1 /**
2 *
3 * Copyright 2003-2004 The Apache Software Foundation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 */
17 package org.apache.geronimo.security.realm;
18
19 import java.util.ArrayList;
20 import java.util.HashMap;
21 import java.util.HashSet;
22 import java.util.List;
23 import java.util.Map;
24 import java.util.Properties;
25 import java.util.Set;
26
27 import org.apache.geronimo.gbean.GBeanInfo;
28 import org.apache.geronimo.gbean.GBeanInfoBuilder;
29 import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
30 import org.apache.geronimo.kernel.Kernel;
31 import org.apache.geronimo.security.deploy.PrincipalInfo;
32 import org.apache.geronimo.security.jaas.ConfigurationEntryFactory;
33 import org.apache.geronimo.security.jaas.client.JaasLoginCoordinator;
34 import org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration;
35 import org.apache.geronimo.security.jaas.JaasLoginModuleUse;
36 import org.apache.geronimo.security.jaas.LoginModuleControlFlag;
37 import org.apache.geronimo.security.jaas.JaasLoginModuleChain;
38 import org.apache.geronimo.security.jaas.server.JaasLoginServiceMBean;
39 import org.apache.geronimo.system.serverinfo.ServerInfo;
40
41
42 /**
43 * A security realm that can be configured for one or more login modules. It
44 * can handle a combination of client-side and server-side login modules for
45 * the case of remote clients, and it can auto-role-mapping for its login
46 * modules (though you must configure it for that).
47 * <p/>
48 * This realm populates a number of special login module options for the
49 * benefit of Geronimo login modules (though some of them are only available to
50 * server-side login modules, marked as not Serializable below):
51 * <pre>
52 * Option Type Serializable
53 * JaasLoginModuleUse.KERNEL_LM_OPTION String (Kernel name) Yes
54 * JaasLoginModuleUse.SERVERINFO_LM_OPTION ServerInfo No
55 * JaasLoginModuleUse.CLASSLOADER_LM_OPTION ClassLoader No
56 * </pre>
57 * These options can be safely ignored by login modules that don't need them
58 * (such as any custom LoginModules you may already have lying around).
59 *
60 * @version $Rev: 391894 $ $Date: 2006-04-05 21:00:33 -0700 (Wed, 05 Apr 2006) $
61 */
62 public class GenericSecurityRealm implements SecurityRealm, ConfigurationEntryFactory {
63
64 private final JaasLoginServiceMBean loginService;
65 private final String realmName;
66 private JaasLoginModuleConfiguration[] config;
67 private final Kernel kernel;
68
69 private final PrincipalInfo defaultPrincipalInfo;
70
71 private String[] domains;
72 private final boolean restrictPrincipalsToServer;
73 private final boolean wrapPrincipals;
74 private final JaasLoginModuleUse loginModuleUse;
75
76 public GenericSecurityRealm(String realmName,
77 JaasLoginModuleUse loginModuleUse,
78 boolean restrictPrincipalsToServer,
79 boolean wrapPrincipals,
80 PrincipalInfo defaultPrincipalInfo,
81 ServerInfo serverInfo,
82 ClassLoader classLoader,
83 Kernel kernel,
84 JaasLoginServiceMBean loginService) {
85 this.realmName = realmName;
86 this.kernel = kernel;
87 this.restrictPrincipalsToServer = restrictPrincipalsToServer;
88 this.wrapPrincipals = wrapPrincipals;
89 this.defaultPrincipalInfo = defaultPrincipalInfo;
90 this.loginService = loginService;
91 this.loginModuleUse = loginModuleUse;
92
93 Set domainNames = new HashSet();
94 List loginModuleConfigurations = new ArrayList();
95
96 if (loginModuleUse != null) {
97 loginModuleUse.configure(domainNames, loginModuleConfigurations, kernel, serverInfo, classLoader);
98 }
99
100 domains = (String[]) domainNames.toArray(new String[domainNames.size()]);
101 config = (JaasLoginModuleConfiguration[]) loginModuleConfigurations.toArray(new JaasLoginModuleConfiguration[loginModuleConfigurations.size()]);
102
103 }
104
105 public String getRealmName() {
106 return realmName;
107 }
108
109 public JaasLoginModuleConfiguration[] getAppConfigurationEntries() {
110 return config;
111 }
112
113 public JaasLoginModuleChain getLoginModuleChain() {
114 return loginModuleUse;
115 }
116
117 /**
118 * Gets a list of the login domains that make up this security realm. A
119 * particular LoginModule represents 0 or 1 login domains, and a realm is
120 * composed of a number of login modules, so the realm may cover any
121 * number of login domains, though typically that number will be 1.
