KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > objectweb > jonas > security > realm > web > jetty50 > JAAS


1 /**
2  * JOnAS: Java(TM) Open Application Server
3  * Copyright (C) 2004 Bull S.A.
4  * Contact: jonas-team@objectweb.org
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, write to the Free Software
18  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
19  * USA
20  *
21  * Initial developer: Florent BENOIT
22  * --------------------------------------------------------------------------
23  * $Id: JAAS.java,v 1.1 2004/06/01 13:27:09 benoitf Exp $
24  * --------------------------------------------------------------------------
25  */
26
27 package org.objectweb.jonas.security.realm.web.jetty50;
28
29 import java.security.Principal JavaDoc;
30 import java.security.acl.Group JavaDoc;
31 import java.security.cert.X509Certificate JavaDoc;
32 import java.util.ArrayList JavaDoc;
33 import java.util.Enumeration JavaDoc;
34 import java.util.Iterator JavaDoc;
35
36 import javax.security.auth.Subject JavaDoc;
37 import javax.security.auth.login.AccountExpiredException JavaDoc;
38 import javax.security.auth.login.CredentialExpiredException JavaDoc;
39 import javax.security.auth.login.FailedLoginException JavaDoc;
40 import javax.security.auth.login.LoginContext JavaDoc;
41 import javax.security.auth.login.LoginException JavaDoc;
42
43 import org.mortbay.http.HttpRequest;
44
45 import org.objectweb.jonas.security.auth.callback.NoInputCallbackHandler;
46
47 import org.objectweb.security.context.SecurityContext;
48 import org.objectweb.security.context.SecurityCurrent;
49
50 import org.objectweb.util.monolog.api.BasicLevel;
51
52 /**
53  * <p>
54  * Implementation of a JAAS Realm. (by a wrapper) It uses the entry
55  * JAAS_CONFIG_NAME from the JAAS config file
56  * @author Alexandre Thaveau (JAAS support with JOnAS)
57  * @author Marc-Antoine Bourgeot (JAAS support with JOnAS)
58  * @author Florent Benoit (Jetty 5.x)
59  */
60 public class JAAS extends Standard {
61
62     /**
63      * Name used in the JAAS config file
64      */
65     private static final String JavaDoc JAAS_CONFIG_NAME = "jetty";
66
67     /**
68      * Default Constructor
69      */
70     public JAAS() {
71         super();
72     }
73
74     /**
75      * Default Constructor
76      * @param name of the realm
77      */
78     public JAAS(String JavaDoc name) {
79         super();
80         setName(name);
81     }
82
83     /**
84      * Authenticate a user with a specific username and credentials
85      * @param username name of the user
86      * @param credentials credential of the user
87      * @param request httprequest
88      * @return a Jetty principal
89      */
90     public Principal JavaDoc authenticate(String JavaDoc username, Object JavaDoc credentials, HttpRequest request) {
91
92         // No authentication can be made with a null username
93 if (username == null) {
94             return null;
95         }
96
97         Principal JavaDoc jettyPrincipal = (Principal JavaDoc) getUsers().get(username);
98         // User previously authenticated --> remove from the cache
99 if (jettyPrincipal != null) {
100             removeUser(username);
101         }
102
103         NoInputCallbackHandler noInputCH = null;
104         LoginContext JavaDoc loginContext = null;
105         if (credentials instanceof X509Certificate JavaDoc[]) {
106             // Format the DN as a special username
107 String JavaDoc headerCertificate = "##DN##";
108             X509Certificate JavaDoc[] certs = (X509Certificate JavaDoc[]) credentials;
109
110             username = certs[0].getSubjectDN().getName();
111             String JavaDoc usernameCert = headerCertificate.concat(username.replace('=', '#').replace(',', '%').replace(' ',
112                     '$'));
113             // Fill the callback handler for the login module with DN and
114 // certificate
115 noInputCH = new NoInputCallbackHandler(usernameCert, "", certs[0]);
116         } else {
117             // Fill the callback handler for the login module with username and
