User: starksm
Date: 02/02/08 15:56:47
Modified: src/main/org/jboss/security/auth/spi
AbstractServerLoginModule.java AnonLoginModule.java
DatabaseServerLoginModule.java
IdentityLoginModule.java LdapLoginModule.java
ProxyLoginModule.java SimpleServerLoginModule.java
UsernamePasswordLoginModule.java
UsersRolesLoginModule.java
Log:
Synch with changes in the 2.4 branch
Revision Changes Path
1.6 +74 -77
jbosssx/src/main/org/jboss/security/auth/spi/AbstractServerLoginModule.java
Index: AbstractServerLoginModule.java
===================================================================
RCS file:
/cvsroot/jboss/jbosssx/src/main/org/jboss/security/auth/spi/AbstractServerLoginModule.java,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- AbstractServerLoginModule.java 19 Dec 2001 02:29:39 -0000 1.5
+++ AbstractServerLoginModule.java 8 Feb 2002 23:56:47 -0000 1.6
@@ -1,10 +1,9 @@
/*
- * JBoss, the OpenSource EJB server
+ * JBoss, the OpenSource WebOS
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
-
package org.jboss.security.auth.spi;
import java.util.*;
@@ -13,15 +12,19 @@
import java.security.Principal;
import java.security.acl.Group;
import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
+import javax.security.auth.login.FailedLoginException;
import javax.security.auth.spi.LoginModule;
+import org.jboss.logging.Logger;
import org.jboss.security.NestableGroup;
import org.jboss.security.SimpleGroup;
-import org.jboss.logging.Logger;
-
/**
* This class implements the common functionality required for a JAAS
* server side LoginModule and implements the JBossSX standard Subject usage
@@ -48,8 +51,8 @@
* </pre>
*
*@author <a href="[EMAIL PROTECTED]">Edward Kenworthy</a>, 12th
Dec 2000
- *@author [EMAIL PROTECTED]
- *@version $Revision: 1.5 $
+ *@author [EMAIL PROTECTED]
+ *@version $Revision: 1.6 $
*/
public abstract class AbstractServerLoginModule implements LoginModule
{
@@ -57,14 +60,12 @@
protected CallbackHandler callbackHandler;
protected Map sharedState;
protected Map options;
-
+ protected Logger log;
+
/** Flag indicating if the shared credential should be used */
protected boolean useFirstPass;
-
- protected final Logger log = Logger.getLogger(getClass().getName());
-
+
//--- Begin LoginModule interface methods
-
/**
* Initialize the login module. This stores the subject, callbackHandler
* and sharedState and options for the login session. Subclasses should override
@@ -89,98 +90,100 @@
this.callbackHandler = callbackHandler;
this.sharedState = sharedState;
this.options = options;
-
+ log = Logger.getLogger(getClass());
+ log.trace("initialize");
/* Check for password sharing options. Any non-null value for
password_stacking sets useFirstPass as this module has no way to
validate any shared password.
*/
- String passwordStacking = (String)options.get("password-stacking");
- if(passwordStacking != null &&
passwordStacking.equalsIgnoreCase("useFirstPass"))
+ String passwordStacking = (String) options.get("password-stacking");
+ if( passwordStacking != null &&
passwordStacking.equalsIgnoreCase("useFirstPass") )
useFirstPass = true;
}
-
- /**
- * Looks for javax.security.auth.login.name and
javax.security.auth.login.password
- * values in the sharedState map if the useFirstPass option was true and returns
- * true if they exist. If they do not or are null this method returns false.
+
+ /** Looks for javax.security.auth.login.name and
javax.security.auth.login.password
+ values in the sharedState map if the useFirstPass option was true and returns
+ true if they exist. If they do not or are null this method returns false.
