CertRolesLoginModule


1   /*
2    * JBoss, Home of Professional Open Source
3    *
4    * Distributable under LGPL license.
5    * See terms of license at gnu.org.
6    */
7   package org.jboss.security.auth.spi;
8   
9   import java.io.IOException  ;
10  import java.security.acl.Group  ;
11  import java.util.Map  ;
12  import java.util.Properties  ;
13  
14  import javax.security.auth.Subject  ;
15  import javax.security.auth.callback.CallbackHandler  ;
16  import javax.security.auth.login.LoginException  ;
17  
18  /**
19   * Certificate Login Module that uses a properties file to store role information.
20   * This works just like the UsersRolesLoginModule, only without the users.properties
21   * file. In fact, all the role handling code was borrowed directly from that
22   * class.
23   * 
24   * @author <a HREF="mailto:jasone@greenrivercomputing.com">Jason Essington</a>
25   * @author Scott.Stark@jboss.org
26   * @version $Revision: 1.2.4.2 $
27   * @see org.jboss.security.auth.spi.BaseCertLoginModule
28   */
29  public class CertRolesLoginModule extends BaseCertLoginModule
30  {
31     /** The name of the default properties resource containing user/roles */
32     private String   defaultRolesRsrcName = "defaultRoles.properties";
33     /**
34      * The name of the properties resource containing user/roles
35      */
36     private String   rolesRsrcName = "roles.properties";
37     /**
38      * The roles.properties mappings
39      */
40     private Properties   roles;
41     /** The character used to seperate the role group name from the username
42      * e.g., '.' in jduke.CallerPrincipal=...
43      */
44     private char roleGroupSeperator = '.';
45     /** Logging trace flag */
46     private boolean trace;
47  
48     /**
49      * Initialize this LoginModule.
50      * 
51      * @param options - the login module option map. Supported options include:
52      rolesProperties: The name of the properties resource containing user/roles
53        the default is "roles.properties".
54      roleGroupSeperator: The character used to seperate the role group name from
55        the username e.g., '.' in jduke.CallerPrincipal=... . The default = '.'.
56    
57      defaultRolesProperties=string: The name of the properties resource containing
58        the username to roles mappings that will be used as the defaults
59        Properties passed to the usersProperties Properties. This defaults to
60        defaultRoles.properties.
61      */
62     public void initialize(Subject   subject, CallbackHandler   callbackHandler,
63        Map   sharedState, Map   options)
64     {
65        super.initialize(subject, callbackHandler, sharedState, options);
66        trace = log.isTraceEnabled();
67        if( trace )
68           log.trace("enter: initialize(Subject, CallbackHandler, Map, Map)");
69  
70        try
71        {
72           String   option = (String  ) options.get("rolesProperties");
73           if (option != null)
74              rolesRsrcName = option;
75           option = (String  ) options.get("defaultRolesProperties");
76           if (option != null)
77              defaultRolesRsrcName = option;
78           option = (String  ) options.get("roleGroupSeperator");
79           if( option != null )
80              roleGroupSeperator = option.charAt(0);
81           // Load the properties file that contains the list of users and passwords
82           loadRoles();
83        }
84        catch (Exception   e)
85        {
86           // Note that although this exception isn't passed on, users or roles will be null
87           // so that any call to login will throw a LoginException.
88           super.log.error("Failed to load users/passwords/role files", e);
89        }
90  
91        if( trace )
92           log.trace("exit: initialize(Subject, CallbackHandler, Map, Map)");
93     }
94  
95     public boolean login() throws LoginException  
96     {
97        if( trace )
98           log.trace("enter: login()");
99  
100       if (roles == null)
101          throw new LoginException  ("Missing roles.properties file.");
102       boolean wasSuccessful = super.login();
103 
104       if( trace )
105          log.trace("exit: login()");
106 
107       return wasSuccessful;
108    }
109 
110    /**
111     * This method is pretty much straight from the UsersRolesLoginModule.
112     * @see org.jboss.security.auth.spi.UsersRolesLoginModule#getRoleSets
113     */
114    protected Group  [] getRoleSets() throws LoginException  
115    {
116       if( trace )
117          log.trace("enter: getRoleSets()");
118       String   targetUser = getUsername();
119       Group  [] roleSets = Util.getRoleSets(targetUser, roles, roleGroupSeperator, this);
120       if( trace )
121          log.trace("exit: getRoleSets()");
122       return roleSets;
123    }
124 
125    private void loadRoles() throws IOException  
126    {
127       roles = Util.loadProperties(defaultRolesRsrcName, rolesRsrcName, log);
128    }
129 
130 }
131
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags