1 28 package net.sf.jguard.core.authentication.configuration; 29 30 import java.util.ArrayList ; 31 import java.util.Arrays ; 32 import java.util.HashMap ; 33 import java.util.Iterator ; 34 import java.util.List ; 35 import java.util.Map ; 36 37 import javax.security.auth.Subject ; 38 import javax.security.auth.callback.CallbackHandler ; 39 import javax.security.auth.login.AppConfigurationEntry ; 40 import javax.security.auth.login.Configuration ; 41 import javax.security.auth.login.LoginContext ; 42 import javax.security.auth.login.LoginException ; 43 import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag; 44 import javax.security.auth.spi.LoginModule ; 45 46 import org.apache.commons.logging.Log; 47 import org.apache.commons.logging.LogFactory; 48 49 54 public class LocalLoginContext { 55 private static final Log logger = LogFactory.getLog(LocalLoginContext.class); 56 private static final String OTHER = "other"; 57 private List appEntriesList = null; 58 private CallbackHandler cbHandler = null; 59 private Subject subject = null; 60 private Map flags = null; 61 private boolean loginSucceed = true; 62 private boolean subjectNotProvided; 63 private List loginModules = null; 64 65 71 public LocalLoginContext(String name,CallbackHandler cbHandler) throws LoginException { 72 appEntriesList = getAppConfigurationEntry(Configuration.getConfiguration(),name); 73 this.cbHandler =cbHandler; 74 subject = new Subject (); 75 flags = new HashMap (); 76 subjectNotProvided = true; 77 } 78 79 85 public LocalLoginContext(String name,CallbackHandler cbHandler,Configuration configuration) throws LoginException { 86 appEntriesList = getAppConfigurationEntry(configuration,name); 87 this.cbHandler =cbHandler; 88 subject = new Subject (); 89 flags = new HashMap (); 90 subjectNotProvided = true; 91 } 92 99 public LocalLoginContext(String name,Subject subject,CallbackHandler cbHandler) throws LoginException { 100 appEntriesList = getAppConfigurationEntry(Configuration.getConfiguration(),name); 101 this.cbHandler =cbHandler; 102 this.subject = subject; 103 flags = new HashMap (); 104 } 105 106 114 public LocalLoginContext(String name,Subject subject,CallbackHandler cbHandler,Configuration configuration) throws LoginException { 115 appEntriesList = getAppConfigurationEntry(configuration,name); 116 this.cbHandler =cbHandler; 117 this.subject = subject; 118 flags = new HashMap (); 119 } 120 121 122 private List getAppConfigurationEntry(Configuration config,String name){ 123 AppConfigurationEntry [] appEntries = null; 124 appEntries = config.getAppConfigurationEntry(name); 125 if (appEntries==null){ 126 appEntries = config.getAppConfigurationEntry(OTHER); 127 } 128 return Arrays.asList(appEntries); 129 } 130 131 138 public void login() throws LoginException { 139 140 loginModules = initializeLoginModules(appEntriesList,subject,cbHandler); 141 142 Iterator itLoginModules = loginModules.iterator(); 144 LoginException exception = null; 146 while(itLoginModules.hasNext()){ 147 LoginModule module = (LoginModule )itLoginModules.next(); 148 LoginModuleControlFlag flag = (LoginModuleControlFlag) flags.get(module); 149 150 if((!LoginModuleControlFlag.OPTIONAL.equals(flag)) 152 &&(!LoginModuleControlFlag.REQUIRED.equals(flag)) 153 &&(!LoginModuleControlFlag.REQUISITE.equals(flag)) 154 &&(!LoginModuleControlFlag.SUFFICIENT.equals(flag))){ 155 156 logger.error(" loginModule="+module.getClass()+" has got an invalid flag="+flag); 157 logger.error(" this loginModule is skipped in the authentication process "); 158 continue; 159 } 160 161 try { 163 boolean loginModuleSucceed = module.login(); 164 if(!loginModuleSucceed){ 167 logger.debug(" loginModule "+module.getClass()+" in 'login' phase is ignored "); 168 continue; 169 } 170 171 logger.debug(" loginModule "+module.getClass()+" in 'login' phase succeed "); 172 173 if(LoginModuleControlFlag.REQUIRED.equals(flag)){ 175 continue; 176 }else if(LoginModuleControlFlag.REQUISITE.equals(flag)){ 177 continue; 178 }else if(LoginModuleControlFlag.SUFFICIENT.equals(flag)){ 179 break; 180 }else if(LoginModuleControlFlag.OPTIONAL.equals(flag)){ 181 continue; 182 } 183 } catch (LoginException e) { 184 if(exception==null){ 186 exception = e; 187 } 188 189 logger.debug(" loginModule "+module.getClass()+" in 'login' phase failed "); 