XmlLoginModule xref

View Javadoc

1   /*
2   jGuard is a security framework based on top of jaas (java authentication and authorization security).
3   it is written for web applications, to resolve simply, access control problems.
4   version $Name$
5   http://sourceforge.net/projects/jguard/
6   
7   Copyright (C) 2004  Charles GAY
8   
9   This library is free software; you can redistribute it and/or
10  modify it under the terms of the GNU Lesser General Public
11  License as published by the Free Software Foundation; either
12  version 2.1 of the License, or (at your option) any later version.
13  
14  This library is distributed in the hope that it will be useful,
15  but WITHOUT ANY WARRANTY; without even the implied warranty of
16  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
17  Lesser General Public License for more details.
18  
19  You should have received a copy of the GNU Lesser General Public
20  License along with this library; if not, write to the Free Software
21  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
22  
23  
24  jGuard project home page:
25  http://sourceforge.net/projects/jguard/
26  
27  */
28  package net.sf.jguard.ext.authentication.loginmodules;
29  
30  import java.util.HashMap;
31  import java.util.Iterator;
32  import java.util.Map;
33  import java.util.Set;
34  
35  import java.util.logging.Level;
36  import javax.security.auth.Subject;
37  import javax.security.auth.callback.CallbackHandler;
38  import javax.security.auth.login.CredentialException;
39  import javax.security.auth.login.LoginException;
40  import javax.security.auth.spi.LoginModule;
41  
42  import net.sf.jguard.core.CoreConstants;
43  import net.sf.jguard.core.PolicyEnforcementPointOptions;
44  import net.sf.jguard.core.authentication.AuthenticationException;
45  import net.sf.jguard.core.authentication.credentials.JGuardCredential;
46  import net.sf.jguard.core.authentication.manager.AuthenticationManager;
47  import net.sf.jguard.core.authentication.manager.AuthenticationManagerFactory;
48  import net.sf.jguard.ext.authentication.manager.XmlAuthenticationManager;
49  import org.slf4j.Logger;
50  import org.slf4j.LoggerFactory;
51  
52  
53  /**
54   * LoginModule configured by the <i>jGuardUsersPrincipals</i> XML file.<br>
55   * In webapp environement using JGuardConfiguration, the AuthenticationManager related to the LoginModule is created by AccessFilter.<br>
56   * In non-JGuardConfiguration environement, the LoginModule must create its AuthenticationManager, and applicationName
57   * is required for this creation.<br>
58   * In order to retreive the application name, XmlLoginModule uses the following ways :
59   * <ul>
60   * <li>trough vm arg : <code>net.sf.jguard.application.name</code> VM arg</li>
61   * <li>trough vm arg : <code>com.sun.management.jmxremote.login.config</code>
62   *  if you have already defined this property because you use JMX.
63   *  Do not set application name through this property if you are not using JMX !</li>
64   * </ul>
65   * If no applicationName is explicitly passed to the application, default application name "other" is used.
66   * @author <a href="mailto:diabolo512@users.sourceforge.net">Charles Gay</a>
67   * @see LoginModule
68   */
69  public class XmlLoginModule extends UserLoginModule implements LoginModule{
70  
71  
72  	/** Logger for this class */
73  	private static final Logger logger = LoggerFactory.getLogger(XmlLoginModule.class.getName());
74  
75          private Set users;
76  
77      /**
78       * initialize the loginModule.
79       * @param subj
80       * @param cbkHandler
81       * @param sState
82       * @param opts
83       */
84      public void initialize(Subject subj,CallbackHandler cbkHandler,Map sState,Map opts) {
85  		super.initialize(subj,cbkHandler,sState,opts);
86  
87          if (AuthenticationManagerFactory.getAuthenticationManager() == null){
88  
89          	Map newOpts = new HashMap();
90      		newOpts.putAll(opts);
91  
92          	if (opts.get(PolicyEnforcementPointOptions.APPLICATION_NAME.getLabel()) != null){
93          		// use XmlLoginModule options
94          		newOpts.put(PolicyEnforcementPointOptions.APPLICATION_NAME.getLabel(), opts.get(PolicyEnforcementPointOptions.APPLICATION_NAME.getLabel()));
95  
96          	}else{
97          		String appNameProp = System.getProperty("net.sf.jguard.application.name");
98  
99          		if (appNameProp != null){
100         			// use system property net.sf.jguard.application.name
101         			newOpts.put(PolicyEnforcementPointOptions.APPLICATION_NAME.getLabel(), appNameProp);
102 
103         		}else{
104         			String appNameJMXProp = System.getProperty("com.sun.management.jmxremote.login.config");
105 
106         			if (appNameJMXProp != null){
107         				logger.warn("Using JMX config for application name! " +
108         						"If you're not running JMX, prefer XmlLoginModule options or net.sf.jguard.applicationName vmarg");
109             			newOpts.put(PolicyEnforcementPointOptions.APPLICATION_NAME.getLabel(), appNameJMXProp);
110 
111         			}else{
112         				//use default applicationName
113             			newOpts.put(PolicyEnforcementPointOptions.APPLICATION_NAME.getLabel(), CoreConstants.DEFAULT_APPLICATION_NAME);
114         			}
115         		}
116         	}
117 
118         	try {
119         		AuthenticationManagerFactory.setAuthenticationManager(AuthenticationManagerFactory.createAuthenticationManager(XmlAuthenticationManager.class, newOpts));
120 			} catch (AuthenticationException e) {
121 				logger.error( " initialize ", e);
122 			}
123         }
124  		try {
125         	users = AuthenticationManagerFactory.getAuthenticationManager().getUsers();
126         } catch (AuthenticationException e) {
127 			logger.error( " initialize ", e);
128 		}
129     }
130 
131     /**
132 	 * Authenticate the user.
133 	 * @return true if the user is authenticated, false otherwise.
134 	 * @exception FailedLoginException authentication fails
135 	 * @exception LoginException if this <code>LoginModule</code> is unable to perform the authentication.
136 	 */
137 	public boolean login() throws LoginException{
138 	    super.login();
139              if (skipPasswordCheck || password==null) {
140                  return false;
141              }
142             AuthenticationManager authenticationManager = AuthenticationManagerFactory.getAuthenticationManager();
143             JGuardCredential loginCredential = new JGuardCredential();
144 			loginCredential.setName(authenticationManager.getCredentialId());
145 			loginCredential.setValue(login);
146 
147 			JGuardCredential passwordCredential = new JGuardCredential();
148 			passwordCredential.setName(authenticationManager.getCredentialPassword());
149 			passwordCredential.setValue(new String(password));
150 
151 	        Subject user;
152 	        Iterator it = users.iterator();
153 	        boolean authenticationSucceed = false;
154 	        
155 	        while(it.hasNext()){
156 	            user = (Subject)it.next();
157 	            Set privateCredentialsTemp = user.getPrivateCredentials();
158 	            if(privateCredentialsTemp.contains(loginCredential)){
159 	            	if((privateCredentialsTemp.contains(passwordCredential))||skipPasswordCheck){
160 
161 		            	//authentication succeed because one user has got cred1 and cred2
162 		            	globalPrincipals = user.getPrincipals();
163 		            	globalPrivateCredentials = user.getPrivateCredentials();
164 		            	globalPublicCredentials = user.getPublicCredentials();
165 		            	authenticationSucceed = true;
166 	            	}
167 	              break;
168 	            }
169 	        }
170 
171 	        if(authenticationSucceed==false){
172 	        	loginOK = false;
173 	        	throw new CredentialException(XmlLoginModule.LOGIN_ERROR);
174 	        }
175 
176 		return true;
177 	}
178 
179 
180    	
181 
182 
183 }