001 /**
002 *
003 * Copyright 2004 The Apache Software Foundation
004 *
005 * Licensed under the Apache License, Version 2.0 (the "License");
006 * you may not use this file except in compliance with the License.
007 * You may obtain a copy of the License at
008 *
009 * http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017 package org.apache.geronimo.jmxremoting;
018
019 import java.util.Map;
020 import java.util.Collections;
021 import java.util.HashMap;
022 import javax.management.remote.JMXAuthenticator;
023 import javax.management.remote.JMXConnectionNotification;
024 import javax.management.NotificationListener;
025 import javax.management.Notification;
026 import javax.security.auth.Subject;
027 import javax.security.auth.login.LoginContext;
028 import javax.security.auth.login.LoginException;
029
030 /**
031 * JMX Authenticator that checks the Credentials by logging in via JAAS.
032 *
033 * @version $Rev: 355877 $ $Date: 2005-12-10 18:48:27 -0800 (Sat, 10 Dec 2005) $
034 */
035 public class Authenticator implements JMXAuthenticator, NotificationListener {
036 private final String configName;
037 private final ClassLoader cl;
038 private ThreadLocal threadContext = new ThreadLocal();
039 private Map contextMap = Collections.synchronizedMap(new HashMap());
040
041 /**
042 * Constructor indicating which JAAS Application Configuration Entry to use.
043 * @param configName the JAAS config name
044 */
045 public Authenticator(String configName, ClassLoader cl) {
046 this.configName = configName;
047 this.cl = cl;
048 }
049
050 public Subject authenticate(Object o) throws SecurityException {
051 if (o instanceof String[] == false) {
052 throw new IllegalArgumentException("Expected String[2], got " + o == null ? null : o.getClass().getName());
053 }
054 String[] params = (String[]) o;
055 if (params.length != 2) {
056 throw new IllegalArgumentException("Expected String[2] but length was " + params.length);
057 }
058
059 Thread thread = Thread.currentThread();
060 ClassLoader oldCL = thread.getContextClassLoader();
061 Credentials credentials = new Credentials(params[0], params[1]);
062 try {
063 thread.setContextClassLoader(cl);
064 LoginContext context = new LoginContext(configName, credentials);
065 context.login();
066 threadContext.set(context);
067 return context.getSubject();
068 } catch (LoginException e) {
069 // do not propogate cause - we don't know what information is may contain
070 throw new SecurityException("Invalid login");
071 } finally {
072 credentials.clear();
073 thread.setContextClassLoader(oldCL);
074 }
075 }
076
077 public void handleNotification(Notification notification, Object o) {
078 if (notification instanceof JMXConnectionNotification) {
079 JMXConnectionNotification cxNotification = (JMXConnectionNotification) notification;
080 String type = cxNotification.getType();
081 String connectionId = cxNotification.getConnectionId();
082 if (JMXConnectionNotification.OPENED.equals(type)) {
083 LoginContext context = (LoginContext) threadContext.get();
084 threadContext.set(null);
085 contextMap.put(connectionId, context);
086 } else {
087 LoginContext context = (LoginContext) contextMap.remove(connectionId);
088 if (context != null) {
089 try {
090 context.logout();
091 } catch (LoginException e) {
092 //nothing we can do here...
093 }
094 }
095 }
096 }
097 }
098 }