1 28 package net.sf.jguard.ext.authentication.manager; 29 30 import java.io.IOException ; 31 import java.io.OutputStream ; 32 import java.security.Principal ; 33 import java.util.Collection ; 34 import java.util.HashMap ; 35 import java.util.HashSet ; 36 import java.util.Iterator ; 37 import java.util.Map ; 38 import java.util.Random ; 39 import java.util.Set ; 40 import java.util.logging.Level ; 41 import java.util.logging.Logger ; 42 43 import javax.security.auth.Subject ; 44 45 import net.sf.jguard.core.authentication.credentials.JGuardCredential; 46 import net.sf.jguard.core.principals.RolePrincipal; 47 import net.sf.jguard.core.principals.UserPrincipal; 48 import net.sf.jguard.ext.SecurityConstants; 49 import net.sf.jguard.ext.authentication.AuthenticationException; 50 import net.sf.jguard.ext.principals.PrincipalUtils; 51 import net.sf.jguard.ext.registration.RegistrationException; 52 import net.sf.jguard.ext.registration.SubjectTemplate; 53 import net.sf.jguard.ext.util.SubjectUtils; 54 55 56 62 public abstract class AbstractAuthenticationManager implements AuthenticationManager { 63 64 private static final Logger logger = Logger.getLogger(AbstractAuthenticationManager.class.getName()); 65 protected static final String DEFAULT = "default"; 66 protected SubjectTemplate subjectTemplate; 67 protected boolean debug = false; 68 69 protected String applicationName; 70 71 72 73 protected Set localPrincipalsSet; 75 protected Map localPrincipals; 76 77 public AbstractAuthenticationManager() { 78 super(); 79 80 localPrincipalsSet= new HashSet (); 81 localPrincipals = new HashMap (); 82 } 83 84 85 86 91 public Subject createUser(SubjectTemplate user) throws RegistrationException { 92 return createUser(user,this.subjectTemplate); 93 } 94 95 101 public Subject createUser(SubjectTemplate user,SubjectTemplate template) throws RegistrationException { 102 Subject userCreated = null; 103 if(template!= null){ 104 template.validateUser(user); 106 userCreated = template.buildSubject(user); 107 }else{ 108 userCreated = user.toSubject(); 109 } 110 111 try{ 112 if(!userAlreadyExists(userCreated)){ 113 persistUser(userCreated); 115 }else{ 116 throw new RegistrationException(" user already exists "); 117 } 118 }catch(AuthenticationException e){ 119 throw new RegistrationException(e); 120 } 121 122 logger.finest(" user persisted \n"); 123 return userCreated; 124 } 125 126 131 public void createUser(Subject user) throws AuthenticationException { 132 Set missingCredentials = null; 133 if(subjectTemplate!= null){ 134 missingCredentials = subjectTemplate.validateRequiredCredentialsFromUser(user); 136 }else{ 137 missingCredentials = new HashSet (); 138 } 139 user.getPrincipals(RolePrincipal.class).retainAll(localPrincipalsSet); 141 if(missingCredentials.size()==0){ 142 persistUser(user); 143 }else{ 144 throw new AuthenticationException(" the user cannot be created :some credentials are missing "+missingCredentials); 145 } 146 } 147 148 153 public void createPrincipal(Principal principal) throws AuthenticationException { 154 if(!localPrincipalsSet.contains(principal)){ 155 localPrincipalsSet.add(principal); 156 localPrincipals.put(principal.getName(),principal); 157 persistPrincipal(principal); 158 } 159 } 160 161 165 protected abstract void persistUser(Subject user)throws AuthenticationException; 166 167 171 protected abstract void persistPrincipal(Principal principal) throws AuthenticationException; 172 173 174 175 176 181 public Set getLocalPrincipals(){ 182 return localPrincipalsSet; 183 } 184 185 191 public Principal getLocalPrincipal(String name) throws AuthenticationException { 192 Principal ppal = (Principal )localPrincipals.get(name); 193 if(ppal instanceof RolePrincipal) 194 return (Principal )((RolePrincipal)ppal).clone(); 195 196 return null; 197 } 198 199 205 public boolean userAlreadyExists(Subject user) throws AuthenticationException { 206 Set credentialsFromSubject = new HashSet (); 207 JGuardCredential identityCred = extractIdentityCredentialFromUser(user); 208 credentialsFromSubject.add(identityCred); 209 Collection usersFound = findUsers(credentialsFromSubject); 210 if (usersFound.size()>0){ 211 return true; 212 } 213 return false; 214 } 215 216 220 public void addPrincipalToUser(Subject user, String roleName) throws AuthenticationException { 221 Principal role = (Principal )localPrincipals.get(roleName); 222 if(role==null){ 223 throw new AuthenticationException(" role "+roleName+" does not exists in the current web application "); 224 } 225 JGuardCredential identityCred = extractIdentityCredentialFromUser(user); 226 user.getPrincipals().add(role); 227 updateUser(identityCred,user); 229 } 230 231 235 public void addPrincipalToUser(Subject user, String roleName,String applicationName) throws AuthenticationException { 236 Principal role = new RolePrincipal(roleName,applicationName); 237 JGuardCredential identityCred = extractIdentityCredentialFromUser(user); 238 user.getPrincipals().add(role); 239 updateUser(identityCred,user); 241 } 242 243 244 248 public boolean hasPrincipal(Principal role) throws AuthenticationException { 249 return localPrincipalsSet.contains(role); 250 } 251 252 256 public boolean hasPrincipal(String ppalName) throws AuthenticationException { 257 Iterator itPrincipals = localPrincipalsSet.iterator(); 258 while(itPrincipals.hasNext()){ 259 Principal ppal = (Principal )itPrincipals.next(); 260 if(ppal.getName().equals(ppalName)){ 261 return true; 262 } 263 } 264 return false; 265 } 266 267 public void updateUser(JGuardCredential identityCred,Subject user)throws AuthenticationException{ 268 Set principals = user.getPrincipals(); 270 Set userPrincipals = user.getPrincipals(UserPrincipal.class); 271 boolean userPrincipalFound = false; 272 Iterator itJexlPrincipals = userPrincipals.iterator(); 273 while(itJexlPrincipals.hasNext()){ 274 Principal userPrincipal = (Principal ) itJexlPrincipals.next(); 275 principals.remove(userPrincipal); 276 userPrincipalFound = true; 277 } 278 279 updateUserImpl(identityCred, user); 280 281 if(userPrincipalFound) 283 user.getPrincipals().add(new UserPrincipal(user)); 284 } 285 286 protected abstract void updateUserImpl(JGuardCredential identityCred,Subject user)throws AuthenticationException; 287 288 289 294 public abstract Set findUsers(Collection credentials) throws AuthenticationException; 295 296 297 302 public SubjectTemplate getDefaultSubjectTemplate() throws AuthenticationException{ 303 if(subjectTemplate==null){ 304 subjectTemplate = getSubjectTemplate(DEFAULT); 305 } 306 return subjectTemplate.unmodifiableSubjectTemplate(); 307 } 308 309 310 public abstract Set getUsers() throws AuthenticationException; 311 312 313 public void importAuthenticationManager(AuthenticationManager authManager){ 314 if(authManager.isEmpty()){ 315 logger.warning(" authManager to import is empty "); 316 return; 317 } 318 319 Set ppals = null; 321 try { 322 ppals = authManager.getAllPrincipalsSet(); 323 } catch (AuthenticationException e) { 324 logger.log(Level.SEVERE, " principals cannot be grabbed : ", e); 325 } 326 Iterator itPrincipals = ppals.iterator(); 327 while(itPrincipals.hasNext()){ 328 Principal ppal = (Principal )itPrincipals.next(); 329 try { 330 createPrincipal(ppal); 331 } catch (AuthenticationException e) { 332 logger.log(Level.SEVERE, " principal cannot persisted : ", e); 333 } 334 } 335 336 Set usersSet; 338 try { 339 usersSet = authManager.getUsers(); 340 Iterator itUsers = usersSet.iterator(); 341 while(itUsers.hasNext()){ 342 Subject user = (Subject )itUsers.next(); 343 persistUser(user); 344 } 345 346 SubjectTemplate st = authManager.getDefaultSubjectTemplate(); 347 348 this.persistSubjectTemplate(st); 349 this.subjectTemplate = st; 350 } catch (AuthenticationException e) { 351 logger.log(Level.SEVERE, " default subject template cannot be persisted : ", e); 352 } 353 354 } 355 356 357 363 protected Set extractCredentials(Set credentialsSought, Set credentials) { 364 Set credentialsFromSubject = new HashSet (); 365 Iterator itCred = credentials.iterator(); 366 while(itCred.hasNext()){ 367 JGuardCredential cred = (JGuardCredential)itCred.next(); 368 String credId = cred.getId(); 369 Iterator itCredInvolved = credentialsSought.iterator(); 370 while(itCredInvolved.hasNext()){ 371 JGuardCredential credInvolved = (JGuardCredential)itCredInvolved.next(); 372 if(credInvolved.getId().equals(credId)){ 373 credentialsFromSubject.add(cred); 374 } 375 } 376 } 377 return credentialsFromSubject; 378 } 379 380 protected Set extractCredentialsFromSubject(Set credentialsSought,Subject user){ 381 Set credentialsFromSubject = new HashSet (); 382 credentialsFromSubject.addAll(extractCredentials(credentialsSought,user.getPublicCredentials(JGuardCredential.class))); 383 credentialsFromSubject.addAll(extractCredentials(credentialsSought,user.getPrivateCredentials(JGuardCredential.class))); 384 return credentialsFromSubject; 385 } 386 387 protected JGuardCredential extractIdentityCredentialFromUser(Subject user) throws AuthenticationException{ 388 Set creds = new HashSet (); 389 creds.add(this.subjectTemplate.getIdentityCredential()); 390 Set credsFound = extractCredentialsFromSubject(creds,user); 