118 // password
119 noInputCH = new NoInputCallbackHandler(username, (String JavaDoc) credentials, null);
120         }
121
122         //Establish a LoginContext to use for authentication
123 try {
124             loginContext = new LoginContext JavaDoc(JAAS_CONFIG_NAME, noInputCH);
125         } catch (LoginException JavaDoc e) {
126             getLogger().log(BasicLevel.WARN, "loginException : unable to create a LoginContext for : '" + username + "'. Error : " + e.getMessage());
127             return null;
128         }
129
130         // Negotiate a login via this LoginContext
131 Subject JavaDoc subject = null;
132         try {
133             loginContext.login();
134             subject = loginContext.getSubject();
135             if (subject == null) {
136                 getLogger().log(BasicLevel.ERROR, "failedLogin for user :" + username);
137                 return null;
138             }
139         } catch (AccountExpiredException JavaDoc e) {
140             if (getLogger().isLoggable(BasicLevel.ERROR)) {
141                 getLogger().log(BasicLevel.ERROR, "accountExpired for user :" + username);
142             }
143             return null;
144         } catch (CredentialExpiredException JavaDoc e) {
145             if (getLogger().isLoggable(BasicLevel.ERROR)) {
146                 getLogger().log(BasicLevel.ERROR, "credentialExpired for user :" + username);
147             }
148             return null;
149         } catch (FailedLoginException JavaDoc e) {
150             if (getLogger().isLoggable(BasicLevel.ERROR)) {
151                 getLogger().log(BasicLevel.ERROR, "failedLogin for user :" + username);
152             }
153             return null;
154         } catch (LoginException JavaDoc e) {
155             if (getLogger().isLoggable(BasicLevel.ERROR)) {
156                 getLogger().log(BasicLevel.ERROR, "loginException for user :" + username);
157             }
158             return null;
159         }
160
161         // Get credentials iterators from the subject (first found)
162 //Iterator credentialsIterator =
163 // subject.getPrivateCredentials().iterator();
164 //String credential = (String) credentialsIterator.next();
165
166         // Retrieve first principal name found (without groups)
167 Iterator JavaDoc iterator = subject.getPrincipals(Principal JavaDoc.class).iterator();
168         String JavaDoc userName = null;
169         while (iterator.hasNext() && (userName == null)) {
170             Principal JavaDoc principal = (Principal JavaDoc) iterator.next();
171             if (!(principal instanceof Group JavaDoc)) {
172                 userName = principal.getName();
173             }
174         }
175
176         // No name --> error
177 if (userName == null) {
178             getLogger().log(BasicLevel.ERROR, "No Username found in the subject");
179             return null;
180         }
181
182         // Retrieve all roles of the user (Roles are members of the Group class)
183 iterator = subject.getPrincipals(Group JavaDoc.class).iterator();
184         ArrayList JavaDoc roles = new ArrayList JavaDoc();
185         while (iterator.hasNext()) {
186             Group JavaDoc group = (Group JavaDoc) iterator.next();
187             Enumeration JavaDoc e = group.members();
188             while (e.hasMoreElements()) {
189                 Principal JavaDoc p = (Principal JavaDoc) e.nextElement();
190                 roles.add(p.getName());
191             }
192         }
193
194         // Create a JettyPrincipal for Jetty
195 JettyPrincipal principal = new JettyPrincipal(userName, roles);
196
197         // Register the subject in the security context
198 //SecurityContext ctx = new SecurityContext(subject);
199 SecurityContext ctx = new SecurityContext(userName, roles);
200         SecurityCurrent current = SecurityCurrent.getCurrent();
201         current.setSecurityContext(ctx);
202
203         // Add to cache
204 addUser(username, principal);
205
206         return principal;
207     }
208
209 }
Popular Tags