User: stark
Date: 01/02/08 13:22:04
Modified: src/main/org/jboss/security ClientLoginModule.java
Log:
Add support for password-stacking option to allow previous login modules
shared username and credentials to be passed to JBoss without invoking
a CallbackHandler.
Revision Changes Path
1.7 +55 -13 jboss/src/main/org/jboss/security/ClientLoginModule.java
Index: ClientLoginModule.java
===================================================================
RCS file:
/products/cvs/ejboss/jboss/src/main/org/jboss/security/ClientLoginModule.java,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- ClientLoginModule.java 2001/01/24 02:59:40 1.6
+++ ClientLoginModule.java 2001/02/08 21:22:04 1.7
@@ -24,22 +24,38 @@
filled in by the CallbackHandler, and the SecurityAssociation credential
to the value of the PasswordCallback filled in by the CallbackHandler.
-It has one option: multi-threaded=[true|false]
+It has the following options:
+<ul>
+<li>multi-threaded=[true|false]
When the multi-threaded option is set to true, the SecurityAssociation.setServer()
so that each login thread has its own principal and credential storage.
+<li>password-stacking=tryFirstPass|useFirstPass
+When password-stacking option is set, this module first looks for a shared
+username and password using "javax.security.auth.login.name" and
+"javax.security.auth.login.password" respectively. This allows a module configured
+prior to this one to establish a valid username and password that should be passed
+to JBoss.
+</ul>
@author <a href="mailto:[EMAIL PROTECTED]">Oleg Nitz</a>
@author [EMAIL PROTECTED]
*/
-public class ClientLoginModule implements LoginModule {
+public class ClientLoginModule implements LoginModule
+{
private CallbackHandler _callbackHandler;
+ /** Shared state between login modules */
+ private Map _sharedState;
+ /** Flag indicating if the shared password should be used */
+ private boolean _useFirstPass;
/**
* Initialize this LoginModule.
*/
public void initialize(Subject subject, CallbackHandler callbackHandler,
- Map sharedState, Map options) {
- _callbackHandler = callbackHandler;
+ Map sharedState, Map options)
+ {
+ this._callbackHandler = callbackHandler;
+ this._sharedState = sharedState;
// Check for multi-threaded option
String mt = (String) options.get("multi-threaded");
if( mt != null && Boolean.valueOf(mt).booleanValue() == true )
@@ -48,34 +64,60 @@
*/
SecurityAssociation.setServer();
}
+
+ /* Check for password sharing options. Any non-null value for
+ password_stacking sets useFirstPass as this module has no way to
+ validate any shared password.
+ */
+ String passwordStacking = (String) options.get("password-stacking");
+ _useFirstPass = passwordStacking != null;
}
/**
* Method to authenticate a Subject (phase 1).
*/
- public boolean login() throws LoginException {
- Callback[] callbacks = new Callback[2];
-
- // prompt for a username and password
+ public boolean login() throws LoginException
+ {
+ // If useFirstPass is true, look for the shared password
+ if( _useFirstPass == true )
+ {
+ try
+ {
+ String username = (String)
_sharedState.get("javax.security.auth.login.name");
+ Object credential =
_sharedState.get("javax.security.auth.login.password");
+ SecurityAssociation.setPrincipal(new SimplePrincipal(username));
+ SecurityAssociation.setCredential(credential);
+ return true;
+ }
+ catch(Exception e)
+ { // Dump the exception and continue
+ e.printStackTrace();
+ }
+ }
+
+ /* There is no password sharing or we are the first login module. Get
+ the username and password from the callback hander.
+ */
if (_callbackHandler == null)
throw new LoginException("Error: no CallbackHandler available " +
"to garner authentication information from the user");
- callbacks[0] = new NameCallback("User name: ", "guest");
- callbacks[1] = new PasswordCallback("Password: ", false);
+ PasswordCallback pc = new PasswordCallback("Password: ", false);
+ NameCallback nc = new NameCallback("User name: ", "guest");
+ Callback[] callbacks = {nc, pc};
try {
String username;
char[] password = null;
char[] tmpPassword;
_callbackHandler.handle(callbacks);
- username = ((NameCallback)callbacks[0]).getName();
+ username = nc.getName();
SecurityAssociation.setPrincipal(new SimplePrincipal(username));
- tmpPassword = ((PasswordCallback)callbacks[1]).getPassword();
+ tmpPassword = pc.getPassword();
if (tmpPassword != null) {
password = new char[tmpPassword.length];
System.arraycopy(tmpPassword, 0, password, 0, tmpPassword.length);
- ((PasswordCallback)callbacks[1]).clearPassword();
+ pc.clearPassword();
}
SecurityAssociation.setCredential(password);
} catch (java.io.IOException ioe) {
