1 23 package org.apache.slide.jaas.spi; 24 25 import java.io.IOException ; 26 import java.security.Principal ; 27 import java.security.acl.Group ; 28 import java.util.ArrayList ; 29 import java.util.Enumeration ; 30 import java.util.Map ; 31 32 import javax.security.auth.Subject ; 33 import javax.security.auth.callback.Callback ; 34 import javax.security.auth.callback.CallbackHandler ; 35 import javax.security.auth.callback.NameCallback ; 36 import javax.security.auth.callback.PasswordCallback ; 37 import javax.security.auth.callback.UnsupportedCallbackException ; 38 import javax.security.auth.login.LoginException ; 39 import javax.security.auth.spi.LoginModule ; 40 41 import org.apache.slide.authenticate.CredentialsToken; 42 import org.apache.slide.authenticate.SecurityToken; 43 import org.apache.slide.common.Domain; 44 import org.apache.slide.common.NamespaceAccessToken; 45 import org.apache.slide.common.SlideException; 46 import org.apache.slide.common.SlideToken; 47 import org.apache.slide.common.SlideTokenImpl; 48 import org.apache.slide.content.Content; 49 import org.apache.slide.content.NodeProperty; 50 import org.apache.slide.content.NodeRevisionDescriptor; 51 import org.apache.slide.content.NodeRevisionDescriptors; 52 import org.apache.slide.security.ACLSecurityImpl; 53 import org.apache.slide.security.Security; 54 import org.apache.slide.structure.ObjectNotFoundException; 55 import org.apache.slide.structure.SubjectNode; 56 57 71 public class SlideLoginModule implements LoginModule { 72 73 protected Content m_content; 75 protected Security m_security; 76 77 protected String m_usersPath; 79 protected String m_rolesPath; 80 81 protected boolean m_authenticated = false; 83 protected Subject m_subject; 84 protected Principal m_principal; 85 protected Principal [] m_roles; 86 protected Group m_group; 87 88 protected boolean m_committed = false; 89 90 protected CallbackHandler m_callbackHandler; 91 protected Map m_sharedState; 92 93 94 public SlideLoginModule() { 95 } 96 97 109 public void initialize( 110 Subject subject, 111 CallbackHandler callbackHandler, 112 Map sharedState, 113 Map options) { 114 115 m_subject = subject; 116 m_callbackHandler = callbackHandler; 117 m_sharedState = sharedState; 118 119 String namespace = (String ) options.get("namespace"); 121 if (namespace == null) { 122 namespace = Domain.getDefaultNamespace(); 123 } 124 125 NamespaceAccessToken nat = Domain.accessNamespace(new SecurityToken(this),namespace); 127 m_content = nat.getContentHelper(); 128 m_security = nat.getSecurityHelper(); 129 m_usersPath = nat.getNamespaceConfig().getUsersPath(); 130 m_rolesPath = nat.getNamespaceConfig().getRolesPath(); 131 } 132 133 141 public boolean login() throws LoginException { 142 143 if (m_callbackHandler == null) { 144 throw new LoginException ("No callback handler"); 146 } 147 148 Callback [] callbacks = new Callback [2]; 149 callbacks[0] = new NameCallback ("Username: "); 150 callbacks[1] = new PasswordCallback ("Password: ",false); 151 152 try { 153 m_callbackHandler.handle(callbacks); 155 156 String username = ((NameCallback ) callbacks[0]).getName(); 157 char[] password = ((PasswordCallback ) callbacks[1]).getPassword(); 158 159 if (username == null) { 160 throw new LoginException ("No user name entered"); 161 } 162 if (password == null) { 163 throw new LoginException ("No password entered"); 164 } 165 166 m_sharedState.put("javax.security.auth.login.name",username); 168 m_sharedState.put("javax.security.auth.login.password",password); 169 170 SlideToken slideToken = new SlideTokenImpl(new CredentialsToken(username)); 172 173 SubjectNode