User: oleg
Date: 01/01/09 17:24:17
Added: src/main/org/jboss/security/plugins/samples
CacheRealmMapping.java
CacheRealmMappingService.java
CacheRealmMappingServiceMBean.java
DatabaseRealmMapping.java
DatabaseRealmMappingService.java
DatabaseRealmMappingServiceMBean.java
DatabaseSecurityManagerService.java
DatabaseSecurityManagerServiceMBean.java
EJBSecurityManagerDatabaseImpl.java
EJBSecurityManagerDefaultImpl.java
EJBSecurityManagerService.java
EJBSecurityManagerServiceMBean.java
JaasServerLoginModule.java SimpleRealmMapping.java
SimpleRealmMappingService.java
SimpleRealmMappingServiceMBean.java
SimpleServerLoginModule.java package.html
Log:
Package structure for security stuff improved.
Classes from "system" package moved to "security" package.
Added "security/plugins" and "security/plugins/samples" packages.
Added JaasServerLoginModule and AbstractServerLoginModule classes
by Edward Kenworthy <[EMAIL PROTECTED]>
(file based implementation for JAAS security).
Revision Changes Path
1.1
jboss/src/main/org/jboss/security/plugins/samples/CacheRealmMapping.java
Index: CacheRealmMapping.java
===================================================================
/*
* JBoss, the OpenSource EJB server
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
package org.jboss.security.plugins.samples;
import java.io.File;
import java.net.URL;
import java.rmi.server.UnicastRemoteObject;
import java.util.Set;
import java.util.LinkedList;
import java.util.Iterator;
import java.security.Principal;
import javax.naming.InitialContext;
import javax.naming.Context;
import javax.naming.Reference;
import javax.naming.Name;
import javax.naming.spi.ObjectFactory;
import javax.management.MBeanServer;
import javax.management.ObjectName;
import org.jboss.logging.Log;
import org.jboss.util.ServiceMBeanSupport;
import org.jboss.security.RealmMapping;
/**
* CacheRealmMapping has two purposes (one of them currently unimplemented.)
* It allows beans to have mappings for multiple security realms, and it
* (eventually) will cache data from realms that allow it.
*
* @see EJBSecurityManager
* @author Daniel O'Connor [EMAIL PROTECTED]
*/
public class CacheRealmMapping implements RealmMapping
{
private LinkedList realms = new LinkedList();
public Principal getPrincipal( Principal principal ) {
return principal;
}
public void addRealmMapping( RealmMapping realmMapping )
{
realms.add( realmMapping );
}
public boolean doesUserHaveRole( Principal principal, Set roleNames )
{
Iterator iter=realms.iterator();
while( iter.hasNext() )
{
RealmMapping realmMapping = (RealmMapping) iter.next();
if (realmMapping.doesUserHaveRole( principal, roleNames ))
return true;
}
return false;
}
}
1.1
jboss/src/main/org/jboss/security/plugins/samples/CacheRealmMappingService.java
Index: CacheRealmMappingService.java
===================================================================
/*
* JBoss, the OpenSource EJB server
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
package org.jboss.security.plugins.samples;
import java.io.File;
import java.net.URL;
import java.rmi.server.UnicastRemoteObject;
import java.rmi.RemoteException;
import java.rmi.ServerException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Hashtable;
import javax.naming.InitialContext;
import javax.naming.Context;
import javax.naming.Reference;
import javax.naming.Name;
import javax.naming.spi.ObjectFactory;
import javax.management.MBeanServer;
import javax.management.ObjectName;
import org.jboss.logging.Log;
import org.jboss.util.ServiceMBeanSupport;
/**
* This is a JMX service which manages access to security realms for a bean.
* The service creates it and binds a Reference to it into JNDI.
