001 /** 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017 package org.apache.geronimo.security.jaas; 018 019 import java.util.Arrays; 020 import java.util.Collections; 021 import java.util.List; 022 import java.util.Map; 023 import java.util.Set; 024 import javax.security.auth.spi.LoginModule; 025 import javax.security.auth.Subject; 026 import javax.security.auth.DestroyFailedException; 027 import javax.security.auth.login.LoginException; 028 import javax.security.auth.callback.CallbackHandler; 029 030 import org.apache.commons.logging.Log; 031 import org.apache.commons.logging.LogFactory; 032 033 /** 034 * ConfiguredIdentityNamedUsernamePasswordLoginModule adds a geronimo-specific NamedUsernamePasswordCredential 035 * to the subject constructed from the configured username, password, and credential name. This is useful in 036 * supplying fixed credentials to e.g. web service calls. 037 * 038 * Note that this places passwords to external services in configuration information. It may be more appropriate 039 * to use the GeronimoPropertiesFileMappedPasswordCredentialLoginModule or a run-as subject with a 040 * NamedUsernamePasswordCredentialLoginModule although the latter solution may put a credential in a 041 * credential store configuration. 042 * 043 * This login module does not check credentials so it should never be able to cause a login to succeed. 044 * Therefore the lifecycle methods must return false to indicate success or throw a LoginException to indicate failure. 045 * 046 * @version $Rev: 706640 $ $Date: 2008-10-21 14:44:05 +0000 (Tue, 21 Oct 2008) $ 047 */ 048 public class ConfiguredIdentityNamedUsernamePasswordLoginModule implements LoginModule { 049 private static Log log = LogFactory.getLog(ConfiguredIdentityNamedUsernamePasswordLoginModule.class); 050 051 public static final String CREDENTIAL_NAME = "org.apache.geronimo.jaas.NamedUsernamePasswordCredential.Name"; 052 public static final String USER_NAME = "org.apache.geronimo.jaas.NamedUsernamePasswordCredential.Username"; 053 public static final String PASSWORD = "org.apache.geronimo.jaas.NamedUsernamePasswordCredential.Password"; 054 public final static List<String> supportedOptions = Collections.unmodifiableList(Arrays.asList(CREDENTIAL_NAME, USER_NAME, PASSWORD)); 055 056 private Subject subject; 057 private NamedUsernamePasswordCredential namedUsernamePasswordCredential; 058 private String name, username, password; 059 060 public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { 061 this.subject = subject; 062 for(Object option: options.keySet()) { 063 if(!supportedOptions.contains(option) && !JaasLoginModuleUse.supportedOptions.contains(option) 064 && !WrappingLoginModule.supportedOptions.contains(option)) { 065 log.warn("Ignoring option: "+option+". Not supported."); 066 } 067 } 068 name = (String) options.get(CREDENTIAL_NAME); 069 username = (String) options.get(USER_NAME); 070 password = (String) options.get(PASSWORD); 071 } 072 073 public boolean login() throws LoginException { 074 return false; 075 } 076 077 public boolean commit() throws LoginException { 078 if (subject.isReadOnly()) { 079 throw new LoginException("Subject is ReadOnly"); 080 } 081 082 namedUsernamePasswordCredential = new NamedUsernamePasswordCredential(username, password.toCharArray(), name); 083 subject.getPrivateCredentials().add(namedUsernamePasswordCredential); 084 085 return false; 086 } 087 088 public boolean abort() throws LoginException { 089 return logout(); 090 } 091 092 public boolean logout() throws LoginException { 093 if (namedUsernamePasswordCredential == null) { 094 return false; 095 } 096 097 Set pvtCreds = subject.getPrivateCredentials(); 098 if (!subject.isReadOnly()) { 099 pvtCreds.remove(namedUsernamePasswordCredential); 100 } 101 102 try { 103 namedUsernamePasswordCredential.destroy(); 104 } catch (DestroyFailedException e) { 105 // do nothing 106 } 107 namedUsernamePasswordCredential = null; 108 109 return false; 110 } 111 }