KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > net > sf > jguard > ext > java5 > authentication > jmx > JGuardJMXAuthenticator


1 /*
2 jGuard is a security framework based on top of jaas (java authentication and authorization security).
3 it is written for web applications, to resolve simply, access control problems.
4 version $Name: $
5 http://sourceforge.net/projects/jguard/
6
7 Copyright (C) 2004 Charles GAY
8
9 This library is free software; you can redistribute it and/or
10 modify it under the terms of the GNU Lesser General Public
11 License as published by the Free Software Foundation; either
12 version 2.1 of the License, or (at your option) any later version.
13
14 This library is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 Lesser General Public License for more details.
18
19 You should have received a copy of the GNU Lesser General Public
20 License along with this library; if not, write to the Free Software
21 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22
23
24 jGuard project home page:
25 http://sourceforge.net/projects/jguard/
26
27 */
28 package net.sf.jguard.ext.java5.authentication.jmx;
29
30 import java.security.Principal JavaDoc;
31 import java.util.Iterator JavaDoc;
32 import java.util.Set JavaDoc;
33 import java.util.logging.Level JavaDoc;
34 import java.util.logging.Logger JavaDoc;
35
36 import javax.management.remote.JMXAuthenticator JavaDoc;
37 import javax.security.auth.Subject JavaDoc;
38 import javax.security.auth.login.Configuration JavaDoc;
39 import javax.security.auth.login.LoginContext JavaDoc;
40 import javax.security.auth.login.LoginException JavaDoc;
41
42 import net.sf.jguard.core.CoreConstants;
43 import net.sf.jguard.core.authentication.configuration.LocalLoginContext;
44 import net.sf.jguard.core.principals.JMXPrincipal;
45 import net.sf.jguard.core.principals.UserPrincipal;
46 import net.sf.jguard.ext.SecurityConstants;
47 import net.sf.jguard.ext.authentication.callbacks.JMXCallbackHandler;
48
49 /**
50  * JGuardJMXAuthenticator is a custom JMX authenticator.
51  * It logs the user connecting from JMX.
52  * In jee (and jee only !), it adds a special Principal to the Subject created during the login.
53  * This is a <code>JMXPrincipal</code> which keeps a reference to the classloader
54  * to identify the webapp the user is login in and thus get the correct permission provider
55  * from the MultipleAppPolicy.
56  * @author <a HREF="mailto:vberetti@users.sourceforge.net">Vincent Beretti</a>
57  * @since 1.0
58  */
59 public class JGuardJMXAuthenticator implements JMXAuthenticator JavaDoc {
60
61     private static final Logger JavaDoc logger = Logger.getLogger(JGuardJMXAuthenticator.class.getName());
62
63     private String JavaDoc applicationName;
64     private ClassLoader JavaDoc classLoader; // only used in jee
65 private Configuration JavaDoc configuration = null;
66
67     /**
68      * Creates a JGuardJMXAuthentication <strong>for standalone applications</strong>
69      * Retrieves the application name from system properties :
70      * <ul>
71      * <li>net.sf.jguard.application.name</li>
72      * <li>or com.sun.management.jmxremote.login.config</li>
73      * </ul>
74      */
75     public JGuardJMXAuthenticator(){
76
77         logger.info("JGuardJMXAuthentication for j2se environnement");
78         String JavaDoc appNameProp = System.getProperty(SecurityConstants.JGUARD_APPLICATION_NAME);
79
80         if (appNameProp != null){
81             // use system property net.sf.jguard.application.name
82 applicationName = appNameProp;
83         }else{
84             String JavaDoc appNameJMXProp = System.getProperty(SecurityConstants.COM_SUN_APPLICATION_NAME);
85             if (appNameJMXProp != null){
86                 applicationName = appNameJMXProp;
87             }else{
88                 //use default applicationName
89 applicationName = CoreConstants.DEFAULT_APPLICATION_NAME;
90             }
91         }
92         this.classLoader = null; // classLoader won't be used
93 }
94
95     /**
96      * Creates a JGuardJMXAuthenticator <strong>for jee applications</strong>
97      * @param applicationName - the webapp name
98      * @param classLoader - the classloader identifying the permissionProvider in MultipleAppPolicy
99      */
100     public JGuardJMXAuthenticator(String JavaDoc applicationName,ClassLoader JavaDoc classLoader){
101         logger.info("JGuardJMXAuthentication for jee environnement");
102         this.applicationName = applicationName;
103         this.classLoader = classLoader;
104     }
105     
106     
107
108     public JGuardJMXAuthenticator(String JavaDoc appName, ClassLoader JavaDoc contextClassLoader, Configuration JavaDoc conf) {
109         logger.info("JGuardJMXAuthentication for jee environnement");
110         logger.info("authentication scope is local");
111         this.applicationName = appName;
112         this.classLoader = contextClassLoader;
113         configuration = conf;
114     }
115
116     public Subject JavaDoc authenticate(Object JavaDoc credentials) {
117
118         Subject JavaDoc subject = null;
119         
120         if(configuration==null){
121             try {
122                 logger.info("logging in application : " + applicationName);
123                 LoginContext JavaDoc lc = new LoginContext JavaDoc(applicationName, new JMXCallbackHandler(credentials));
124                 lc.login();
125                 subject = lc.getSubject();
126             } catch (LoginException JavaDoc e) {
127                 logger.severe("loginException : "+e.getMessage());
128                 throw new SecurityException JavaDoc(e.getMessage());
129             }
130         }else{
131             //'local' mode
132 try {
133                 LocalLoginContext loginContext = new LocalLoginContext(applicationName,new JMXCallbackHandler(credentials),configuration);
134                 loginContext.login();
135                 subject = loginContext.getSubject();
136             } catch (LoginException JavaDoc e) {
137                 logger.severe("loginException : "+e.getMessage());
138                 throw new SecurityException JavaDoc(e.getMessage());
139             }
140         }
141         
142         
143         if (this.classLoader != null){
144             // used in jee with MultipleAppPolicy
145 JMXPrincipal classLoaderPrincipal = new JMXPrincipal(applicationName, this.classLoader);
146             subject.getPrincipals().add(classLoaderPrincipal);
147         }
148
149         // used in ABAC permissions
150 subject.getPrincipals().add(new UserPrincipal(subject));
151
152         if (logger.isLoggable(Level.INFO)){
153             logger.info("Principals set during login :");
154             Set JavaDoc ppals = subject.getPrincipals();
155             Iterator JavaDoc itPpals = ppals.iterator();
156
157             while (itPpals.hasNext()){
158                 Principal JavaDoc ppal = (Principal JavaDoc)itPpals.next();
159                 logger.log(Level.INFO, ppal.toString());
160             }
161         }
162
163         return subject;
164     }
165 }
166
Popular Tags