Author: tveronezi
Date: Fri Jul 20 12:49:05 2012
New Revision: 1363755
URL: http://svn.apache.org/viewvc?rev=1363755&view=rev
Log:
https://issues.apache.org/jira/browse/OPENEJB-1875
Added:
openejb/trunk/openejb/container/openejb-core/src/main/java/org/apache/openejb/core/security/jaas/LoginProvider.java
openejb/trunk/openejb/container/openejb-core/src/main/java/org/apache/openejb/core/security/jaas/ServiceProviderLoginModule.java
openejb/trunk/openejb/container/openejb-core/src/test/java/org/apache/openejb/core/security/MyLoginProvider.java
openejb/trunk/openejb/container/openejb-core/src/test/java/org/apache/openejb/core/security/ServiceProviderLoginModuleTest.java
- copied, changed from r1363312,
openejb/trunk/openejb/container/openejb-core/src/test/java/org/apache/openejb/core/security/PropertiesLoginModuleTest.java
openejb/trunk/openejb/container/openejb-core/src/test/resources/META-INF/services/org.apache.openejb.core.security.jaas.LoginProvider
Modified:
openejb/trunk/openejb/container/openejb-core/src/main/resources/login.config
Added:
openejb/trunk/openejb/container/openejb-core/src/main/java/org/apache/openejb/core/security/jaas/LoginProvider.java
URL:
http://svn.apache.org/viewvc/openejb/trunk/openejb/container/openejb-core/src/main/java/org/apache/openejb/core/security/jaas/LoginProvider.java?rev=1363755&view=auto
==============================================================================
---
openejb/trunk/openejb/container/openejb-core/src/main/java/org/apache/openejb/core/security/jaas/LoginProvider.java
(added)
+++
openejb/trunk/openejb/container/openejb-core/src/main/java/org/apache/openejb/core/security/jaas/LoginProvider.java
Fri Jul 20 12:49:05 2012
@@ -0,0 +1,32 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.openejb.core.security.jaas;
+
+import javax.security.auth.login.FailedLoginException;
+import java.util.List;
+
+public interface LoginProvider {
+
+ /**
+ *
+ * @param user
+ * @param password
+ * @return It returns the list of groups the authenticated user is part of.
+ */
+ List<String> authenticate(String user, String password) throws
FailedLoginException;
+
+}
Added:
openejb/trunk/openejb/container/openejb-core/src/main/java/org/apache/openejb/core/security/jaas/ServiceProviderLoginModule.java
URL:
http://svn.apache.org/viewvc/openejb/trunk/openejb/container/openejb-core/src/main/java/org/apache/openejb/core/security/jaas/ServiceProviderLoginModule.java?rev=1363755&view=auto
==============================================================================
---
openejb/trunk/openejb/container/openejb-core/src/main/java/org/apache/openejb/core/security/jaas/ServiceProviderLoginModule.java
(added)
+++
openejb/trunk/openejb/container/openejb-core/src/main/java/org/apache/openejb/core/security/jaas/ServiceProviderLoginModule.java
Fri Jul 20 12:49:05 2012
@@ -0,0 +1,139 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.openejb.core.security.jaas;
+
+import org.apache.openejb.util.LogCategory;
+import org.apache.openejb.util.Logger;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.*;
+import javax.security.auth.login.FailedLoginException;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
+import java.io.IOException;
+import java.security.Principal;
+import java.util.*;
+
+public class ServiceProviderLoginModule implements LoginModule {
+ private static Logger log =
Logger.getInstance(LogCategory.OPENEJB_SECURITY,
"org.apache.openejb.util.resources");
+
+ private Subject subject;
+ private CallbackHandler callbackHandler;
+ private ServiceLoader<LoginProvider> loader;
+
+ public Set<Principal> principals = new LinkedHashSet<Principal>();
+
+ private UserData userData;
+
+ private class UserData {
+ public final String user;
+ public final String pass;
+ public final Set<String> groups = new HashSet<String>();
+
+ private UserData(String user, String pass) {
+ this.user = user;
+ this.pass = pass;
+ }
+ }
+
+ @Override
+ public void initialize(Subject subject, CallbackHandler callbackHandler,
Map<String, ?> sharedState, Map<String, ?> options) {
+ this.subject = subject;
+ this.callbackHandler = callbackHandler;
+ this.loader = ServiceLoader.load(LoginProvider.class);
+ }
+
+ private UserData getUserData() throws LoginException {
+ final Callback[] callbacks = new Callback[2];
+
+ callbacks[0] = new NameCallback("Username: ");
+ callbacks[1] = new PasswordCallback("Password: ", false);
+ try {
+ this.callbackHandler.handle(callbacks);
+ } catch (IOException ioe) {
+ throw new LoginException(ioe.getMessage());
+ } catch (UnsupportedCallbackException uce) {
+ throw new LoginException(uce.getMessage() + " not available to
obtain information from user");
+ }
+
+ final String user = ((NameCallback) callbacks[0]).getName();
+
+ char[] tmpPassword = ((PasswordCallback) callbacks[1]).getPassword();
+ if (tmpPassword == null) {
+ tmpPassword = new char[0];
+ }
+
+ final String password = new String(tmpPassword);
+
+ return new UserData(user, password);
+ }
+
+ @Override
+ public boolean login() throws LoginException {
+ final Iterator<LoginProvider> loginProviders = loader.iterator();
+ if (!loginProviders.hasNext()) {
+ throw new FailedLoginException("No LoginProvider defined.");
+ }
+
+ this.userData = getUserData();
+ while (loginProviders.hasNext()) {
+ final LoginProvider loginProvider = loginProviders.next();
+
+ final List<String> myGroups =
loginProvider.authenticate(this.userData.user, this.userData.pass);
+ if (myGroups != null) {
+ this.userData.groups.addAll(myGroups);
+ }
+ }
+ return true;
+ }
+
+ @Override
+ public boolean commit() throws LoginException {
+ this.principals.add(new UserPrincipal(this.userData.user));
+
+ for (String myGroup : this.userData.groups) {
+ principals.add(new GroupPrincipal(myGroup));
+ }
+
+ this.subject.getPrincipals().addAll(this.principals);
+
+ clear();
+
+ log.debug("commit");
+ return true;
+ }
+
+ @Override
+ public boolean abort() throws LoginException {
+ clear();
+ log.debug("abort");
+ return true;
+ }
+
+ @Override
+ public boolean logout() throws LoginException {
+ this.subject.getPrincipals().removeAll(this.principals);
+ this.principals.clear();
+
+ log.debug("logout");
+ return true;
+ }
+
+ private void clear() {
+ this.userData = null;
+ }
+}
Modified:
openejb/trunk/openejb/container/openejb-core/src/main/resources/login.config
URL:
http://svn.apache.org/viewvc/openejb/trunk/openejb/container/openejb-core/src/main/resources/login.config?rev=1363755&r1=1363754&r2=1363755&view=diff
==============================================================================
---
openejb/trunk/openejb/container/openejb-core/src/main/resources/login.config
(original)
+++
openejb/trunk/openejb/container/openejb-core/src/main/resources/login.config
Fri Jul 20 12:49:05 2012
@@ -9,4 +9,7 @@ SQLLogin {
jdbcURL="jdbc:hsqldb:mem:sqltest"
userSelect="SELECT username, password FROM users WHERE username = ?"
groupSelect="SELECT username, grp FROM groups WHERE username = ?";
+};
+ServiceProviderLogin {
+ org.apache.openejb.core.security.jaas.ServiceProviderLoginModule required;
};
\ No newline at end of file
Added:
openejb/trunk/openejb/container/openejb-core/src/test/java/org/apache/openejb/core/security/MyLoginProvider.java
URL:
http://svn.apache.org/viewvc/openejb/trunk/openejb/container/openejb-core/src/test/java/org/apache/openejb/core/security/MyLoginProvider.java?rev=1363755&view=auto
==============================================================================
---
openejb/trunk/openejb/container/openejb-core/src/test/java/org/apache/openejb/core/security/MyLoginProvider.java
(added)
+++
openejb/trunk/openejb/container/openejb-core/src/test/java/org/apache/openejb/core/security/MyLoginProvider.java
Fri Jul 20 12:49:05 2012
@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.openejb.core.security;
+
+import org.apache.openejb.core.security.jaas.LoginProvider;
+
+import javax.security.auth.login.FailedLoginException;
+import java.util.Arrays;
+import java.util.List;
+
+public class MyLoginProvider implements LoginProvider {
+
+ @Override
+ public List<String> authenticate(String user, String password) throws
FailedLoginException {
+ if ("paul".equals(user)) {
+ return Arrays.asList("rockstar", "beatle");
+ }
+
+ if ("eddie".equals(user) && "jump".equals(password)) {
+ return Arrays.asList("rockstar", "vanhalen");
+ }
+
+ throw new FailedLoginException("Bad user or password!");
+ }
+}
Copied:
openejb/trunk/openejb/container/openejb-core/src/test/java/org/apache/openejb/core/security/ServiceProviderLoginModuleTest.java
(from r1363312,
openejb/trunk/openejb/container/openejb-core/src/test/java/org/apache/openejb/core/security/PropertiesLoginModuleTest.java)
URL:
http://svn.apache.org/viewvc/openejb/trunk/openejb/container/openejb-core/src/test/java/org/apache/openejb/core/security/ServiceProviderLoginModuleTest.java?p2=openejb/trunk/openejb/container/openejb-core/src/test/java/org/apache/openejb/core/security/ServiceProviderLoginModuleTest.java&p1=openejb/trunk/openejb/container/openejb-core/src/test/java/org/apache/openejb/core/security/PropertiesLoginModuleTest.java&r1=1363312&r2=1363755&rev=1363755&view=diff
==============================================================================
---
openejb/trunk/openejb/container/openejb-core/src/test/java/org/apache/openejb/core/security/PropertiesLoginModuleTest.java
(original)
+++
openejb/trunk/openejb/container/openejb-core/src/test/java/org/apache/openejb/core/security/ServiceProviderLoginModuleTest.java
Fri Jul 20 12:49:05 2012
@@ -16,7 +16,6 @@
*/
package org.apache.openejb.core.security;
-import static org.apache.openejb.util.URLs.toFilePath;
import junit.framework.TestCase;
import org.apache.openejb.core.security.jaas.GroupPrincipal;
import org.apache.openejb.core.security.jaas.UserPrincipal;
@@ -28,10 +27,9 @@ import javax.security.auth.login.LoginCo
import javax.security.auth.login.LoginException;
import java.net.URL;
-/**
- * @version $Rev$ $Date$
- */
-public class PropertiesLoginModuleTest extends TestCase {
+import static org.apache.openejb.util.URLs.toFilePath;
+
+public class ServiceProviderLoginModuleTest extends TestCase {
protected void setUp() throws Exception {
loadJassLoginConfig();
@@ -40,17 +38,16 @@ public class PropertiesLoginModuleTest e
private static void loadJassLoginConfig() {
String path = System.getProperty("java.security.auth.login.config");
if (path == null) {
- URL resource =
PropertiesLoginModuleTest.class.getClassLoader().getResource("login.config");
+ URL resource =
ServiceProviderLoginModuleTest.class.getClassLoader().getResource("login.config");
if (resource != null) {
path = toFilePath(resource);
System.setProperty("java.security.auth.login.config", path);
}
}
- //System.out.println("Path to login config: " + path);
}
public void testLogin() throws LoginException {
- LoginContext context = new LoginContext("PropertiesLogin", new
UsernamePasswordCallbackHandler("jonathan", "secret"));
+ LoginContext context = new LoginContext("ServiceProviderLogin", new
UsernamePasswordCallbackHandler("paul", ""));
context.login();
Subject subject = context.getSubject();
@@ -65,7 +62,7 @@ public class PropertiesLoginModuleTest e
}
public void testBadUseridLogin() throws Exception {
- LoginContext context = new LoginContext("PropertiesLogin", new
UsernamePasswordCallbackHandler("nobody", "secret"));
+ LoginContext context = new LoginContext("ServiceProviderLogin", new
UsernamePasswordCallbackHandler("nobody", "secret"));
try {
context.login();
fail("Should have thrown a FailedLoginException");
@@ -75,7 +72,7 @@ public class PropertiesLoginModuleTest e
}
public void testBadPWLogin() throws Exception {
- LoginContext context = new LoginContext("PropertiesLogin", new
UsernamePasswordCallbackHandler("jonathan", "badpass"));
+ LoginContext context = new LoginContext("ServiceProviderLogin", new
UsernamePasswordCallbackHandler("eddie", "panama"));
try {
context.login();
fail("Should have thrown a FailedLoginException");
Added:
openejb/trunk/openejb/container/openejb-core/src/test/resources/META-INF/services/org.apache.openejb.core.security.jaas.LoginProvider
URL:
http://svn.apache.org/viewvc/openejb/trunk/openejb/container/openejb-core/src/test/resources/META-INF/services/org.apache.openejb.core.security.jaas.LoginProvider?rev=1363755&view=auto
==============================================================================
---
openejb/trunk/openejb/container/openejb-core/src/test/resources/META-INF/services/org.apache.openejb.core.security.jaas.LoginProvider
(added)
+++
openejb/trunk/openejb/container/openejb-core/src/test/resources/META-INF/services/org.apache.openejb.core.security.jaas.LoginProvider
Fri Jul 20 12:49:05 2012
@@ -0,0 +1 @@
+org.apache.openejb.core.security.MyLoginProvider
\ No newline at end of file
