001 /** 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017 package org.apache.geronimo.security.realm.providers; 018 019 import java.io.IOException; 020 import java.util.Arrays; 021 import java.util.Collections; 022 import java.util.List; 023 import java.util.Map; 024 import java.util.Set; 025 import javax.security.auth.DestroyFailedException; 026 import javax.security.auth.Subject; 027 import javax.security.auth.callback.Callback; 028 import javax.security.auth.callback.CallbackHandler; 029 import javax.security.auth.callback.NameCallback; 030 import javax.security.auth.callback.PasswordCallback; 031 import javax.security.auth.callback.UnsupportedCallbackException; 032 import javax.security.auth.login.LoginException; 033 import javax.security.auth.spi.LoginModule; 034 035 import org.apache.commons.logging.Log; 036 import org.apache.commons.logging.LogFactory; 037 import org.apache.geronimo.security.jaas.JaasLoginModuleUse; 038 import org.apache.geronimo.security.jaas.NamedUsernamePasswordCredential; 039 import org.apache.geronimo.security.jaas.WrappingLoginModule; 040 041 042 /** 043 * Inserts named Username/Password credential into private credentials of Subject. 044 * <p/> 045 * If either the username or password is not passed in the callback handler, 046 * then the credential is not placed into the Subject. 047 * 048 * This login module does not check credentials so it should never be able to cause a login to succeed. 049 * Therefore the lifecycle methods must return false to indicate success or throw a LoginException to indicate failure. 050 * 051 * @version $Revision: 706640 $ $Date: 2008-10-21 14:44:05 +0000 (Tue, 21 Oct 2008) $ 052 */ 053 public class NamedUsernamePasswordCredentialLoginModule implements LoginModule { 054 private static Log log = LogFactory.getLog(NamedUsernamePasswordCredentialLoginModule.class); 055 056 public static final String CREDENTIAL_NAME = "Name"; 057 public static final String CREDENTIAL_NAME_LONG = NamedUsernamePasswordCredentialLoginModule.class.getName() + "." + CREDENTIAL_NAME; 058 public final static List<String> supportedOptions = Collections.unmodifiableList(Arrays.asList(CREDENTIAL_NAME, CREDENTIAL_NAME_LONG)); 059 060 private String name; 061 private Subject subject; 062 private CallbackHandler callbackHandler; 063 private NamedUsernamePasswordCredential nupCredential; 064 065 public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { 066 this.subject = subject; 067 this.callbackHandler = callbackHandler; 068 for(Object option: options.keySet()) { 069 if(!supportedOptions.contains(option) && !JaasLoginModuleUse.supportedOptions.contains(option) 070 && !WrappingLoginModule.supportedOptions.contains(option)) { 071 log.warn("Ignoring option: "+option+". Not supported."); 072 } 073 } 074 name = (String) options.get(CREDENTIAL_NAME); 075 if (name == null) { 076 name = (String) options.get(CREDENTIAL_NAME_LONG); 077 } 078 } 079 080 public boolean login() throws LoginException { 081 082 Callback[] callbacks = new Callback[2]; 083 084 callbacks[0] = new NameCallback("User name"); 085 callbacks[1] = new PasswordCallback("Password", false); 086 try { 087 callbackHandler.handle(callbacks); 088 } catch (IOException ioe) { 089 throw (LoginException) new LoginException().initCause(ioe); 090 } catch (UnsupportedCallbackException uce) { 091 throw (LoginException) new LoginException().initCause(uce); 092 } 093 094 String username = ((NameCallback) callbacks[0]).getName(); 095 char[] password = ((PasswordCallback) callbacks[1]).getPassword(); 096 097 if (username == null || password == null) return false; 098 099 nupCredential = new NamedUsernamePasswordCredential(username, password, name); 100 101 return false; 102 } 103 104 public boolean commit() throws LoginException { 105 106 if (subject.isReadOnly()) { 107 throw new LoginException("Subject is ReadOnly"); 108 } 109 110 Set pvtCreds = subject.getPrivateCredentials(); 111 if (nupCredential != null && !pvtCreds.contains(nupCredential)) { 112 pvtCreds.add(nupCredential); 113 } 114 115 return false; 116 } 117 118 public boolean abort() throws LoginException { 119 120 return logout(); 121 } 122 123 public boolean logout() throws LoginException { 124 125 if (nupCredential == null) return false; 126 127 if(!subject.isReadOnly()) { 128 subject.getPrivateCredentials().remove(nupCredential); 129 } 130 131 try { 132 nupCredential.destroy(); 133 } catch (DestroyFailedException e) { 134 // do nothing 135 } 136 nupCredential = null; 137 138 return false; 139 } 140 141 }