KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > servicemix > jbi > security > login > CertificatesLoginModule


1 /*
2  * Licensed to the Apache Software Foundation (ASF) under one or more
3  * contributor license agreements. See the NOTICE file distributed with
4  * this work for additional information regarding copyright ownership.
5  * The ASF licenses this file to You under the Apache License, Version 2.0
6  * (the "License"); you may not use this file except in compliance with
7  * the License. You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  */
17 package org.apache.servicemix.jbi.security.login;
18
19 import java.io.File JavaDoc;
20 import java.io.IOException JavaDoc;
21 import java.security.Principal JavaDoc;
22 import java.security.cert.X509Certificate JavaDoc;
23 import java.util.Enumeration JavaDoc;
24 import java.util.HashSet JavaDoc;
25 import java.util.Iterator JavaDoc;
26 import java.util.Map JavaDoc;
27 import java.util.Properties JavaDoc;
28 import java.util.Set JavaDoc;
29
30 import javax.security.auth.Subject JavaDoc;
31 import javax.security.auth.callback.Callback JavaDoc;
32 import javax.security.auth.callback.CallbackHandler JavaDoc;
33 import javax.security.auth.callback.UnsupportedCallbackException JavaDoc;
34 import javax.security.auth.login.FailedLoginException JavaDoc;
35 import javax.security.auth.login.LoginException JavaDoc;
36 import javax.security.auth.spi.LoginModule JavaDoc;
37
38 import org.apache.commons.logging.Log;
39 import org.apache.commons.logging.LogFactory;
40 import org.apache.servicemix.jbi.security.GroupPrincipal;
41 import org.apache.servicemix.jbi.security.UserPrincipal;
42
43
44 /**
45  * This login module authenticate users given an X509 certificate.
46  *
47  */
48 public class CertificatesLoginModule implements LoginModule JavaDoc {
49
50     private final String JavaDoc USER_FILE = "org.apache.servicemix.security.certificates.user";
51     private final String JavaDoc GROUP_FILE = "org.apache.servicemix.security.certificates.group";
52
53     private static final Log log = LogFactory.getLog(CertificatesLoginModule.class);
54
55     private Subject JavaDoc subject;
56     private CallbackHandler JavaDoc callbackHandler;
57
58     private boolean debug;
59     private String JavaDoc usersFile;
60     private String JavaDoc groupsFile;
61     private Properties JavaDoc users = new Properties JavaDoc();
62     private Properties JavaDoc groups = new Properties JavaDoc();
63     private String JavaDoc user;
64     private Set JavaDoc principals = new HashSet JavaDoc();
65     private File JavaDoc baseDir;
66
67     public void initialize(Subject JavaDoc subject, CallbackHandler JavaDoc callbackHandler, Map JavaDoc sharedState, Map JavaDoc options) {
68         this.subject = subject;
69         this.callbackHandler = callbackHandler;
70
71         if( System.getProperty("java.security.auth.login.config")!=null ) {
72             baseDir=new File JavaDoc(System.getProperty("java.security.auth.login.config")).getParentFile();
73         } else {
74             baseDir = new File JavaDoc(".");
75         }
76
77         debug = "true".equalsIgnoreCase((String JavaDoc) options.get("debug"));
78         usersFile = (String JavaDoc) options.get(USER_FILE)+"";
79         groupsFile = (String JavaDoc) options.get(GROUP_FILE)+"";
80
81         if (debug) {
82             log.debug("Initialized debug=" + debug + " usersFile=" + usersFile + " groupsFile=" + groupsFile+" basedir="+baseDir);
83         }
84     }
85
86     public boolean login() throws LoginException JavaDoc {
87         File JavaDoc f = new File JavaDoc(baseDir,usersFile);
88         try {
89             users.load(new java.io.FileInputStream JavaDoc(f));
90         } catch (IOException JavaDoc ioe) {
91             throw new LoginException JavaDoc("Unable to load user properties file " + f);
92         }
93         f = new File JavaDoc(baseDir, groupsFile);
94         try {
95             groups.load(new java.io.FileInputStream JavaDoc(f));
96         } catch (IOException JavaDoc ioe) {
97             throw new LoginException JavaDoc("Unable to load group properties file " + f);
98         }
99
100         Callback JavaDoc[] callbacks = new Callback JavaDoc[1];
101         callbacks[0] = new CertificateCallback();
102         try {
103             callbackHandler.handle(callbacks);
104         } catch (IOException JavaDoc ioe) {
105             throw new LoginException JavaDoc(ioe.getMessage());
106         } catch (UnsupportedCallbackException JavaDoc uce) {
107             throw new LoginException JavaDoc(uce.getMessage() + " not available to obtain information from user");
108         }
109         X509Certificate JavaDoc cert = ((CertificateCallback) callbacks[0]).getCertificate();
110         if (cert == null) throw new FailedLoginException JavaDoc("Unable to retrieve certificate");
111
112         Principal JavaDoc principal = cert.getSubjectX500Principal();
113         String JavaDoc certName = principal.getName();
114         for (Iterator JavaDoc it = users.entrySet().iterator(); it.hasNext();) {
115             Map.Entry JavaDoc entry = (Map.Entry JavaDoc) it.next();
116             if (certName.equals(entry.getValue())) {
117                 user = (String JavaDoc) entry.getKey();
118                 principals.add(principal);
119                 if (debug) {
120                     log.debug("login " + user);
121                 }
122                 return true;
123             }
124         }
125         throw new FailedLoginException JavaDoc();
126     }
127
128     public boolean commit() throws LoginException JavaDoc {
129         principals.add(new UserPrincipal(user));
130
131         for (Enumeration JavaDoc enumeration = groups.keys(); enumeration.hasMoreElements();) {
132             String JavaDoc name = (String JavaDoc) enumeration.nextElement();
133             String JavaDoc[] userList = ((String JavaDoc) groups.getProperty(name) + "").split(",");
134             for (int i = 0; i < userList.length; i++) {
135                 if (user.equals(userList[i])) {
136                     principals.add(new GroupPrincipal(name));
137                     break;
138                 }
139             }
140         }
141
142         subject.getPrincipals().addAll(principals);
143
144         clear();
145
146         if (debug) {
147             log.debug("commit");
148         }
149         return true;
150     }
151
152     public boolean abort() throws LoginException JavaDoc {
153         clear();
154
155         if (debug) {
156             log.debug("abort");
157         }
158         return true;
159     }
160
161     public boolean logout() throws LoginException JavaDoc {
162         subject.getPrincipals().removeAll(principals);
163         principals.clear();
164
165         if (debug) {
166             log.debug("logout");
167         }
168         return true;
169     }
170
171     private void clear() {
172         groups.clear();
173         user = null;
174     }
175 }
176
Popular Tags