001 /** 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017 018 package org.apache.geronimo.connector.outbound.security; 019 020 import java.io.IOException; 021 import java.util.Map; 022 023 import javax.resource.spi.ManagedConnectionFactory; 024 import javax.resource.spi.security.PasswordCredential; 025 import javax.security.auth.Subject; 026 import javax.security.auth.callback.Callback; 027 import javax.security.auth.callback.CallbackHandler; 028 import javax.security.auth.callback.NameCallback; 029 import javax.security.auth.callback.PasswordCallback; 030 import javax.security.auth.callback.UnsupportedCallbackException; 031 import javax.security.auth.login.LoginException; 032 import javax.security.auth.spi.LoginModule; 033 034 /** 035 * CallerIdentityPasswordCredentialLoginModule uses the username and password from the CallbackHandler 036 * and a ManagedConnectionFactory from the Options to construct a j2ca PasswordCredential that can be 037 * used for j2ca container managed security. 038 * 039 * This login module does not check credentials so it should never be able to cause a login to succeed. 040 * Therefore the lifecycle methods must return false to indicate success or throw a LoginException to indicate failure. 041 * 042 * @version $Rev: 565912 $ $Date: 2007-08-14 17:03:11 -0400 (Tue, 14 Aug 2007) $ 043 * 044 * */ 045 public class CallerIdentityPasswordCredentialLoginModule implements LoginModule { 046 047 private Subject subject; 048 private CallbackHandler callbackHandler; 049 050 private ManagedConnectionFactory managedConnectionFactory; 051 052 private String resourcePrincipalName; 053 private String userName; 054 private char[] password; 055 056 public void initialize(Subject subject, CallbackHandler callbackHandler, 057 Map sharedState, Map options) { 058 this.subject = subject; 059 this.callbackHandler = callbackHandler; 060 managedConnectionFactory = (ManagedConnectionFactory) options.get(PasswordCredentialLoginModuleWrapper.MANAGED_CONNECTION_FACTORY_OPTION); 061 if (managedConnectionFactory == null) { 062 throw new IllegalArgumentException("No ManagedConnectionFactory supplied in options"); 063 } 064 } 065 066 public boolean login() throws LoginException { 067 if (managedConnectionFactory == null) { 068 return false; 069 } 070 Callback[] callbacks = new Callback[2]; 071 072 callbacks[0] = new NameCallback("User name"); 073 callbacks[1] = new PasswordCallback("Password", false); 074 try { 075 callbackHandler.handle(callbacks); 076 } catch (IOException ioe) { 077 throw (LoginException) new LoginException().initCause(ioe); 078 } catch (UnsupportedCallbackException uce) { 079 throw (LoginException) new LoginException().initCause(uce); 080 } 081 resourcePrincipalName = ((NameCallback) callbacks[0]).getName(); 082 userName = ((NameCallback) callbacks[0]).getName(); 083 password = ((PasswordCallback) callbacks[1]).getPassword(); 084 return false; 085 } 086 087 public boolean commit() throws LoginException { 088 if (resourcePrincipalName == null || userName == null || password == null) { 089 return false; 090 } 091 subject.getPrincipals().add(new ResourcePrincipal(resourcePrincipalName)); 092 PasswordCredential passwordCredential = new PasswordCredential(userName, password); 093 passwordCredential.setManagedConnectionFactory(managedConnectionFactory); 094 subject.getPrivateCredentials().add(passwordCredential); 095 return false; 096 } 097 098 public boolean abort() throws LoginException { 099 userName = null; 100 password = null; 101 return false; 102 } 103 104 public boolean logout() throws LoginException { 105 subject = null; 106 userName = null; 107 password = null; 108 return false; 109 } 110 }