*/
public boolean login() throws LoginException
{
- // If useFirstPass is true, look for the shared password
- if(useFirstPass == true)
+ log.trace("login");
+ // If useFirstPass is true, look for the shared password
+ if( useFirstPass == true )
{
try
{
Object identity = sharedState.get("javax.security.auth.login.name");
Object credential =
sharedState.get("javax.security.auth.login.password");
- if(identity != null && credential != null)
+ if( identity != null && credential != null )
return true;
- // Else, fall through and perform the login
+ // Else, fall through and perform the login
}
catch(Exception e)
- { // Dump the exception and continue
- e.printStackTrace();
+ { // Dump the exception and continue
+ log.error("login failed", e);
}
}
+
return false;
}
-
- /**
- * Method to commit the authentication process (phase 2).
- * It adds the getIdentity() value to the subject getPrincipals() Set.
- * It also adds the members of each Group returned by getRoleSets()
- * to the subject getPrincipals() Set.
- *
- * @see javax.security.auth.Subject;
- * @see java.security.acl.Group;
- * @return true always.
+
+ /** Method to commit the authentication process (phase 2).
+ It adds the getIdentity() value to the subject getPrincipals() Set.
+ It also adds the members of each Group returned by getRoleSets()
+ to the subject getPrincipals() Set.
+
+ @see javax.security.auth.Subject;
+ @see java.security.acl.Group;
+ @return true always.
*/
public boolean commit() throws LoginException
{
+ log.trace("commit");
Set principals = subject.getPrincipals();
Principal identity = getIdentity();
principals.add(identity);
Group[] roleSets = getRoleSets();
- for(int g = 0; g < roleSets.length; g++)
+ for(int g = 0; g < roleSets.length; g ++)
{
Group group = roleSets[g];
String name = group.getName();
Group subjectGroup = createGroup(name, principals);
- if(subjectGroup instanceof NestableGroup)
+ if( subjectGroup instanceof NestableGroup )
{
- /* A NestableGroup only allows Groups to be added to it so we
+ /* A NestableGroup only allows Groups to be added to it so we
need to add a SimpleGroup to subjectRoles to contain the roles
- */
+ */
SimpleGroup tmp = new SimpleGroup("Roles");
subjectGroup.addMember(tmp);
subjectGroup = tmp;
}
// Copy the group members to the Subject group
Enumeration members = group.members();
- while(members.hasMoreElements())
+ while( members.hasMoreElements() )
{
- Principal role = (Principal)members.nextElement();
+ Principal role = (Principal) members.nextElement();
subjectGroup.addMember(role);
}
}
return true;
}
-
- /**
- * Method to abort the authentication process (phase 2).
- * @return true alaways
+
+ /** Method to abort the authentication process (phase 2).
+ @return true alaways
*/
public boolean abort() throws LoginException
{
+ log.trace("abort");
return true;
}
-
- /**
- * Remove the user identity and roles added to the Subject during commit.
- * @return true always.
+
+ /** Remove the user identity and roles added to the Subject during commit.
+ @return true always.
*/
public boolean logout() throws LoginException
{
+ log.trace("logout");
// Remove the user identity
Principal identity = getIdentity();
Set principals = subject.getPrincipals();
@@ -188,56 +191,50 @@
// Remove any added Groups...
return true;
}
-//--- End LoginModule interface methods
-
-// --- Protected methods
-
- /**
- * Overriden by subclasses to return the Principal that corresponds to
- * the user primary identity.
+ //--- End LoginModule interface methods
+
+ // --- Protected methods
+
+ /** Overriden by subclasses to return the Principal that corresponds to
+ the user primary identity.
*/
abstract protected Principal getIdentity();
-
- /**
- * Overriden by subclasses to return the Groups that correspond to the
- * to the role sets assigned to the user. Subclasses should create at
- * least a Group named "Roles" that contains the roles assigned to the user.
- * A second common group is "CallerPrincipal" that provides the application
- * identity of the user rather than the security domain identity.
- *
- * @return Group[] containing the sets of roles
+ /** Overriden by subclasses to return the Groups that correspond to the
+ to the role sets assigned to the user. Subclasses should create at
+ least a Group named "Roles" that contains the roles assigned to the user.