122 */
123 public String[] getLoginDomains() {
124 return domains;
125 }
126
127
128 /**
129 * Provides the default principal to be used when an unauthenticated
130 * subject uses a container.
131 *
132 * @return the default principal
133 */
134 public PrincipalInfo getDefaultPrincipal() {
135 return defaultPrincipalInfo;
136 }
137
138 /**
139 * A GBean property. If set to true, the login service will not return
140 * principals generated by this realm to clients. If set to false (the
141 * default), the client will get a copy of all principals (except realm
142 * principals generated strictly for use within Geronimo).
143 */
144 public boolean isRestrictPrincipalsToServer() {
145 return restrictPrincipalsToServer;
146 }
147
148 /**
149 * If this attribute is true, then the principals will be wrapped in
150 * realm principals.
151 */
152 public boolean isWrapPrincipals() {
153 return wrapPrincipals;
154 }
155
156 public String getConfigurationName() {
157 return realmName;
158 }
159
160 public JaasLoginModuleConfiguration generateConfiguration() {
161 Map options = new HashMap();
162 options.put(JaasLoginCoordinator.OPTION_REALM, realmName);
163 if (kernel != null) {
164 options.put(JaasLoginCoordinator.OPTION_KERNEL, kernel.getKernelName());
165 if (loginService != null) {
166 options.put(JaasLoginCoordinator.OPTION_SERVICENAME, loginService.getObjectName());
167 }
168 } else {
169 if (loginService != null) {
170
171 options.put(JaasLoginCoordinator.OPTION_SERVICE_INSTANCE, loginService);
172 }
173 }
174
175 return new JaasLoginModuleConfiguration(JaasLoginCoordinator.class.getName(), LoginModuleControlFlag.REQUIRED, options, true, realmName, wrapPrincipals, JaasLoginCoordinator.class.getClassLoader());
176 }
177
178 public static final GBeanInfo GBEAN_INFO;
179
180 static {
181 GBeanInfoBuilder infoFactory = GBeanInfoBuilder.createStatic(GenericSecurityRealm.class, NameFactory.SECURITY_REALM);
182
183 infoFactory.addInterface(SecurityRealm.class);
184 infoFactory.addInterface(ConfigurationEntryFactory.class);
185 infoFactory.addAttribute("realmName", String.class, true);
186 infoFactory.addAttribute("kernel", Kernel.class, false);
187 infoFactory.addAttribute("classLoader", ClassLoader.class, false);
188 infoFactory.addAttribute("defaultPrincipal", PrincipalInfo.class, true);
189 infoFactory.addAttribute("deploymentSupport", Properties.class, true);
190 infoFactory.addAttribute("restrictPrincipalsToServer", boolean.class, true);
191 infoFactory.addAttribute("wrapPrincipals", boolean.class, true);
192
193 infoFactory.addReference("LoginModuleConfiguration", JaasLoginModuleUse.class, "LoginModuleUse");
194 infoFactory.addReference("ServerInfo", ServerInfo.class, NameFactory.GERONIMO_SERVICE);
195 infoFactory.addReference("LoginService", JaasLoginServiceMBean.class, "JaasLoginService");
196
197 infoFactory.addOperation("getAppConfigurationEntries", new Class[0]);
198
199 infoFactory.setConstructor(new String[]{"realmName",
200 "LoginModuleConfiguration",
201 "restrictPrincipalsToServer",
202 "wrapPrincipals",
203 "defaultPrincipal",
204 "ServerInfo",
205 "classLoader",
206 "kernel",
207 "LoginService"});
208
209 GBEAN_INFO = infoFactory.getBeanInfo();
210 }
211
212 public static GBeanInfo getGBeanInfo() {
213 return GBEAN_INFO;
214 }
215
216 }