001 /** 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017 package org.apache.geronimo.security.jaas; 018 019 import java.util.Map; 020 import java.util.Set; 021 import javax.security.auth.spi.LoginModule; 022 import javax.security.auth.Subject; 023 import javax.security.auth.DestroyFailedException; 024 import javax.security.auth.login.LoginException; 025 import javax.security.auth.callback.CallbackHandler; 026 027 /** 028 * ConfiguredIdentityNamedUsernamePasswordLoginModule adds a geronimo-specific NamedUsernamePasswordCredential 029 * to the subject constructed from the configured username, password, and credential name. This is useful in 030 * supplying fixed credentials to e.g. web service calls. 031 * 032 * Note that this places passwords to external services in configuration information. It may be more appropriate 033 * to use the GeronimoPropertiesFileMappedPasswordCredentialLoginModule or a run-as subject with a 034 * NamedUPCredentialLoginModule although the latter solution may put a credential in a 035 * credential store configuration. 036 * 037 * This login module does not check credentials so it should never be able to cause a login to succeed. 038 * Therefore the lifecycle methods must return false to indicate success or throw a LoginException to indicate failure. 039 * 040 * @version $Rev: 565912 $ $Date: 2007-08-14 17:03:11 -0400 (Tue, 14 Aug 2007) $ 041 */ 042 public class ConfiguredIdentityNamedUsernamePasswordLoginModule implements LoginModule { 043 public static final String CREDENTIAL_NAME = "org.apache.geronimo.jaas.NamedUsernamePasswordCredential.Name"; 044 public static final String USER_NAME = "org.apache.geronimo.jaas.NamedUsernamePasswordCredential.Username"; 045 public static final String PASSWORD = "org.apache.geronimo.jaas.NamedUsernamePasswordCredential.Password"; 046 047 private Subject subject; 048 private NamedUsernamePasswordCredential namedUsernamePasswordCredential; 049 050 public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { 051 this.subject = subject; 052 String name = (String) options.get(CREDENTIAL_NAME); 053 String username = (String) options.get(USER_NAME); 054 String password = (String) options.get(PASSWORD); 055 namedUsernamePasswordCredential = new NamedUsernamePasswordCredential(username, password.toCharArray(), name); 056 } 057 058 public boolean login() throws LoginException { 059 return false; 060 } 061 062 public boolean commit() throws LoginException { 063 if (subject.isReadOnly()) { 064 throw new LoginException("Subject is ReadOnly"); 065 } 066 067 Set pvtCreds = subject.getPrivateCredentials(); 068 if (namedUsernamePasswordCredential != null && !pvtCreds.contains(namedUsernamePasswordCredential)) { 069 pvtCreds.add(namedUsernamePasswordCredential); 070 } 071 return false; 072 } 073 074 public boolean abort() throws LoginException { 075 return logout(); 076 } 077 078 public boolean logout() throws LoginException { 079 if (namedUsernamePasswordCredential == null) { 080 return false; 081 } 082 083 Set pvtCreds = subject.getPrivateCredentials(UsernamePasswordCredential.class); 084 if (pvtCreds.contains(namedUsernamePasswordCredential)) { 085 pvtCreds.remove(namedUsernamePasswordCredential); 086 } 087 088 try { 089 namedUsernamePasswordCredential.destroy(); 090 } catch (DestroyFailedException e) { 091 // do nothing 092 } 093 namedUsernamePasswordCredential = null; 094 095 return false; 096 } 097 }