User: starksm Date: 01/04/11 19:53:57 Modified: src/main/org/jboss/security/plugins AbstractServerLoginModule.java ProxyLoginModule.java Log: Rename org.jboss.security.plugins.ProxyLoginModule Integrate JaasServerLoginModule fix and missing unit test. Revision Changes Path 1.5 +5 -205 jbosssx/src/main/org/jboss/security/plugins/AbstractServerLoginModule.java Index: AbstractServerLoginModule.java =================================================================== RCS file: /cvsroot/jboss/jbosssx/src/main/org/jboss/security/plugins/AbstractServerLoginModule.java,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- AbstractServerLoginModule.java 2001/03/29 02:28:38 1.4 +++ AbstractServerLoginModule.java 2001/04/12 02:53:56 1.5 @@ -4,217 +4,17 @@ * Distributable under LGPL license. * See terms of license at gnu.org. */ - package org.jboss.security.plugins; - -import java.util.*; -import java.io.*; - -import java.security.Principal; -import java.security.acl.Group; -import javax.security.auth.Subject; -import javax.security.auth.callback.Callback; -import javax.security.auth.callback.CallbackHandler; -import javax.security.auth.callback.NameCallback; -import javax.security.auth.callback.PasswordCallback; -import javax.security.auth.callback.UnsupportedCallbackException; -import javax.security.auth.login.LoginException; -import javax.security.auth.login.FailedLoginException; -import javax.security.auth.spi.LoginModule; - -import org.jboss.security.NestableGroup; -import org.jboss.security.SimpleGroup; - -/** This class implements the common functionality required for a JAAS -server side LoginModule and implements the JBossSX standard Subject usage -pattern of storing identities and roles. Subclass this module to create your -own custom LoginModule and override the getRoles() and getIdentity() -methods. -You may also wish to override - public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) +/** This module has been renamed to org.jboss.security.auth.spi.AbstractServerLoginModule -In which case the first line of your initialize() method should be: - super.initialize(subject, callbackHandler, sharedState, options); -You may also wish to override - public boolean login() throws LoginException -In which case the last line of your login() method should be - return super.login(); +@deprecated See {@link org.jboss.security.auth.spi.AbstractServerLoginModule } which has replaced this module. @author <a href="[EMAIL PROTECTED]">Edward Kenworthy</a>, 12th Dec 2000 @author [EMAIL PROTECTED] -@version $Revision: 1.4 $ +@version $Revision: 1.5 $ */ -public abstract class AbstractServerLoginModule implements LoginModule +public abstract class AbstractServerLoginModule + extends org.jboss.security.auth.spi.AbstractServerLoginModule { - protected Subject subject; - protected CallbackHandler callbackHandler; - protected Map sharedState; - protected Map options; - - /** Flag indicating if the shared credential should be used */ - protected boolean useFirstPass; - -//--- Begin LoginModule interface methods - /** Initialize the login module. This stores the subject, callbackHandler - and sharedState and options for the login session. - @param options, - @option - @option password-stacking: if true, the login identity will be taken from the - javax.security.auth.login.name value of the sharedState map, and - the proof of identity from the javax.security.auth.login.password - value sharedState map. - */ - public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) - { - this.subject = subject; - this.callbackHandler = callbackHandler; - this.sharedState = sharedState; - this.options = options; - - /* Check for password sharing options. Any non-null value for - password_stacking sets useFirstPass as this module has no way to - validate any shared password. - */ - String passwordStacking = (String) options.get("password-stacking"); - if( passwordStacking != null && passwordStacking.equalsIgnoreCase("useFirstPass") ) - useFirstPass = true; - } - - /** Looks for javax.security.auth.login.name and javax.security.auth.login.password - values in the sharedState map if the useFirstPass option was true and returns - true if they exist. If they do not or are null this method returns false. - */ - public boolean login() throws LoginException - { - // If useFirstPass is true, look for the shared password - if( useFirstPass == true ) - { - try - { - Object identity = sharedState.get("javax.security.auth.login.name"); - Object credential = sharedState.get("javax.security.auth.login.password"); - if( identity != null && credential != null ) - return true; - // Else, fall through and perform the login - } - catch(Exception e) - { // Dump the exception and continue - e.printStackTrace(); - } - } - - return false; - } - - /** Method to commit the authentication process (phase 2). - It adds the getIdentity() value to the subject getPrincipals() Set. - It also adds the members of each Group returned by getRoleSets() - to the subject getPrincipals() Set. - - @see javax.security.auth.Subject; - @see java.security.acl.Group; - @return true always. - */ - public boolean commit() throws LoginException - { - Set principals = subject.getPrincipals(); - Principal identity = getIdentity(); - principals.add(identity); - Group[] roleSets = getRoleSets(); - for(int g = 0; g < roleSets.length; g ++) - { - Group group = roleSets[g]; - String name = group.getName(); - Group subjectGroup = createGroup(name, principals); - if( subjectGroup instanceof NestableGroup ) - { - /* A NestableGroup only allows Groups to be added to it so we - need to add a SimpleGroup to subjectRoles to contain the roles - */ - SimpleGroup tmp = new SimpleGroup("Roles"); - subjectGroup.addMember(tmp); - subjectGroup = tmp; - } - // Copy the group members to the Subject group - Enumeration members = group.members(); - while( members.hasMoreElements() ) - { - Principal role = (Principal) members.nextElement(); - subjectGroup.addMember(role); - } - } - return true; - } - - /** Method to abort the authentication process (phase 2). - @return true alaways - */ - public boolean abort() throws LoginException - { - return true; - } - - /** Remove the user identity and roles added to the Subject during commit. - @return true always. - */ - public boolean logout() throws LoginException - { - // Remove the user identity - Principal identity = getIdentity(); - Set principals = subject.getPrincipals(); - principals.remove(identity); - // Remove any added Groups... - return true; - } -//--- End LoginModule interface methods - -// --- Protected methods - - /** Overriden by subclasses to return the Principal that corresponds to - the user primary identity. - */ - abstract protected Principal getIdentity(); - /** Overriden by subclasses to return the Groups that correspond to the - to the role sets assigned to the user. Subclasses should create at - least a Group named "Roles" that contains the roles assigned to the user. - A second common group is "CallerPrincipal" that provides the application - identity of the user rather than the security domain identity. - @return Group[] containing the sets of roles - */ - abstract protected Group[] getRoleSets() throws LoginException; - - protected boolean getUseFirstPass() - { - return useFirstPass; - } - - /** Find or create a Group with the given name. Subclasses should use this - method to locate the 'Roles' group or create additional types of groups. - @return A named Group from the principals set. - */ - protected Group createGroup(String name, Set principals) - { - Group roles = null; - Iterator iter = principals.iterator(); - while( iter.hasNext() ) - { - Object next = iter.next(); - if( (next instanceof Group) == false ) - continue; - Group grp = (Group) next; - if( grp.getName().equals(name) ) - { - roles = grp; - break; - } - } - // If we did not find a group create one - if( roles == null ) - { - roles = new NestableGroup(name); - principals.add(roles); - } - return roles; - } } 1.3 +4 -102 jbosssx/src/main/org/jboss/security/plugins/ProxyLoginModule.java Index: ProxyLoginModule.java =================================================================== RCS file: /cvsroot/jboss/jbosssx/src/main/org/jboss/security/plugins/ProxyLoginModule.java,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- ProxyLoginModule.java 2001/03/21 08:47:44 1.2 +++ ProxyLoginModule.java 2001/04/12 02:53:57 1.3 @@ -6,112 +6,14 @@ */ package org.jboss.security.plugins; -import java.io.IOException; -import java.io.InputStream; -import java.util.Map; -import java.util.Set; +/** This module has been renamed to org.jboss.security.auth.spi.ProxyLoginModule. -import javax.security.auth.Subject; -import javax.security.auth.callback.CallbackHandler; -import javax.security.auth.callback.Callback; -import javax.security.auth.login.LoginException; -import javax.security.auth.spi.LoginModule; +@deprecated See {@link org.jboss.security.auth.spi.ProxyLoginModule} which has replaced this module. -/** A proxy LoginModule that loads a delegate LoginModule using -the current thread context class loader. The purpose of this -module is to work around the current JAAS class loader limitation -that requires LoginModules to be on the classpath. Some LoginModules -use core JBoss classes that would have to be moved into the jboss-jaas.jar -and packaging becomes a mess. Instead, these LoginModules are left -in the jbosssx.jar and the ProxyLoginModule is used to bootstrap -the non-classpath LoginModule. - @author [EMAIL PROTECTED] -@version $Revision: 1.2 $ +@version $Revision: 1.3 $ */ -public class ProxyLoginModule implements LoginModule +public class ProxyLoginModule extends org.jboss.security.auth.spi.ProxyLoginModule { - private String moduleName; - private LoginModule delegate; - - public ProxyLoginModule() - { - } - -// --- Begin LoginModule interface methods - /** Initialize this LoginModule. This method loads the LoginModule - specified by the moduleName option using the current thread - context class loader and then delegates the initialize call - to it. - - @param options, include: - moduleName: the classname of the module that this proxy module - delegates all calls to. - */ - public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) - { - moduleName = (String) options.get("moduleName"); - if( moduleName == null ) - { - System.out.println("Required moduleName option not given"); - return; - } - - // Load the delegate module using the thread class loader - ClassLoader loader = Thread.currentThread().getContextClassLoader(); - try - { - Class clazz = loader.loadClass(moduleName); - delegate = (LoginModule) clazz.newInstance(); - } - catch(Throwable t) - { - System.out.println("ProxyLoginModule failed to load: "+moduleName); - t.printStackTrace(); - return; - } - - delegate.initialize(subject, callbackHandler, sharedState, options); - } - - /** Perform the login. If either the moduleName option was not - specified or the module could not be loaded in initalize(), - this method throws a LoginException. - @exception LoginException, throw in the delegate login module failed. - */ - public boolean login() throws LoginException - { - if( moduleName == null ) - throw new LoginException("Required moduleName option not given"); - if( delegate == null ) - throw new LoginException("Failed to load LoginModule: "+moduleName); - - return delegate.login(); - } - - public boolean commit() throws LoginException - { - boolean ok = false; - if( delegate != null ) - ok = delegate.commit(); - return ok; - } - - public boolean abort() throws LoginException - { - boolean ok = true; - if( delegate != null ) - ok = delegate.abort(); - return ok; - } - - public boolean logout() throws LoginException - { - boolean ok = true; - if( delegate != null ) - ok = delegate.logout(); - return ok; - } -// --- End LoginModule interface methods } _______________________________________________ Jboss-development mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-development