*
* @see EJBSecurityManager
* @author Daniel O'Connor [EMAIL PROTECTED]
*/
public class CacheRealmMappingService
extends ServiceMBeanSupport
implements CacheRealmMappingServiceMBean, ObjectFactory
{
// Constants -----------------------------------------------------
public static String JNDI_NAME = "java:/CacheRealmMapping";
// Attributes ----------------------------------------------------
MBeanServer server;
// Static --------------------------------------------------------
// ServiceMBeanSupport overrides ---------------------------------
public String getName()
{
return "Cache Realm Mapping";
}
protected ObjectName getObjectName(MBeanServer server, ObjectName name)
throws javax.management.MalformedObjectNameException
{
this.server = server;
return new ObjectName(OBJECT_NAME);
}
protected void initService()
throws Exception
{
}
protected void startService()
throws Exception
{
// Bind reference to JNDI
Reference ref = new Reference(CacheRealmMapping.class.toString(),
getClass().getName(), null);
new InitialContext().bind(JNDI_NAME, ref);
}
protected void stopService()
{
try
{
// Remove mapping from JNDI
new InitialContext().unbind(JNDI_NAME);
} catch (Exception e)
{
log.exception(e);
}
}
// ObjectFactory implementation ----------------------------------
public Object getObjectInstance(Object obj,
Name name,
Context nameCtx,
Hashtable environment)
throws Exception
{
// Return the cache realm mapping manager
return new CacheRealmMapping();
}
}
1.1
jboss/src/main/org/jboss/security/plugins/samples/CacheRealmMappingServiceMBean.java
Index: CacheRealmMappingServiceMBean.java
===================================================================
/*
* JBoss, the OpenSource EJB server
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
package org.jboss.security.plugins.samples;
public interface CacheRealmMappingServiceMBean
extends org.jboss.util.ServiceMBean
{
// Constants -----------------------------------------------------
public static final String OBJECT_NAME = ":service=CacheRealmMappingFactory";
// Public --------------------------------------------------------
}
1.1
jboss/src/main/org/jboss/security/plugins/samples/DatabaseRealmMapping.java
Index: DatabaseRealmMapping.java
===================================================================
/*
* JBoss, the OpenSource EJB server
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
package org.jboss.security.plugins.samples;
import java.io.File;
import java.net.URL;
import java.rmi.server.UnicastRemoteObject;
import java.util.Set;
import java.util.LinkedList;
import java.util.Iterator;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.security.Principal;
import javax.naming.InitialContext;
import javax.naming.Context;
import javax.naming.Reference;
import javax.naming.Name;
import javax.naming.spi.ObjectFactory;
import javax.sql.DataSource;
import javax.ejb.EJBException;
import javax.management.MBeanServer;
import javax.management.ObjectName;
import org.jboss.logging.Log;
import org.jboss.util.ServiceMBeanSupport;
import org.jboss.security.RealmMapping;
/**
*
* @see EJBSecurityManager
* @author Daniel O'Connor [EMAIL PROTECTED]
*/
public class DatabaseRealmMapping implements RealmMapping
{
public Principal getPrincipal( Principal principal ) {
return principal;
}
public boolean doesUserHaveRole( Principal principal, Set roleNames )
{
Connection con = null;
if (roleNames == null)
return false;
try
{
InitialContext initial = new InitialContext();
DataSource ds = (DataSource) initial.lookup( "java:/SecurityDS" );
con = ds.getConnection();
PreparedStatement statement = con.prepareStatement(
"select rolename from sec_roles where principal=? and setname=?");
statement.setString(1, principal.getName());
statement.setString(2, "basic");
ResultSet rs = statement.executeQuery();
boolean hasRole = false;
while (rs.next() && !hasRole)
{
String roleName = rs.getString(1).trim();
if (roleNames.contains(roleName))
hasRole = true;
}
rs.close();
statement.close();
return hasRole;
}
catch (Exception e)
{
e.printStackTrace();
throw new EJBException( e );
}
finally
{
try
{
if (con != null)
con.close();
}
catch (Exception e)
{
}
}
}
}
1.1
jboss/src/main/org/jboss/security/plugins/samples/DatabaseRealmMappingService.java
Index: DatabaseRealmMappingService.java
===================================================================
/*
* JBoss, the OpenSource EJB server
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
package org.jboss.security.plugins.samples;
import java.io.File;
import java.net.URL;
import java.rmi.server.UnicastRemoteObject;
import java.rmi.RemoteException;
import java.rmi.ServerException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Hashtable;
import javax.naming.InitialContext;
import javax.naming.Context;
import javax.naming.Reference;
import javax.naming.Name;
import javax.naming.spi.ObjectFactory;
import javax.management.MBeanServer;
import javax.management.ObjectName;
import org.jboss.logging.Log;
import org.jboss.util.ServiceMBeanSupport;
/**
* This is a JMX service which manages access to security realms for a bean.
