RunAsLoginModule


1   /*
2    * JBoss, the OpenSource WebOS
3    *
4    * Distributable under LGPL license.
5    * See terms of license at gnu.org.
6    */
7   package org.jboss.security.auth.spi;
8   
9   import java.util.Map  ;
10  import java.util.HashSet  ;
11  import javax.security.auth.Subject  ;
12  import javax.security.auth.callback.CallbackHandler  ;
13  import javax.security.auth.spi.LoginModule  ;
14  
15  import org.jboss.security.SecurityAssociation;
16  import org.jboss.security.SimplePrincipal;
17  import org.jboss.security.RunAsIdentity;
18  
19  /** A login module that establishes a run-as role for the duration of the login
20   * phase of authentication. It can be used to allow another login module
21   * interact with a secured EJB that provides authentication services.
22   *
23   * @author Scott.Stark@jboss.org
24   * @version $Revision: 1.6 $
25   */
26  public class RunAsLoginModule implements LoginModule  
27  {
28     private String   roleName;
29     private String   principalName;
30     private boolean pushedRole;
31  
32     /** Look for the roleName option that specifies the role to use as the
33      * run-as role. If not specified a default role name of nobody is used.
34      */
35     public void initialize(Subject   subject, CallbackHandler   handler,
36        Map   sharedState, Map   options)
37     {
38        roleName = (String  ) options.get("roleName");
39        if( roleName == null )
40           roleName = "nobody";
41  
42        principalName = (String  ) options.get("principalName");
43        if( principalName == null )
44           principalName = "nobody";
45     }
46  
47     /** Push the run as role using the SecurityAssociation.pushRunAsIdentity method
48      *@see SecurityAssociation#pushRunAsIdentity(RunAsIdentity)
49      */
50     public boolean login()
51     {
52        RunAsIdentity runAsRole = new RunAsIdentity(roleName, principalName);
53        SecurityAssociation.pushRunAsIdentity(runAsRole);
54        pushedRole = true;
55        return true;
56     }
57  
58     /** Calls abort to pop the run-as role
59      */
60     public boolean commit()
61     {
62        return abort();
63     }
64  
65     /** Pop the run as role using the SecurityAssociation.popRunAsIdentity method
66      *@see SecurityAssociation#popRunAsIdentity()
67      */
68     public boolean abort()
69     {
70        if( pushedRole == false )
71           return false;
72  
73        SecurityAssociation.popRunAsIdentity();
74        return true;
75     }
76  
77     public boolean logout()
78     {
79        return true;
80     }
81  }
82
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags