KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > activemq > jaas > TextFileCertificateLoginModule


1 /**
2  *
3  * Licensed to the Apache Software Foundation (ASF) under one or more
4  * contributor license agreements. See the NOTICE file distributed with
5  * this work for additional information regarding copyright ownership.
6  * The ASF licenses this file to You under the Apache License, Version 2.0
7  * (the "License"); you may not use this file except in compliance with
8  * the License. You may obtain a copy of the License at
9  *
10  * http://www.apache.org/licenses/LICENSE-2.0
11  *
12  * Unless required by applicable law or agreed to in writing, software
13  * distributed under the License is distributed on an "AS IS" BASIS,
14  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15  * See the License for the specific language governing permissions and
16  * limitations under the License.
17  */

18
19 package org.apache.activemq.jaas;
20
21 import java.io.File JavaDoc;
22 import java.io.IOException JavaDoc;
23 import java.security.cert.X509Certificate JavaDoc;
24 import java.util.Enumeration JavaDoc;
25 import java.util.HashSet JavaDoc;
26 import java.util.Map JavaDoc;
27 import java.util.Properties JavaDoc;
28 import java.util.Set JavaDoc;
29
30 import javax.security.auth.Subject JavaDoc;
31 import javax.security.auth.callback.CallbackHandler JavaDoc;
32 import javax.security.auth.login.LoginException JavaDoc;
33
34 /**
35  * A LoginModule allowing for SSL certificate based authentication based on Distinguished Names (DN) stored in text
36  * files.
37  *
38  * The DNs are parsed using a Properties class where each line is <user_name>=<user_DN>.
39  * This class also uses a group definition file where each line is <group_name>=<user_name_1>,<user_name_2>,etc.
40  * The user and group files' locations must be specified in the org.apache.activemq.jaas.textfiledn.user and
41  * org.apache.activemq.jaas.textfiledn.user properties respectively.
42  *
43  * NOTE: This class will re-read user and group files for every authentication (i.e it does live updates of allowed
44  * groups and users).
45  *
46  * @author sepandm@gmail.com (Sepand)
47  */

48 public class TextFileCertificateLoginModule extends CertificateLoginModule {
49     
50     private final String JavaDoc USER_FILE = "org.apache.activemq.jaas.textfiledn.user";
51     private final String JavaDoc GROUP_FILE = "org.apache.activemq.jaas.textfiledn.group";
52     
53     private File JavaDoc baseDir;
54     private String JavaDoc usersFilePathname;
55     private String JavaDoc groupsFilePathname;
56     
57     /**
58      * Performs initialization of file paths.
59      *
60      * A standard JAAS override.
61      */

62     public void initialize(Subject JavaDoc subject, CallbackHandler JavaDoc callbackHandler, Map JavaDoc sharedState, Map JavaDoc options) {
63         super.initialize(subject, callbackHandler, sharedState, options);
64         if (System.getProperty("java.security.auth.login.config") != null) {
65             baseDir = new File JavaDoc(System.getProperty("java.security.auth.login.config")).getParentFile();
66         } else {
67             baseDir = new File JavaDoc(".");
68         }
69         
70         usersFilePathname = (String JavaDoc) options.get(USER_FILE)+"";
71         groupsFilePathname = (String JavaDoc) options.get(GROUP_FILE)+"";
72     }
73     
74     /**
75      * Overriding to allow DN authorization based on DNs specified in text files.
76      *
77      * @param certs The certificate the incoming connection provided.
78      * @return The user's authenticated name or null if unable to authenticate the user.
79      * @throws LoginException Thrown if unable to find user file or connection certificate.
80      */

81     protected String JavaDoc getUserNameForCertificates(final X509Certificate JavaDoc[] certs) throws LoginException JavaDoc {
82         if (certs == null) {
83             throw new LoginException JavaDoc("Client certificates not found. Cannot authenticate.");
84         }
85         
86         File JavaDoc usersFile = new File JavaDoc(baseDir,usersFilePathname);
87         
88         Properties JavaDoc users = new Properties JavaDoc();
89         
90         try {
91             users.load(new java.io.FileInputStream JavaDoc(usersFile));
92         } catch (IOException JavaDoc ioe) {
93             throw new LoginException JavaDoc("Unable to load user properties file " + usersFile);
94         }
95         
96         String JavaDoc dn = getDistinguishedName(certs);
97         
98         for(Enumeration JavaDoc vals = users.elements(), keys = users.keys(); vals.hasMoreElements(); ) {
99             if ( ((String JavaDoc)vals.nextElement()).equals(dn) ) {
100                 return (String JavaDoc)keys.nextElement();
101             } else {
102                 keys.nextElement();
103             }
104         }
105         
106         return null;
107     }
108     
109     /**
110      * Overriding to allow for group discovery based on text files.
111      *
112      * @param username The name of the user being examined. This is the same name returned by
113      * getUserNameForCertificates.
114      * @return A Set of name Strings for groups this user belongs to.
115      * @throws LoginException Thrown if unable to find group definition file.
116      */

117     protected Set JavaDoc getUserGroups(String JavaDoc username) throws LoginException JavaDoc {
118         File JavaDoc groupsFile = new File JavaDoc(baseDir, groupsFilePathname);
119         
120         Properties JavaDoc groups = new Properties JavaDoc();
121         try {
122             groups.load(new java.io.FileInputStream JavaDoc(groupsFile));
123         } catch (IOException JavaDoc ioe) {
124             throw new LoginException JavaDoc("Unable to load group properties file " + groupsFile);
125         }
126         Set JavaDoc userGroups = new HashSet JavaDoc();
127         for (Enumeration JavaDoc enumeration = groups.keys(); enumeration.hasMoreElements();) {
128             String JavaDoc groupName = (String JavaDoc) enumeration.nextElement();
129             String JavaDoc[] userList = (groups.getProperty(groupName) + "").split(",");
130             for (int i = 0; i < userList.length; i++) {
131                 if (username.equals(userList[i])) {
132                     userGroups.add(groupName);
133                     break;
134                 }
135             }
136         }
137         
138         return userGroups;
139     }
140 }
141
Popular Tags