KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > com > sun > enterprise > connectors > authentication > BasicPasswordAuthenticationService


1 /*
2  * The contents of this file are subject to the terms
3  * of the Common Development and Distribution License
4  * (the License). You may not use this file except in
5  * compliance with the License.
6  *
7  * You can obtain a copy of the license at
8  * https://glassfish.dev.java.net/public/CDDLv1.0.html or
9  * glassfish/bootstrap/legal/CDDLv1.0.txt.
10  * See the License for the specific language governing
11  * permissions and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL
14  * Header Notice in each file and include the License file
15  * at glassfish/bootstrap/legal/CDDLv1.0.txt.
16  * If applicable, add the following below the CDDL Header,
17  * with the fields enclosed by brackets [] replaced by
18  * you own identifying information:
19  * "Portions Copyrighted [year] [name of copyright owner]"
20  *
21  * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
22  */
23
24 /*
25  * Copyright 2004-2005 Sun Microsystems, Inc. All rights reserved.
26  * Use is subject to license terms.
27  */
28
29 package com.sun.enterprise.connectors.authentication;
30
31 import com.sun.enterprise.connectors.*;
32 import com.sun.logging.LogDomains;
33 import java.security.Principal JavaDoc;
34 import java.util.logging.*;
35 import java.util.*;
36 import com.sun.enterprise.connectors.util.SecurityMapUtils;
37 import com.sun.enterprise.config.serverbeans.SecurityMap;
38 import javax.security.auth.Subject JavaDoc;
39 import javax.ejb.EJBContext JavaDoc;
40
41 import com.sun.enterprise.*;
42 import com.sun.enterprise.deployment.interfaces.*;
43 import com.sun.enterprise.security.factory.SecurityManagerFactory;
44 import com.sun.enterprise.web.*;
45 import com.sun.ejb.Container;
46
47
48 /**
49   * This class does the functionality of security mapping of the
50   * principal and userGroup to the backendPrincipal.
51   * @author Srikanth P
52  */
53
54
55 public class BasicPasswordAuthenticationService
56               implements AuthenticationService {
57
58     private String JavaDoc rarName_;
59     private String JavaDoc poolName_;
60     ConnectorRegistry connectorRegistry_ = ConnectorRegistry.getInstance();
61     static Logger _logger = LogDomains.getLogger(LogDomains.RSR_LOGGER);
62     private Object JavaDoc containerContext = null;
63     
64     /**
65      * Constructor
66      * @param rarName Name of the rar
67      * @param poolName Name of the pool.
68      */
69
70     public BasicPasswordAuthenticationService(String JavaDoc rarName,String JavaDoc poolName) {
71         rarName_ = rarName;
72     poolName_ = poolName;
73         _logger.log(Level.FINE,"Contructor:BasicPasswordAuthenticationService");
74     }
75
76     /**
77      * Maps the principal to the backendPrincipal
78      * @param principalName Name of the principal to be mapped.
79      * @return Mapped Backendprincipal
80      */
81
82     public Principal JavaDoc mapPrincipal(Principal JavaDoc callerPrincipal, Set principalSet) {
83         
84         // If no security maps are associated with this pool, return empty
85 RuntimeSecurityMap runtimeSecurityMap =
86             connectorRegistry_.getRuntimeSecurityMap(poolName_);
87         if(runtimeSecurityMap == null) {
88             return null;
89         }
90         
91         String JavaDoc principalName = callerPrincipal.getName();
92         
93         // Create a list of Group Names from group Set
94 List<String JavaDoc> groupNames = new ArrayList();
95         Iterator iter = principalSet.iterator();
96         while (iter.hasNext()){
97             Principal JavaDoc p = (Principal JavaDoc)iter.next();
98             // remove the caller principal (calling user) from the Set.
99 if (p.equals(callerPrincipal)){
100                 continue;
101             }
102             String JavaDoc groupName = p.getName();
103             groupNames.add(groupName);
104         }
105         
106         // if webmodule get roles from WebBundle Descriptor
107 if (isContainerContextAWebModuleObject()){
108             String JavaDoc roleName = getRoleName(callerPrincipal);
109             return doMap(principalName, groupNames, roleName, runtimeSecurityMap);
110         } else {
111             return doMap(principalName, groupNames, null, runtimeSecurityMap);
112         }
113     }
114
115     /**
116      * Performs the actual mapping of the principal/userGroup to the
117      * backendPrincipal by checking at the connector registry for all the
118      * existing mapping. If a map is found the backendPrincipal is
119      * returned else null is returned .