+ A second common group is "CallerPrincipal" that provides the application
+ identity of the user rather than the security domain identity.
+ @return Group[] containing the sets of roles
*/
abstract protected Group[] getRoleSets() throws LoginException;
-
+
protected boolean getUseFirstPass()
{
return useFirstPass;
}
-
- /**
- * Find or create a Group with the given name. Subclasses should use this
- * method to locate the 'Roles' group or create additional types of groups.
- *
- * @return A named Group from the principals set.
+
+ /** Find or create a Group with the given name. Subclasses should use this
+ method to locate the 'Roles' group or create additional types of groups.
+ @return A named Group from the principals set.
*/
protected Group createGroup(String name, Set principals)
{
Group roles = null;
Iterator iter = principals.iterator();
- while(iter.hasNext())
+ while( iter.hasNext() )
{
Object next = iter.next();
- if((next instanceof Group) == false)
+ if( (next instanceof Group) == false )
continue;
- Group grp = (Group)next;
- if(grp.getName().equals(name))
+ Group grp = (Group) next;
+ if( grp.getName().equals(name) )
{
roles = grp;
break;
}
}
// If we did not find a group create one
- if(roles == null)
+ if( roles == null )
{
roles = new NestableGroup(name);
principals.add(roles);
1.5 +3 -3
jbosssx/src/main/org/jboss/security/auth/spi/AnonLoginModule.java
Index: AnonLoginModule.java
===================================================================
RCS file:
/cvsroot/jboss/jbosssx/src/main/org/jboss/security/auth/spi/AnonLoginModule.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- AnonLoginModule.java 17 Dec 2001 00:47:23 -0000 1.4
+++ AnonLoginModule.java 8 Feb 2002 23:56:47 -0000 1.5
@@ -1,5 +1,5 @@
/*
- * JBoss, the OpenSource EJB server
+ * JBoss, the OpenSource WebOS
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
@@ -17,8 +17,8 @@
* A simple login module that simply allows for the specification of the
* identity of unauthenticated users via the unauthenticatedIdentity property.
*
- * @author [EMAIL PROTECTED]
- * @version $Revision: 1.4 $
+ * @author [EMAIL PROTECTED]
+ * @version $Revision: 1.5 $
*/
public class AnonLoginModule extends UsernamePasswordLoginModule
{
1.6 +46 -32
jbosssx/src/main/org/jboss/security/auth/spi/DatabaseServerLoginModule.java
Index: DatabaseServerLoginModule.java
===================================================================
RCS file:
/cvsroot/jboss/jbosssx/src/main/org/jboss/security/auth/spi/DatabaseServerLoginModule.java,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- DatabaseServerLoginModule.java 17 Dec 2001 00:47:23 -0000 1.5
+++ DatabaseServerLoginModule.java 8 Feb 2002 23:56:47 -0000 1.6
@@ -1,10 +1,9 @@
/*
- * JBoss, the OpenSource EJB server
+ * JBoss, the OpenSource WebOS
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
-
package org.jboss.security.auth.spi;
import java.security.acl.Group;
@@ -48,17 +47,18 @@
* </ul>
*
* @author <a href="mailto:[EMAIL PROTECTED]";>Oleg Nitz</a>
- * @author [EMAIL PROTECTED]
- * @version $Revision: 1.5 $
+ * @author [EMAIL PROTECTED]
+ * @version $Revision: 1.6 $
*/
public class DatabaseServerLoginModule extends UsernamePasswordLoginModule
{
private String dsJndiName;
private String principalsQuery = "select Password from Principals where
PrincipalID=?";
private String rolesQuery = "select Role, RoleGroup from Roles where
PrincipalID=?";
-
- // UsernamePasswordLoginModule overrides ------------------------------------
-
+
+ /**
+ * Initialize this LoginModule.
+ */
public void initialize(Subject subject, CallbackHandler callbackHandler, Map
sharedState, Map options)
{
super.initialize(subject, callbackHandler, sharedState, options);
@@ -71,18 +71,24 @@
tmp = options.get("rolesQuery");
if( tmp != null )
rolesQuery = tmp.toString();
- //System.out.println("DatabaseServerLoginModule, dsJndiName="+dsJndiName);
- //System.out.println("principalsQuery="+principalsQuery);
- //System.out.println("rolesQuery="+rolesQuery);
+ log.trace("DatabaseServerLoginModule, dsJndiName="+dsJndiName);
+ log.trace("principalsQuery="+principalsQuery);
+ log.trace("rolesQuery="+rolesQuery);
}
+ /** Get the expected password for the current username available via
+ * the getUsername() method. This is called from within the login()
+ * method after the CallbackHandler has returned the username and
+ * candidate password.
+ * @return the valid password String
+ */
protected String getUsersPassword() throws LoginException
{
String username = getUsername();
String password = null;
Connection conn = null;
PreparedStatement ps = null;
-
+
try
{
InitialContext ctx = new InitialContext();
@@ -94,7 +100,7 @@
ResultSet rs = ps.executeQuery();
if( rs.next() == false )
throw new FailedLoginException("No matching username found in
Principals");
-
+
password = rs.getString(1);
password = convertRawPassword(password);
rs.close();
@@ -105,7 +111,7 @@
}
catch(SQLException ex)
{
- ex.printStackTrace();
+ log.error("Query failed", ex);
throw new LoginException(ex.toString());
}
finally
@@ -125,15 +131,20 @@
{
conn.close();
}
- catch(SQLException ex)
+ catch (SQLException ex)
{}
}
}
return password;
}
- // AbstractLoginModule overrides -------------------------------------------
-
+ /** Overriden by subclasses to return the Groups that correspond to the
+ to the role sets assigned to the user. Subclasses should create at
+ least a Group named "Roles" that contains the roles assigned to the user.
+ A second common group is "CallerPrincipal" that provides the application
+ identity of the user rather than the security domain identity.
+ @return Group[] containing the sets of roles
+ */
protected Group[] getRoleSets() throws LoginException
{
String username = getUsername();
@@ -151,7 +162,15 @@
ps.setString(1, username);
ResultSet rs = ps.executeQuery();
if( rs.next() == false )
- throw new FailedLoginException("No matching username found in Roles");
+ {
+ if( getUnauthenticatedIdentity() == null )
+ throw new FailedLoginException("No matching username found in
Roles");
+ /* We are running with an unauthenticatedIdentity so create an
+ empty Roles set and return.
+ */
+ Group[] roleSets = { new SimpleGroup("Roles") };
+ return roleSets;
+ }
do
{
@@ -166,8 +185,7 @@
setsMap.put(groupName, group);
}
group.addMember(new SimplePrincipal(name));
- }
- while( rs.next() );
+ } while( rs.next() );
rs.close();
}
catch(NamingException ex)
@@ -176,7 +194,7 @@
}
catch(SQLException ex)
{
- ex.printStackTrace();
+ super.log.error("SQL failure", ex);
throw new LoginException(ex.toString());
}
finally
@@ -196,25 +214,21 @@
{
conn.close();
}
- catch(Exception ex)
+ catch (Exception ex)
{}
}
}
-
+
Group[] roleSets = new Group[setsMap.size()];
setsMap.values().toArray(roleSets);
return roleSets;
}
-
- // Protected -----------------------------------------------------
-
- /**
- * A hook to allow subclasses to convert a password from the database
- * into a plain text string or whatever form is used for matching against
- * the user input. It is called from within the getUsersPassword() method.
- *
- * @param rawPassword, the password as obtained from the database
- * @return the argument rawPassword
+
+ /** A hook to allow subclasses to convert a password from the database
+ into a plain text string or whatever form is used for matching against
+ the user input. It is called from within the getUsersPassword() method.
+ @param rawPassword, the password as obtained from the database
+ @return the argument rawPassword
*/
protected String convertRawPassword(String rawPassword)
{
1.5 +3 -3
jbosssx/src/main/org/jboss/security/auth/spi/IdentityLoginModule.java
Index: IdentityLoginModule.java
===================================================================
RCS file:
/cvsroot/jboss/jbosssx/src/main/org/jboss/security/auth/spi/IdentityLoginModule.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- IdentityLoginModule.java 17 Dec 2001 00:47:23 -0000 1.4
+++ IdentityLoginModule.java 8 Feb 2002 23:56:47 -0000 1.5
@@ -1,5 +1,5 @@
/*
- * JBoss, the OpenSource EJB server
+ * JBoss, the OpenSource WebOS
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
@@ -31,8 +31,8 @@
* @see org.jboss.security.SimpleGroup
* @see org.jboss.security.SimplePrincipal
*
- * @author [EMAIL PROTECTED]
- * @version $Revision: 1.4 $
+ * @author [EMAIL PROTECTED]
+ * @version $Revision: 1.5 $
*/
public class IdentityLoginModule extends AbstractServerLoginModule
{
1.7 +55 -50
jbosssx/src/main/org/jboss/security/auth/spi/LdapLoginModule.java
Index: LdapLoginModule.java
===================================================================
RCS file:
/cvsroot/jboss/jbosssx/src/main/org/jboss/security/auth/spi/LdapLoginModule.java,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- LdapLoginModule.java 17 Dec 2001 00:47:23 -0000 1.6
+++ LdapLoginModule.java 8 Feb 2002 23:56:47 -0000 1.7
@@ -4,10 +4,11 @@
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
-
package org.jboss.security.auth.spi;
+import java.security.Principal;
import java.security.acl.Group;
+import java.util.ArrayList;
import java.util.Iterator;
import java.util.Map;
import java.util.Map.Entry;
@@ -20,12 +21,19 @@
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal;
+import org.jboss.security.auth.callback.ObjectCallback;
import org.jboss.security.auth.spi.UsernamePasswordLoginModule;
/**
@@ -70,22 +78,22 @@
* </ul>
* A sample login config:
* <p>
- * <pre>
- * testLdap {
- * org.jboss.security.plugins.samples.LdapLoginModule required
- * java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
- * principalDNPrefix=uid=
- * uidAttributeID=userid
- * roleAttributeID=rolenames
- * principalDNSuffix=,ou=People,o=displayscape.com
- * rolesCtxDN=ou=Users,cn=Project1,ou=Projects,o=displayscape.com
- * java.naming.provider.url=ldap://siren-int/
- * java.naming.security.authentication=simple
- * };
- * </pre>
+<pre>
+testLdap {
+ org.jboss.security.auth.spi.LdapLoginModule required
+ java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
+ java.naming.provider.url="ldap://ldaphost.jboss.org:1389/";
+ java.naming.security.authentication=simple
+ principalDNPrefix=uid=
+ uidAttributeID=userid
+ roleAttributeID=roleName
+ principalDNSuffix=,ou=People,o=jboss.org
+ rolesCtxDN=cn=JBossSX Tests,ou=Roles,o=jboss.org
+};
+</pre>
*
- * @author [EMAIL PROTECTED]
- * @version $Revision: 1.6 $
+ * @author [EMAIL PROTECTED]
+ * @version $Revision: 1.7 $
*/
public class LdapLoginModule extends UsernamePasswordLoginModule
{
@@ -96,41 +104,40 @@
private static final String UID_ATTRIBUTE_ID_OPT = "uidAttributeID";
private static final String ROLE_ATTRIBUTE_ID_OPT = "roleAttributeID";
private static final String MATCH_ON_USER_DN_OPT = "matchOnUserDN";
-
+
public LdapLoginModule()
{
}
-
+
private transient SimpleGroup userRoles = new SimpleGroup("Roles");
-
- // AbstractLoginModule overrides --------------------------------------------
-
+
+ /** Overriden to return an empty password string as typically one cannot
+ obtain a user's password. We also override the validatePassword so
+ this is ok.
