SolarisRealm


1   /*
2    * The contents of this file are subject to the terms 
3    * of the Common Development and Distribution License 
4    * (the License).  You may not use this file except in
5    * compliance with the License.
6    * 
7    * You can obtain a copy of the license at 
8    * https://glassfish.dev.java.net/public/CDDLv1.0.html or
9    * glassfish/bootstrap/legal/CDDLv1.0.txt.
10   * See the License for the specific language governing 
11   * permissions and limitations under the License.
12   * 
13   * When distributing Covered Code, include this CDDL 
14   * Header Notice in each file and include the License file 
15   * at glassfish/bootstrap/legal/CDDLv1.0.txt.  
16   * If applicable, add the following below the CDDL Header, 
17   * with the fields enclosed by brackets [] replaced by
18   * you own identifying information: 
19   * "Portions Copyrighted [year] [name of copyright owner]"
20   * 
21   * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
22   */
23  
24  package com.sun.enterprise.security.auth.realm.solaris;
25  
26  import java.util.*;
27  
28  import java.util.logging.Logger  ;
29  import java.util.logging.Level  ;
30  import com.sun.logging.LogDomains;
31  
32  import com.sun.enterprise.security.acl.RoleMapper;
33  import com.sun.enterprise.security.auth.realm.IASRealm;
34  import com.sun.enterprise.security.auth.realm.BadRealmException;
35  import com.sun.enterprise.security.auth.realm.NoSuchUserException;
36  import com.sun.enterprise.security.auth.realm.NoSuchRealmException;
37  import com.sun.enterprise.security.auth.realm.AuthenticationHandler;
38  import com.sun.enterprise.security.auth.realm.InvalidOperationException;
39  
40  
41  /**
42   * Realm wrapper for supporting Solaris authentication.
43   *
44   * <P>The Solaris realm needs the following properties in its configuration:
45   * <ul>
46   *   <li>jaas-ctx - JAAS context name used to access LoginModule for
47   *       authentication.
48   * </ul>
49   *
50   * @see com.sun.enterprise.security.auth.login.SolarisLoginModule
51   *
52   */
53  public final class SolarisRealm extends IASRealm
54  {
55      // Descriptive string of the authentication type of this realm.
56      public static final String   AUTH_TYPE = "solaris";
57  
58      private HashMap groupCache;
59      private Vector emptyVector;
60  
61  
62      // Library for native methods
63      static {
64          System.loadLibrary("solarisauth");
65      }
66  
67      
68      /**
69       * Initialize a realm with some properties.  This can be used
70       * when instantiating realms from their descriptions.  This
71       * method may only be called a single time.  
72       *
73       * @param props Initialization parameters used by this realm.
74       * @exception BadRealmException If the configuration parameters
75       *     identify a corrupt realm.
76       * @exception NoSuchRealmException If the configuration parameters
77       *     specify a realm which doesn't exist.
78       *
79       */
80      public synchronized void init(Properties props)
81          throws BadRealmException, NoSuchRealmException
82      {
83          String   jaasCtx = props.getProperty(IASRealm.JAAS_CONTEXT_PARAM);
84          if (jaasCtx==null) {
85              _logger.warning("realmconfig.noctx");
86              String   msg = sm.getString("solarisrealm.nojaas");
87              throw new BadRealmException(msg);
88          }
89  
90          this.setProperty(IASRealm.JAAS_CONTEXT_PARAM, jaasCtx);
91  
92          _logger.fine("SolarisRealm : "+IASRealm.JAAS_CONTEXT_PARAM+
93                         "="+jaasCtx);
94  
95          groupCache = new HashMap();
96          emptyVector = new Vector();
97      }
98  
99  
100     /**
101      * Returns a short (preferably less than fifteen characters) description
102      * of the kind of authentication which is supported by this realm.
103      *
104      * @return Description of the kind of authentication that is directly
105      *     supported by this realm.
106      */
107     public String   getAuthType()
108     {
109         return AUTH_TYPE;
110     }
111     
112 
113     /**
114      * Returns the name of all the groups that this user belongs to.
115      * This is called from web path role verification, though
116      * it should not be.
117      *
118      * @param username Name of the user in this realm whose group listing
119      *     is needed.
120      * @return Enumeration of group names (strings).
121      * @exception InvalidOperationException thrown if the realm does not
122      *     support this operation - e.g. Certificate realm does not support
123      *     this operation.
124      */
125     public Enumeration getGroupNames (String   username)
126         throws InvalidOperationException, NoSuchUserException
127     {
128         Vector v = (Vector)groupCache.get(username);
129         if (v == null) {
130             v = loadGroupNames(username);
131         }
132         
133         return v.elements();
134     }
135 
136 
137     /**
138      * Set group membership info for a user.
139      *
140      * <P>See bugs 4646133,4646270 on why this is here.
141      *
142      */
143     public void setGroupNames(String   username, String  [] groups)
144     {
145         Vector v = null;
146         
147         if (groups == null) {
148             v = emptyVector;
149 
150         } else {
151             v = new Vector(groups.length + 1);
152             for (int i=0; i<groups.length; i++) {
153                 v.add(groups[i]);
154             }
155         }
156         
157         synchronized (this) {
158             groupCache.put(username, v);
159         }
160     }
161 
162 
163     /**
164      * Invoke the native authentication call.
165      *
166      * @param username User to authenticate.
167      * @param password Given password.
168      * @returns true of false, indicating authentication status.
169      *
170      */
171     public String  [] authenticate(String   username, String   password)
172     {
173         String  [] grps = nativeAuthenticate(username, password);
174         return grps;
175     }
176 
177 
178     /**
179      * Loads groups names for the given user by calling native method.
180      *
181      * <P>Group info is loaded when user authenticates, however in some
182      * cases (such as run-as) the group membership info is needed
183      * without an authentication event.
184      *
185      */
186     private Vector loadGroupNames(String   username)
187     {
188         String  [] grps = nativeGetGroups(username);
189         if (grps == null) {
190             _logger.fine("No groups returned for user: "+username);
191         }
192         
193         setGroupNames(username, grps);
194         return (Vector)groupCache.get(username);
195     }
196 
197 
198     /**
199      * Native method. Authenticate using PAM.
200      *
201      */
202     private static native String  [] nativeAuthenticate(String   user,
203                                                       String   password);
204     
205     /**
206      * Native method. Retrieve Solaris groups for user.
207      *
208      */
209     private static native String  [] nativeGetGroups(String   user);
210 
211     
212 }
213
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags