UserLoginModule


1   /*
2   jGuard is a security framework based on top of jaas (java authentication and authorization security).
3   it is written for web applications, to resolve simply, access control problems.
4   version $Name$
5   http://sourceforge.net/projects/jguard/
6   
7   Copyright (C) 2004  Charles GAY
8   
9   This library is free software; you can redistribute it and/or
10  modify it under the terms of the GNU Lesser General Public
11  License as published by the Free Software Foundation; either
12  version 2.1 of the License, or (at your option) any later version.
13  
14  This library is distributed in the hope that it will be useful,
15  but WITHOUT ANY WARRANTY; without even the implied warranty of
16  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
17  Lesser General Public License for more details.
18  
19  You should have received a copy of the GNU Lesser General Public
20  License along with this library; if not, write to the Free Software
21  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
22  
23  
24  jGuard project home page:
25  http://sourceforge.net/projects/jguard/
26  
27  */
28  package net.sf.jguard.ext.authentication.loginmodules;
29  
30  import java.security.NoSuchAlgorithmException  ;
31  import java.security.cert.X509Certificate  ;
32  import java.util.Map  ;
33  import java.util.logging.Level  ;
34  import java.util.logging.Logger  ;
35  
36  import javax.security.auth.Subject  ;
37  import javax.security.auth.callback.Callback  ;
38  import javax.security.auth.callback.CallbackHandler  ;
39  import javax.security.auth.callback.NameCallback  ;
40  import javax.security.auth.callback.PasswordCallback  ;
41  import javax.security.auth.callback.UnsupportedCallbackException  ;
42  import javax.security.auth.login.LoginException  ;
43  import javax.security.auth.spi.LoginModule  ;
44  
45  import net.sf.jguard.core.CoreConstants;
46  import net.sf.jguard.ext.SecurityConstants;
47  import net.sf.jguard.ext.authentication.callbacks.CertificatesCallback;
48  import net.sf.jguard.ext.util.CryptUtils;
49  
50  
51  /**
52   * Abstract LoginModule which provides convenient methods for loginmodule
53   * involved in grabbing user account informations.
54   * @author <a HREF="mailto:diabolo512@users.sourceforge.net">Charles Gay</a>
55   *
56   */
57  public abstract class UserLoginModule implements LoginModule   {
58  
59      protected  Subject   subject;
60      protected CallbackHandler   callbackHandler;
61      protected Map   sharedState;
62      protected Map   options;
63      protected boolean debug = false;
64      private static final Logger   logger = Logger.getLogger(UserLoginModule.class.getName());
65      protected String   login = null;
66      protected char[] password = null;
67      private boolean grabCredentialOK = false;
68      protected boolean skipPasswordCheck;
69      protected boolean loginOK = true;
70  
71  
72      public void initialize(Subject   subj, CallbackHandler   cbk, Map   sState, Map   opts) {
73  
74          subject = subj;
75          callbackHandler = cbk;
76          sharedState=sState;
77          options= opts;
78  
79          debug = Boolean.valueOf((String  )options.get(CoreConstants.DEBUG)).booleanValue();
80      }
81  
82      /**
83       * grab login and password from CallbackHandler
84       * and crypt the password with if needed.
85       * @throws LoginException
86       */
87      private void grabCredentials() throws LoginException  {
88  
89         if (callbackHandler == null){
90              throw new LoginException  ("there is no CallbackHandler to authenticate the user");
91         }
92  
93         Callback  [] callbacks = new Callback  [3];
94         callbacks[0] = new NameCallback  ("login");
95         callbacks[1] = new PasswordCallback  ("password", false);
96         callbacks[2] = new CertificatesCallback();
97  
98         try {
99              callbackHandler.handle(callbacks);
100             login = ((NameCallback  ) callbacks[0]).getName();
101             if(login == null || login.equals("")){
102                 login = SecurityConstants.GUEST;
103             }
104             password = ((PasswordCallback  ) callbacks[1]).getPassword();
105             if(password == null || password.equals("")){
106                 password = SecurityConstants.GUEST.toCharArray();
107             }
108             password = CryptUtils.cryptPassword(password);
109             
110             //remove the password from the PasswordCallback
111             ((PasswordCallback  )callbacks[1]).clearPassword();
112             if(debug){
113                 if (logger.isLoggable(Level.FINEST)) {
114                     logger.finest("login() - usernameFromForm=" + login);
115                     logger.finest("login() - passwordFromForm="+ new String  (password));
116                 }
117             }
118             
119             X509Certificate  [] certChainToCheck = ((CertificatesCallback) callbacks[2]).getCertificates();
120             if (certChainToCheck != null) {
121                 //in this case (CLIENT-CERT scheme), password is null
122                 //and login is given by the Distinguished name of the Subject from the user certificate
123                 //there is no need to grab it from an http FORM
124                 login = certChainToCheck[0].getSubjectX500Principal().getName();
125                 if(debug){
126                     logger.finest(" login used in the certificate ="+login);
127                 }
128             }
129 
130            } catch (java.io.IOException   ioe) {
131                 throw new LoginException  (ioe.toString());
132            } catch (UnsupportedCallbackException   uce) {
133                 throw new LoginException  ("Callback error : " + uce.getCallback().toString() +
134                         " not available to authenticate the user");
135            } catch (NoSuchAlgorithmException   e) {
136                 throw new LoginException  ("Error encoding password (" + e.getMessage() + ")");
137            }
138     
139 
140     }
141 
142 
143 
144     /**
145      * remove Principals and Private/Public credentials from Subject.
146      * @see javax.security.auth.spi.LoginModule#logout()
147      */
148     public boolean logout() throws LoginException   {
149         if(subject!= null){
150               subject.getPrincipals().clear();
151               subject.getPrivateCredentials().clear();
152               subject.getPublicCredentials().clear();
153         }
154         return true;
155     }
156 
157 
158 
159     /**
160      * remove Principals and Public/Private Credentials from Subject.
161      * @see javax.security.auth.spi.LoginModule#abort()
162      */
163     public boolean abort() throws LoginException   {
164         if(subject!= null){
165               subject.getPrincipals().clear();
166               subject.getPrivateCredentials().clear();
167               subject.getPublicCredentials().clear();
168         }
169         return true;
170     }
171 
172     public boolean login()throws LoginException  {
173         skipPasswordCheck = Boolean.valueOf((String  )sharedState.get(SecurityConstants.SKIP_PASSWORD_CHECK)).booleanValue();
174         login = getLogin();
175         password = getPassword().toCharArray();
176         return true;
177     }
178 
179     public String   getLogin() throws LoginException   {
180         if (grabCredentialOK == false){
181             grabCredentials();
182             grabCredentialOK = true;
183         }
184         return login;
185     }
186 
187 
188     public String   getPassword() throws LoginException   {
189         if (grabCredentialOK == false){
190             grabCredentials();
191             grabCredentialOK = true;
192         }
193         return new String  (password);
194     }
195 
196 
197 }
198
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags