/* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /* Configuration source file for Reggie using Kerberos */ import com.sun.jini.reggie.RegistrarPermission; import java.util.Collections; import net.jini.constraint.BasicMethodConstraints; import net.jini.core.constraint.ClientAuthentication; import net.jini.core.constraint.Integrity; import net.jini.core.constraint.InvocationConstraint; import net.jini.core.constraint.InvocationConstraints; import net.jini.core.constraint.ServerAuthentication; import net.jini.core.constraint.ServerMinPrincipal; import net.jini.jeri.BasicJeriExporter; import net.jini.jeri.ProxyTrustILFactory; import net.jini.jeri.kerberos.KerberosServerEndpoint; import net.jini.security.AuthenticationPermission; import net.jini.security.BasicProxyPreparer; import java.security.Permission; import javax.security.auth.login.LoginContext; import javax.security.auth.kerberos.KerberosPrincipal; com.sun.jini.reggie { /* Reggie settings */ initialMemberGroups = new String[] { "krb.hello.example.jini.sun.com" }; /* JAAS login */ loginContext = new LoginContext("com.sun.jini.Reggie"); /* User information */ private static clientUser = Collections.singleton( new KerberosPrincipal("${clientPrincipal}")); private static reggieUser = Collections.singleton( new KerberosPrincipal("${reggiePrincipal}")); /* Exporters */ private serviceEndpoint = KerberosServerEndpoint.getInstance(0); private serviceConstraints = new BasicMethodConstraints( new InvocationConstraints( new InvocationConstraint[]{ Integrity.YES }, null ) ); private serviceILFactory = new ProxyTrustILFactory(serviceConstraints, RegistrarPermission.class); serverExporter = new BasicJeriExporter(serviceEndpoint, serviceILFactory); /* Proxy Preparers */ private listenerPrincipals = new InvocationConstraint[] { new ServerMinPrincipal(clientUser) }; private serviceListenerConstraints = new BasicMethodConstraints( new InvocationConstraints( new InvocationConstraint[] { Integrity.YES, ClientAuthentication.YES, ServerAuthentication.YES, new ServerMinPrincipal(com.sun.jini.reggie.clientUser) }, null)); listenerPreparer = new BasicProxyPreparer( true, serviceListenerConstraints, new Permission[] { new AuthenticationPermission( reggieUser, clientUser, "connect") }); }//end com.sun.jini.reggie /* Items used by multiple blocks below */ shared.entries { private serviceLookupConstraints = new BasicMethodConstraints( new InvocationConstraints( new InvocationConstraint[] { Integrity.YES, ClientAuthentication.YES, ServerAuthentication.YES, new ServerMinPrincipal(com.sun.jini.reggie.reggieUser) }, null)); }//end shared.entries /* Configuration block for the lookup discovery utility */ net.jini.discovery.LookupDiscovery { registrarPreparer = new BasicProxyPreparer( true, shared.entries.serviceLookupConstraints, new Permission[] { new AuthenticationPermission( com.sun.jini.reggie.reggieUser, com.sun.jini.reggie.reggieUser, "connect") }); }//end net.jini.discovery.LookupDiscovery /* Configuration block for the join manager */ net.jini.lookup.JoinManager { registrarPreparer = net.jini.discovery.LookupDiscovery.registrarPreparer; registrationPreparer = net.jini.discovery.LookupDiscovery.registrarPreparer; serviceLeasePreparer = net.jini.discovery.LookupDiscovery.registrarPreparer; }//end net.jini.lookup.JoinManager