User: starksm
Date: 01/04/11 19:53:57
Modified: src/main/org/jboss/security/plugins
AbstractServerLoginModule.java
ProxyLoginModule.java
Log:
Rename org.jboss.security.plugins.ProxyLoginModule
Integrate JaasServerLoginModule fix and missing unit test.
Revision Changes Path
1.5 +5 -205
jbosssx/src/main/org/jboss/security/plugins/AbstractServerLoginModule.java
Index: AbstractServerLoginModule.java
===================================================================
RCS file:
/cvsroot/jboss/jbosssx/src/main/org/jboss/security/plugins/AbstractServerLoginModule.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- AbstractServerLoginModule.java 2001/03/29 02:28:38 1.4
+++ AbstractServerLoginModule.java 2001/04/12 02:53:56 1.5
@@ -4,217 +4,17 @@
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
-
package org.jboss.security.plugins;
-
-import java.util.*;
-import java.io.*;
-
-import java.security.Principal;
-import java.security.acl.Group;
-import javax.security.auth.Subject;
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
-import javax.security.auth.callback.UnsupportedCallbackException;
-import javax.security.auth.login.LoginException;
-import javax.security.auth.login.FailedLoginException;
-import javax.security.auth.spi.LoginModule;
-
-import org.jboss.security.NestableGroup;
-import org.jboss.security.SimpleGroup;
-
-/** This class implements the common functionality required for a JAAS
-server side LoginModule and implements the JBossSX standard Subject usage
-pattern of storing identities and roles. Subclass this module to create your
-own custom LoginModule and override the getRoles() and getIdentity()
-methods.
-You may also wish to override
- public void initialize(Subject subject, CallbackHandler callbackHandler, Map
sharedState, Map options)
+/** This module has been renamed to
org.jboss.security.auth.spi.AbstractServerLoginModule
-In which case the first line of your initialize() method should be:
- super.initialize(subject, callbackHandler, sharedState, options);
-You may also wish to override
- public boolean login() throws LoginException
-In which case the last line of your login() method should be
- return super.login();
+@deprecated See {@link org.jboss.security.auth.spi.AbstractServerLoginModule }
which has replaced this module.
@author <a href="[EMAIL PROTECTED]">Edward Kenworthy</a>, 12th Dec
2000
@author [EMAIL PROTECTED]
-@version $Revision: 1.4 $
+@version $Revision: 1.5 $
*/
-public abstract class AbstractServerLoginModule implements LoginModule
+public abstract class AbstractServerLoginModule
+ extends org.jboss.security.auth.spi.AbstractServerLoginModule
{
- protected Subject subject;
- protected CallbackHandler callbackHandler;
- protected Map sharedState;
- protected Map options;
-
- /** Flag indicating if the shared credential should be used */
- protected boolean useFirstPass;
-
-//--- Begin LoginModule interface methods
- /** Initialize the login module. This stores the subject, callbackHandler
- and sharedState and options for the login session.
- @param options,
- @option
- @option password-stacking: if true, the login identity will be taken from
the
- javax.security.auth.login.name value of the sharedState map, and
- the proof of identity from the javax.security.auth.login.password
- value sharedState map.
- */
- public void initialize(Subject subject, CallbackHandler callbackHandler, Map
sharedState, Map options)
- {
- this.subject = subject;
- this.callbackHandler = callbackHandler;
- this.sharedState = sharedState;
- this.options = options;
-
- /* Check for password sharing options. Any non-null value for
- password_stacking sets useFirstPass as this module has no way to
- validate any shared password.
- */
- String passwordStacking = (String) options.get("password-stacking");
- if( passwordStacking != null &&
passwordStacking.equalsIgnoreCase("useFirstPass") )
- useFirstPass = true;
- }
-
- /** Looks for javax.security.auth.login.name and
javax.security.auth.login.password
- values in the sharedState map if the useFirstPass option was true and
returns
- true if they exist. If they do not or are null this method returns false.
- */
- public boolean login() throws LoginException
- {
- // If useFirstPass is true, look for the shared password
- if( useFirstPass == true )
- {
- try
- {
- Object identity = sharedState.get("javax.security.auth.login.name");
- Object credential =
sharedState.get("javax.security.auth.login.password");
- if( identity != null && credential != null )
- return true;
- // Else, fall through and perform the login
- }
- catch(Exception e)
- { // Dump the exception and continue
- e.printStackTrace();
- }
- }
-
- return false;
- }
-
- /** Method to commit the authentication process (phase 2).
- It adds the getIdentity() value to the subject getPrincipals() Set.
- It also adds the members of each Group returned by getRoleSets()
- to the subject getPrincipals() Set.
-
- @see javax.security.auth.Subject;
- @see java.security.acl.Group;
- @return true always.
- */
- public boolean commit() throws LoginException
- {
- Set principals = subject.getPrincipals();
- Principal identity = getIdentity();
- principals.add(identity);
- Group[] roleSets = getRoleSets();
- for(int g = 0; g < roleSets.length; g ++)
- {
- Group group = roleSets[g];
- String name = group.getName();
- Group subjectGroup = createGroup(name, principals);
- if( subjectGroup instanceof NestableGroup )
- {
- /* A NestableGroup only allows Groups to be added to it so we
- need to add a SimpleGroup to subjectRoles to contain the roles
- */
- SimpleGroup tmp = new SimpleGroup("Roles");
- subjectGroup.addMember(tmp);
- subjectGroup = tmp;
- }
- // Copy the group members to the Subject group
- Enumeration members = group.members();
- while( members.hasMoreElements() )
- {
- Principal role = (Principal) members.nextElement();
- subjectGroup.addMember(role);
- }
- }
- return true;
- }
-
- /** Method to abort the authentication process (phase 2).
- @return true alaways
- */
- public boolean abort() throws LoginException
- {
- return true;
- }
-
- /** Remove the user identity and roles added to the Subject during commit.
- @return true always.
- */
- public boolean logout() throws LoginException
- {
- // Remove the user identity
- Principal identity = getIdentity();
- Set principals = subject.getPrincipals();
- principals.remove(identity);
- // Remove any added Groups...
- return true;
- }
-//--- End LoginModule interface methods
-
-// --- Protected methods
-
- /** Overriden by subclasses to return the Principal that corresponds to
- the user primary identity.
- */
- abstract protected Principal getIdentity();
- /** Overriden by subclasses to return the Groups that correspond to the
- to the role sets assigned to the user. Subclasses should create at
- least a Group named "Roles" that contains the roles assigned to the user.
- A second common group is "CallerPrincipal" that provides the application
- identity of the user rather than the security domain identity.
- @return Group[] containing the sets of roles
- */
- abstract protected Group[] getRoleSets() throws LoginException;
-
- protected boolean getUseFirstPass()
- {
- return useFirstPass;
- }
-
- /** Find or create a Group with the given name. Subclasses should use this
- method to locate the 'Roles' group or create additional types of groups.
- @return A named Group from the principals set.
- */
- protected Group createGroup(String name, Set principals)
- {
- Group roles = null;
- Iterator iter = principals.iterator();
- while( iter.hasNext() )
- {
- Object next = iter.next();
- if( (next instanceof Group) == false )
- continue;
- Group grp = (Group) next;
- if( grp.getName().equals(name) )
- {
- roles = grp;
- break;
- }
- }
- // If we did not find a group create one
- if( roles == null )
- {
- roles = new NestableGroup(name);
- principals.add(roles);
- }
- return roles;
- }
}
1.3 +4 -102
jbosssx/src/main/org/jboss/security/plugins/ProxyLoginModule.java
Index: ProxyLoginModule.java
===================================================================
RCS file:
/cvsroot/jboss/jbosssx/src/main/org/jboss/security/plugins/ProxyLoginModule.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- ProxyLoginModule.java 2001/03/21 08:47:44 1.2
+++ ProxyLoginModule.java 2001/04/12 02:53:57 1.3
@@ -6,112 +6,14 @@
*/
package org.jboss.security.plugins;
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.Map;
-import java.util.Set;
+/** This module has been renamed to org.jboss.security.auth.spi.ProxyLoginModule.
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.Callback;
-import javax.security.auth.login.LoginException;
-import javax.security.auth.spi.LoginModule;
+@deprecated See {@link org.jboss.security.auth.spi.ProxyLoginModule} which has
replaced this module.
-/** A proxy LoginModule that loads a delegate LoginModule using
-the current thread context class loader. The purpose of this
-module is to work around the current JAAS class loader limitation
-that requires LoginModules to be on the classpath. Some LoginModules
-use core JBoss classes that would have to be moved into the jboss-jaas.jar
-and packaging becomes a mess. Instead, these LoginModules are left
-in the jbosssx.jar and the ProxyLoginModule is used to bootstrap
-the non-classpath LoginModule.
-
@author [EMAIL PROTECTED]
-@version $Revision: 1.2 $
+@version $Revision: 1.3 $
*/
-public class ProxyLoginModule implements LoginModule
+public class ProxyLoginModule extends org.jboss.security.auth.spi.ProxyLoginModule
{
- private String moduleName;
- private LoginModule delegate;
-
- public ProxyLoginModule()
- {
- }
-
-// --- Begin LoginModule interface methods
- /** Initialize this LoginModule. This method loads the LoginModule
- specified by the moduleName option using the current thread
- context class loader and then delegates the initialize call
- to it.
-
- @param options, include:
- moduleName: the classname of the module that this proxy module
- delegates all calls to.
- */
- public void initialize(Subject subject, CallbackHandler callbackHandler, Map
sharedState, Map options)
- {
- moduleName = (String) options.get("moduleName");
- if( moduleName == null )
- {
- System.out.println("Required moduleName option not given");
- return;
- }
-
- // Load the delegate module using the thread class loader
- ClassLoader loader = Thread.currentThread().getContextClassLoader();
- try
- {
- Class clazz = loader.loadClass(moduleName);
- delegate = (LoginModule) clazz.newInstance();
- }
- catch(Throwable t)
- {
- System.out.println("ProxyLoginModule failed to load: "+moduleName);
- t.printStackTrace();
- return;
- }
-
- delegate.initialize(subject, callbackHandler, sharedState, options);
- }
-
- /** Perform the login. If either the moduleName option was not
- specified or the module could not be loaded in initalize(),
- this method throws a LoginException.
- @exception LoginException, throw in the delegate login module failed.
- */
- public boolean login() throws LoginException
- {
- if( moduleName == null )
- throw new LoginException("Required moduleName option not given");
- if( delegate == null )
- throw new LoginException("Failed to load LoginModule: "+moduleName);
-
- return delegate.login();
- }
-
- public boolean commit() throws LoginException
- {
- boolean ok = false;
- if( delegate != null )
- ok = delegate.commit();
- return ok;
- }
-
- public boolean abort() throws LoginException
- {
- boolean ok = true;
- if( delegate != null )
- ok = delegate.abort();
- return ok;
- }
-
- public boolean logout() throws LoginException
- {
- boolean ok = true;
- if( delegate != null )
- ok = delegate.logout();
- return ok;
- }
-// --- End LoginModule interface methods
}
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-development