190 logger.info(" authentication fails "+e.getMessage()); 192 if(LoginModuleControlFlag.REQUIRED.equals(flag)){ 193 loginSucceed = false; 194 continue; 195 }else if(LoginModuleControlFlag.REQUISITE.equals(flag)){ 196 loginSucceed = false; 197 break; 198 }else if(LoginModuleControlFlag.SUFFICIENT.equals(flag)){ 199 continue; 200 }else if(LoginModuleControlFlag.OPTIONAL.equals(flag)){ 201 continue; 202 } 203 } 204 205 } 206 Iterator itLoginModules2 = loginModules.iterator(); 207 208 if(loginSucceed){ 209 while(itLoginModules2.hasNext()){ 211 LoginModule module = (LoginModule )itLoginModules2.next(); 212 try { 213 boolean moduleCommitSucceed = module.commit(); 214 if(moduleCommitSucceed){ 215 logger.debug(" loginModule "+module.getClass()+" in 'commit' phase succeeed"); 216 }else{ 217 logger.debug(" loginModule "+module.getClass()+" in 'commit' phase is ignored "); 218 } 219 } catch (LoginException e) { 220 logger.debug(" loginModule "+module.getClass()+" in 'commit' phase failed "); 221 abort(loginModules,e); 222 throw e; 223 } 224 } 225 226 }else{ 227 abort(loginModules,exception); 228 } 229 230 } 231 232 private void abort(List loginModules,LoginException exception) throws LoginException { 233 Iterator itLoginModules = loginModules.iterator(); 234 while(itLoginModules.hasNext()){ 236 LoginModule module = (LoginModule )itLoginModules.next(); 237 try { 238 boolean moduleAbortSucceed = module.abort(); 239 if(moduleAbortSucceed){ 240 logger.debug(" loginModule "+module.getClass()+" in 'abort' phase succeeed"); 241 }else{ 242 logger.debug(" loginModule "+module.getClass()+" in 'abort' phase is ignored "); 243 } 244 } catch (LoginException e) { 245 logger.debug(" loginModule "+module.getClass()+" in 'abort' phase failed "); 246 logger.warn(e.getMessage()); 247 throw exception; 248 } 249 } 250 throw exception; 252 } 253 254 private List initializeLoginModules(List appConfigurationEntries,Subject subject ,CallbackHandler cbHandler) { 255 Map sharedState = new HashMap (); 256 List loginModules = new ArrayList (); 257 Iterator itAppEntries = appConfigurationEntries.iterator(); 258 while(itAppEntries.hasNext()){ 260 AppConfigurationEntry entry = (AppConfigurationEntry )itAppEntries.next(); 261 LoginModuleControlFlag flag = entry.getControlFlag(); 262 String loginModuleName =entry.getLoginModuleName(); 263 Map options = entry.getOptions(); 264 Class loginModuleClass = null; 265 LoginModule module = null; 266 try { 268 loginModuleClass = (Class )Thread.currentThread().getContextClassLoader().loadClass(loginModuleName); 269 } catch (ClassNotFoundException e) { 270 logger.fatal(" loginModule Class "+loginModuleName+" not found "); 271 throw new RuntimeException ("loginModule "+loginModuleName+" is not found "+e.getMessage()); 272 } 273 try { 275 module = (LoginModule ) loginModuleClass.newInstance(); 276 } catch (InstantiationException e) { 277 logger.fatal(" loginModule Class "+loginModuleName+" cannot be instantiated "); 278 throw new RuntimeException (e.getMessage()); 279 } catch (IllegalAccessException e) { 280 logger.fatal(" loginModule Class "+loginModuleName+" cannot be accessed "); 281 throw new RuntimeException (e.getMessage()); 282 } 283 284 module.initialize(subject,cbHandler,sharedState,options); 286 flags.put(module,flag); 287 loginModules.add(module); 288 } 289 290 return loginModules; 291 } 292 293 public void logout() throws LoginException { 294 LoginException exception = null; 295 Iterator itLoginModules = loginModules.iterator(); 296 while(itLoginModules.hasNext()){ 297 LoginModule module =(LoginModule )itLoginModules.next(); 298 try { 299 boolean moduleLogoutSucceed = module.logout(); 300 if(moduleLogoutSucceed){ 301 logger.debug(" loginModule "+module.getClass()+" in 'logout' phase succeeed"); 302 }else{ 303 logger.debug(" loginModule "+module.getClass()+" in 'logout' phase is ignored "); 304 } 305 } catch (LoginException e) { 306 logger.debug(" loginModule "+module.getClass()+" in 'logout' phase failed "); 307 logger.warn(e.getMessage()); 308 if (exception == null){ 309 exception = e; 310 } 311 } 312 } 313 314 if(exception != null){ 317 throw exception; 318 } 319 } 320 321 public Subject getSubject(){ 322 if(!loginSucceed && subjectNotProvided){ 323 return null; 324 } 325 return subject; 326 } 327 } 328 | Popular Tags |