KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > jboss > security > auth > spi > UsersRolesLoginModule


1 /*
2  * JBoss, Home of Professional Open Source
3  *
4  * Distributable under LGPL license.
5  * See terms of license at gnu.org.
6  */
7 package org.jboss.security.auth.spi;
8
9 import java.io.IOException JavaDoc;
10 import java.util.Map JavaDoc;
11 import java.util.Properties JavaDoc;
12
13 import java.security.acl.Group JavaDoc;
14 import javax.security.auth.Subject JavaDoc;
15 import javax.security.auth.callback.CallbackHandler JavaDoc;
16 import javax.security.auth.login.LoginException JavaDoc;
17
18 /** A simple Properties map based login module that consults two Java Properties
19  formatted text files for username to password("users.properties") and
20  username to roles("roles.properties") mapping. The names of the properties
21  files may be overriden by the usersProperties and rolesProperties options.
22  The properties files are loaded during initialization using the thread context
23  class loader. This means that these files can be placed into the J2EE
24  deployment jar or the JBoss config directory.
25
26  The users.properties file uses a format:
27  username1=password1
28  username2=password2
29  ...
30
31  to define all valid usernames and their corresponding passwords.
32
33  The roles.properties file uses a format:
34  username1=role1,role2,...
35  username1.RoleGroup1=role3,role4,...
36  username2=role1,role3,...
37
38  to define the sets of roles for valid usernames. The "username.XXX" form of
39  property name is used to assign the username roles to a particular named
40  group of roles where the XXX portion of the property name is the group name.
41  The "username=..." form is an abbreviation for "username.Roles=...".
42  The following are therefore equivalent:
43  jduke=TheDuke,AnimatedCharacter
44  jduke.Roles=TheDuke,AnimatedCharacter
45
46  @author <a HREF="edward.kenworthy@crispgroup.co.uk">Edward Kenworthy</a>
47  @author Scott.Stark@jboss.org
48  @version $Revision: 1.16.4.5 $
49  */
50 public class UsersRolesLoginModule extends UsernamePasswordLoginModule
51 {
52    /** The name of the default properties resource containing user/passwords */
53    private String JavaDoc defaultUsersRsrcName = "defaultUsers.properties";
54    /** The name of the default properties resource containing user/roles */
55    private String JavaDoc defaultRolesRsrcName = "defaultRoles.properties";
56    /** The name of the properties resource containing user/passwords */
57    private String JavaDoc usersRsrcName = "users.properties";
58    /** The name of the properties resource containing user/roles */
59    private String JavaDoc rolesRsrcName = "roles.properties";
60    /** The users.properties mappings */
61    private Properties JavaDoc users;
62    /** The roles.properties mappings */
63    private Properties JavaDoc roles;
64    /** The character used to seperate the role group name from the username
65     * e.g., '.' in jduke.CallerPrincipal=...
66     */
67    private char roleGroupSeperator = '.';
68
69    /** Initialize this LoginModule.
70     *@param options - the login module option map. Supported options include:
71     usersProperties: The name of the properties resource containing
72     user/passwords. The default is "users.properties"
73
74     rolesProperties: The name of the properties resource containing user/roles
75     The default is "roles.properties".
76
77     roleGroupSeperator: The character used to seperate the role group name from
78       the username e.g., '.' in jduke.CallerPrincipal=... . The default = '.'.
79     defaultUsersProperties=string: The name of the properties resource containing
80       the username to password mappings that will be used as the defaults
81       Properties passed to the usersProperties Properties. This defaults to
82       defaultUsers.properties.
83   
84     defaultRolesProperties=string: The name of the properties resource containing
85       the username to roles mappings that will be used as the defaults
86       Properties passed to the usersProperties Properties. This defaults to
87       defaultRoles.properties.
88     */
89    public void initialize(Subject JavaDoc subject, CallbackHandler JavaDoc callbackHandler,
90       Map JavaDoc sharedState, Map JavaDoc options)
91    {
92       super.initialize(subject, callbackHandler, sharedState, options);
93       try
94       {
95          // Check for usersProperties & rolesProperties
96 String JavaDoc option = (String JavaDoc) options.get("usersProperties");
97          if (option != null)
98             usersRsrcName = option;
99          option = (String JavaDoc) options.get("defaultUsersProperties");
100          if (option != null)
101             defaultUsersRsrcName = option;
102          option = (String JavaDoc) options.get("rolesProperties");
103          if (option != null)
104             rolesRsrcName = option;
105          option = (String JavaDoc) options.get("defaultRolesProperties");
106          if (option != null)
107             defaultRolesRsrcName = option;
108          option = (String JavaDoc) options.get("roleGroupSeperator");
109          if( option != null )
110             roleGroupSeperator = option.charAt(0);
111          // Load the properties file that contains the list of users and passwords
112 users = createUsers(options);
113          roles = createRoles(options);
114       }
115       catch (Exception JavaDoc e)
116       {
117          /* Note that although this exception isn't passed on, users or roles
118             will be null so that any call to login will throw a LoginException.
