KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > alfresco > repo > security > authentication > jaas > JAASAuthenticationComponent


1 /*
2  * Copyright (C) 2006 Alfresco, Inc.
3  *
4  * Licensed under the Mozilla Public License version 1.1
5  * with a permitted attribution clause. You may obtain a
6  * copy of the License at
7  *
8  * http://www.alfresco.org/legal/license.txt
9  *
10  * Unless required by applicable law or agreed to in writing,
11  * software distributed under the License is distributed on an
12  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
13  * either express or implied. See the License for the specific
14  * language governing permissions and limitations under the
15  * License.
16  */

17 package org.alfresco.repo.security.authentication.jaas;
18
19 import java.io.IOException JavaDoc;
20
21 import javax.security.auth.callback.Callback JavaDoc;
22 import javax.security.auth.callback.CallbackHandler JavaDoc;
23 import javax.security.auth.callback.LanguageCallback JavaDoc;
24 import javax.security.auth.callback.NameCallback JavaDoc;
25 import javax.security.auth.callback.PasswordCallback JavaDoc;
26 import javax.security.auth.callback.UnsupportedCallbackException JavaDoc;
27 import javax.security.auth.login.LoginContext JavaDoc;
28 import javax.security.auth.login.LoginException JavaDoc;
29 import javax.security.sasl.AuthorizeCallback JavaDoc;
30 import javax.security.sasl.RealmCallback JavaDoc;
31
32 import org.alfresco.i18n.I18NUtil;
33 import org.alfresco.repo.security.authentication.AbstractAuthenticationComponent;
34 import org.alfresco.repo.security.authentication.AuthenticationException;
35
36 /**
37  * JAAS based authentication
38  *
39  * The user name and password are picked up from login.
40  *
41  * The other configurable parameters are:
42  * realm - the authentication realm if required,
43  * and the entry name to use from the login context.
44  *
45  * You will need to be familiar with the JAAS authentication process to set this up.
46  *
47  * In summary you will need to configure java.security (in the lib/security directory of the jre you are using)
48  * to find a jaas configuration.
49  *
50  * This entry could be used if you want to put the login configuration in the same place (in the lib/security directory of the jre you are using)
51  *
52  * <code>
53  * login.config.url.1=file:${java.home}/lib/security/java.login.config
54  * </code>
55  *
56  * Example configuration entries for Kerberos would be:
57  *
58  * <code>
59  * Alfresco {
60  * com.sun.security.auth.module.Krb5LoginModule sufficient;
61  * };
62  *
63  * com.sun.net.ssl.client {
64  * com.sun.security.auth.module.Krb5LoginModule sufficient;
65  * };
66  *
67  * other {
68  * com.sun.security.auth.module.Krb5LoginModule sufficient;
69  * };
70  * </code>
71  *
72  * This sets up authentication using Kerberos for Alfresco and some defaults that would use the same mechanism if sasl failed for example.
73  *
74  * You could use kerberos and LDAP combined against an Active Directory server.
75  *
76  * @author Andy Hind
77  */

78 public class JAASAuthenticationComponent extends AbstractAuthenticationComponent
79 {
80
81     /**
82      * A key into the login config that defines the authentication mechamisms required.
83      */

84     private String JavaDoc jaasConfigEntryName = "Alfresco";
85     
86     /**
87      * A default realm
88      */

89     private String JavaDoc realm = null;
90
91     public JAASAuthenticationComponent()
92     {
93         super();
94     }
95
96     // Springification
97

98     public void setJaasConfigEntryName(String JavaDoc jaasConfigEntryName)
99     {
100         this.jaasConfigEntryName = jaasConfigEntryName;
101     }
102     
103    
104     public void setRealm(String JavaDoc realm)
105     {
106         this.realm = realm;
107     }
108
109     /**
110      * Jaas does not support guest login
111      */

112     @Override JavaDoc
113     protected boolean implementationAllowsGuestLogin()
114     {
115         return false;
116     }
117
118     /**
119      * Implement Authentication
120      */

121     public void authenticate(String JavaDoc userName, char[] password) throws AuthenticationException
122     {
123
124         LoginContext JavaDoc lc;
125         try
126         {
127             lc = new LoginContext JavaDoc(jaasConfigEntryName, new SimpleCallback(userName, realm, password));
128         }
129         catch (LoginException JavaDoc e)
130         {
131             throw new AuthenticationException("Login Failed", e);
132         }
133         try
134         {
135             lc.login();
136             // Login has gone through OK, set up the acegi context
137
setCurrentUser(userName);
138         }
139         catch (LoginException JavaDoc e)
140         {
141             throw new AuthenticationException("Login Failed", e);
142         }
143
144     }
145
146     /**
147      * Simple call back class to support the common requirements.
148      *
149      * @author Andy Hind
150      */

151     private static class SimpleCallback implements CallbackHandler JavaDoc
152     {
153         String JavaDoc userName;
154
155         String JavaDoc realm;
156
157         char[] password;
158
159         SimpleCallback(String JavaDoc userName, String JavaDoc realm, char[] password)
160         {
161             this.userName = userName;
162             this.realm = realm;
163             this.password = password;
164         }
165
166         public void handle(Callback JavaDoc[] callbacks) throws IOException JavaDoc, UnsupportedCallbackException JavaDoc
167         {
168             for (int i = 0; i < callbacks.length; i++)
169             {
170                 if (callbacks[i] instanceof AuthorizeCallback JavaDoc)
171                 {
172                     AuthorizeCallback JavaDoc cb = (AuthorizeCallback JavaDoc) callbacks[i];
173                     cb.setAuthorized(false);
174                 }
175                 else if (callbacks[i] instanceof LanguageCallback JavaDoc)
176                 {
177                     LanguageCallback JavaDoc cb = (LanguageCallback JavaDoc) callbacks[i];
178                     cb.setLocale(I18NUtil.getLocale());
179                 }
180                 else if (callbacks[i] instanceof NameCallback JavaDoc)
181                 {
182                     NameCallback JavaDoc cb = (NameCallback JavaDoc) callbacks[i];
183                     cb.setName(userName);
184                 }
185                 else if (callbacks[i] instanceof PasswordCallback JavaDoc)
186                 {
187                     PasswordCallback JavaDoc cb = (PasswordCallback JavaDoc) callbacks[i];
188                     cb.setPassword(password);
189                 }
190                 else if (callbacks[i] instanceof RealmCallback JavaDoc)
191                 {
192                     RealmCallback JavaDoc cb = (RealmCallback JavaDoc) callbacks[i];
193                     cb.setText(realm);
194                 }
195                 else
196                 {
197                     throw new UnsupportedCallbackException JavaDoc(callbacks[i]);
198                 }
199             }
200         }
201     }
202 }
203
Popular Tags