1 28 package net.sf.jguard.ext.authentication.loginmodules; 29 30 import java.security.NoSuchAlgorithmException ; 31 import java.security.cert.X509Certificate ; 32 import java.util.Map ; 33 import java.util.logging.Level ; 34 import java.util.logging.Logger ; 35 36 import javax.security.auth.Subject ; 37 import javax.security.auth.callback.Callback ; 38 import javax.security.auth.callback.CallbackHandler ; 39 import javax.security.auth.callback.NameCallback ; 40 import javax.security.auth.callback.PasswordCallback ; 41 import javax.security.auth.callback.UnsupportedCallbackException ; 42 import javax.security.auth.login.LoginException ; 43 import javax.security.auth.spi.LoginModule ; 44 45 import net.sf.jguard.core.CoreConstants; 46 import net.sf.jguard.ext.SecurityConstants; 47 import net.sf.jguard.ext.authentication.callbacks.CertificatesCallback; 48 import net.sf.jguard.ext.util.CryptUtils; 49 50 51 57 public abstract class UserLoginModule implements LoginModule { 58 59 protected Subject subject; 60 protected CallbackHandler callbackHandler; 61 protected Map sharedState; 62 protected Map options; 63 protected boolean debug = false; 64 private static final Logger logger = Logger.getLogger(UserLoginModule.class.getName()); 65 protected String login = null; 66 protected char[] password = null; 67 private boolean grabCredentialOK = false; 68 protected boolean skipPasswordCheck; 69 protected boolean loginOK = true; 70 71 72 public void initialize(Subject subj, CallbackHandler cbk, Map sState, Map opts) { 73 74 subject = subj; 75 callbackHandler = cbk; 76 sharedState=sState; 77 options= opts; 78 79 debug = Boolean.valueOf((String )options.get(CoreConstants.DEBUG)).booleanValue(); 80 } 81 82 87 private void grabCredentials() throws LoginException { 88 89 if (callbackHandler == null){ 90 throw new LoginException ("there is no CallbackHandler to authenticate the user"); 91 } 92 93 Callback [] callbacks = new Callback [3]; 94 callbacks[0] = new NameCallback ("login"); 95 callbacks[1] = new PasswordCallback ("password", false); 96 callbacks[2] = new CertificatesCallback(); 97 98 try { 99 callbackHandler.handle(callbacks); 100 login = ((NameCallback ) callbacks[0]).getName(); 101 if(login == null || login.equals("")){ 102 login = SecurityConstants.GUEST; 103 } 104 password = ((PasswordCallback ) callbacks[1]).getPassword(); 105 if(password == null || password.equals("")){ 106 password = SecurityConstants.GUEST.toCharArray(); 107 } 108 password = CryptUtils.cryptPassword(password); 109 110 ((PasswordCallback )callbacks[1]).clearPassword(); 112 if(debug){ 113 if (logger.isLoggable(Level.FINEST)) { 114 logger.finest("login() - usernameFromForm=" + login); 115 logger.finest("login() - passwordFromForm="+ new String (password)); 116 } 117 } 118 119 X509Certificate [] certChainToCheck = ((CertificatesCallback) callbacks[2]).getCertificates(); 120 if (certChainToCheck != null) { 121 login = certChainToCheck[0].getSubjectX500Principal().getName(); 125 if(debug){ 126 logger.finest(" login used in the certificate ="+login); 127 } 128 } 129 130 } catch (java.io.IOException ioe) { 131 throw new LoginException (ioe.toString()); 132 } catch (UnsupportedCallbackException uce) { 133 throw new LoginException ("Callback error : " + uce.getCallback().toString() + 134 " not available to authenticate the user"); 135 } catch (NoSuchAlgorithmException e) { 136 throw new LoginException ("Error encoding password (" + e.getMessage() + ")"); 137 } 138 139 140 } 141 142 143 144 148 public boolean logout() throws LoginException { 149 if(subject!= null){ 150 subject.getPrincipals().clear(); 151 subject.getPrivateCredentials().clear(); 152 subject.getPublicCredentials().clear(); 153 } 154 return true; 155 } 156 157 158 159 163 public boolean abort() throws LoginException { 164 if(subject!= null){ 165 subject.getPrincipals().clear(); 166 subject.getPrivateCredentials().clear(); 167 subject.getPublicCredentials().clear(); 168 } 169 return true; 170 } 171 172 public boolean login()throws LoginException { 173 skipPasswordCheck = Boolean.valueOf((String )sharedState.get(SecurityConstants.SKIP_PASSWORD_CHECK)).booleanValue(); 174 login = getLogin(); 175 password = getPassword().toCharArray(); 176 return true; 177 } 178 179 public String getLogin() throws LoginException { 180 if (grabCredentialOK == false){ 181 grabCredentials(); 182 grabCredentialOK = true; 183 } 184 return login; 185 } 186 187 188 public String getPassword() throws LoginException { 189 if (grabCredentialOK == false){ 190 grabCredentials(); 191 grabCredentialOK = true; 192 } 193 return new String (password); 194 } 195 196 197 } 198 | Popular Tags |