* The service creates it and binds a Reference to it into JNDI.
*
* @see EJBSecurityManager
* @author Daniel O'Connor [EMAIL PROTECTED]
*/
public class DatabaseRealmMappingService
extends ServiceMBeanSupport
implements DatabaseRealmMappingServiceMBean, ObjectFactory
{
// Constants -----------------------------------------------------
public static String JNDI_NAME = "java:/DatabaseRealmMapping";
private static DatabaseRealmMapping drm;
// Attributes ----------------------------------------------------
MBeanServer server;
// Static --------------------------------------------------------
// ServiceMBeanSupport overrides ---------------------------------
public String getName()
{
return "Database Realm Mapping";
}
protected ObjectName getObjectName(MBeanServer server, ObjectName name)
throws javax.management.MalformedObjectNameException
{
this.server = server;
return new ObjectName(OBJECT_NAME);
}
protected void initService()
throws Exception
{
// Create a new SM
drm = new DatabaseRealmMapping();
// Bind reference to JNDI
Reference ref = new Reference(DatabaseRealmMapping.class.toString(),
getClass().getName(), null);
new InitialContext().bind(JNDI_NAME, ref);
}
protected void startService()
throws Exception
{
}
protected void stopService()
{
try
{
// Remove mapping from JNDI
new InitialContext().unbind(JNDI_NAME);
} catch (Exception e)
{
log.exception(e);
}
}
// ObjectFactory implementation ----------------------------------
public Object getObjectInstance(Object obj,
Name name,
Context nameCtx,
Hashtable environment)
throws Exception
{
// Return the database realm mapping manager
return drm;
}
}
1.1
jboss/src/main/org/jboss/security/plugins/samples/DatabaseRealmMappingServiceMBean.java
Index: DatabaseRealmMappingServiceMBean.java
===================================================================
/*
* JBoss, the OpenSource EJB server
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
package org.jboss.security.plugins.samples;
public interface DatabaseRealmMappingServiceMBean
extends org.jboss.util.ServiceMBean
{
// Constants -----------------------------------------------------
public static final String OBJECT_NAME = ":service=DatabaseRealmMappingFactory";
// Public --------------------------------------------------------
}
1.1
jboss/src/main/org/jboss/security/plugins/samples/DatabaseSecurityManagerService.java
Index: DatabaseSecurityManagerService.java
===================================================================
/*
* JBoss, the OpenSource EJB server
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
package org.jboss.security.plugins.samples;
import java.io.File;
import java.net.URL;
import java.rmi.server.UnicastRemoteObject;
import java.rmi.RemoteException;
import java.rmi.ServerException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Hashtable;
import javax.naming.InitialContext;
import javax.naming.Context;
import javax.naming.Reference;
import javax.naming.Name;
import javax.naming.spi.ObjectFactory;
import javax.naming.CommunicationException;
import javax.management.MBeanServer;
import javax.management.ObjectName;
import org.jboss.logging.Log;
import org.jboss.util.ServiceMBeanSupport;
import org.jboss.security.EJBSecurityManager;
/**
* This is a JMX service which manages the EJBSecurityManager.
* The service creates it and binds a Reference to it into JNDI.
* The EJBSecurityManager is responsible for validating credentials
* associated with principals.
*
* @see EJBSecurityManager
* @author Daniel O'Connor [EMAIL PROTECTED]
* @author <a href="mailto:[EMAIL PROTECTED]">Hugo Pinto</a>
*/
public class DatabaseSecurityManagerService
extends ServiceMBeanSupport
implements DatabaseSecurityManagerServiceMBean, ObjectFactory
{
// Constants -----------------------------------------------------
public static String JNDI_NAME = "java:/DatabaseSecurityManager";
// Attributes ----------------------------------------------------
MBeanServer server;
// Static --------------------------------------------------------
static EJBSecurityManager sm;
// ServiceMBeanSupport overrides ---------------------------------
public String getName()
{
return "Database Security manager";
}
protected ObjectName getObjectName(MBeanServer server, ObjectName name)
throws javax.management.MalformedObjectNameException
{
this.server = server;
return new ObjectName(OBJECT_NAME);
}
protected void initService()
throws Exception
{
// Create a new SM
sm = new EJBSecurityManagerDatabaseImpl();
// Bind reference to SM in JNDI
Reference ref = new Reference(sm.getClass().toString(), getClass().getName(),
null);
new InitialContext().bind(JNDI_NAME, ref);
}
protected void startService()
throws Exception
{
}
protected void stopService()
{
try
{
// Remove SM from JNDI
new InitialContext().unbind(JNDI_NAME);
} catch (CommunicationException e) {
// Do nothing, the naming services is already stopped
}
catch (Exception e)
{
log.exception(e);
}
}
// ObjectFactory implementation ----------------------------------
public Object getObjectInstance(Object obj,
Name name,
Context nameCtx,
Hashtable environment)
throws Exception
{
// Return the security manager
return sm;
}
}
1.1
jboss/src/main/org/jboss/security/plugins/samples/DatabaseSecurityManagerServiceMBean.java
Index: DatabaseSecurityManagerServiceMBean.java
===================================================================
/*
* JBoss, the OpenSource EJB server
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
package org.jboss.security.plugins.samples;
public interface DatabaseSecurityManagerServiceMBean
extends org.jboss.util.ServiceMBean
{
// Constants -----------------------------------------------------
public static final String OBJECT_NAME = ":service=DatabaseSecurityManager";
// Public --------------------------------------------------------
}
1.1
jboss/src/main/org/jboss/security/plugins/samples/EJBSecurityManagerDatabaseImpl.java
Index: EJBSecurityManagerDatabaseImpl.java
===================================================================
/*
* JBoss, the OpenSource EJB server
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
package org.jboss.security.plugins.samples;
import java.io.File;
import java.net.URL;
import java.rmi.server.UnicastRemoteObject;
import java.rmi.RemoteException;
import java.rmi.ServerException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Hashtable;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.security.Principal;
import javax.naming.InitialContext;
import javax.naming.Context;
import javax.naming.Reference;
import javax.naming.Name;
import javax.naming.spi.ObjectFactory;
import javax.ejb.EJBException;
import javax.management.MBeanServer;
import javax.management.ObjectName;
import javax.transaction.TransactionManager;
import javax.sql.DataSource;
import org.jboss.logging.Log;
import org.jboss.util.ServiceMBeanSupport;
import org.jboss.security.EJBSecurityManager;
/**
* The EJBSecurityManager is responsible for validating credentials
* associated with principals. Right now it is a "demo" that just
* ensures name == credential
