00001
00026 package org.objectweb.jonas.security.realm.web.catalina50;
00027
00028 import java.security.Principal;
00029 import java.security.acl.Group;
00030 import java.security.cert.X509Certificate;
00031 import java.util.ArrayList;
00032 import java.util.Enumeration;
00033 import java.util.Iterator;
00034
00035 import javax.security.auth.Subject;
00036 import javax.security.auth.login.AccountExpiredException;
00037 import javax.security.auth.login.CredentialExpiredException;
00038 import javax.security.auth.login.FailedLoginException;
00039 import javax.security.auth.login.LoginContext;
00040 import javax.security.auth.login.LoginException;
00041
00042 import org.objectweb.util.monolog.api.BasicLevel;
00043 import org.objectweb.util.monolog.api.Logger;
00044
00045 import org.objectweb.jonas.common.Log;
00046 import org.objectweb.jonas.security.auth.callback.NoInputCallbackHandler;
00047
00048 import org.apache.catalina.LifecycleException;
00049 import org.apache.catalina.realm.GenericPrincipal;
00050 import org.apache.catalina.realm.RealmBase;
00051
00052 import org.objectweb.security.context.SecurityContext;
00053 import org.objectweb.security.context.SecurityCurrent;
00054
00055
00063 public class JAAS extends RealmBase {
00064
00068 private static final String NAME = "JRealmJAASCatalina50";
00069
00073 private static final String INFO = "org.objectweb.jonas.security.realm.JRealmJAASCatalina50/1.0";
00074
00078 private static final String JAAS_CONFIG_NAME = "tomcat";
00079
00083 private static Logger logger = null;
00084
00088 private X509Certificate cert = null;
00089
00090
00097 public String getInfo() {
00098 return INFO;
00099 }
00100
00107 public Principal authenticate(X509Certificate[] cert) {
00108 String headerCertificate = "##DN##";
00109
00110 String dn = headerCertificate.concat(cert[0].getSubjectDN().getName().replace('=', '#').replace(',', '%').replace(' ', '$'));
00111 this.cert = cert[0];
00112 return authenticate(dn, "");
00113 }
00114
00124 public Principal authenticate(String username, String credentials) {
00125
00126
00127 if (username == null) {
00128 log("No username so no authentication");
00129 return null;
00130 }
00131
00132 LoginContext loginContext = null;
00133 try {
00134 loginContext = new LoginContext(JAAS_CONFIG_NAME, new NoInputCallbackHandler(username, credentials, this.cert));
00135 } catch (LoginException e) {
00136 logger.log(BasicLevel.ERROR, "loginException for user :" + username);
00137 return null;
00138 }
00139
00140 Subject subject = null;
00141 try {
00142 loginContext.login();
00143 subject = loginContext.getSubject();
00144 if (subject == null) {
00145 if (logger.isLoggable(BasicLevel.ERROR)) {
00146 logger.log(BasicLevel.ERROR, "failedLoginlogin for user :" + username);
00147 }
00148 return null;
00149 }
00150 } catch (AccountExpiredException e) {
00151 if (logger.isLoggable(BasicLevel.ERROR)) {
00152 logger.log(BasicLevel.ERROR, "accountExpired for user :" + username);
00153 }
00154 return null;
00155 } catch (CredentialExpiredException e) {
00156 if (logger.isLoggable(BasicLevel.ERROR)) {
00157 logger.log(BasicLevel.ERROR, "credentialExpired for user :" + username);
00158 }
00159 return null;
00160 } catch (FailedLoginException e) {
00161 if (logger.isLoggable(BasicLevel.ERROR)) {
00162 logger.log(BasicLevel.ERROR, "failedLogin for user :" + username);
00163 }
00164 return null;
00165 } catch (LoginException e) {
00166 if (logger.isLoggable(BasicLevel.ERROR)) {
00167 logger.log(BasicLevel.ERROR, "loginException for user :" + username);
00168 }
00169 return null;
00170 }
00171
00172
00173 Iterator credentialsIterator = subject.getPrivateCredentials().iterator();
00174 String credential = (String) credentialsIterator.next();
00175
00176
00177 Iterator iterator = subject.getPrincipals(Principal.class).iterator();
00178 String userName = null;
00179 while (iterator.hasNext() && (userName == null)) {
00180 Principal principal = (Principal) iterator.next();
00181 if (!(principal instanceof Group)) {
00182 userName = principal.getName();
00183 }
00184 }
00185
00186
00187 if (userName == null) {
00188 logger.log(BasicLevel.ERROR, "No Username found in the subject");
00189 return null;
00190 }
00191
00192
00193 iterator = subject.getPrincipals(Group.class).iterator();
00194 ArrayList roles = new ArrayList();
00195 while (iterator.hasNext()) {
00196 Group group = (Group) iterator.next();
00197 Enumeration e = group.members();
00198 while (e.hasMoreElements()) {
00199 Principal p = (Principal) e.nextElement();
00200 roles.add(p.getName());
00201 }
00202 }
00203
00204 GenericPrincipal principal = new GenericPrincipal(this, userName, credential, roles);
00205
00206 SecurityContext ctx = new SecurityContext(userName, roles);
00207 SecurityCurrent current = SecurityCurrent.getCurrent();
00208 current.setSecurityContext(ctx);
00209
00210 return principal;
00211 }
00212
00213
00218 protected String getName() {
00219 return NAME;
00220 }
00221
00222
00228 protected String getPassword(String username) {
00229 return null;
00230 }
00231
00232
00238 protected Principal getPrincipal(String username) {
00239 return null;
00240 }
00241
00242
00249 public synchronized void start() throws LifecycleException {
00250
00251 if (logger == null) {
00252 logger = Log.getLogger(Log.JONAS_SECURITY_PREFIX);
00253 }
00254
00255
00256 super.start();
00257
00258 }
00259
00260
00267 public synchronized void stop() throws LifecycleException {
00268
00269 super.stop();
00270 }
00271
00272
00278 protected void log(String message) {
00279 logger.log(BasicLevel.DEBUG, message);
00280 }
00281
00282
00283 }