JAASOfficer


1   /**
2    * Copyright (C) 2003-2005 Funambol
3    *
4    * This program is free software; you can redistribute it and/or modify
5    * it under the terms of the GNU General Public License as published by
6    * the Free Software Foundation; either version 2 of the License, or
7    * (at your option) any later version.
8    *
9    * This program is distributed in the hope that it will be useful,
10   * but WITHOUT ANY WARRANTY; without even the implied warranty of
11   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12   * GNU General Public License for more details.
13   *
14   * You should have received a copy of the GNU General Public License
15   * along with this program; if not, write to the Free Software
16   * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA 
17   */
18  package sync4j.framework.security;
19  
20  import java.util.logging.Logger  ;
21  import java.util.logging.Level  ;
22  
23  import java.security.Principal  ;
24  import javax.security.auth.*;
25  import javax.security.auth.login.*;
26  import javax.security.*;
27  
28  import sync4j.framework.security.Officer;
29  import sync4j.framework.security.jaas.CredentialHandler;
30  import sync4j.framework.logging.Sync4jLogger;
31  import sync4j.framework.core.Cred;
32  
33  /**
34   * This implementation of <i>Officier</i> uses JAAS for authentication and
35   * authorization.
36   * <p>
37   * In order to use this implementation, remember to set the system property
38   * java.security.auth.login.config accordingly as specified in JAAS documentation
39   * or in the documentation of the application server in use.<br>
40   * For example, in the case of the J2EE RI, in order to use the SimpleLoginModule
41   * delivered with the framework, the following lines have to be added to the
42   * file <i>{J2EESDK_HOME}/lib/security/login.config</i>:
43   * <pre>
44   * sync4j {
45   *   sync4j.framework.security.jaas.SimpleLoginModule required required debug=true;
46   * }
47   * </pre>
48   * The security policy must be changed as well; add the following lines to the
49   * file <i>{J2EESDK_HOME}/lib/security/server.policy</i>:
50   * <pre>
51   * permission javax.security.auth.AuthPermission "createLoginContext.sync4j";
52     permission javax.security.auth.AuthPermission "modifyPrincipals";
53   * </pre>
54   *
55   * TO DO: authorization
56   *
57   * @author  Stefano Fornari @ Funambol.com
58   * @version $Id: JAASOfficer.java,v 1.14 2005/03/02 20:57:38 harrie Exp $
59   */
60  public class JAASOfficer implements Officer, java.io.Serializable   {
61     
62      // ---------------------------------------------------------- Protected data
63  
64      protected transient Logger   log = Sync4jLogger.getLogger();
65  
66      // -------------------------------------------------------------- Properties
67  
68      /**
69       * Has the last login failed for incorrect login/password?
70       */
71      private boolean loginFailed = false;
72  
73      public boolean isLoginFailed() {
74          return loginFailed;
75      }
76  
77      /**
78       * Has the last login failed for expired temporary login?
79       */
80      private boolean loginExpired = false;
81  
82      public boolean isAccountExpired() {
83          return loginExpired;
84      }
85  
86      /**
87       * Which type of authetication does impose the server?
88       */
89      private String   clientAuth = Cred.AUTH_TYPE_BASIC;
90      
91      public String   getClientAuth() {
92          return clientAuth;
93      }
94      public void setClientAuth(String   clientAuth) {
95          this.clientAuth = clientAuth;
96      }
97      
98      /**
99       * Which type of authetication use the server to send his credential?
100      */
101     private String   serverAuth = Cred.AUTH_NONE;
102     public String   getServerAuth() {
103         return this.serverAuth;
104     }
105     
106     public void setServerAuth(String   serverAuth) {
107         this.serverAuth = serverAuth;
108     }
109     
110     // ---------------------------------------------------------- Public methods
111 
112     /**
113      * Authenticates a credential based on the configured JAAS subsystem.
114      *
115      * @param credential the credential to be authenticated
116      *
117      * @return true if the credential is autenticated, false otherwise
118      */
119     public boolean authenticate(Cred credential) {
120         CredentialHandler handler = null;
121 
122         if (log.isLoggable(Level.INFO)) {
123             log.info("Authenticating credential: " + credential);
124         }
125 
126         try {
127             handler = new CredentialHandler(credential);
128             LoginContext lc = new LoginContext("sync4j", handler);
129             lc.login();
130 
131             if (log.isLoggable(Level.INFO)) {
132                 log.info(lc.getSubject() + " authenticated!");
133             }
134         } catch (AccountExpiredException e) {
135                 log.throwing(getClass().getName(), "authenticate", e);
136             if (log.isLoggable(Level.INFO)) {
137             log.info( "Login failed for "
138                     + handler.getLogin()
139                     );
140             }
141 
142             loginFailed  = false;
143             loginExpired = true;
144 
145             return false;
146         } catch (FailedLoginException e) {
147             log.throwing(getClass().getName(), "authenticate", e);
148             if (log.isLoggable(Level.INFO)) {
149             log.info( "Login failed for "
150                     + handler.getLogin()
151                     );
152             }
153 
154             loginFailed  = true;
155             loginExpired = false;
156 
157             return false;
158         } catch (LoginException e) {
159                 log.throwing(getClass().getName(), "authenticate", e);
160             if (log.isLoggable(Level.INFO)) {
161             log.info( "Login failed for "
162                     + handler.getLogin()
163                     );
164             }
165 
166             loginFailed  = false;
167             loginExpired = false;
168 
169             return false;
170         } catch (IllegalArgumentException   e) {
171             log.throwing(getClass().getName(), "authenticate", e);
172             return false;
173         } catch (Throwable   t) {
174             //
175             // Maybe a configuration error
176             //
177             t.printStackTrace();
178             return false;
179         }
180 
181         log.info( handler.getLogin() + " logged in");
182         return true;
183     }
184 
185     /**
186      * Authorizes a resource.
187      *
188      * @param principal the requesting entity
189      * @param resource the name (or the identifier) of the resource to be authorized
190      *
191      * @return true if the credential is authorized to access the resource, false
192      *         otherwise
193      */
194     public boolean authorize(Principal   principal, String   resource) {
195         return true;
196     }
197 
198     /** Un-authenticates a credential.
199      *
200      * @param credential the credential to be unauthenticated
201      */
202     public void unAuthenticate(Cred credential) {
203         //
204         // Do nothing. In the current implementation, the authentication is
205         // discarde as soon as the LoginContext is garbage collected.
206         //
207     }
208 
209     private void readObject(java.io.ObjectInputStream   in)
210     throws java.io.IOException  , ClassNotFoundException   {
211         in.defaultReadObject();
212         log = Sync4jLogger.getLogger();
213     }
214 }
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags