KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > jboss > mq > sm > file > DynamicLoginModule


1 /*
2 * JBoss, Home of Professional Open Source
3 * Copyright 2005, JBoss Inc., and individual contributors as indicated
4 * by the @authors tag. See the copyright.txt in the distribution for a
5 * full listing of individual contributors.
6 *
7 * This is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU Lesser General Public License as
9 * published by the Free Software Foundation; either version 2.1 of
10 * the License, or (at your option) any later version.
11 *
12 * This software is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this software; if not, write to the Free
19 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20 * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21 */
22 package org.jboss.mq.sm.file;
23
24 import java.security.acl.Group JavaDoc;
25 import java.util.Map JavaDoc;
26
27 import javax.security.auth.Subject JavaDoc;
28 import javax.security.auth.callback.CallbackHandler JavaDoc;
29 import javax.security.auth.login.LoginException JavaDoc;
30
31 import org.jboss.security.SimpleGroup;
32 import org.jboss.security.SimplePrincipal;
33 import org.jboss.security.auth.spi.UsernamePasswordLoginModule;
34
35 /**
36  * JAAS LoginModule that is backed by the DynamicStateManager.
37  *
38  * Must have the attribute sm.objectname set,
39  * and may have the unauthenticatedIdentity set to some value.
40  * @author <a HREF="pra@tim.se">Peter Antman</a>
41  * @version $Revision: 42414 $
42  */
43
44 public class DynamicLoginModule extends UsernamePasswordLoginModule
45 {
46    static final String JavaDoc DEFAULT_SM_NAME = "jboss.mq:service=StateManager";
47
48    DynamicStateManager sm = null;
49
50    public DynamicLoginModule()
51    {
52
53    }
54
55    public void initialize(Subject JavaDoc subject, CallbackHandler JavaDoc callbackHandler, Map JavaDoc sharedState, Map JavaDoc options)
56    {
57       super.initialize(subject, callbackHandler, sharedState, options);
58       try
59       {
60          String JavaDoc smName = (String JavaDoc) options.get("sm.objectname");
61          if (smName == null)
62             smName = DEFAULT_SM_NAME;
63
64          javax.management.ObjectName JavaDoc smObjectName = new javax.management.ObjectName JavaDoc(smName);
65
66          // Lokup the state manager. FIXME
67 javax.management.MBeanServer JavaDoc server = org.jboss.mx.util.MBeanServerLocator.locateJBoss();
68          sm = (DynamicStateManager) server.getAttribute(smObjectName, "Instance");
69
70       }
71       catch (Exception JavaDoc ex)
72       {
73          super.log.error("Failed to load DynamicSecurityManager", ex);
74       }
75
76    }
77
78    /**
79     * Check we have contact to a state manager.
80     */
81    public boolean login() throws LoginException JavaDoc
82    {
83       if (sm == null)
84          throw new LoginException JavaDoc("StateManager is null");
85
86       return super.login();
87    }
88
89
90    /** Overriden to return an empty password string as typically one cannot
91     obtain a user's password. We also override the validatePassword so
92     this is ok.
93     @return and empty password String
94     */
95    protected String JavaDoc getUsersPassword() throws LoginException JavaDoc
96    {
97       return "";
98    }
99
100    /**
101     * Validate the password againts the state manager.
102     *
103     * @param inputPassword the password to validate.
104     * @param expectedPassword ignored
105     */
106    protected boolean validatePassword(String JavaDoc inputPassword, String JavaDoc expectedPassword)
107    {
108       boolean valid = false;
109       try
110       {
111          valid = sm.validatePassword(getUsername(), inputPassword);
112       }
113       catch (Throwable JavaDoc e)
114       {
115          super.setValidateError(e);
116       }
117       return valid;
118    }
119
120    /** Overriden by subclasses to return the Groups that correspond to the
121     * to the role sets assigned to the user. Subclasses should create at
122     * least a Group named "Roles" that contains the roles assigned to the user.
123     * A second common group is "CallerPrincipal" that provides the application
124     * identity of the user rather than the security domain identity.
125     *
126     * Only a Roles Group is returned.
127     * @return Group[] containing the sets of roles
128     */
129    protected Group JavaDoc[] getRoleSets() throws LoginException JavaDoc
130    {
131       SimpleGroup userRoles = new SimpleGroup("Roles");
132       String JavaDoc[] roles = null;
133       try
134       {
135          roles = sm.getRoles(getUsername());
136       }
137       catch (Exception JavaDoc ex)
138       {
139          super.log.error("Could not get roleSets for user " + getUsername(), ex);
140          throw new LoginException JavaDoc("Could not get roleSets for user");
141       }
142       if (roles != null)
143       {
144          for (int i = 0; i < roles.length; i++)
145          {
146             userRoles.addMember(new SimplePrincipal(roles[i]));
147          }
148       }
149
150       Group JavaDoc[] roleSets = {userRoles};
151       return roleSets;
152    }
153 } // DynamicLoginModule
154
155
156
157
Popular Tags