HttpAuthenticator


1   /*
2    * The contents of this file are subject to the terms 
3    * of the Common Development and Distribution License 
4    * (the License).  You may not use this file except in
5    * compliance with the License.
6    * 
7    * You can obtain a copy of the license at 
8    * https://glassfish.dev.java.net/public/CDDLv1.0.html or
9    * glassfish/bootstrap/legal/CDDLv1.0.txt.
10   * See the License for the specific language governing 
11   * permissions and limitations under the License.
12   * 
13   * When distributing Covered Code, include this CDDL 
14   * Header Notice in each file and include the License file 
15   * at glassfish/bootstrap/legal/CDDLv1.0.txt.  
16   * If applicable, add the following below the CDDL Header, 
17   * with the fields enclosed by brackets [] replaced by
18   * you own identifying information: 
19   * "Portions Copyrighted [year] [name of copyright owner]"
20   * 
21   * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
22   */
23  package com.sun.enterprise.appclient;
24  
25  import java.net.*;
26  import java.io.*;
27  import java.util.*;
28  import java.security.*;
29  
30  import javax.security.auth.*;
31  import javax.security.auth.login.*;
32  
33  import com.sun.enterprise.security.auth.LoginContextDriver;
34  import com.sun.enterprise.security.ClientSecurityContext;
35  import com.sun.enterprise.security.auth.login.PasswordCredential;
36  
37  import java.util.logging.Logger  ;
38  import java.util.logging.Level  ;
39  import com.sun.logging.LogDomains;
40  /**
41   * This is the callback object that gets called when a protected resource
42   * needs to be accessed and authentication information is needed. Pops up
43   * a UI to input username and password.
44   */
45  public class HttpAuthenticator extends Authenticator 
46  {
47      public static final boolean debug = false;
48      private AppContainer container = null;
49      private static Logger   _logger = LogDomains.getLogger(LogDomains.ACC_LOGGER);
50  
51      /**
52       * Create the authenticator.
53       */
54      public HttpAuthenticator(AppContainer container) {
55      this.container = container;
56      }
57  
58      /**
59       * This is called when authentication is needed for a protected
60       * web resource. It looks for the authentication data in the subject.
61       * If the data is not found then login is invoked on the login context.
62       */
63      protected PasswordAuthentication getPasswordAuthentication() 
64      {
65      String   user = null;
66      String   password = null;
67      Subject subject = null;
68  
69      String   scheme = getRequestingScheme();
70          if (_logger.isLoggable(Level.FINE)) {
71              _logger.fine("scheme=" + scheme);
72              _logger.fine("requesting prompt=" + getRequestingPrompt());
73              _logger.fine("requesting protocol=" + getRequestingProtocol());
74          }
75  
76      ClientSecurityContext cont = ClientSecurityContext.getCurrent();
77      subject = (cont != null) ? cont.getSubject() : null;
78      user = getUserName(subject);
79      password = getPassword(subject);
80      if(user == null || password == null) {
81          try {
82                  if (_logger.isLoggable(Level.FINE)) {
83                      _logger.fine("Initiating login again...");
84                  }
85                  
86          LoginContextDriver.doClientLogin(AppContainer.USERNAME_PASSWORD,
87              AppContainer.getCallbackHandler());
88          cont = ClientSecurityContext.getCurrent();
89          subject = cont.getSubject();
90          user = getUserName(subject);
91          password = getPassword(subject);
92          } catch(Exception   e) {
93                  _logger.log(Level.FINE, "Exception " + e.toString(), e);
94              return null;
95          }
96      }
97          if (_logger.isLoggable(Level.FINE)) {
98              _logger.fine("Username:" + user);
99          }
100     return new PasswordAuthentication(user, password.toCharArray());
101     }
102 
103     /**
104      * Return the username from the subject.
105      */
106     private String   getUserName(Subject s) {
107     String   user = null; 
108     if(s == null)
109         return null;
110     Set principalSet = s.getPrincipals();
111     Iterator itr = principalSet.iterator();
112     if(itr.hasNext()) {
113         Principal p = (Principal) itr.next();
114         user = p.getName();
115     }
116     return user;
117     }
118 
119     /**
120      * Return the password for the subject.
121      */
122     private String   getPassword(Subject s) {
123     String   password = null;
124     if(s == null)
125         return null;
126     Set credentials = s.getPrivateCredentials();
127     Iterator credIter = credentials.iterator();
128     if(credIter.hasNext()) {
129         Object   o = credIter.next();
130         if(o instanceof PasswordCredential) {
131         PasswordCredential pc = (PasswordCredential) o;
132         // CHECK REALM.
133             password = pc.getPassword();
134         }
135     }
136     return password;
137     }
138 }
139 
140
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags