00001
00027 package org.objectweb.jonas.security.realm.web.jetty50;
00028
00029 import java.security.Principal;
00030 import java.security.acl.Group;
00031 import java.security.cert.X509Certificate;
00032 import java.util.ArrayList;
00033 import java.util.Enumeration;
00034 import java.util.Iterator;
00035
00036 import javax.security.auth.Subject;
00037 import javax.security.auth.login.AccountExpiredException;
00038 import javax.security.auth.login.CredentialExpiredException;
00039 import javax.security.auth.login.FailedLoginException;
00040 import javax.security.auth.login.LoginContext;
00041 import javax.security.auth.login.LoginException;
00042
00043 import org.mortbay.http.HttpRequest;
00044
00045 import org.objectweb.jonas.security.auth.callback.NoInputCallbackHandler;
00046
00047 import org.objectweb.security.context.SecurityContext;
00048 import org.objectweb.security.context.SecurityCurrent;
00049
00050 import org.objectweb.util.monolog.api.BasicLevel;
00051
00060 public class JAAS extends Standard {
00061
00065 private static final String JAAS_CONFIG_NAME = "jetty";
00066
00070 public JAAS() {
00071 super();
00072 }
00073
00078 public JAAS(String name) {
00079 super();
00080 setName(name);
00081 }
00082
00090 public Principal authenticate(String username, Object credentials, HttpRequest request) {
00091
00092
00093 if (username == null) {
00094 return null;
00095 }
00096
00097 Principal jettyPrincipal = (Principal) getUsers().get(username);
00098
00099 if (jettyPrincipal != null) {
00100 removeUser(username);
00101 }
00102
00103 NoInputCallbackHandler noInputCH = null;
00104 LoginContext loginContext = null;
00105 if (credentials instanceof X509Certificate[]) {
00106
00107 String headerCertificate = "##DN##";
00108 X509Certificate[] certs = (X509Certificate[]) credentials;
00109
00110 username = certs[0].getSubjectDN().getName();
00111 String usernameCert = headerCertificate.concat(username.replace('=', '#').replace(',', '%').replace(' ',
00112 '$'));
00113
00114
00115 noInputCH = new NoInputCallbackHandler(usernameCert, "", certs[0]);
00116 } else {
00117
00118
00119 noInputCH = new NoInputCallbackHandler(username, (String) credentials, null);
00120 }
00121
00122
00123 try {
00124 loginContext = new LoginContext(JAAS_CONFIG_NAME, noInputCH);
00125 } catch (LoginException e) {
00126 getLogger().log(BasicLevel.WARN, "loginException : unable to create a LoginContext for : '" + username + "'. Error : " + e.getMessage());
00127 return null;
00128 }
00129
00130
00131 Subject subject = null;
00132 try {
00133 loginContext.login();
00134 subject = loginContext.getSubject();
00135 if (subject == null) {
00136 getLogger().log(BasicLevel.ERROR, "failedLogin for user :" + username);
00137 return null;
00138 }
00139 } catch (AccountExpiredException e) {
00140 if (getLogger().isLoggable(BasicLevel.ERROR)) {
00141 getLogger().log(BasicLevel.ERROR, "accountExpired for user :" + username);
00142 }
00143 return null;
00144 } catch (CredentialExpiredException e) {
00145 if (getLogger().isLoggable(BasicLevel.ERROR)) {
00146 getLogger().log(BasicLevel.ERROR, "credentialExpired for user :" + username);
00147 }
00148 return null;
00149 } catch (FailedLoginException e) {
00150 if (getLogger().isLoggable(BasicLevel.ERROR)) {
00151 getLogger().log(BasicLevel.ERROR, "failedLogin for user :" + username);
00152 }
00153 return null;
00154 } catch (LoginException e) {
00155 if (getLogger().isLoggable(BasicLevel.ERROR)) {
00156 getLogger().log(BasicLevel.ERROR, "loginException for user :" + username);
00157 }
00158 return null;
00159 }
00160
00161
00162
00163
00164
00165
00166
00167 Iterator iterator = subject.getPrincipals(Principal.class).iterator();
00168 String userName = null;
00169 while (iterator.hasNext() && (userName == null)) {
00170 Principal principal = (Principal) iterator.next();
00171 if (!(principal instanceof Group)) {
00172 userName = principal.getName();
00173 }
00174 }
00175
00176
00177 if (userName == null) {
00178 getLogger().log(BasicLevel.ERROR, "No Username found in the subject");
00179 return null;
00180 }
00181
00182
00183 iterator = subject.getPrincipals(Group.class).iterator();
00184 ArrayList roles = new ArrayList();
00185 while (iterator.hasNext()) {
00186 Group group = (Group) iterator.next();
00187 Enumeration e = group.members();
00188 while (e.hasMoreElements()) {
00189 Principal p = (Principal) e.nextElement();
00190 roles.add(p.getName());
00191 }
00192 }
00193
00194
00195 JettyPrincipal principal = new JettyPrincipal(userName, roles);
00196
00197
00198
00199 SecurityContext ctx = new SecurityContext(userName, roles);
00200 SecurityCurrent current = SecurityCurrent.getCurrent();
00201 current.setSecurityContext(ctx);
00202
00203
00204 addUser(username, principal);
00205
00206 return principal;
00207 }
00208
00209 }