CallerIdentityLoginModule


1   /*
2   * JBoss, Home of Professional Open Source
3   * Copyright 2005, JBoss Inc., and individual contributors as indicated
4   * by the @authors tag. See the copyright.txt in the distribution for a
5   * full listing of individual contributors.
6   *
7   * This is free software; you can redistribute it and/or modify it
8   * under the terms of the GNU Lesser General Public License as
9   * published by the Free Software Foundation; either version 2.1 of
10  * the License, or (at your option) any later version.
11  *
12  * This software is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15  * Lesser General Public License for more details.
16  *
17  * You should have received a copy of the GNU Lesser General Public
18  * License along with this software; if not, write to the Free
19  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21  */
22  package org.jboss.resource.security;
23  
24  import java.security.acl.Group  ;
25  import java.security.Principal  ;
26  import java.util.Map  ;
27  import java.util.Set  ;
28  import javax.resource.spi.security.PasswordCredential  ;
29  import javax.security.auth.Subject  ;
30  import javax.security.auth.callback.CallbackHandler  ;
31  import javax.security.auth.login.LoginException  ;
32  
33  import org.jboss.security.SimplePrincipal;
34  import org.jboss.security.RunAsIdentity;
35  import org.jboss.logging.Logger;
36  
37  /**
38   * A simple login module that simply associates the principal making the
39   * connection request with the actual EIS connection requirements.
40   *
41   * The type of Principal class used is
42   * <code>org.jboss.security.SimplePrincipal.</code>
43   * <p>
44   *
45   * @see org.jboss.resource.security.ConfiguredIdentityLoginModule
46   *
47   * @author Scott.Stark@jboss.org
48   * @author <a HREF="mailto:d_jencks@users.sourceforge.net">David Jencks</a>
49   * @author <a HREF="mailto:dan.bunker@pbs.proquest.com">Dan Bunker</a>
50   * @version $Revision: 37459 $
51   */
52  public class CallerIdentityLoginModule
53     extends AbstractPasswordCredentialLoginModule
54  {
55     /**
56      * Class logger
57      */
58     private static final Logger log = Logger.getLogger(CallerIdentityLoginModule.class);
59  
60     /**
61      * The default username/principal to use for basic connections
62      */
63     private String   userName;
64  
65     /**
66      * The default password to use for basic connections
67      */
68     private char[] password;
69     /** A flag indicating if the run-as principal roles should be added to the subject */
70     private boolean addRunAsRoles;
71     private Set   runAsRoles;
72  
73     /**
74      * Default Constructor
75      */
76     public CallerIdentityLoginModule()
77     {
78     }
79  
80     /**
81      * The initialize method sets up some default connection information for
82      * basic connections.  This is useful for container initialization connection
83      * use or running the application in a non-secure manner.  This method is
84      * called before the login method.
85      *
86      * @param subject
87      * @param handler
88      * @param sharedState
89      * @param options
90      */
91     public void initialize(Subject   subject, CallbackHandler   handler,
92        Map   sharedState, Map   options)
93     {
94        super.initialize(subject, handler, sharedState, options);
95  
96        userName = (String  ) options.get("userName");
97        if (userName == null)
98        {
99           log.debug("No default username supplied.");
100       }
101 
102       String   pass = (String  ) options.get("password");
103       if (pass == null)
104       {
105          log.debug("No default password supplied.");
106       }
107       else
108       {
109          password = pass.toCharArray();
110       }
111 
112       // Check the addRunAsRoles
113       String   flag = (String  ) options.get("addRunAsRoles");
114       addRunAsRoles = Boolean.valueOf(flag).booleanValue();
115 
116       log.debug("got default principal: " + userName + ", username: "
117          + userName + ", password: " + (password == null ? "null" : "****")
118          + " addRunAsRoles: "+addRunAsRoles);
119 
120    }
121 
122    /**
123     * Performs the login association between the caller and the resource for a
124     * 1 to 1 mapping.  This acts as a login propagation strategy and is useful
125     * for single-sign on requirements
126     *
127     * @return True if authentication succeeds
128     * @throws LoginException
129     */
130    public boolean login() throws LoginException  
131    {
132       log.trace("Caller Association login called");
133 
134       //setup to use the default connection info.  This will be overiden if security
135       //associations are found
136       String   username = userName;
137 
138       //ask the security association class for the principal info making this request
139       try
140       {
141          Principal   user = GetPrincipalInfoAction.getPrincipal();
142          char[] userPassword = GetPrincipalInfoAction.getCredential();
143 
144          if( userPassword != null )
145          {
146             password = userPassword;
147          }
148 
149          if (user != null)
150          {
151             username = user.getName();
152             if (log.isTraceEnabled())
153             {
154                log.trace("Current Calling principal is: " + username
155                   + " ThreadName: " + Thread.currentThread().getName());
156             }
157             // Check for a RunAsIdentity
158             RunAsIdentity runAs = GetPrincipalInfoAction.peekRunAsIdentity();
159             if( runAs != null )
160             {
161                runAsRoles = runAs.getRunAsRoles();
162             }
163          }
164       }
165       catch (Throwable   e)
166       {
167          throw new LoginException  ("Unable to get the calling principal or its credentials for resource association");
168       }
169 
170       // Update userName so that getIdentity is consistent
171       userName = username;
172       if (super.login() == true)
173       {
174          return true;
175       }
176 
177       // Put the principal name into the sharedState map
178       sharedState.put("javax.security.auth.login.name", username);
179       super.loginOk = true;
180 
181       return true;
182    }
183 
184    public boolean commit() throws LoginException  
185    {
186       // Put the principal name into the sharedState map
187       sharedState.put("javax.security.auth.login.name", userName);
188       // Add any run-as roles if addRunAsRoles is true
189       if( addRunAsRoles && runAsRoles != null )
190       {
191          SubjectActions.addRoles(subject, runAsRoles);         
192       }
193 
194       // Add the PasswordCredential
195       PasswordCredential   cred = new PasswordCredential  (userName, password);
196       cred.setManagedConnectionFactory(getMcf());
197       SubjectActions.addCredentials(subject, cred);
198       return super.commit();
199    }
200 
201    protected Principal   getIdentity()
202    {
203       log.trace("getIdentity called");
204       Principal   principal = new SimplePrincipal(userName);
205       return principal;
206    }
207 
208    protected Group  [] getRoleSets() throws LoginException  
209    {
210       log.trace("getRoleSets called");
211       return new Group  []{};
212    }
213 }
214
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags