1 17 18 package org.apache.geronimo.security.realm.providers; 19 20 import java.io.IOException ; 21 import java.io.InputStream ; 22 import java.net.URI ; 23 import java.security.cert.X509Certificate ; 24 import java.util.Enumeration ; 25 import java.util.HashMap ; 26 import java.util.HashSet ; 27 import java.util.Iterator ; 28 import java.util.Map ; 29 import java.util.Properties ; 30 import java.util.Set ; 31 import java.util.Collection ; 32 import javax.security.auth.Subject ; 33 import javax.security.auth.callback.Callback ; 34 import javax.security.auth.callback.CallbackHandler ; 35 import javax.security.auth.callback.UnsupportedCallbackException ; 36 import javax.security.auth.login.LoginException ; 37 import javax.security.auth.login.FailedLoginException ; 38 import javax.security.auth.spi.LoginModule ; 39 import javax.security.auth.x500.X500Principal ; 40 41 import org.apache.commons.logging.Log; 42 import org.apache.commons.logging.LogFactory; 43 import org.apache.geronimo.common.GeronimoSecurityException; 44 import org.apache.geronimo.security.jaas.JaasLoginModuleUse; 45 import org.apache.geronimo.system.serverinfo.ServerInfo; 46 47 48 63 public class CertificatePropertiesFileLoginModule implements LoginModule { 64 public final static String USERS_URI = "usersURI"; 65 public final static String GROUPS_URI = "groupsURI"; 66 private static Log log = LogFactory.getLog(CertificatePropertiesFileLoginModule.class); 67 private final Map users = new HashMap (); 68 final Map groups = new HashMap (); 69 70 Subject subject; 71 CallbackHandler handler; 72 X500Principal principal; 73 74 public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { 75 this.subject = subject; 76 this.handler = callbackHandler; 77 try { 78 ServerInfo serverInfo = (ServerInfo) options.get(JaasLoginModuleUse.SERVERINFO_LM_OPTION); 79 URI usersURI = new URI ((String )options.get(USERS_URI)); 80 URI groupsURI = new URI ((String )options.get(GROUPS_URI)); 81 loadProperties(serverInfo, usersURI, groupsURI); 82 } catch (Exception e) { 83 log.error(e); 84 throw new IllegalArgumentException ("Unable to configure properties file login module: "+e); 85 } 86 } 87 88 public void loadProperties(ServerInfo serverInfo, URI usersURI, URI groupURI) throws GeronimoSecurityException { 89 try { 90 URI userFile = serverInfo.resolve(usersURI); 91 URI groupFile = serverInfo.resolve(groupURI); 92 InputStream stream = userFile.toURL().openStream(); 93 Properties tmpUsers = new Properties (); 94 tmpUsers.load(stream); 95 stream.close(); 96 97 for (Iterator iterator = tmpUsers.entrySet().iterator(); iterator.hasNext();) { 98 Map.Entry entry = (Map.Entry ) iterator.next(); 99 users.put(entry.getValue(), entry.getKey()); 100 } 101 102 Properties temp = new Properties (); 103 stream = groupFile.toURL().openStream(); 104 temp.load(stream); 105 stream.close(); 106 107 Enumeration e = temp.keys(); 108 while (e.hasMoreElements()) { 109 String groupName = (String ) e.nextElement(); 110 String [] userList = ((String ) temp.get(groupName)).split(","); 111 112 Set userset = (Set ) groups.get(groupName); 113 if (userset == null) { 114 userset = new HashSet (); 115 groups.put(groupName, userset); 116 } 117 118 for (int i = 0; i < userList.length; i++) { 119 String userName = userList[i]; 120 userset.add(userName); 121 } 122 } 123 124 } catch (Exception e) { 125 log.error("Properties File Login Module - data load failed", e); 126 throw new GeronimoSecurityException(e); 127 } 128 } 129 130 131 public boolean login() throws LoginException { 132 Callback [] callbacks = new Callback [1]; 133 134 callbacks[0] = new CertificateCallback(); 135 try { 136 handler.handle(callbacks); 137 } catch (IOException ioe) { 138 throw (LoginException ) new LoginException ().initCause(ioe); 139 } catch (UnsupportedCallbackException uce) { 140 throw (LoginException ) new LoginException ().initCause(uce); 141 } 142 assert callbacks.length == 1; 143 X509Certificate certificate = ((CertificateCallback)callbacks[0]).getCertificate(); 144 if (certificate == null) { 145 return false; 146 } 147 principal = certificate.getSubjectX500Principal(); 148 149 if(!users.containsKey(principal.getName())) { 150 throw new FailedLoginException (); 151 } 152 return true; 153 } 154 155 public boolean commit() throws LoginException { 156 Set principals = subject.getPrincipals(); 157 158 principals.add(principal); 159 String userName = (String ) users.get(principal.getName()); 160 principals.add(new GeronimoUserPrincipal(userName)); 161 162 Iterator e = groups.keySet().iterator(); 163 while (e.hasNext()) { 164 String groupName = (String ) e.next(); 165 Set users = (Set ) groups.get(groupName); 166 Iterator iter = users.iterator(); 167 while (iter.hasNext()) { 168 String user = (String ) iter.next(); 169 if (userName.equals(user)) { 170 principals.add(new GeronimoGroupPrincipal(groupName)); 171 break; 172 } 173 } 174 } 175 176 return true; 177 } 178 179 public boolean abort() throws LoginException { 180 principal = null; 181 182 return true; 183 } 184 185 public boolean logout() throws LoginException { 186 principal = null; 187 return true; 189 } 190 191 195 public String [] getPrincipalClassNames() { 196 return new String []{GeronimoUserPrincipal.class.getName(), GeronimoGroupPrincipal.class.getName()}; 197 } 198 199 203 public String [] getPrincipalsOfClass(String className) { 204 Collection s; 205 if(className.equals(GeronimoGroupPrincipal.class.getName())) { 206 s = groups.keySet(); 207 } else if(className.equals(GeronimoUserPrincipal.class.getName())) { 208 s = users.values(); 209 } else if(className.equals(X500Principal .class.getName())) { 210 s = users.keySet(); 211 } else { 212 throw new IllegalArgumentException ("No such principal class "+className); 213 } 214 return (String []) s.toArray(new String [s.size()]); 215 } 216 } 217 | Popular Tags |