KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > geronimo > security > realm > providers > CertificateChainLoginModule


1 /**
2  * Licensed to the Apache Software Foundation (ASF) under one or more
3  * contributor license agreements. See the NOTICE file distributed with
4  * this work for additional information regarding copyright ownership.
5  * The ASF licenses this file to You under the Apache License, Version 2.0
6  * (the "License"); you may not use this file except in compliance with
7  * the License. You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  */
17
18 package org.apache.geronimo.security.realm.providers;
19
20 import java.io.IOException JavaDoc;
21 import java.security.cert.Certificate JavaDoc;
22 import java.security.cert.X509Certificate JavaDoc;
23 import java.util.Map JavaDoc;
24 import java.util.Set JavaDoc;
25 import javax.security.auth.Subject JavaDoc;
26 import javax.security.auth.callback.Callback JavaDoc;
27 import javax.security.auth.callback.CallbackHandler JavaDoc;
28 import javax.security.auth.callback.UnsupportedCallbackException JavaDoc;
29 import javax.security.auth.login.LoginException JavaDoc;
30 import javax.security.auth.spi.LoginModule JavaDoc;
31 import javax.security.auth.x500.X500Principal JavaDoc;
32
33 import org.apache.commons.logging.Log;
34 import org.apache.commons.logging.LogFactory;
35
36
37 /**
38  * An example LoginModule that reads a list of users and group from a file on disk.
39  * Authentication is provided by the SSL layer supplying the client certificate.
40  * All we check is that it is present. The
41  * file should be formatted using standard Java properties syntax. Expects
42  * to be run by a GenericSecurityRealm (doesn't work on its own).
43  *
44  * The usersURI property file should have lines of the form token=certificatename
45  * where certificate name is X509Certificate.getSubjectX500Principal().getName()
46  *
47  * The groupsURI property file should have lines of the form group=token1,token2,...
48  * where the tokens were associated to the certificate names in the usersURI properties file.
49  *
50  * @version $Rev: 476049 $ $Date: 2006-11-16 23:35:17 -0500 (Thu, 16 Nov 2006) $
51  */
52 public class CertificateChainLoginModule implements LoginModule JavaDoc {
53     private static Log log = LogFactory.getLog(CertificateChainLoginModule.class);
54
55     Subject JavaDoc subject;
56     CallbackHandler JavaDoc handler;
57     X500Principal JavaDoc principal;
58
59     public void initialize(Subject JavaDoc subject, CallbackHandler JavaDoc callbackHandler, Map JavaDoc sharedState, Map JavaDoc options) {
60         this.subject = subject;
61         this.handler = callbackHandler;
62 // try {
63 // Kernel kernel = KernelRegistry.getKernel((String)options.get(JaasLoginModuleUse.KERNEL_LM_OPTION));
64 // ServerInfo serverInfo = (ServerInfo) options.get(JaasLoginModuleUse.SERVERINFO_LM_OPTION);
65 // URI usersURI = new URI((String)options.get(USERS_URI));
66 // URI groupsURI = new URI((String)options.get(GROUPS_URI));
67 // loadProperties(kernel, serverInfo, usersURI, groupsURI);
68 // } catch (Exception e) {
69 // log.error(e);
70 // throw new IllegalArgumentException("Unable to configure properties file login module: "+e);
71 // }
72 }
73
74
75
76     public boolean login() throws LoginException JavaDoc {
77         Callback JavaDoc[] callbacks = new Callback JavaDoc[1];
78
79         callbacks[0] = new CertificateChainCallback();
80         try {
81             handler.handle(callbacks);
82         } catch (IOException JavaDoc ioe) {
83             throw (LoginException JavaDoc) new LoginException JavaDoc().initCause(ioe);
84         } catch (UnsupportedCallbackException JavaDoc uce) {
85             throw (LoginException JavaDoc) new LoginException JavaDoc().initCause(uce);
86         }
87         assert callbacks.length == 1;
88         Certificate JavaDoc[] certificateChain = ((CertificateChainCallback)callbacks[0]).getCertificateChain();
89         if (certificateChain == null || certificateChain.length == 0) {
90             return false;
91         }
92         if (!(certificateChain[0] instanceof X509Certificate JavaDoc)) {
93             return false;
94         }
95         //TODO actually validate chain
96 principal = ((X509Certificate JavaDoc)certificateChain[0]).getSubjectX500Principal();
97
98         return true;
99     }
100
101     public boolean commit() throws LoginException JavaDoc {
102         Set JavaDoc principals = subject.getPrincipals();
103
104         principals.add(principal);
105         principals.add(new GeronimoUserPrincipal(principal.getName()));
106
107         return true;
108     }
109
110     public boolean abort() throws LoginException JavaDoc {
111         principal = null;
112
113         return true;
114     }
115
116     public boolean logout() throws LoginException JavaDoc {
117         principal = null;
118
119         return true;
120     }
121
122     /**
123      * Gets the names of all principal classes that may be populated into
124      * a Subject.
125      */
126     public String JavaDoc[] getPrincipalClassNames() {
127         return new String JavaDoc[]{GeronimoUserPrincipal.class.getName()};
128     }
129
130 }
131
Popular Tags