userNode; 175 try { 176 userNode = (SubjectNode) m_security.getPrincipal(slideToken); 177 } 178 catch (ObjectNotFoundException e) { 179 final String msg = "No such user"; 180 if (Domain.isDebugEnabled()) { 181 Domain.debug("[SlideLoginModule] - " + msg); 182 } 183 throw new LoginException (msg); 184 } 185 catch (SlideException e) { 186 final String msg = "Failure loading user object"; 187 Domain.error("[SlideLoginModule] - " + msg,e); 188 throw new LoginException (msg); 189 } 190 191 m_principal = new SlidePrincipal(username); 192 m_group = new SlideGroup(); 193 194 NodeRevisionDescriptors revisions = m_content.retrieve(slideToken, m_usersPath + "/" + username); 196 NodeRevisionDescriptor revision = m_content.retrieve(slideToken, revisions); 197 NodeProperty property = revision.getProperty("password", NodeProperty.SLIDE_NAMESPACE); 198 if (property != null) { 199 m_authenticated = new String (password).equals(property.getValue()); 200 201 if (!m_authenticated) { 202 final String msg = "Authentication failed"; 203 if (Domain.isDebugEnabled()) { 204 Domain.debug("[SlideLoginModule] - " + msg + " for user " + username 205 + ": wrong password."); 206 } 207 throw new LoginException (msg); 208 } 209 else if (Domain.isDebugEnabled()) { 210 Domain.debug("[SlideLoginModule] - user " + username 211 + " successfully authenticated"); 212 } 213 214 ArrayList list = new ArrayList (); 216 Enumeration roles = ((ACLSecurityImpl) m_security). 217 getGroupMembership(slideToken, userNode); 218 while (roles.hasMoreElements()) { 219 String role = ((String ) roles.nextElement()).substring(m_rolesPath.length()+1); 220 if (Domain.isDebugEnabled()) { 221 Domain.debug("[SlideLoginModule] - adding role " + role 222 + " for user " + username); 223 } 224 SlideRole slideRole = new SlideRole(role); 225 m_group.addMember(slideRole); 229 list.add(slideRole); 230 } 231 m_roles = (Principal []) list.toArray(new Principal [list.size()]); 232 return true; 233 } 234 else { 235 final String msg = "User " + username + " doesn't have his password " + 236 "property set: can't authenticate."; 237 Domain.warn("[SlideLoginModule] - " + msg); 238 throw new LoginException (msg); 239 } 240 } 241 catch (IOException e) { 242 final String msg = "Failure during login()"; 243 Domain.error("[SlideLoginModule] - " + msg,e); 244 throw new LoginException (msg); 245 } 246 catch (UnsupportedCallbackException e) { 247 final String msg = "Failure during login()"; 248 Domain.error("[SlideLoginModule] - " + msg,e); 249 throw new LoginException (msg); 250 } 251 catch (SlideException e) { 252 final String msg = "Failure during login()"; 253 Domain.error("[SlideLoginModule] - " + msg,e); 254 throw new LoginException (msg); 255 } 256 } 257 258 268 public boolean commit() throws LoginException { 269 if (m_authenticated) { 270 m_subject.getPrincipals().add(m_principal); 271 m_subject.getPrincipals().add(m_group); 272 for (int i = 0; i < m_roles.length; i++) { 273 m_subject.getPrincipals().add(m_roles[i]); 274 } 275 } 276 m_committed = true; 277 return m_authenticated; 278 } 279 280 290 public boolean abort() throws LoginException { 291 m_principal = null; 292 m_group = null; 293 m_roles = null; 294 return m_authenticated; 295 } 296 297 305 public boolean logout() throws LoginException { 306 m_subject.getPrincipals().remove(m_principal); 307 m_subject.getPrincipals().remove(m_group); 308 for (int i = 0; i < m_roles.length; i++) { 309 m_subject.getPrincipals().remove(m_roles[i]); 310 } 311 m_committed = false; 312 m_principal = null; 313 m_group = null; 314 m_roles = null; 315 return true; 316 } 317 318 } 319 | Popular Tags |