*
* @see EJBSecurityManager
* @author Daniel O'Connor [EMAIL PROTECTED]
*/
public class EJBSecurityManagerDatabaseImpl implements EJBSecurityManager
{
public boolean isValid( Principal principal, Object credential )
{
if (credential == null)
return false;
Connection con = null;
try
{
InitialContext initial = new InitialContext();
DataSource ds = (DataSource) initial.lookup( "java:/SecurityDS" );
con = ds.getConnection();
PreparedStatement statement = con.prepareStatement(
"select pass from sec_access where name=?");
statement.setString(1, principal.getName());
ResultSet rs = statement.executeQuery();
String dbCredential = null;
if (rs.next())
dbCredential = rs.getString(1);
rs.close();
statement.close();
if (dbCredential == null)
return false;
return dbCredential.trim().equals( credential.toString().trim() );
}
catch (Exception e)
{
e.printStackTrace();
throw new EJBException( e );
}
finally
{
try
{
if (con != null)
con.close();
}
catch (Exception e)
{
}
}
}
}
1.1
jboss/src/main/org/jboss/security/plugins/samples/EJBSecurityManagerDefaultImpl.java
Index: EJBSecurityManagerDefaultImpl.java
===================================================================
/*
* JBoss, the OpenSource EJB server
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
package org.jboss.security.plugins.samples;
import java.io.File;
import java.net.URL;
import java.rmi.server.UnicastRemoteObject;
import java.rmi.RemoteException;
import java.rmi.ServerException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Hashtable;
import java.security.Principal;
import javax.naming.InitialContext;
import javax.naming.Context;
import javax.naming.Reference;
import javax.naming.Name;
import javax.naming.spi.ObjectFactory;
import javax.management.MBeanServer;
import javax.management.ObjectName;
import javax.transaction.TransactionManager;
import org.jboss.logging.Log;
import org.jboss.util.ServiceMBeanSupport;
import org.jboss.security.EJBSecurityManager;
/**
* The EJBSecurityManager is responsible for validating credentials
* associated with principals. Right now it is a "demo" that just
* ensures name == credential
*
* @see EJBSecurityManager
* @author Daniel O'Connor [EMAIL PROTECTED]
*/
public class EJBSecurityManagerDefaultImpl implements EJBSecurityManager
{
public boolean isValid( Principal principal, Object credential )
{
return credential != null && principal.getName().equals(
credential.toString() );
}
}
1.1
jboss/src/main/org/jboss/security/plugins/samples/EJBSecurityManagerService.java
Index: EJBSecurityManagerService.java
===================================================================
/*
* JBoss, the OpenSource EJB server
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
package org.jboss.security.plugins.samples;
import java.io.File;
import java.net.URL;
import java.rmi.server.UnicastRemoteObject;
import java.rmi.RemoteException;
import java.rmi.ServerException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Hashtable;
import javax.naming.InitialContext;
import javax.naming.Context;
import javax.naming.Reference;
import javax.naming.Name;
import javax.naming.spi.ObjectFactory;
import javax.naming.CommunicationException;
import javax.management.MBeanServer;
import javax.management.ObjectName;
import org.jboss.logging.Log;
import org.jboss.util.ServiceMBeanSupport;
import org.jboss.security.EJBSecurityManager;
/**
* This is a JMX service which manages the EJBSecurityManager.
* The service creates it and binds a Reference to it into JNDI.
* The EJBSecurityManager is responsible for validating credentials
* associated with principals.
