001    /**
002     *  Licensed to the Apache Software Foundation (ASF) under one or more
003     *  contributor license agreements.  See the NOTICE file distributed with
004     *  this work for additional information regarding copyright ownership.
005     *  The ASF licenses this file to You under the Apache License, Version 2.0
006     *  (the "License"); you may not use this file except in compliance with
007     *  the License.  You may obtain a copy of the License at
008     *
009     *     http://www.apache.org/licenses/LICENSE-2.0
010     *
011     *  Unless required by applicable law or agreed to in writing, software
012     *  distributed under the License is distributed on an "AS IS" BASIS,
013     *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014     *  See the License for the specific language governing permissions and
015     *  limitations under the License.
016     */
017    package org.apache.geronimo.security.jaas;
018    
019    import java.util.Map;
020    import java.util.Set;
021    import javax.security.auth.spi.LoginModule;
022    import javax.security.auth.Subject;
023    import javax.security.auth.DestroyFailedException;
024    import javax.security.auth.login.LoginException;
025    import javax.security.auth.callback.CallbackHandler;
026    
027    /**
028     * ConfiguredIdentityNamedUsernamePasswordLoginModule adds a geronimo-specific NamedUsernamePasswordCredential
029     * to the subject constructed from the configured username, password, and credential name.  This is useful in
030     * supplying fixed credentials to e.g. web service calls.
031     *
032     * Note that this places passwords to external services in configuration information.  It may be more appropriate
033     * to use the GeronimoPropertiesFileMappedPasswordCredentialLoginModule or a run-as subject with a
034     * NamedUPCredentialLoginModule although the latter solution may put a credential in a
035     * credential store configuration.
036     *
037     * This login module does not check credentials so it should never be able to cause a login to succeed.
038     * Therefore the lifecycle methods must return false to indicate success or throw a LoginException to indicate failure.
039     *
040     * @version $Rev: 565912 $ $Date: 2007-08-14 17:03:11 -0400 (Tue, 14 Aug 2007) $
041     */
042    public class ConfiguredIdentityNamedUsernamePasswordLoginModule implements LoginModule {
043        public static final String CREDENTIAL_NAME = "org.apache.geronimo.jaas.NamedUsernamePasswordCredential.Name";
044        public static final String USER_NAME = "org.apache.geronimo.jaas.NamedUsernamePasswordCredential.Username";
045        public static final String PASSWORD = "org.apache.geronimo.jaas.NamedUsernamePasswordCredential.Password";
046    
047        private Subject subject;
048        private NamedUsernamePasswordCredential namedUsernamePasswordCredential;
049    
050        public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
051            this.subject = subject;
052            String name = (String) options.get(CREDENTIAL_NAME);
053            String username = (String) options.get(USER_NAME);
054            String password = (String) options.get(PASSWORD);
055            namedUsernamePasswordCredential = new NamedUsernamePasswordCredential(username, password.toCharArray(), name);
056        }
057    
058        public boolean login() throws LoginException {
059            return false;
060        }
061    
062        public boolean commit() throws LoginException {
063            if (subject.isReadOnly()) {
064                throw new LoginException("Subject is ReadOnly");
065            }
066    
067            Set pvtCreds = subject.getPrivateCredentials();
068            if (namedUsernamePasswordCredential != null && !pvtCreds.contains(namedUsernamePasswordCredential)) {
069                pvtCreds.add(namedUsernamePasswordCredential);
070            }
071            return false;
072        }
073    
074        public boolean abort() throws LoginException {
075            return logout();
076        }
077    
078        public boolean logout() throws LoginException {
079            if (namedUsernamePasswordCredential == null) {
080                return false;
081            }
082    
083            Set pvtCreds = subject.getPrivateCredentials(UsernamePasswordCredential.class);
084            if (pvtCreds.contains(namedUsernamePasswordCredential)) {
085                pvtCreds.remove(namedUsernamePasswordCredential);
086            }
087    
088            try {
089                namedUsernamePasswordCredential.destroy();
090            } catch (DestroyFailedException e) {
091                // do nothing
092            }
093            namedUsernamePasswordCredential = null;
094    
095            return false;
096        }
097    }