User: stark
Date: 01/03/06 00:35:29
Modified: src/main/org/jboss/security/plugins
AbstractServerLoginModule.java
JaasSecurityManager.java
Log:
Added srp package that was missed. Updated AbstractServerLoginModule to
support password stacking. Updated RolesLoginModule to use existing
Groups. Updated JaasSecurityManager to operate correctly as a role-mapping
only manager when so configured.
Revision Changes Path
1.2 +47 -4
jbosssx/src/main/org/jboss/security/plugins/AbstractServerLoginModule.java
Index: AbstractServerLoginModule.java
===================================================================
RCS file:
/products/cvs/ejboss/jbosssx/src/main/org/jboss/security/plugins/AbstractServerLoginModule.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- AbstractServerLoginModule.java 2001/03/05 09:53:31 1.1
+++ AbstractServerLoginModule.java 2001/03/06 08:35:28 1.2
@@ -59,23 +59,50 @@
{
private Subject _subject;
private CallbackHandler _callbackHandler;
+ private Map _sharedState;
+ /** Flag indicating if the shared password should be used */
+ private boolean _useFirstPass;
+
// username and password
private String _username;
- protected String getUsername() {return _username;}
private char[] _password;
-
- abstract protected Enumeration getUsersRoles();
- abstract protected String getUsersPassword();
+//--- Begin LoginModule interface methods
public void initialize(Subject subject, CallbackHandler callbackHandler, Map
sharedState, Map options)
{
_subject = subject;
_callbackHandler = callbackHandler;
+ _sharedState = sharedState;
+
+ /* Check for password sharing options. Any non-null value for
+ password_stacking sets useFirstPass as this module has no way to
+ validate any shared password.
+ */
+ String passwordStacking = (String) options.get("password-stacking");
+ if( passwordStacking != null &&
passwordStacking.equalsIgnoreCase("useFirstPass") )
+ _useFirstPass = true;
}
public boolean login() throws LoginException
{
+ // If useFirstPass is true, look for the shared password
+ if( _useFirstPass == true )
+ {
+ try
+ {
+ _username = (String)
_sharedState.get("javax.security.auth.login.name");
+ _password = (char[])
_sharedState.get("javax.security.auth.login.password");
+ if( _username != null && _password != null )
+ return true;
+ // Else, fall through and perform the login
+ }
+ catch(Exception e)
+ { // Dump the exception and continue
+ e.printStackTrace();
+ }
+ }
+
Callback[] callbacks = new Callback[2];
// prompt for a username and password
if (_callbackHandler == null)
@@ -114,6 +141,13 @@
throw new FailedLoginException("Password Incorrect/Password Required");
}
System.out.print("[JAASSecurity] User '" + _username + "'
authenticated.\n");
+
+ if( _useFirstPass == true )
+ { // Add the username and password to the shared state map
+ _sharedState.put("javax.security.auth.login.name", _username);
+ _sharedState.put("javax.security.auth.login.password", _password);
+ }
+
return true;
}
@@ -170,4 +204,13 @@
{
return true;
}
+//--- End LoginModule interface methods
+
+// --- Protected methods
+
+ abstract protected Enumeration getUsersRoles();
+ abstract protected String getUsersPassword();
+
+ protected String getUsername() {return _username;}
+
}
1.2 +35 -14
jbosssx/src/main/org/jboss/security/plugins/JaasSecurityManager.java
Index: JaasSecurityManager.java
===================================================================
RCS file:
/products/cvs/ejboss/jbosssx/src/main/org/jboss/security/plugins/JaasSecurityManager.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- JaasSecurityManager.java 2001/03/05 09:53:31 1.1
+++ JaasSecurityManager.java 2001/03/06 08:35:28 1.2
@@ -31,6 +31,7 @@
import org.jboss.security.AuthenticationInfo;
import org.jboss.security.EJBSecurityManager;
import org.jboss.security.RealmMapping;
+import org.jboss.security.SecurityAssociation;
import org.jboss.security.SecurityPolicy;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.SubjectSecurityManager;
@@ -50,7 +51,7 @@
@author <a href="[EMAIL PROTECTED]">Oleg Nitz</a>
@author [EMAIL PROTECTED]
-@version $Revision: 1.1 $
+@version $Revision: 1.2 $
*/
public class JaasSecurityManager implements SubjectSecurityManager, RealmMapping
{
@@ -175,13 +176,10 @@
}
/** Does the current Subject have a role(a Principal) that equates to one
- of the role names. This method obtains the Principal set from
- the currently authenticated Subject and then creates a SimplePrincipal
- for each name in roleNames. If the role is in the Subject
- Principal set the user has the role. If the role is not in the set,
- the set of Principals that are also Groups is obtained and each
- group is queried to see if the role is a member.
-
+ of the role names. This method obtains the Group named 'Roles' from
+ the principal set of the currently authenticated Subject and then
+ creates a SimplePrincipal for each name in roleNames. If the role is
+ a member of the Roles group, then the user has the role.
@param principal, ignored. The current authenticated Subject determines
the active user and assigned user roles.
@param roleNames, a set of String names for the roles to check.
@@ -193,9 +191,35 @@
{
boolean hasRole = false;
Subject subject = getActiveSubject();
- if( subject != null && domainCache != null )
+ if( subject != null )
{
- DomainInfo info = (DomainInfo) domainCache.get(principal);
+ DomainInfo info = null;
+ if( domainCache != null )
+ info = (DomainInfo) domainCache.get(principal);
+ if( info == null )
+ { /* If there is no domain cache then this subject mgr is being used
+ for role mapping only and the subject has been authenticated by
+ some other mgr. We have to authenticate against this domain to
+ obtain the subject roles and then restore the current subject.
+ */
+ try
+ {
+ Object credential = SecurityAssociation.getCredential();
+ if( authenticate(principal, credential) == false )
+ { /* The subject does not authenticate across domains,
+ we can't do role mapping */
+ System.out.println("Warning, "+securityDomain+" could not
perform role mapping for: "+principal);
+ return false;
+ }
+ if( domainCache != null )
+ info = (DomainInfo) domainCache.get(principal);
+ }
+ finally
+ {
+ activeSubject.set(subject);
+ }
+ }
+
Group roles = null;
if( info != null )
roles = info.roles;
@@ -210,7 +234,6 @@
}
}
}
-System.out.println("hasRole = "+hasRole);
return hasRole;
}
@@ -258,13 +281,11 @@
private Subject defaultLogin(Principal principal, Object credential)
throws LoginException
{
- // We our internal CallbackHandler to provide the security info
+ // We use our internal CallbackHandler to provide the security info
handler.setSecurityInfo(principal, credential);
Subject subject = new Subject();
LoginContext lc = new LoginContext(securityDomain, subject, handler);
lc.login();
- Subject lcSubject = lc.getSubject();
-System.out.println("JaasSecurityManager, subject == lcSubject: "+(subject ==
lcSubject));
return subject;
}
