSSPlugin.java
// This file implements the sample JCCSimpleGSSPlugin.
//
// JCCSimpleGSSContext.java
// This file is used by JCCSimpleGSSPlugin.java to implement the plugin sample.
//
// JCCSimpleGSSCredential.java
// This file is used by JCCSimpleGSSPlugin.java to implement the plugin sample.
//
// JCCSimpleGSSException.java
// This file is used by JCCSimpleGSSPlugin.java to handle Exceptions.
//
// JCCSimpleGSSName.java
// This file is used by JCCSimpleGSSPlugin.java to implement the plugin sample.
//
// how to run this JCCSimpleGSSPlugin sample
//
// compile the above 5 files and JCCSimpleGSSPluginTest.java using javac *.java
// Run JCCSimpleGSSPluginTest using
// java JCCSimpleGSSPluginTest server port dbname userid password
//
// Note: To run this sample, server side plugin gssapi_simple needs to be installed in
// the server plug-in directory on the server. Database manager configuration
// parameters SRVCON_GSSPLUGIN_LIST and SRVCON_AUTH need to set correctly
//
// None
//***************************************************************************
//
// For more information on the sample programs, see the README file.
//
// For information on developing Java applications see the Developing Java Applications book.
//
// For information on using SQL statements, see the SQL Reference.
//
// For the latest information on programming, compiling, and running DB2
// applications, visit the DB2 Information Center at
// http://publib.boulder.ibm.com/infocenter/db2luw/v9r7/index.jsp
//**************************************************************************/
import org.ietf.jgss.*;
public class JCCSimpleGSSPlugin extends com.ibm.db2.jcc.DB2JCCPlugin
{
protected org.ietf.jgss.GSSName serverGSSName_ ;
public JCCSimpleGSSPlugin()
{
serverPrincipalName_ = "GSSAPI_SIMPLE";
}
/**
* convert text service principal name into the GSS-API internal format for use with the other APIs
* @param serverPrincipalName String
* @throws GSSException
* @return GSSName
*/
public org.ietf.jgss.GSSName processServerPrincipalName(String serverPrincipalName) throws org.ietf.jgss.GSSException
{
if (serverPrincipalName != null)
return new JCCSimpleGSSName(serverPrincipalName);
else
throw new JCCSimpleGSSException(0,"plugin bad principal name.");
}
/**
* Generate the initial credentials based on the provided username/password pair and return the
* GSS-API credential
* @param username String
* @param password String
* @throws GSSException
* @return GSSCredential
*/
public org.ietf.jgss.GSSCredential generateInitialCred(String username, String password) throws org.ietf.jgss.GSSException
{
return new JCCSimpleGSSCredential(username, password);
}
/**
* This method will generate the security context information for the username/password pair.
* The security context information will be used to get the connection
* @param userid String
* @param password String
* @param returnedToken byte[] the token returned by DB2 server
* @throws GSSException
* @return byte[]
*/
public byte[] getTicket(String userid, String password, byte[] returnedToken) throws java.sql.SQLException
{
try {
if (context_ == null ||
( (JCCSimpleGSSContext) context_).getctxCount() == 0) {
serverGSSName_ = (JCCSimpleGSSName) processServerPrincipalName(
serverPrincipalName_);
gssCredential_ = (JCCSimpleGSSCredential) generateInitialCred(userid,
password);
context_ = new JCCSimpleGSSContext( (JCCSimpleGSSCredential) gssCredential_,
(JCCSimpleGSSName) serverGSSName_, 0);
}
int length = 0;
if (returnedToken != null)
length = returnedToken.length;
context_.requestMutualAuth(true);
byte[] ticket = context_.initSecContext(returnedToken, 0, length);
return ticket;
}
catch (org.ietf.jgss.GSSException e)
{
throw new java.sql.SQLException(e.getMessage());
}
}
}