001 /**
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements. See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License. You may obtain a copy of the License at
008 *
009 * http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017
018 package org.apache.geronimo.security.realm.providers;
019
020 import java.util.Collections;
021 import java.util.List;
022 import java.util.Map;
023
024 import javax.security.auth.DestroyFailedException;
025 import javax.security.auth.Subject;
026 import javax.security.auth.callback.Callback;
027 import javax.security.auth.callback.CallbackHandler;
028 import javax.security.auth.callback.NameCallback;
029 import javax.security.auth.callback.PasswordCallback;
030 import javax.security.auth.callback.UnsupportedCallbackException;
031 import javax.security.auth.login.LoginException;
032 import javax.security.auth.spi.LoginModule;
033
034 import org.apache.commons.logging.Log;
035 import org.apache.commons.logging.LogFactory;
036 import org.apache.geronimo.security.jaas.JaasLoginModuleUse;
037 import org.apache.geronimo.security.jaas.WrappingLoginModule;
038
039
040 /**
041 * GeronimoPasswordCredentialLoginModule stores the user name and password in a GeronimoPasswordCredential.
042 * This allows an application to retrieve the subject through jacc or the geronimo specific ContextManager and
043 * find out what the password was. I can't think of any other reason to use it right now.
044 *
045 * This login module does not check credentials so it should never be able to cause a login to succeed.
046 * Therefore the lifecycle methods must return false to indicate success or throw a LoginException to indicate failure.
047 *
048 * @version $Rev: 706640 $ $Date: 2008-10-21 14:44:05 +0000 (Tue, 21 Oct 2008) $
049 */
050 public class GeronimoPasswordCredentialLoginModule implements LoginModule {
051 private static Log log = LogFactory.getLog(GeronimoPasswordCredentialLoginModule.class);
052
053 // Note: If this LoginModule supports any options, the Collections.EMPTY_LIST in the following should be
054 // replaced with the list of supported options for e.g. Arrays.asList(option1, option2, ...) etc.
055 public final static List<String> supportedOptions = Collections.unmodifiableList(Collections.EMPTY_LIST);
056
057 private Subject subject;
058 private CallbackHandler callbackHandler;
059
060 private GeronimoPasswordCredential geronimoPasswordCredential;
061
062 public void initialize(Subject subject, CallbackHandler callbackHandler,
063 Map sharedState, Map options) {
064 this.subject = subject;
065 this.callbackHandler = callbackHandler;
066 for(Object option: options.keySet()) {
067 if(!supportedOptions.contains(option) && !JaasLoginModuleUse.supportedOptions.contains(option)
068 && !WrappingLoginModule.supportedOptions.contains(option)) {
069 log.warn("Ignoring option: "+option+". Not supported.");
070 }
071 }
072 }
073
074 public boolean login() throws LoginException {
075 Callback[] callbacks = new Callback[2];
076 callbacks[0] = new NameCallback("name");
077 callbacks[1] = new PasswordCallback("password", false);
078 try {
079 callbackHandler.handle(callbacks);
080 } catch (java.io.IOException e) {
081 throw (LoginException) new LoginException("Could not determine username and password").initCause(e);
082 } catch (UnsupportedCallbackException e) {
083 throw (LoginException) new LoginException("Unlikely UnsupportedCallbackException").initCause(e);
084 }
085 String username = ((NameCallback) callbacks[0]).getName();
086 char[] password = ((PasswordCallback) callbacks[1]).getPassword();
087
088 if (username == null || password == null) return false;
089 geronimoPasswordCredential = new GeronimoPasswordCredential(username, password);
090 return false;
091 }
092
093 public boolean commit() throws LoginException {
094 if(geronimoPasswordCredential != null) {
095 subject.getPrivateCredentials().add(geronimoPasswordCredential);
096 }
097 return false;
098 }
099
100 public boolean abort() throws LoginException {
101 if(geronimoPasswordCredential != null) {
102 try {
103 geronimoPasswordCredential.destroy();
104 } catch (DestroyFailedException e) {
105 // do nothing
106 }
107 geronimoPasswordCredential = null;
108 }
109 return false;
110 }
111
112 public boolean logout() throws LoginException {
113 if(geronimoPasswordCredential == null) {
114 return false;
115 }
116 if(!subject.isReadOnly()) {
117 subject.getPrivateCredentials().remove(geronimoPasswordCredential);
118 }
119 try {
120 geronimoPasswordCredential.destroy();
121 } catch (DestroyFailedException e) {
122 // do nothing
123 }
124 geronimoPasswordCredential = null;
125 return false;
126 }
127 }