/*
* RHQ Management Platform
* Copyright 2011, Red Hat Middleware LLC, and individual contributors
* as indicated by the @author tags. See the copyright.txt file in the
* distribution for a full listing of individual contributors.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation version 2 of the License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
package org.rhq.enterprise.agent;
import org.rhq.enterprise.communications.ServiceContainer;
import org.rhq.enterprise.communications.command.Command;
import org.rhq.enterprise.communications.command.impl.stream.RemoteInputStreamCommand;
import org.rhq.enterprise.communications.command.impl.stream.RemoteOutputStreamCommand;
import org.rhq.enterprise.communications.command.server.CommandAuthenticator;
/**
* This is the authenticator object that will make sure we are getting a message from a valid server.
* It will check to make sure the token the sender sent us matches our own token. The server will know
* what token it assigned us, so it should be able to give us our own token back. If the token doesn't match,
* we must be getting a message from some server that isn't the one that we are registered with, thus,
* then this happens, the command is aborted.
*
* @author John Mazzitelli
*/
public class SecurityTokenCommandAuthenticator implements CommandAuthenticator {
/**
* This is the name of the command configuration property that the server will set to the security token string.
*/
static final String CMDCONFIG_PROP_SECURITY_TOKEN = "rhq.security-token";
private ServiceContainer serviceContainer;
@Override
public boolean isAuthenticated(Command command) {
if (this.serviceContainer == null) {
return false; // we can't authenticate yet, we don't have the service container
}
if (command.getCommandType().equals(RemoteOutputStreamCommand.COMMAND_TYPE)
|| (command.getCommandType().equals(RemoteInputStreamCommand.COMMAND_TYPE))) {
return true; // remoting streaming can go through
}
String incomingToken = command.getConfiguration().getProperty(CMDCONFIG_PROP_SECURITY_TOKEN);
Object ourToken = this.serviceContainer.getCustomData(CMDCONFIG_PROP_SECURITY_TOKEN); // the agent puts this in here
if (incomingToken == null) {
if (ourToken == null) {
return true; // no tokens anywhere - accept this message in case this command is part of the comm setup
} else {
return false; // we have a token, but the incoming command doesn't - reject this command
}
}
return incomingToken.equals(ourToken);
}
@Override
public void setServiceContainer(ServiceContainer serviceContainer) {
this.serviceContainer = serviceContainer;
}
}