Main Page | Packages | Class Hierarchy | Class List | File List | Class Members | Related Pages | Search for 
src / org / objectweb / jonas / security / realm / web / catalina50

JAAS.java

00001 
00026 package org.objectweb.jonas.security.realm.web.catalina50;
00027 
00028 import java.security.Principal;
00029 import java.security.acl.Group;
00030 import java.security.cert.X509Certificate;
00031 import java.util.ArrayList;
00032 import java.util.Enumeration;
00033 import java.util.Iterator;
00034 
00035 import javax.security.auth.Subject;
00036 import javax.security.auth.login.AccountExpiredException;
00037 import javax.security.auth.login.CredentialExpiredException;
00038 import javax.security.auth.login.FailedLoginException;
00039 import javax.security.auth.login.LoginContext;
00040 import javax.security.auth.login.LoginException;
00041 
00042 import org.objectweb.util.monolog.api.BasicLevel;
00043 import org.objectweb.util.monolog.api.Logger;
00044 
00045 import org.objectweb.jonas.common.Log;
00046 import org.objectweb.jonas.security.auth.callback.NoInputCallbackHandler;
00047 
00048 import org.apache.catalina.LifecycleException;
00049 import org.apache.catalina.realm.GenericPrincipal;
00050 import org.apache.catalina.realm.RealmBase;
00051 
00052 import org.objectweb.security.context.SecurityContext;
00053 import org.objectweb.security.context.SecurityCurrent;
00054 
00055 
00063 public class JAAS extends RealmBase {
00064 
00068     private static final String NAME = "JRealmJAASCatalina50";
00069 
00073     private static final String INFO = "org.objectweb.jonas.security.realm.JRealmJAASCatalina50/1.0";
00074 
00078     private static final String JAAS_CONFIG_NAME = "tomcat";
00079 
00083     private static Logger logger = null;
00084 
00088     private X509Certificate cert = null;
00089 
00090 
00097     public String getInfo() {
00098         return INFO;
00099     }
00100 
00107     public Principal authenticate(X509Certificate[] cert) {
00108         String headerCertificate = "##DN##";
00109         //concat the header certificate and replace the caracters
00110         String dn = headerCertificate.concat(cert[0].getSubjectDN().getName().replace('=', '#').replace(',', '%').replace(' ', '$'));
00111         this.cert = cert[0];
00112         return authenticate(dn, "");
00113     }
00114 
00124     public Principal authenticate(String username, String credentials) {
00125 
00126         // No authentication can be made with a null username
00127         if (username == null) {
00128             log("No username so no authentication");
00129             return null;
00130         }
00131         // Establish a LoginContext to use for authentication
00132         LoginContext loginContext = null;
00133         try {
00134             loginContext = new LoginContext(JAAS_CONFIG_NAME, new NoInputCallbackHandler(username, credentials, this.cert));
00135         } catch (LoginException e) {
00136             logger.log(BasicLevel.ERROR, "loginException for user :" + username);
00137             return null;
00138         }
00139         // Negotiate a login via this LoginContext
00140         Subject subject = null;
00141         try {
00142             loginContext.login();
00143             subject = loginContext.getSubject();
00144             if (subject == null) {
00145                 if (logger.isLoggable(BasicLevel.ERROR)) {
00146                     logger.log(BasicLevel.ERROR, "failedLoginlogin for user :" + username);
00147                 }
00148                 return null;
00149             }
00150         } catch (AccountExpiredException e) {
00151             if (logger.isLoggable(BasicLevel.ERROR)) {
00152                 logger.log(BasicLevel.ERROR, "accountExpired for user :" + username);
00153             }
00154             return null;
00155         } catch (CredentialExpiredException e) {
00156             if (logger.isLoggable(BasicLevel.ERROR)) {
00157                 logger.log(BasicLevel.ERROR, "credentialExpired for user :" + username);
00158             }
00159             return null;
00160         } catch (FailedLoginException e) {
00161             if (logger.isLoggable(BasicLevel.ERROR)) {
00162                 logger.log(BasicLevel.ERROR, "failedLogin for user :" + username);
00163             }
00164             return null;
00165         } catch (LoginException e) {
00166             if (logger.isLoggable(BasicLevel.ERROR)) {
00167                 logger.log(BasicLevel.ERROR, "loginException for user :" + username);
00168             }
00169             return null;
00170         }
00171 
00172         // Get credentials iterators from the subject
00173         Iterator credentialsIterator = subject.getPrivateCredentials().iterator();
00174         String credential = (String) credentialsIterator.next();
00175 
00176         // Retrieve first principal name found (without groups)
00177         Iterator iterator = subject.getPrincipals(Principal.class).iterator();
00178         String userName = null;
00179         while (iterator.hasNext() && (userName == null)) {
00180             Principal principal = (Principal) iterator.next();
00181             if (!(principal instanceof Group)) {
00182                userName = principal.getName();
00183             }
00184         }
00185 
00186         // No name --> error
00187         if (userName == null) {
00188             logger.log(BasicLevel.ERROR, "No Username found in the subject");
00189             return null;
00190         }
00191 
00192         // Retrieve all roles of the user (Roles are members of the Group.class)
00193         iterator = subject.getPrincipals(Group.class).iterator();
00194         ArrayList roles = new ArrayList();
00195         while (iterator.hasNext()) {
00196             Group group = (Group) iterator.next();
00197             Enumeration e = group.members();
00198             while (e.hasMoreElements()) {
00199                 Principal p = (Principal) e.nextElement();
00200                 roles.add(p.getName());
00201             }
00202         }
00203 
00204         GenericPrincipal principal = new GenericPrincipal(this, userName, credential, roles);
00205         //instanciation of the security context
00206         SecurityContext ctx = new SecurityContext(userName, roles);
00207         SecurityCurrent current = SecurityCurrent.getCurrent();
00208         current.setSecurityContext(ctx);
00209 
00210         return principal;
00211     }
00212 
00213 
00218     protected String getName() {
00219         return NAME;
00220     }
00221 
00222 
00228     protected String getPassword(String username) {
00229         return null;
00230     }
00231 
00232 
00238     protected Principal getPrincipal(String username) {
00239         return null;
00240     }
00241 
00242 
00249     public synchronized void start() throws LifecycleException {
00250 
00251         if (logger == null) {
00252             logger = Log.getLogger(Log.JONAS_SECURITY_PREFIX);
00253         }
00254 
00255         // Perform normal superclass initialization
00256         super.start();
00257 
00258     }
00259 
00260 
00267     public synchronized void stop() throws LifecycleException {
00268         // Perform normal superclass finalization
00269         super.stop();
00270    }
00271 
00272 
00278     protected void log(String message) {
00279         logger.log(BasicLevel.DEBUG, message);
00280     }
00281 
00282 
00283 }
Generated on Tue Feb 15 15:05:23 2005 for JOnAS by  doxygen 1.3.9.1