ClientLoginModule.java

package org.objectweb.jonas.security.auth.spi;

import java.security.Principal;
import java.security.acl.Group;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;

import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

import org.objectweb.security.context.SecurityContext;
import org.objectweb.security.context.SecurityCurrent;


public class ClientLoginModule implements LoginModule {

    private Subject subject = null;

    private CallbackHandler callbackHandler = null;

    private Map sharedState = null;

    private Map options = null;

    private String principalName = null;

    private ArrayList principalRoles = null;

    private boolean globalContext = false;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.sharedState = sharedState;
        this.options = options;
        principalRoles = new ArrayList();
    }


    public boolean login() throws LoginException {
        // set context for all the JVM or not ?
        String useGlobalCtx = (String) options.get("globalCtx");
        if ((useGlobalCtx != null) && (Boolean.valueOf(useGlobalCtx).booleanValue())) {
            globalContext = true;
        }
        return true;
    }


    public boolean commit() throws LoginException {

        // Retrieve only principal name (without groups)
        Set principals = subject.getPrincipals(Principal.class);
        Iterator iterator = principals.iterator();
        while (iterator.hasNext()) {
            Principal principal = (Principal) iterator.next();
            if (!(principal instanceof Group)) {
               principalName = principal.getName();
            }
        }

        // No name --> error
        if (principalName == null) {
            throw new LoginException("There was no previous login module. This login module can only be used in addition to another module which perform the authentication.");
        }

        // Retrieve all roles of the user (Roles are members of the Group.class)
        principals = subject.getPrincipals(Group.class);
        iterator = principals.iterator();
        while (iterator.hasNext()) {
            Group group = (Group) iterator.next();
            Enumeration e = group.members();
            while (e.hasMoreElements()) {
                Principal p = (Principal) e.nextElement();
                principalRoles.add(p.getName());
            }
        }

        // Propagate username and roles
        SecurityContext ctx = new SecurityContext(principalName, principalRoles);
        SecurityCurrent current = SecurityCurrent.getCurrent();
        if (globalContext) {
            current.setGlobalSecurityContext(ctx);
        } else {
            current.setSecurityContext(ctx);
        }

        return true;
    }


    public boolean abort() throws LoginException {

        // Do nothing (as all is done in the commit() phase)
        return true;
    }

    public boolean logout() throws LoginException {

        // Unset the principal name
        SecurityContext ctx = new SecurityContext();
        SecurityCurrent current = SecurityCurrent.getCurrent();
        current.setSecurityContext(ctx);

        return true;

    }

}

---