1 17 package org.apache.servicemix.jbi.security.login; 18 19 import java.io.File ; 20 import java.io.IOException ; 21 import java.security.Principal ; 22 import java.security.cert.X509Certificate ; 23 import java.util.Enumeration ; 24 import java.util.HashSet ; 25 import java.util.Iterator ; 26 import java.util.Map ; 27 import java.util.Properties ; 28 import java.util.Set ; 29 30 import javax.security.auth.Subject ; 31 import javax.security.auth.callback.Callback ; 32 import javax.security.auth.callback.CallbackHandler ; 33 import javax.security.auth.callback.UnsupportedCallbackException ; 34 import javax.security.auth.login.FailedLoginException ; 35 import javax.security.auth.login.LoginException ; 36 import javax.security.auth.spi.LoginModule ; 37 38 import org.apache.commons.logging.Log; 39 import org.apache.commons.logging.LogFactory; 40 import org.apache.servicemix.jbi.security.GroupPrincipal; 41 import org.apache.servicemix.jbi.security.UserPrincipal; 42 43 44 48 public class CertificatesLoginModule implements LoginModule { 49 50 private final String USER_FILE = "org.apache.servicemix.security.certificates.user"; 51 private final String GROUP_FILE = "org.apache.servicemix.security.certificates.group"; 52 53 private static final Log log = LogFactory.getLog(CertificatesLoginModule.class); 54 55 private Subject subject; 56 private CallbackHandler callbackHandler; 57 58 private boolean debug; 59 private String usersFile; 60 private String groupsFile; 61 private Properties users = new Properties (); 62 private Properties groups = new Properties (); 63 private String user; 64 private Set principals = new HashSet (); 65 private File baseDir; 66 67 public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { 68 this.subject = subject; 69 this.callbackHandler = callbackHandler; 70 71 if( System.getProperty("java.security.auth.login.config")!=null ) { 72 baseDir=new File (System.getProperty("java.security.auth.login.config")).getParentFile(); 73 } else { 74 baseDir = new File ("."); 75 } 76 77 debug = "true".equalsIgnoreCase((String ) options.get("debug")); 78 usersFile = (String ) options.get(USER_FILE)+""; 79 groupsFile = (String ) options.get(GROUP_FILE)+""; 80 81 if (debug) { 82 log.debug("Initialized debug=" + debug + " usersFile=" + usersFile + " groupsFile=" + groupsFile+" basedir="+baseDir); 83 } 84 } 85 86 public boolean login() throws LoginException { 87 File f = new File (baseDir,usersFile); 88 try { 89 users.load(new java.io.FileInputStream (f)); 90 } catch (IOException ioe) { 91 throw new LoginException ("Unable to load user properties file " + f); 92 } 93 f = new File (baseDir, groupsFile); 94 try { 95 groups.load(new java.io.FileInputStream (f)); 96 } catch (IOException ioe) { 97 throw new LoginException ("Unable to load group properties file " + f); 98 } 99 100 Callback [] callbacks = new Callback [1]; 101 callbacks[0] = new CertificateCallback(); 102 try { 103 callbackHandler.handle(callbacks); 104 } catch (IOException ioe) { 105 throw new LoginException (ioe.getMessage()); 106 } catch (UnsupportedCallbackException uce) { 107 throw new LoginException (uce.getMessage() + " not available to obtain information from user"); 108 } 109 X509Certificate cert = ((CertificateCallback) callbacks[0]).getCertificate(); 110 if (cert == null) throw new FailedLoginException ("Unable to retrieve certificate"); 111 112 Principal principal = cert.getSubjectX500Principal(); 113 String certName = principal.getName(); 114 for (Iterator it = users.entrySet().iterator(); it.hasNext();) { 115 Map.Entry entry = (Map.Entry ) it.next(); 116 if (certName.equals(entry.getValue())) { 117 user = (String ) entry.getKey(); 118 principals.add(principal); 119 if (debug) { 120 log.debug("login " + user); 121 } 122 return true; 123 } 124 } 125 throw new FailedLoginException (); 126 } 127 128 public boolean commit() throws LoginException { 129 principals.add(new UserPrincipal(user)); 130 131 for (Enumeration enumeration = groups.keys(); enumeration.hasMoreElements();) { 132 String name = (String ) enumeration.nextElement(); 133 String [] userList = ((String ) groups.getProperty(name) + "").split(","); 134 for (int i = 0; i < userList.length; i++) { 135 if (user.equals(userList[i])) { 136 principals.add(new GroupPrincipal(name)); 137 break; 138 } 139 } 140 } 141 142 subject.getPrincipals().addAll(principals); 143 144 clear(); 145 146 if (debug) { 147 log.debug("commit"); 148 } 149 return true; 150 } 151 152 public boolean abort() throws LoginException { 153 clear(); 154 155 if (debug) { 156 log.debug("abort"); 157 } 158 return true; 159 } 160 161 public boolean logout() throws LoginException { 162 subject.getPrincipals().removeAll(principals); 163 principals.clear(); 164 165 if (debug) { 166 log.debug("logout"); 167 } 168 return true; 169 } 170 171 private void clear() { 172 groups.clear(); 173 user = null; 174 } 175 } 176 | Popular Tags |