KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > geronimo > jetty6 > InternalJAASJettyRealm


1 /**
2  * Licensed to the Apache Software Foundation (ASF) under one or more
3  * contributor license agreements. See the NOTICE file distributed with
4  * this work for additional information regarding copyright ownership.
5  * The ASF licenses this file to You under the Apache License, Version 2.0
6  * (the "License"); you may not use this file except in compliance with
7  * the License. You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  */
17 package org.apache.geronimo.jetty6;
18
19 import java.security.AccessControlContext JavaDoc;
20 import java.security.AccessControlException JavaDoc;
21 import java.security.Principal JavaDoc;
22 import java.security.cert.X509Certificate JavaDoc;
23 import java.util.HashMap JavaDoc;
24
25 import javax.security.auth.Subject JavaDoc;
26 import javax.security.auth.login.LoginContext JavaDoc;
27 import javax.security.auth.login.LoginException JavaDoc;
28 import javax.security.jacc.WebRoleRefPermission JavaDoc;
29
30 import org.apache.commons.logging.Log;
31 import org.apache.commons.logging.LogFactory;
32 import org.apache.geronimo.security.ContextManager;
33 import org.apache.geronimo.security.realm.providers.CertificateCallbackHandler;
34 import org.apache.geronimo.security.realm.providers.ClearableCallbackHandler;
35 import org.apache.geronimo.security.realm.providers.PasswordCallbackHandler;
36 import org.mortbay.jetty.Request;
37
38
39 /**
40  * @version $Rev: 482336 $ $Date: 2006-12-04 15:12:19 -0500 (Mon, 04 Dec 2006) $
41  */
42 public class InternalJAASJettyRealm {
43     private static Log log = LogFactory.getLog(InternalJAASJettyRealm.class);
44
45     private final String JavaDoc securityRealmName;
46     private final HashMap JavaDoc<String JavaDoc, Principal JavaDoc> userMap = new HashMap JavaDoc<String JavaDoc, Principal JavaDoc>();
47     private int count = 1;
48
49     public InternalJAASJettyRealm(String JavaDoc geronimoRealmName) {
50         this.securityRealmName = geronimoRealmName;
51     }
52
53     public String JavaDoc getSecurityRealmName() {
54         return securityRealmName;
55     }
56
57     public Principal JavaDoc getPrincipal(String JavaDoc username) {
58         return userMap.get(username);
59     }
60
61     public Principal JavaDoc authenticate(String JavaDoc username, Object JavaDoc credentials, Request request) {
62         try {
63             if ((username != null) && (!username.equals(""))) {
64
65                 JAASJettyPrincipal userPrincipal = (JAASJettyPrincipal) userMap.get(username);
66
67                 //user has been previously authenticated, but
68 //re-authentication has been requested, so remove them
69 if (userPrincipal != null) {
70                     userMap.remove(username);
71                 }
72
73                 ClearableCallbackHandler callbackHandler;
74                 if (credentials instanceof char[]) {
75                     char[] password = (char[]) credentials;
76                     callbackHandler = new PasswordCallbackHandler(username, password);
77                 } else if (credentials instanceof String JavaDoc) {
78                     char[] password = ((String JavaDoc) credentials).toCharArray();
79                     callbackHandler = new PasswordCallbackHandler(username, password);
80                 } else if (credentials instanceof X509Certificate JavaDoc[]) {
81                     X509Certificate JavaDoc[] certs = (X509Certificate JavaDoc[]) credentials;
82                     if (certs.length < 1) {
83                         throw new LoginException JavaDoc("no certificates supplied");
84                     }
85                     callbackHandler = new CertificateCallbackHandler(certs[0]);
86                 } else {
87                     throw new LoginException JavaDoc("Cannot extract credentials from class: " + credentials.getClass().getName());
88                 }
89
90                 //set up the login context
91 LoginContext JavaDoc loginContext = new LoginContext JavaDoc(securityRealmName, callbackHandler);
92                 loginContext.login();
93                 callbackHandler.clear();
94
95                 Subject JavaDoc subject = ContextManager.getServerSideSubject(loginContext.getSubject());
96                 //TODO use the run-as subject as nextCaller
97 ContextManager.setCallers(subject, subject);
98                 ContextManager.setNextCaller(subject);
99
100                 //login success
101 userPrincipal = new JAASJettyPrincipal(username);
102                 userPrincipal.setSubject(subject);
103
104                 userMap.put(username, userPrincipal);
105
106                 return userPrincipal;
107             } else {
108                 log.debug("Login Failed - null userID");
109                 return null;
110             }
111
112         } catch (LoginException JavaDoc e) {
113 // log.warn("Login Failed", e);
114 log.debug("Login Failed", e);
115             return null;
116         }
117     }
118
119     public void logout(Principal JavaDoc user) {
120         JAASJettyPrincipal principal = (JAASJettyPrincipal) user;
121
122         userMap.remove(principal.getName());
123         ContextManager.unregisterSubject(principal.getSubject());
124     }
125
126     public boolean reauthenticate(Principal JavaDoc user) {
127         // TODO This is not correct if auth can expire! We need to
128
129         Subject JavaDoc subject = ((JAASJettyPrincipal) user).getSubject();
130         ContextManager.setCallers(subject, subject);
131
132         // get the user out of the cache
133 return (userMap.get(user.getName()) != null);
134     }
135
136     public void disassociate(Principal JavaDoc user) {
137         // do nothing
138 }
139
140     public boolean isUserInRole(Principal JavaDoc user, String JavaDoc role) {
141         if (user == null || role == null) {
142             return false;
143         }
144
145         AccessControlContext JavaDoc acc = ContextManager.getCurrentContext();
146         try {
147             // JACC v1.0 secion B.19
148 String JavaDoc servletName = InternalJettyServletHolder.getCurrentServletName();
149             if (servletName.equals("jsp")) {
150                 servletName = "";
151             }
152             acc.checkPermission(new WebRoleRefPermission JavaDoc(servletName, role));
153         } catch (AccessControlException JavaDoc e) {
154             return false;
155         }
156         return true;
157     }
158
159     public Principal JavaDoc pushRole(Principal JavaDoc user, String JavaDoc role) {
160         //handled by JettyServletHolder and its runAsSubject
161 return user;
162     }
163
164     public Principal JavaDoc popRole(Principal JavaDoc user) {
165         return user;
166     }
167
168     public void addUse() {
169         count++;
170     }
171
172     public int removeUse() {
173         return count--;
174     }
175
176 }
177
Popular Tags