Main Page | Packages | Class Hierarchy | Class List | File List | Class Members | Related Pages | Search for 
src / org / objectweb / jonas / security / realm / web / jetty50

JAAS.java

00001 
00027 package org.objectweb.jonas.security.realm.web.jetty50;
00028 
00029 import java.security.Principal;
00030 import java.security.acl.Group;
00031 import java.security.cert.X509Certificate;
00032 import java.util.ArrayList;
00033 import java.util.Enumeration;
00034 import java.util.Iterator;
00035 
00036 import javax.security.auth.Subject;
00037 import javax.security.auth.login.AccountExpiredException;
00038 import javax.security.auth.login.CredentialExpiredException;
00039 import javax.security.auth.login.FailedLoginException;
00040 import javax.security.auth.login.LoginContext;
00041 import javax.security.auth.login.LoginException;
00042 
00043 import org.mortbay.http.HttpRequest;
00044 
00045 import org.objectweb.jonas.security.auth.callback.NoInputCallbackHandler;
00046 
00047 import org.objectweb.security.context.SecurityContext;
00048 import org.objectweb.security.context.SecurityCurrent;
00049 
00050 import org.objectweb.util.monolog.api.BasicLevel;
00051 
00060 public class JAAS extends Standard {
00061 
00065     private static final String JAAS_CONFIG_NAME = "jetty";
00066 
00070     public JAAS() {
00071         super();
00072     }
00073 
00078     public JAAS(String name) {
00079         super();
00080         setName(name);
00081     }
00082 
00090     public Principal authenticate(String username, Object credentials, HttpRequest request) {
00091 
00092         // No authentication can be made with a null username
00093         if (username == null) {
00094             return null;
00095         }
00096 
00097         Principal jettyPrincipal = (Principal) getUsers().get(username);
00098         // User previously authenticated --> remove from the cache
00099         if (jettyPrincipal != null) {
00100             removeUser(username);
00101         }
00102 
00103         NoInputCallbackHandler noInputCH = null;
00104         LoginContext loginContext = null;
00105         if (credentials instanceof X509Certificate[]) {
00106             // Format the DN as a special username
00107             String headerCertificate = "##DN##";
00108             X509Certificate[] certs = (X509Certificate[]) credentials;
00109 
00110             username = certs[0].getSubjectDN().getName();
00111             String usernameCert = headerCertificate.concat(username.replace('=', '#').replace(',', '%').replace(' ',
00112                     '$'));
00113             // Fill the callback handler for the login module with DN and
00114             // certificate
00115             noInputCH = new NoInputCallbackHandler(usernameCert, "", certs[0]);
00116         } else {
00117             // Fill the callback handler for the login module with username and
00118             // password
00119             noInputCH = new NoInputCallbackHandler(username, (String) credentials, null);
00120         }
00121 
00122         //Establish a LoginContext to use for authentication
00123         try {
00124             loginContext = new LoginContext(JAAS_CONFIG_NAME, noInputCH);
00125         } catch (LoginException e) {
00126             getLogger().log(BasicLevel.WARN, "loginException : unable to create a LoginContext for : '" + username + "'. Error : " + e.getMessage());
00127             return null;
00128         }
00129 
00130         // Negotiate a login via this LoginContext
00131         Subject subject = null;
00132         try {
00133             loginContext.login();
00134             subject = loginContext.getSubject();
00135             if (subject == null) {
00136                 getLogger().log(BasicLevel.ERROR, "failedLogin for user :" + username);
00137                 return null;
00138             }
00139         } catch (AccountExpiredException e) {
00140             if (getLogger().isLoggable(BasicLevel.ERROR)) {
00141                 getLogger().log(BasicLevel.ERROR, "accountExpired for user :" + username);
00142             }
00143             return null;
00144         } catch (CredentialExpiredException e) {
00145             if (getLogger().isLoggable(BasicLevel.ERROR)) {
00146                 getLogger().log(BasicLevel.ERROR, "credentialExpired for user :" + username);
00147             }
00148             return null;
00149         } catch (FailedLoginException e) {
00150             if (getLogger().isLoggable(BasicLevel.ERROR)) {
00151                 getLogger().log(BasicLevel.ERROR, "failedLogin for user :" + username);
00152             }
00153             return null;
00154         } catch (LoginException e) {
00155             if (getLogger().isLoggable(BasicLevel.ERROR)) {
00156                 getLogger().log(BasicLevel.ERROR, "loginException for user :" + username);
00157             }
00158             return null;
00159         }
00160 
00161         // Get credentials iterators from the subject (first found)
00162         //Iterator credentialsIterator =
00163         // subject.getPrivateCredentials().iterator();
00164         //String credential = (String) credentialsIterator.next();
00165 
00166         // Retrieve first principal name found (without groups)
00167         Iterator iterator = subject.getPrincipals(Principal.class).iterator();
00168         String userName = null;
00169         while (iterator.hasNext() && (userName == null)) {
00170             Principal principal = (Principal) iterator.next();
00171             if (!(principal instanceof Group)) {
00172                 userName = principal.getName();
00173             }
00174         }
00175 
00176         // No name --> error
00177         if (userName == null) {
00178             getLogger().log(BasicLevel.ERROR, "No Username found in the subject");
00179             return null;
00180         }
00181 
00182         // Retrieve all roles of the user (Roles are members of the Group class)
00183         iterator = subject.getPrincipals(Group.class).iterator();
00184         ArrayList roles = new ArrayList();
00185         while (iterator.hasNext()) {
00186             Group group = (Group) iterator.next();
00187             Enumeration e = group.members();
00188             while (e.hasMoreElements()) {
00189                 Principal p = (Principal) e.nextElement();
00190                 roles.add(p.getName());
00191             }
00192         }
00193 
00194         // Create a JettyPrincipal for Jetty
00195         JettyPrincipal principal = new JettyPrincipal(userName, roles);
00196 
00197         // Register the subject in the security context
00198         //SecurityContext ctx = new SecurityContext(subject);
00199         SecurityContext ctx = new SecurityContext(userName, roles);
00200         SecurityCurrent current = SecurityCurrent.getCurrent();
00201         current.setSecurityContext(ctx);
00202 
00203         // Add to cache
00204         addUser(username, principal);
00205 
00206         return principal;
00207     }
00208 
00209 }
Generated on Tue Feb 15 15:05:23 2005 for JOnAS by  doxygen 1.3.9.1