KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > jboss > resource > security > JaasSecurityDomainIdentityLoginModule


1 /*
2 * JBoss, Home of Professional Open Source
3 * Copyright 2005, JBoss Inc., and individual contributors as indicated
4 * by the @authors tag. See the copyright.txt in the distribution for a
5 * full listing of individual contributors.
6 *
7 * This is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU Lesser General Public License as
9 * published by the Free Software Foundation; either version 2.1 of
10 * the License, or (at your option) any later version.
11 *
12 * This software is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this software; if not, write to the Free
19 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20 * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21 */

22 package org.jboss.resource.security;
23
24 import java.security.acl.Group JavaDoc;
25 import java.security.Principal JavaDoc;
26 import java.security.PrivilegedExceptionAction JavaDoc;
27 import java.security.AccessController JavaDoc;
28 import java.security.PrivilegedActionException JavaDoc;
29 import java.util.Map JavaDoc;
30 import javax.resource.spi.security.PasswordCredential JavaDoc;
31 import javax.security.auth.Subject JavaDoc;
32 import javax.security.auth.callback.CallbackHandler JavaDoc;
33 import javax.security.auth.login.LoginException JavaDoc;
34 import javax.management.ObjectName JavaDoc;
35 import javax.management.MBeanServer JavaDoc;
36
37 import org.jboss.security.SimplePrincipal;
38 import org.jboss.logging.Logger;
39
40 /** A login module for statically defining a data source username and password
41  that uses a password that has been ecrypted by a JaasSecurityDomain. The
42  base64 format of the data source password may be generated using the PBEUtils
43  command:
44  
45  java -cp jbosssx.jar org.jboss.security.plugins.PBEUtils salt count
46    domain-password data-source-password
47
48  salt : the Salt attribute from the JaasSecurityDomain
49  count : the IterationCount attribute from the JaasSecurityDomain
50  domain-password : the plaintext password that maps to the KeyStorePass
51    attribute from the JaasSecurityDomain
52  data-source-password : the plaintext password for the data source that
53    should be encrypted with the JaasSecurityDomain password
54
55  for example:
56
57  java -cp jbosssx.jar org.jboss.security.plugins.PBEUtils abcdefgh 13 master ''
58  Encoded password: E5gtGMKcXPP
59
60  A sample login-config.xml configuration entry would be:
61  
62  <application-policy name = "EncryptedHsqlDbRealm">
63     <authentication>
64        <login-module code = "org.jboss.resource.security.JaasSecurityDomainIdentityLoginModule"
65        flag = "required">
66           <module-option name = "userName">sa</module-option>
67           <module-option name = "password">E5gtGMKcXPP</module-option>
68           <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
69           <module-option name = "jaasSecurityDomain">jboss.security:service=JaasSecurityDomain,domain=ServerMasterPassword</module-option>
70        </login-module>
71     </authentication>
72  </application-policy>
73
74
75  @author Scott.Stark@jboss.org
76  @author <a HREF="mailto:noel.rocher@jboss.org">Noel Rocher</a> 29, june 2004 username & userName issue
77  @version $Revision: 37459 $
78  */