119          */
120          super.log.error("Failed to load users/passwords/role files", e);
121       }
122    }
123
124    /** Method to authenticate a Subject (phase 1). This validates that the
125     *users and roles properties files were loaded and then calls
126     *super.login to perform the validation of the password.
127     *@exception LoginException thrown if the users or roles properties files
128     *were not found or the super.login method fails.
129     */
130    public boolean login() throws LoginException JavaDoc
131    {
132       if (users == null)
133          throw new LoginException JavaDoc("Missing users.properties file.");
134       if (roles == null)
135          throw new LoginException JavaDoc("Missing roles.properties file.");
136
137       return super.login();
138    }
139
140    /** Create the set of roles the user belongs to by parsing the roles.properties
141     data for username=role1,role2,... and username.XXX=role1,role2,...
142     patterns.
143     @return Group[] containing the sets of roles
144     */
145    protected Group JavaDoc[] getRoleSets() throws LoginException JavaDoc
146    {
147       String JavaDoc targetUser = getUsername();
148       Group JavaDoc[] roleSets = Util.getRoleSets(targetUser, roles, roleGroupSeperator, this);
149       return roleSets;
150    }
151
152    protected String JavaDoc getUsersPassword()
153    {
154       String JavaDoc username = getUsername();
155       String JavaDoc password = null;
156       if (username != null)
157          password = users.getProperty(username, null);
158       return password;
159    }
160
161 // utility methods
162
163    /**
164     * Loads the users Properties from the defaultUsersRsrcName and usersRsrcName
165     * resource settings.
166     *
167     * @throws IOException - thrown on failure to load the properties file.
168     */
169    protected void loadUsers() throws IOException JavaDoc
170    {
171       users = Util.loadProperties(defaultUsersRsrcName, usersRsrcName, log);
172    }
173    /**
174     * A hook to allow subclasses to create the users Properties map. This
175     * implementation simply calls loadUsers() and returns the users ivar.
176     * Subclasses can override to obtain the users Properties map in a different
177     * way.
178     *
179     * @param options - the login module options passed to initialize
180     * @return Properties map used for the username/password mapping.
181     * @throws IOException - thrown on failure to load the properties
182     */
183    protected Properties JavaDoc createUsers(Map JavaDoc options) throws IOException JavaDoc
184    {
185       loadUsers();
186       return this.users;
187    }
188
189    /**
190     * Loads the roles Properties from the defaultRolesRsrcName and rolesRsrcName
191     * resource settings.
192     *
193     * @throws IOException - thrown on failure to load the properties file.
194     */
195    protected void loadRoles() throws IOException JavaDoc
196    {
197       roles = Util.loadProperties(defaultRolesRsrcName, rolesRsrcName, log);
198    }
199    /**
200     * A hook to allow subclasses to create the roles Properties map. This
201     * implementation simply calls loadRoles() and returns the roles ivar.
202     * Subclasses can override to obtain the roles Properties map in a different
203     * way.
204     *
205     * @param options - the login module options passed to initialize
206     * @return Properties map used for the username/roles mapping.
207     * @throws IOException - thrown on failure to load the properties
208     */
209    protected Properties JavaDoc createRoles(Map JavaDoc options) throws IOException JavaDoc
210    {
211       loadRoles();
212       return this.roles;
213    }
214
215    /** Parse the comma delimited roles names given by value and add them to
216     * group. The type of Principal created for each name is determined by
217     * the createIdentity method.
218     *
219     * @see #createIdentity(String)
220     *
221     * @param group - the Group to add the roles to.
222     * @param roles - the comma delimited role names.
223     */
224    protected void parseGroupMembers(Group JavaDoc group, String JavaDoc roles)
225    {
226       Util.parseGroupMembers(group, roles, this);
227    }
228
229 }
230
Popular Tags