*
* @see EJBSecurityManager
* @author Daniel O'Connor [EMAIL PROTECTED]
* @author <a href="mailto:[EMAIL PROTECTED]">Hugo Pinto</a>
*/
public class EJBSecurityManagerService
extends ServiceMBeanSupport
implements EJBSecurityManagerServiceMBean, ObjectFactory
{
// Constants -----------------------------------------------------
public static String JNDI_NAME = "java:/EJBSecurityManager";
// Attributes ----------------------------------------------------
MBeanServer server;
// Static --------------------------------------------------------
static EJBSecurityManager sm;
// ServiceMBeanSupport overrides ---------------------------------
public String getName()
{
return "Security manager";
}
protected ObjectName getObjectName(MBeanServer server, ObjectName name)
throws javax.management.MalformedObjectNameException
{
this.server = server;
return new ObjectName(OBJECT_NAME);
}
protected void initService()
throws Exception
{
// Create a new SM
sm = new EJBSecurityManagerDefaultImpl();
}
protected void startService()
throws Exception
{
// Bind reference to SM in JNDI
Reference ref = new Reference(sm.getClass().toString(), getClass().getName(),
null);
new InitialContext().bind(JNDI_NAME, ref);
}
protected void stopService()
{
try
{
// Remove SM from JNDI
new InitialContext().unbind(JNDI_NAME);
} catch (CommunicationException e) {
// Do nothing, the naming services is already stopped
}
catch (Exception e)
{
log.exception(e);
}
}
// ObjectFactory implementation ----------------------------------
public Object getObjectInstance(Object obj,
Name name,
Context nameCtx,
Hashtable environment)
throws Exception
{
// Return the security manager
return sm;
}
}
1.1
jboss/src/main/org/jboss/security/plugins/samples/EJBSecurityManagerServiceMBean.java
Index: EJBSecurityManagerServiceMBean.java
===================================================================
/*
* JBoss, the OpenSource EJB server
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
package org.jboss.security.plugins.samples;
public interface EJBSecurityManagerServiceMBean
extends org.jboss.util.ServiceMBean
{
// Constants -----------------------------------------------------
public static final String OBJECT_NAME = ":service=EJBSecurityManager";
// Public --------------------------------------------------------
}
1.1
jboss/src/main/org/jboss/security/plugins/samples/JaasServerLoginModule.java
Index: JaasServerLoginModule.java
===================================================================
/*
* JBoss, the OpenSource EJB server
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
package org.jboss.security.plugins.samples;
import java.util.*;
import java.io.*;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.spi.LoginModule;
import org.jboss.security.plugins.AbstractServerLoginModule;
/**
* JaasServerLoginModule
* written by: Edward Kenworthy 12th Dec 2000
*
* An example of a realistic ServerLoginModule that can be used when using JAAS
* security with jBoss. I took SimpleServerLoginModule, written by Oleg Nitz and
extended
* the functionality.
*
* It uses two properties files:
* users.properties, which holds users (key) and their password (value).
* roles.properties which holds users (key) and a list of their roles as csv
(value).
*
* Obviously using properties files means it will struggle with very large numbers
of users and
* also as it reads the properties file in at initialisation it will be insensitive
to subsequent
* password changes. It does have the advantage of being realistic in its
functionality.
*
* The other major change I have made is to pull out an abstract class
(AbstractServerLoginModule)
* so that if you want to implement a more scalable way of looking up users and
passwords and roles then you can
* do so without having to start from scratch.
*
* @author <a href="[EMAIL PROTECTED]">Edward Kenworthy</a>
*/
public class JaasServerLoginModule extends AbstractServerLoginModule
{
// users+passwords, users+roles
private Properties _users; // You might think these should be static. The only
problem with
private Properties _roles; // static attributes is they are shared across the
VM. So I chose safety
// over performance.
/**
* Initialize this LoginModule.
*/
public void initialize(Subject subject, CallbackHandler callbackHandler, Map
sharedState, Map options)
{
super.initialize(subject, callbackHandler, sharedState, options);
try
{
// Load the properties file that contains the list of users and passwords
LoadUsers();
LoadRoles();
}
catch (Exception e)
{
System.out.print("[JAASSecurity] PANIC! Couldn't load users/passwords/role
files.\n");
e.printStackTrace();
// Note that although this exception isn't passed on, _users or _roles will be null
// so that any call to login will throw a LoginException.
}
}
/**
* Method to authenticate a Subject (phase 1).
*
* Most of the changes from the original SimpleServerLoginModule
* are made in this method. They are:
* users and passwords read from users.properties file
* users and roles read from roles.properties file
*
* I've also removed the notion of a guest login. If you want to provide 'guest'
* access to your beans then simply disable security on them.
*
*/
public boolean login() throws LoginException
{
if (_users == null || _roles == null)
{
throw new LoginException("Missing _users or _roles properties file.");
}
return super.login();
}
// Polymorphic, used by the abstract base class.
protected Enumeration getUsersRoles()
{
String roles = _roles.getProperty(getUsername());
return (roles == null ? null : new StringTokenizer(roles, ","));
}
protected String getUsersPassword()
{
return _users.getProperty(getUsername(), null);
}
// utility methods
private void LoadUsers() throws IOException
{
_users = LoadProperties("users.properties");
}
private void LoadRoles() throws IOException
{
_roles = LoadProperties("roles.properties");
}
/**
* Loads the given properties file and returns a Properties object containing the
* key,value pairs in that file.
* The properties files should be in the class path.
*/
private Properties LoadProperties(String propertiesName) throws IOException
{
Properties bundle = null;
InputStream is
=Thread.currentThread().getContextClassLoader().getResource(propertiesName).openStream();
if (null != is)
{
bundle = new Properties();
bundle.load(is);
}
else
{
throw new IOException("Properties file " + propertiesName + " not found");
}
return bundle;
}
}
1.1
jboss/src/main/org/jboss/security/plugins/samples/SimpleRealmMapping.java
Index: SimpleRealmMapping.java
===================================================================
/*
* JBoss, the OpenSource EJB server
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
package org.jboss.security.plugins.samples;
import java.io.File;
import java.net.URL;
import java.rmi.server.UnicastRemoteObject;
import java.util.Set;
import java.util.LinkedList;
import java.util.Iterator;
import java.security.Principal;
import javax.naming.InitialContext;
import javax.naming.Context;
import javax.naming.Reference;
import javax.naming.Name;
import javax.naming.spi.ObjectFactory;
import javax.management.MBeanServer;
import javax.management.ObjectName;
import org.jboss.logging.Log;
import org.jboss.util.ServiceMBeanSupport;
import org.jboss.security.RealmMapping;
/**
* SimpleRealmMapping removes the level of indirection
* in the specification between roles and principals/groups
* for the standard "deploy without configuring"
*
* @see EJBSecurityManager
* @author Daniel O'Connor [EMAIL PROTECTED]
*/
public class SimpleRealmMapping implements RealmMapping
{
public Principal getPrincipal( Principal principal ) {
return principal;
}
public boolean doesUserHaveRole( Principal principal, Set roleNames )
{
if (roleNames == null)
return true;
Iterator iter = roleNames.iterator();
while (iter.hasNext())
{
String roleName = (String) iter.next();
if (principal.getName().equals( roleName ))
return true;
}
return false;
}
}
1.1
jboss/src/main/org/jboss/security/plugins/samples/SimpleRealmMappingService.java
Index: SimpleRealmMappingService.java
===================================================================
/*
* JBoss, the OpenSource EJB server
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
package org.jboss.security.plugins.samples;
import java.io.File;
import java.net.URL;
import java.rmi.server.UnicastRemoteObject;
import java.rmi.RemoteException;
import java.rmi.ServerException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Hashtable;
import javax.naming.InitialContext;
import javax.naming.Context;
import javax.naming.Reference;
import javax.naming.Name;
import javax.naming.spi.ObjectFactory;
import javax.management.MBeanServer;
import javax.management.ObjectName;
import org.jboss.logging.Log;
import org.jboss.util.ServiceMBeanSupport;
/**
* This is a JMX service which manages access to security realms for a bean.
* The service creates it and binds a Reference to it into JNDI.
*
* @see EJBSecurityManager
* @author Daniel O'Connor [EMAIL PROTECTED]
*/
public class SimpleRealmMappingService
extends ServiceMBeanSupport
implements SimpleRealmMappingServiceMBean, ObjectFactory
{
// Constants -----------------------------------------------------
public static String JNDI_NAME = "java:/SimpleRealmMapping";
private static SimpleRealmMapping srm;
// Attributes ----------------------------------------------------
MBeanServer server;
// Static --------------------------------------------------------
// ServiceMBeanSupport overrides ---------------------------------
public String getName()
{
return "Simple Realm Mapping";
}
protected ObjectName getObjectName(MBeanServer server, ObjectName name)
throws javax.management.MalformedObjectNameException
{
this.server = server;
return new ObjectName(OBJECT_NAME);
}
protected void initService()
throws Exception
{
// Create a new SM
srm = new SimpleRealmMapping();
}
protected void startService()
throws Exception
{
// Bind reference to JNDI
Reference ref = new Reference(SimpleRealmMapping.class.toString(),
getClass().getName(), null);
new InitialContext().bind(JNDI_NAME, ref);
}
protected void stopService()
{
try
{
// Remove mapping from JNDI
new InitialContext().unbind(JNDI_NAME);
} catch (Exception e)
{
log.exception(e);
}
}
// ObjectFactory implementation ----------------------------------
public Object getObjectInstance(Object obj,
Name name,
Context nameCtx,
Hashtable environment)
throws Exception
{
// Return the simple realm mapping manager
return srm;
}
}
1.1
jboss/src/main/org/jboss/security/plugins/samples/SimpleRealmMappingServiceMBean.java
Index: SimpleRealmMappingServiceMBean.java
===================================================================
/*
* JBoss, the OpenSource EJB server
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
package org.jboss.security.plugins.samples;
public interface SimpleRealmMappingServiceMBean
extends org.jboss.util.ServiceMBean
{
// Constants -----------------------------------------------------
public static final String OBJECT_NAME = ":service=SimpleRealmMappingFactory";
// Public --------------------------------------------------------
}
1.1
jboss/src/main/org/jboss/security/plugins/samples/SimpleServerLoginModule.java
Index: SimpleServerLoginModule.java
===================================================================
/*
* JBoss, the OpenSource EJB server
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
package org.jboss.security.plugins.samples;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.spi.LoginModule;
/**
* This server login module implements the following simple algorithm:
* if password is null, authenticate the user and assign the "guest" role
* else if password is equal to the user name, assign both "user" and "guest" roles
* else don't authenticate.
*/
public class SimpleServerLoginModule implements LoginModule {
private Subject _subject;
private CallbackHandler _callbackHandler;
// username and password
private String _username;
private char[] _password;
/**
* Initialize this LoginModule.
*/
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map sharedState, Map options) {
_subject = subject;
_callbackHandler = callbackHandler;
}
/**
* Method to authenticate a Subject (phase 1).
*/
public boolean login() throws LoginException {
Callback[] callbacks = new Callback[2];
// prompt for a username and password
if (_callbackHandler == null)
throw new LoginException("Error: no CallbackHandler available " +
"to garner authentication information from the user");
callbacks[0] = new NameCallback("User name: ", "guest");
callbacks[1] = new PasswordCallback("Password: ", false);
try {
_callbackHandler.handle(callbacks);
_username = ((NameCallback)callbacks[0]).getName();
char[] tmpPassword = ((PasswordCallback)callbacks[1]).getPassword();
if (tmpPassword != null) {
_password = new char[tmpPassword.length];
System.arraycopy(tmpPassword, 0, _password, 0, tmpPassword.length);
((PasswordCallback)callbacks[1]).clearPassword();
}
} catch (java.io.IOException ioe) {
throw new LoginException(ioe.toString());
} catch (UnsupportedCallbackException uce) {
throw new LoginException("Error: " + uce.getCallback().toString() +
" not available to garner authentication information " +
"from the user");
}
if (_password != null && !(new String(_password)).equals(_username)) {
throw new FailedLoginException("Password Incorrect");
}
return true;
}
/**
* Method to commit the authentication process (phase 2).
*/
public boolean commit() throws LoginException {
Set roles = _subject.getPublicCredentials();
roles.add("guest");
if (_password != null) {
roles.add("user");
}
return true;
}
/**
* Method to abort the authentication process (phase 2).
*/
public boolean abort() throws LoginException {
_username = null;
if (_password != null) {
for (int i = 0; i < _password.length; i++)
_password[i] = ' ';
_password = null;
}
return true;
}
public boolean logout() throws LoginException {
return true;
}
}
1.1 jboss/src/main/org/jboss/security/plugins/samples/package.html
Index: package.html
===================================================================
Security plugins: sample implementations.
