KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > jboss > aspects > security > AuthenticationInterceptor


1 /*
2   * JBoss, Home of Professional Open Source
3   * Copyright 2005, JBoss Inc., and individual contributors as indicated
4   * by the @authors tag. See the copyright.txt in the distribution for a
5   * full listing of individual contributors.
6   *
7   * This is free software; you can redistribute it and/or modify it
8   * under the terms of the GNU Lesser General Public License as
9   * published by the Free Software Foundation; either version 2.1 of
10   * the License, or (at your option) any later version.
11   *
12   * This software is distributed in the hope that it will be useful,
13   * but WITHOUT ANY WARRANTY; without even the implied warranty of
14   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15   * Lesser General Public License for more details.
16   *
17   * You should have received a copy of the GNU Lesser General Public
18   * License along with this software; if not, write to the Free
19   * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20   * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21   */
22 package org.jboss.aspects.security;
23
24 import java.security.Principal JavaDoc;
25 import java.security.GeneralSecurityException JavaDoc;
26 import javax.security.auth.Subject JavaDoc;
27 import org.jboss.logging.Logger;
28 import org.jboss.security.AuthenticationManager;
29 import org.jboss.security.RunAsIdentity;
30
31 /**
32  * The AuthenticationInterceptor authenticates the caller.
33  *
34  * @author <a HREF="mailto:Scott.Stark@jboss.org">Scott Stark</a>.
35  * @author <a HREF="bill@jboss.org">Bill Burke</a>
36  * @version $Revision: 58420 $
37  */
38 public class AuthenticationInterceptor implements org.jboss.aop.advice.Interceptor
39 {
40    protected Logger log = Logger.getLogger(this.getClass());
41    protected AuthenticationManager authenticationManager;
42
43    public AuthenticationInterceptor(AuthenticationManager manager)
44    {
45       authenticationManager = manager;
46    }
47
48    public String JavaDoc getName()
49    {
50       return "AuthenticationInterceptor";
51    }
52
53    protected void handleGeneralSecurityException(GeneralSecurityException JavaDoc gse)
54    {
55       throw new SecurityException JavaDoc(gse.getMessage());
56    }
57
58    /**
59     * Authenticates the caller using the principal and credentials in the
60     * Infocation if thre is a security manager and an invcocation method.
61     */
62    public Object JavaDoc invoke(org.jboss.aop.joinpoint.Invocation invocation) throws Throwable JavaDoc
63    {
64       try
65       {
66          authenticate(invocation);
67       }
68       catch (GeneralSecurityException JavaDoc gse)
69       {
70          handleGeneralSecurityException(gse);
71       }
72
73       Object JavaDoc oldDomain = SecurityContext.currentDomain.get();
74       try
75       {
76          SecurityContext.currentDomain.set(authenticationManager);
77          return invocation.invokeNext();
78       }
79       finally
80       {
81          SecurityContext.currentDomain.set(oldDomain);
82          
83          // so that the principal doesn't keep being associated with thread if the thread is pooled
84 // only pop if it's been pushed
85 RunAsIdentity callerRunAsIdentity = SecurityActions.peekRunAsIdentity();
86          if (authenticationManager == null || callerRunAsIdentity == null)
87          {
88             SecurityActions.popSubjectContext();
89          }
90          if(authenticationManager != null)
91             SecurityActions.clearSecurityContext(authenticationManager.getSecurityDomain());
92      
93          if (invocation.getMetaData("security", "principal") != null)
94          {
95             SecurityActions.setPrincipal(null);
96             SecurityActions.setCredential(null);
97          }
98       }
99    }
100
101    protected void authenticate(org.jboss.aop.joinpoint.Invocation invocation) throws Exception JavaDoc
102    {
103       Principal JavaDoc principal = (Principal JavaDoc) invocation.getMetaData("security", "principal");
104       Object JavaDoc credential = invocation.getMetaData("security", "credential");
105       
106       if (principal == null)
107       {
108          principal = SecurityActions.getPrincipal();
109       }
110       if (credential == null)
111       {
112          credential = SecurityActions.getCredential();
113       }
114
115       if (authenticationManager == null)
116       {
117          SecurityActions.pushSubjectContext(principal, credential, null);
118          return;
119       }
120
121
122       // authenticate the current principal
123 RunAsIdentity callerRunAsIdentity = SecurityActions.peekRunAsIdentity();
124       if (callerRunAsIdentity == null)
125       {
126          // Check the security info from the method invocation
127 Subject JavaDoc subject = new Subject JavaDoc();
128          if (authenticationManager.isValid(principal, credential, subject) == false)
129          {
130             /* todo support CSIV2 authenticationObserver
131             // Notify authentication observer
132             if (authenticationObserver != null)
133                authenticationObserver.authenticationFailed();
134                */
135             // Check for the security association exception
136 Exception JavaDoc ex = SecurityActions.getContextException();
137             if (ex != null)
138                throw ex;
139             // Else throw a generic SecurityException
140 String JavaDoc msg = "Authentication exception, principal=" + principal;
141             SecurityException JavaDoc e = new SecurityException JavaDoc(msg);
142             throw e;
143          }
144          else
145          {
146             SecurityActions.pushSubjectContext(principal, credential, subject);
147             SecurityActions.establishSecurityContext(authenticationManager.getSecurityDomain(),
148                   principal, credential, subject);
149             if (log.isTraceEnabled())
150             {
151                log.trace("Authenticated principal=" + principal);
152             }
153          }
154       }
155    }
156 }
157
Popular Tags