79 public class JaasSecurityDomainIdentityLoginModule
80    extends AbstractPasswordCredentialLoginModule
81 {
82    private static final Logger log = Logger.getLogger(JaasSecurityDomainIdentityLoginModule.class);
83
84    private String JavaDoc username;
85    private String JavaDoc password;
86    private ObjectName JavaDoc jaasSecurityDomain;
87
88    public void initialize(Subject JavaDoc subject, CallbackHandler JavaDoc handler,
89       Map JavaDoc sharedState, Map JavaDoc options)
90    {
91       super.initialize(subject, handler, sharedState, options);
92       // NR : we keep this username for compatibility
93
username = (String JavaDoc) options.get("username");
94       if( username == null )
95       {
96         // NR : try with userName
97
username = (String JavaDoc) options.get("userName");
98         if( username == null )
99         {
100          throw new IllegalArgumentException JavaDoc("The user name is a required option");
101         }
102      }
103
104       password = (String JavaDoc) options.get("password");
105       if( password == null )
106       {
107          throw new IllegalArgumentException JavaDoc("The password is a required option");
108       }
109
110       String JavaDoc name = (String JavaDoc) options.get("jaasSecurityDomain");
111       if( name == null )
112       {
113          throw new IllegalArgumentException JavaDoc("The jaasSecurityDomain is a required option");
114       }
115
116       try
117       {
118          jaasSecurityDomain = new ObjectName JavaDoc(name);
119       }
120       catch(Exception JavaDoc e)
121       {
122          throw new IllegalArgumentException JavaDoc("Invalid jaasSecurityDomain: " + e.getMessage());
123       }
124    }
125
126    public boolean login() throws LoginException JavaDoc
127    {
128       log.trace("login called");
129       if( super.login() == true )
130          return true;
131
132       super.loginOk = true;
133       return true;
134    }
135
136    public boolean commit() throws LoginException JavaDoc
137    {
138       Principal JavaDoc principal = new SimplePrincipal(username);
139       SubjectActions.addPrincipals(subject, principal);
140       sharedState.put("javax.security.auth.login.name", username);
141       // Decode the encrypted password
142
try
143       {
144          char[] decodedPassword = DecodeAction.decode(password,
145             jaasSecurityDomain, getServer());
146          PasswordCredential JavaDoc cred = new PasswordCredential JavaDoc(username, decodedPassword);
147          cred.setManagedConnectionFactory(getMcf());
148          SubjectActions.addCredentials(subject, cred);
149       }
150       catch(Exception JavaDoc e)
151       {
152          log.debug("Failed to decode password", e);
153          throw new LoginException JavaDoc("Failed to decode password: " + e.getMessage());
154       }
155       return true;
156    }
157
158    public boolean abort()
159    {
160       username = null;
161       password = null;
162       return true;
163    }
164
165    protected Principal JavaDoc getIdentity()
166    {
167       log.trace("getIdentity called, username=" + username);
168       Principal JavaDoc principal = new SimplePrincipal(username);
169       return principal;
170    }
171
172    protected Group JavaDoc[] getRoleSets() throws LoginException JavaDoc
173    {
174       Group JavaDoc[] empty = new Group JavaDoc[0];
175       return empty;
176    }
177
178    private static class DecodeAction implements PrivilegedExceptionAction JavaDoc
179    {
180       String JavaDoc password;
181       ObjectName JavaDoc jaasSecurityDomain;
182       MBeanServer JavaDoc server;
183       
184       DecodeAction(String JavaDoc password, ObjectName JavaDoc jaasSecurityDomain,
185          MBeanServer JavaDoc server)
186       {
187          this.password = password;
188          this.jaasSecurityDomain = jaasSecurityDomain;
189          this.server = server;
190       }
191
192       /**
193        *
194        * @return
195        * @throws Exception
196        */

197       public Object JavaDoc run() throws Exception JavaDoc
198       {
199          // Invoke the jaasSecurityDomain.decodeb64 op
200
Object JavaDoc[] args = {password};
201          String JavaDoc[] sig = {String JavaDoc.class.getName()};
202          byte[] secret = (byte[]) server.invoke(jaasSecurityDomain,
203             "decode64", args, sig);
204          // Convert to UTF-8 base char array
205
String JavaDoc secretPassword = new String JavaDoc(secret, "UTF-8");
206          return secretPassword.toCharArray();
207       }
208       static char[] decode(String JavaDoc password, ObjectName JavaDoc jaasSecurityDomain,
209          MBeanServer JavaDoc server)
210          throws Exception JavaDoc
211       {
212          DecodeAction action = new DecodeAction(password, jaasSecurityDomain, server);
213          try
214          {
215             char[] decode = (char[]) AccessController.doPrivileged(action);
216             return decode;
217          }
218          catch(PrivilegedActionException JavaDoc e)
219          {
220             throw e.getException();
221          }
222       }
223    }
224 }
225
Popular Tags