120      */
121
122     private Principal JavaDoc doMap(String JavaDoc principalName, List groupNames,
123             String JavaDoc roleName, RuntimeSecurityMap runtimeSecurityMap) {
124
125         // Policy:
126 // user_1, user_2, ... user_n
127 // group_1/role_1, group_2/role_2, ... group_n/role_n
128 // user contains *
129 // role/group contains *
130
131         HashMap userNameSecurityMap = (HashMap)runtimeSecurityMap.getUserMap();
132         HashMap groupNameSecurityMap = (HashMap)runtimeSecurityMap.getGroupMap();
133               
134         // Check if caller's user-name is preset in the User Map
135 if (userNameSecurityMap.containsKey(principalName)){
136             return (Principal JavaDoc)userNameSecurityMap.get(principalName);
137         }
138         
139         // Check if caller's role is present in the Group Map
140 if (isContainerContextAWebModuleObject() && roleName != null ){
141             if (groupNameSecurityMap.containsKey(roleName)){
142                 return (Principal JavaDoc)groupNameSecurityMap.get(roleName);
143             }
144         }
145         
146         // If ejb, use isCallerInRole
147 if (isContainerContextAContainerObject() && roleName == null){
148             ComponentInvocation componentInvocation =
149                 Switch.getSwitch().getInvocationManager().getCurrentInvocation();
150             EJBContext JavaDoc ejbcontext = (EJBContext JavaDoc)componentInvocation.context;
151             Set s = groupNameSecurityMap.keySet();
152             Iterator i = s.iterator();
153             while (i.hasNext()){
154                 String JavaDoc entry = (String JavaDoc)i.next();
155                 boolean isInRole = false;
156                 try{
157                     isInRole = ejbcontext.isCallerInRole(entry);
158                 } catch (Exception JavaDoc ex){
159                     _logger.log(Level.FINE,"asciPasswordAuthentication::caller not in role "+entry);
160                 }
161                 if (isInRole){
162                     return (Principal JavaDoc)groupNameSecurityMap.get(entry);
163                 }
164             }
165         }
166         
167         // Check if caller's group(s) is/are present in the Group Map
168 for (int j=0; j<groupNames.size(); j++){
169             String JavaDoc groupName = (String JavaDoc)groupNames.get(j);
170             if (groupNameSecurityMap.containsKey(groupName)){
171                 return (Principal JavaDoc)groupNameSecurityMap.get(groupName);
172             }
173         }
174
175         // Check if user name is * in Security Map
176 if (userNameSecurityMap.containsKey(ConnectorConstants.SECURITYMAPMETACHAR)){
177             return (Principal JavaDoc)userNameSecurityMap.get(ConnectorConstants.SECURITYMAPMETACHAR);
178         }
179
180         // Check if role/group name is * in Security Map
181 if (groupNameSecurityMap.containsKey(ConnectorConstants.SECURITYMAPMETACHAR)){
182             return (Principal JavaDoc)groupNameSecurityMap.get(ConnectorConstants.SECURITYMAPMETACHAR);
183         }
184
185         return null;
186     }
187     
188     private String JavaDoc getRoleName(Principal JavaDoc callerPrincipal){
189     
190         String JavaDoc roleName = null;
191         WebModule _webmodule = (WebModule)getContainerContext();
192         
193         SecurityRoleMapperFactory securityRoleMapperFactory =
194                                  SecurityRoleMapperFactoryMgr.getFactory();
195         SecurityRoleMapper securityRoleMapper=
196             securityRoleMapperFactory.getRoleMapper(_webmodule.getID());
197                
198         Map<String JavaDoc, Subject JavaDoc> map = securityRoleMapper.getRoleToSubjectMapping();
199         Set<String JavaDoc> roleSet = map.keySet();
200         Iterator iter = roleSet.iterator();
201         while (iter.hasNext()){
202             roleName = (String JavaDoc)iter.next();
203             Subject JavaDoc subject = (Subject JavaDoc)map.get(roleName);
204             Set principalSet = subject.getPrincipals();
205             if (principalSet.contains(callerPrincipal)){
206                 return roleName;
207             }
208         }
209         return "";
210     }
211     
212     //private boolean isContainerContextInstanceOfWebModule() {}
213
214     private Object JavaDoc getContainerContext(){
215         if (this.containerContext == null){
216             ComponentInvocation componentInvocation =
217                 Switch.getSwitch().getInvocationManager().getCurrentInvocation();
218             this.containerContext = componentInvocation.getContainerContext();
219         }
220         return this.containerContext;
221     }
222     
223     private boolean isContainerContextAContainerObject(){
224         if (getContainerContext() instanceof Container){
225             return true;
226         }
227         return false;
228     }
229     
230     private boolean isContainerContextAWebModuleObject(){
231         if (getContainerContext() instanceof WebModule){
232             return true;
233         }
234         return false;
235         
236     }
237 }
238
Popular Tags