KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > geronimo > security > realm > GenericSecurityRealm


1 /**
2  * Licensed to the Apache Software Foundation (ASF) under one or more
3  * contributor license agreements. See the NOTICE file distributed with
4  * this work for additional information regarding copyright ownership.
5  * The ASF licenses this file to You under the Apache License, Version 2.0
6  * (the "License"); you may not use this file except in compliance with
7  * the License. You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  */
17 package org.apache.geronimo.security.realm;
18
19 import java.util.ArrayList JavaDoc;
20 import java.util.HashMap JavaDoc;
21 import java.util.HashSet JavaDoc;
22 import java.util.List JavaDoc;
23 import java.util.Map JavaDoc;
24 import java.util.Properties JavaDoc;
25 import java.util.Set JavaDoc;
26
27 import org.apache.geronimo.gbean.GBeanInfo;
28 import org.apache.geronimo.gbean.GBeanInfoBuilder;
29 import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
30 import org.apache.geronimo.kernel.Kernel;
31 import org.apache.geronimo.security.deploy.PrincipalInfo;
32 import org.apache.geronimo.security.jaas.ConfigurationEntryFactory;
33 import org.apache.geronimo.security.jaas.client.JaasLoginCoordinator;
34 import org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration;
35 import org.apache.geronimo.security.jaas.JaasLoginModuleUse;
36 import org.apache.geronimo.security.jaas.LoginModuleControlFlag;
37 import org.apache.geronimo.security.jaas.JaasLoginModuleChain;
38 import org.apache.geronimo.security.jaas.server.JaasLoginServiceMBean;
39 import org.apache.geronimo.system.serverinfo.ServerInfo;
40
41
42 /**
43  * A security realm that can be configured for one or more login modules. It
44  * can handle a combination of client-side and server-side login modules for
45  * the case of remote clients, and it can auto-role-mapping for its login
46  * modules (though you must configure it for that).
47  * <p/>
48  * This realm populates a number of special login module options for the
49  * benefit of Geronimo login modules (though some of them are only available to
50  * server-side login modules, marked as not Serializable below):
51  * <pre>
52  * Option Type Serializable
53  * JaasLoginModuleUse.KERNEL_LM_OPTION String (Kernel name) Yes
54  * JaasLoginModuleUse.SERVERINFO_LM_OPTION ServerInfo No
55  * JaasLoginModuleUse.CLASSLOADER_LM_OPTION ClassLoader No
56  * </pre>
57  * These options can be safely ignored by login modules that don't need them
58  * (such as any custom LoginModules you may already have lying around).
59  *
60  * @version $Rev: 486195 $ $Date: 2006-12-12 10:42:02 -0500 (Tue, 12 Dec 2006) $
61  */
62 public class GenericSecurityRealm implements SecurityRealm, ConfigurationEntryFactory {
63
64     private final JaasLoginServiceMBean loginService;
65     private final String JavaDoc realmName;
66     private JaasLoginModuleConfiguration[] config;
67     private final Kernel kernel;
68
69     private final PrincipalInfo defaultPrincipalInfo;
70
71     private String JavaDoc[] domains;
72     private final boolean restrictPrincipalsToServer;
73     private final boolean wrapPrincipals;
74     private final JaasLoginModuleUse loginModuleUse;
75
76     public GenericSecurityRealm(String JavaDoc realmName,
77                                 JaasLoginModuleUse loginModuleUse,
78                                 boolean restrictPrincipalsToServer,
79                                 boolean wrapPrincipals,
80                                 PrincipalInfo defaultPrincipalInfo,
81                                 ServerInfo serverInfo,
82                                 ClassLoader JavaDoc classLoader,
83                                 Kernel kernel,
84                                 JaasLoginServiceMBean loginService) {
85         this.realmName = realmName;
86         this.kernel = kernel;
87         this.restrictPrincipalsToServer = restrictPrincipalsToServer;
88         this.wrapPrincipals = wrapPrincipals;
89         this.defaultPrincipalInfo = defaultPrincipalInfo;
90         this.loginService = loginService;
91         this.loginModuleUse = loginModuleUse;
92
93         Set JavaDoc domainNames = new HashSet JavaDoc();
94         List JavaDoc loginModuleConfigurations = new ArrayList JavaDoc();
95
96         if (loginModuleUse != null) {
97             loginModuleUse.configure(domainNames, loginModuleConfigurations, kernel, serverInfo, classLoader);
98         }
99
100         domains = (String JavaDoc[]) domainNames.toArray(new String JavaDoc[domainNames.size()]);
101         config = (JaasLoginModuleConfiguration[]) loginModuleConfigurations.toArray(new JaasLoginModuleConfiguration[loginModuleConfigurations.size()]);
102
103     }
104
105     public String JavaDoc getRealmName() {
106         return realmName;
107     }
108
109     public JaasLoginModuleConfiguration[] getAppConfigurationEntries() {
110         return config;
111     }
112
113     public JaasLoginModuleChain getLoginModuleChain() {
114         return loginModuleUse;
115     }
116
117     /**
118      * Gets a list of the login domains that make up this security realm. A
119      * particular LoginModule represents 0 or 1 login domains, and a realm is
120      * composed of a number of login modules, so the realm may cover any
121      * number of login domains, though typically that number will be 1.
122      */
123     public String JavaDoc[] getLoginDomains() {
124         return domains;
125     }
126
127
128     /**
129      * Provides the default principal to be used when an unauthenticated
130      * subject uses a container.
131      *
132      * @return the default principal
133      */
134     public PrincipalInfo getDefaultPrincipal() {
135         return defaultPrincipalInfo;
136     }
137
138     /**
139      * A GBean property. If set to true, the login service will not return
140      * principals generated by this realm to clients. If set to false (the
141      * default), the client will get a copy of all principals (except realm
142      * principals generated strictly for use within Geronimo).
143      */
144     public boolean isRestrictPrincipalsToServer() {
145         return restrictPrincipalsToServer;
146     }
147
148     /**
149      * If this attribute is true, then the principals will be wrapped in
150      * realm principals.
151      */
152     public boolean isWrapPrincipals() {
153         return wrapPrincipals;
154     }
155
156     public String JavaDoc getConfigurationName() {
157         return realmName;
158     }
159
160     public JaasLoginModuleConfiguration generateConfiguration() {
161         Map JavaDoc options = new HashMap JavaDoc();
162         options.put(JaasLoginCoordinator.OPTION_REALM, realmName);
163         if (kernel != null) {
164             options.put(JaasLoginCoordinator.OPTION_KERNEL, kernel.getKernelName());
165             if (loginService != null) {
166                 options.put(JaasLoginCoordinator.OPTION_SERVICENAME, loginService.getObjectName());
167             }
168         } else {
169             if (loginService != null) {
170                 //this can be used for testing without a kernel.
171 options.put(JaasLoginCoordinator.OPTION_SERVICE_INSTANCE, loginService);
172             }
173         }
174
175         return new JaasLoginModuleConfiguration(JaasLoginCoordinator.class.getName(), LoginModuleControlFlag.REQUIRED, options, true, realmName, wrapPrincipals, JaasLoginCoordinator.class.getClassLoader());
176     }
177
178     public static final GBeanInfo GBEAN_INFO;
179
180     static {
181         GBeanInfoBuilder infoFactory = GBeanInfoBuilder.createStatic(GenericSecurityRealm.class, NameFactory.SECURITY_REALM);
182
183         infoFactory.addInterface(SecurityRealm.class);
184         infoFactory.addInterface(ConfigurationEntryFactory.class);
185         infoFactory.addAttribute("realmName", String JavaDoc.class, true);
186         infoFactory.addAttribute("kernel", Kernel.class, false);
187         infoFactory.addAttribute("classLoader", ClassLoader JavaDoc.class, false);
188         infoFactory.addAttribute("defaultPrincipal", PrincipalInfo.class, true);
189         infoFactory.addAttribute("deploymentSupport", Properties JavaDoc.class, true);
190         infoFactory.addAttribute("restrictPrincipalsToServer", boolean.class, true);
191         infoFactory.addAttribute("wrapPrincipals", boolean.class, true);
192
193         infoFactory.addReference("LoginModuleConfiguration", JaasLoginModuleUse.class, "LoginModuleUse");
194         infoFactory.addReference("ServerInfo", ServerInfo.class, NameFactory.GERONIMO_SERVICE);
195         infoFactory.addReference("LoginService", JaasLoginServiceMBean.class, "JaasLoginService");
196
197         infoFactory.addOperation("getAppConfigurationEntries", new Class JavaDoc[0]);
198
199         infoFactory.setConstructor(new String JavaDoc[]{"realmName",
200                                                 "LoginModuleConfiguration",
201                                                 "restrictPrincipalsToServer",
202                                                 "wrapPrincipals",
203                                                 "defaultPrincipal",
204                                                 "ServerInfo",
205                                                 "classLoader",
206                                                 "kernel",
207                                                 "LoginService"});
208
209         GBEAN_INFO = infoFactory.getBeanInfo();
210     }
211
212     public static GBeanInfo getGBeanInfo() {
213         return GBEAN_INFO;
214     }
215
216 }
217
Popular Tags