001 /**
002 *
003 * Copyright 2005 The Apache Software Foundation
004 *
005 * Licensed under the Apache License, Version 2.0 (the "License");
006 * you may not use this file except in compliance with the License.
007 * You may obtain a copy of the License at
008 *
009 * http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017 package org.apache.geronimo.security.jaas;
018
019 import java.io.IOException;
020 import java.util.Map;
021 import java.util.Set;
022 import javax.security.auth.DestroyFailedException;
023 import javax.security.auth.Subject;
024 import javax.security.auth.callback.Callback;
025 import javax.security.auth.callback.CallbackHandler;
026 import javax.security.auth.callback.NameCallback;
027 import javax.security.auth.callback.PasswordCallback;
028 import javax.security.auth.callback.UnsupportedCallbackException;
029 import javax.security.auth.login.LoginException;
030 import javax.security.auth.spi.LoginModule;
031
032
033 /**
034 * Inserts named Username/Password credential into private credentials of Subject.
035 * <p/>
036 * If either the username or password is not passed in the callback handler,
037 * then the credential is not placed into the Subject.
038 *
039 * @version $Revision: 355877 $ $Date: 2005-12-10 18:48:27 -0800 (Sat, 10 Dec 2005) $
040 */
041 public class NamedUPCredentialLoginModule implements LoginModule {
042
043 public static final String CREDENTIAL_NAME = "org.apache.geronimo.jaas.NamedUPCredentialLoginModule.Name";
044
045 private String name;
046 private Subject subject;
047 private CallbackHandler callbackHandler;
048 private NamedUsernamePasswordCredential nupCredential;
049
050 public boolean abort() throws LoginException {
051
052 return logout();
053 }
054
055 public boolean commit() throws LoginException {
056
057 if (subject.isReadOnly()) {
058 throw new LoginException("Subject is ReadOnly");
059 }
060
061 Set pvtCreds = subject.getPrivateCredentials();
062 if (nupCredential != null && !pvtCreds.contains(nupCredential)) {
063 pvtCreds.add(nupCredential);
064 }
065
066 return true;
067 }
068
069 public boolean login() throws LoginException {
070
071 Callback[] callbacks = new Callback[2];
072
073 callbacks[0] = new NameCallback("User name");
074 callbacks[1] = new PasswordCallback("Password", false);
075 try {
076 callbackHandler.handle(callbacks);
077 } catch (IOException ioe) {
078 throw (LoginException) new LoginException().initCause(ioe);
079 } catch (UnsupportedCallbackException uce) {
080 throw (LoginException) new LoginException().initCause(uce);
081 }
082
083 String username = ((NameCallback) callbacks[0]).getName();
084 char[] password = ((PasswordCallback) callbacks[1]).getPassword();
085
086 if (username == null || password == null) return true;
087
088 nupCredential = new NamedUsernamePasswordCredential(username, password, name);
089
090 return true;
091 }
092
093 public boolean logout() throws LoginException {
094
095 if (nupCredential == null) return true;
096
097 Set pvtCreds = subject.getPrivateCredentials(NamedUsernamePasswordCredential.class);
098 if (pvtCreds.contains(nupCredential)) {
099 pvtCreds.remove(nupCredential);
100 }
101
102 try {
103 nupCredential.destroy();
104 } catch (DestroyFailedException e) {
105 // do nothing
106 }
107 nupCredential = null;
108
109 return true;
110 }
111
112 public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
113
114 this.subject = subject;
115 this.callbackHandler = callbackHandler;
116 this.name = (String) options.get(CREDENTIAL_NAME);
117 }
118 }