391 if(credsFound.size()>1){ 392 throw new IllegalArgumentException (" the user has got more than one identity argument "); 393 }else if (credsFound.size()<1){ 394 throw new IllegalArgumentException (" the user has'nt got one identity argument "); 395 }else{ 396 return (JGuardCredential)credsFound.iterator().next(); 397 } 398 } 399 400 403 public Principal clonePrincipal(String roleName) throws AuthenticationException { 404 Random rnd = new Random (); 405 String cloneName = roleName+rnd.nextInt(99999); 406 407 return clonePrincipal(roleName, cloneName); 408 } 409 410 413 public Principal clonePrincipal(String roleName, String cloneName) throws AuthenticationException { 414 Principal role = (Principal )localPrincipals.get(roleName); 415 Principal clone = null; 416 if(role instanceof RolePrincipal) { 417 clone = (RolePrincipal)((RolePrincipal)role).clone(); 418 ((RolePrincipal)clone).setName(cloneName); 419 } 420 else 421 clone = PrincipalUtils.getPrincipal(role.getClass().getName(), cloneName); 422 423 createPrincipal(clone); 425 426 return clone; 427 } 428 429 438 public void setActiveOnRolePrincipal(Subject subject,String roleName,String applicationName,boolean active) throws AuthenticationException{ 439 if(roleName.equals(SecurityConstants.GUEST)){ 441 throw new AuthenticationException(SecurityConstants.GUEST+" 'active' property cannot be modified "); 442 } 443 JGuardCredential identityCredential = extractIdentityCredentialFromUser(subject); 444 if(!active && !checkMultipleActiveRoleExists(subject)){ 445 throw new AuthenticationException("only one role is active from the same application. user cannot inactivate it "); 446 } 447 Principal principal = getRole(subject, roleName, applicationName); 448 if(principal instanceof RolePrincipal){ 449 RolePrincipal role = (RolePrincipal)principal; 450 role.setActive(active); 451 updateUser(identityCredential, subject); 452 }else{ 453 logger.warning("active can only be applied to RolePrincipal"); 454 } 455 } 456 457 public Principal getRole(Subject subject,String roleName,String applicationName) throws AuthenticationException{ 458 if(roleName == null || roleName.equals("")){ 459 throw new AuthenticationException("roleName is null or empty"); 460 } 461 if(applicationName == null || applicationName.equals("")){ 462 throw new AuthenticationException("applicationName is null or empty"); 463 } 464 Set principals = subject.getPrincipals(); 465 Iterator it = principals.iterator(); 466 Principal principalFound = null; 467 while(it.hasNext()){ 468 Principal principal = (Principal )it.next(); 469 if(roleName.equals(principal.getName())){ 470 principalFound = principal; 471 break; 472 } 473 474 } 475 if(principalFound == null){ 476 throw new AuthenticationException(" role not found "); 477 } 478 return principalFound; 479 } 480 481 486 private boolean checkMultipleActiveRoleExists(Subject subject){ 487 Set principals = subject.getPrincipals(); 488 Iterator it = principals.iterator(); 489 int activeRoles = 0; 490 while(it.hasNext()){ 491 Principal principal = (Principal )it.next(); 492 493 if(principal instanceof RolePrincipal){ 494 RolePrincipal rPrincipal =null; 495 rPrincipal = (RolePrincipal)principal; 496 if(rPrincipal.isActive() && this.applicationName.equals(rPrincipal.getApplicationName())){ 497 activeRoles++; 498 } 499 } 500 501 } 502 if(activeRoles>1){ 503 return true; 504 } 505 return false; 506 } 507 508 514 public Subject findUser(String login) { 515 Set credentials = new HashSet (); 516 JGuardCredential jcred = new JGuardCredential(); 517 jcred.setId("login"); 518 jcred.setValue(login); 519 credentials.add(jcred); 520 521 Subject user = null; 522 try { 523 Collection usersFound = findUsers(credentials); 524 Iterator itUsers = usersFound.iterator(); 525 if(itUsers.hasNext()){ 526 user = (Subject )itUsers.next(); 527 }else{ 528 throw new AuthenticationException(" no user found "); 529 } 530 } catch (AuthenticationException e) { 531 logger.log(Level.WARNING, e.getLocalizedMessage()); 532 } 533 534 return user; 535 } 536 537 public void updateRoleDefinition(Subject subject, String roleName,String applicationName,String definition) throws AuthenticationException { 538 RolePrincipal ppal = (RolePrincipal)getRole(subject,roleName,applicationName); 539 ppal.setDefinition(definition); 540 JGuardCredential identity = SubjectUtils.getIdentityCredential(subject, AuthenticationManagerFactory.getAuthenticationManager().getDefaultSubjectTemplate()); 541 AuthenticationManagerFactory.getAuthenticationManager().updateUser(identity, subject); 542 543 } 544 545 } 546 | Popular Tags |