KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > objectweb > jonas > security > auth > spi > ClientLoginModule


1 /**
2  * JOnAS: Java(TM) Open Application Server
3  * Copyright (C) 1999-2004 Bull S.A.
4  * Contact: jonas-team@objectweb.org
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, write to the Free Software
18  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
19  * USA
20  *
21  * Initial developer: Florent BENOIT
22  * --------------------------------------------------------------------------
23  * $Id: ClientLoginModule.java,v 1.5 2005/04/12 15:40:21 benoitf Exp $
24  * --------------------------------------------------------------------------
25  */
26
27 package org.objectweb.jonas.security.auth.spi;
28
29 import java.security.Principal JavaDoc;
30 import java.security.acl.Group JavaDoc;
31 import java.util.ArrayList JavaDoc;
32 import java.util.Enumeration JavaDoc;
33 import java.util.Iterator JavaDoc;
34 import java.util.Map JavaDoc;
35 import java.util.Set JavaDoc;
36
37 import javax.security.auth.Subject JavaDoc;
38 import javax.security.auth.callback.CallbackHandler JavaDoc;
39 import javax.security.auth.login.LoginException JavaDoc;
40 import javax.security.auth.spi.LoginModule JavaDoc;
41
42 import org.objectweb.security.context.SecurityContext;
43 import org.objectweb.security.context.SecurityCurrent;
44
45
46 /**
47  * This class is used to propagate the Principal and roles to the server
48  * It doesn't make any authentication
49  * @author Florent Benoit
50  */
51 public class ClientLoginModule implements LoginModule JavaDoc {
52
53     /**
54      * Subject used
55      */
56     private Subject JavaDoc subject = null;
57
58     /**
59      * Options for this login module
60      */
61     private Map JavaDoc options = null;
62
63     /**
64      * Name of the principal
65      */
66     private String JavaDoc principalName = null;
67
68     /**
69      * Roles of the principal
70      */
71     private ArrayList JavaDoc principalRoles = null;
72
73     /**
74      * Set SecurityContext for all the JVM ?
75      */
76     private boolean globalContext = false;
77
78     /**
79      * Initialize this LoginModule.
80      * This method is called by the LoginContext after this LoginModule has been instantiated. The purpose of this method is to initialize this LoginModule with the relevant information. If this LoginModule does not understand any of the data stored in sharedState or options parameters, they can be ignored.
81      * @param subject the Subject to be authenticated.
82      * @param callbackHandler a CallbackHandler for communicating with the end user (prompting for usernames and passwords, for example).
83      * @param sharedState state shared with other configured LoginModules.
84      * @param options options specified in the login Configuration for this particular LoginModule.
85      */
86     public void initialize(Subject JavaDoc subject, CallbackHandler JavaDoc callbackHandler, Map JavaDoc sharedState, Map JavaDoc options) {
87         this.subject = subject;
88         this.options = options;
89         principalRoles = new ArrayList JavaDoc();
90     }
91
92
93     /**
94      * Method to authenticate a Subject (phase 1).
95      * The implementation of this method authenticates a Subject. For example, it may prompt for Subject information such as a username and password and then attempt to verify the password. This method saves the result of the authentication attempt as private state within the LoginModule.
96      * @return true if the authentication succeeded, or false if this LoginModule should be ignored.
97      * @throws LoginException if the authentication fails
98      */
99     public boolean login() throws LoginException JavaDoc {
100         // set context for all the JVM or not ?
101 String JavaDoc useGlobalCtx = (String JavaDoc) options.get("globalCtx");
102         if ((useGlobalCtx != null) && (Boolean.valueOf(useGlobalCtx).booleanValue())) {
103             globalContext = true;
104         }
105         return true;
106     }
107
108
109     /**
110      * Method to commit the authentication process (phase 2).
111      * This method is called if the LoginContext's overall authentication succeeded (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules succeeded).
112      * If this LoginModule's own authentication attempt succeeded (checked by retrieving the private state saved by the login method), then this method associates relevant Principals and Credentials with the Subject located in the LoginModule. If this LoginModule's own authentication attempted failed, then this method removes/destroys any state that was originally saved.
113      * @return true if this method succeeded, or false if this LoginModule should be ignored.
114      * @throws LoginException if the commit fails
115      */
116     public boolean commit() throws LoginException JavaDoc {
117
118         // Retrieve only principal name (without groups)
119 Set JavaDoc principals = subject.getPrincipals(Principal JavaDoc.class);
120         Iterator JavaDoc iterator = principals.iterator();
121         while (iterator.hasNext()) {
122             Principal JavaDoc principal = (Principal JavaDoc) iterator.next();
123             if (!(principal instanceof Group JavaDoc)) {
124                principalName = principal.getName();
125             }
126         }
127
128         // No name --> error
129 if (principalName == null) {
130             throw new LoginException JavaDoc("There was no previous login module. This login module can only be used in addition to another module which perform the authentication.");
131         }
132
133         // Retrieve all roles of the user (Roles are members of the Group.class)
134 principals = subject.getPrincipals(Group JavaDoc.class);
135         iterator = principals.iterator();
136         while (iterator.hasNext()) {
137             Group JavaDoc group = (Group JavaDoc) iterator.next();
138             Enumeration JavaDoc e = group.members();
139             while (e.hasMoreElements()) {
140                 Principal JavaDoc p = (Principal JavaDoc) e.nextElement();
141                 principalRoles.add(p.getName());
142             }
143         }
144
145         // Propagate username and roles
146 SecurityContext ctx = new SecurityContext(principalName, principalRoles);
147         SecurityCurrent current = SecurityCurrent.getCurrent();
148         if (globalContext) {
149             current.setGlobalSecurityContext(ctx);
150         } else {
151             current.setSecurityContext(ctx);
152         }
153
154         return true;
155     }
156
157
158     /**
159      * Method to abort the authentication process (phase 2).
160      * This method is called if the LoginContext's overall authentication failed. (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules did not succeed).
161      * If this LoginModule's own authentication attempt succeeded (checked by retrieving the private state saved by the login method), then this method cleans up any state that was originally saved.
162      * @return true if this method succeeded, or false if this LoginModule should be ignored.
163      * @throws LoginException if the abort fails
164      */
165     public boolean abort() throws LoginException JavaDoc {
166
167         // Do nothing (as all is done in the commit() phase)
168 return true;
169     }
170
171     /**
172      * Method which logs out a Subject.
173      * An implementation of this method might remove/destroy a Subject's Principals and Credentials.
174      * @return true if this method succeeded, or false if this LoginModule should be ignored.
175      * @throws LoginException if the logout fails
176      */
177     public boolean logout() throws LoginException JavaDoc {
178
179         // Unset the principal name
180 SecurityContext ctx = new SecurityContext();
181         SecurityCurrent current = SecurityCurrent.getCurrent();
182         current.setSecurityContext(ctx);
183
184         return true;
185
186     }
187
188 }
189
Popular Tags