+ @return and empty password String
+ */
+ protected String getUsersPassword() throws LoginException
+ {
+ return "";
+ }
+ /** Overriden by subclasses to return the Groups that correspond to the
+ to the role sets assigned to the user. Subclasses should create at
+ least a Group named "Roles" that contains the roles assigned to the user.
+ A second common group is "CallerPrincipal" that provides the application
+ identity of the user rather than the security domain identity.
+ @return Group[] containing the sets of roles
+ */
protected Group[] getRoleSets() throws LoginException
{
Group[] roleSets = {userRoles};
return roleSets;
}
- // UsernamePasswordLoginModule overrides ------------------------------------
-
- /**
- * Overriden to return an empty password string, as typically one cannot
- * obtain a user's password. We also override the <code>validatePassword</code>
- * method so this is ok.
- *
- * @return an empty password String
- */
- protected String getUsersPassword() throws LoginException
- {
- return "";
- }
+ /** Validate the inputPassword by creating a ldap InitialContext with the
+ SECURITY_CREDENTIALS set to the password.
- /**
- * Validate the inputPassword by creating a ldap InitialContext with the
- * SECURITY_CREDENTIALS set to the password.
- *
- * @param inputPassword the password to validate.
- * @param expectedPassword ignored
+ @param inputPassword the password to validate.
+ @param expectedPassword ignored
*/
protected boolean validatePassword(String inputPassword, String expectedPassword)
{
@@ -146,14 +153,12 @@
}
catch(NamingException e)
{
- e.printStackTrace();
+ super.log.error("Failed to validate password", e);
}
}
return isValid;
}
-
- // Private ------------------------------------------------------------------
-
+
private void createLdapInitContext(String username, Object credential) throws
NamingException
{
Properties env = new Properties();
@@ -164,7 +169,7 @@
Entry entry = (Entry) iter.next();
env.put(entry.getKey(), entry.getValue());
}
-
+
// Set defaults for key values if they are missing
String factoryName = env.getProperty(Context.INITIAL_CONTEXT_FACTORY);
if( factoryName == null )
@@ -182,19 +187,19 @@
String principalDNPrefix = (String) options.get(PRINCIPAL_DN_PREFIX_OPT);
if( principalDNPrefix == null )
- principalDNPrefix = "";
+ principalDNPrefix="";
String principalDNSuffix = (String) options.get(PRINCIPAL_DN_SUFFIX_OPT);
if( principalDNSuffix == null )
- principalDNSuffix = "";
+ principalDNSuffix="";
String matchType = (String) options.get(MATCH_ON_USER_DN_OPT);
boolean matchOnUserDN = Boolean.valueOf(matchType).booleanValue();
String userDN = principalDNPrefix + username + principalDNSuffix;
env.setProperty(Context.PROVIDER_URL, providerURL);
env.setProperty(Context.SECURITY_PRINCIPAL, userDN);
env.put(Context.SECURITY_CREDENTIALS, credential);
- System.out.println("Logging into LDAP server, env=" + env);
+ super.log.trace("Logging into LDAP server, env="+env);
InitialLdapContext ctx = new InitialLdapContext(env, null);
- System.out.println("Logged into LDAP server, " + ctx);
+ super.log.trace("Logged into LDAP server, "+ctx);
// Query the user's roles...
String rolesCtxDN = (String) options.get(ROLES_CTX_DN_OPT);
if( rolesCtxDN != null )
@@ -211,7 +216,7 @@
else
matchAttrs.put(uidAttrName, username);
String[] roleAttr =
- {roleAttrName};
+ {roleAttrName};
try
{
NamingEnumeration answer = ctx.search(rolesCtxDN, matchAttrs, roleAttr);
1.4 +93 -96
jbosssx/src/main/org/jboss/security/auth/spi/ProxyLoginModule.java
Index: ProxyLoginModule.java
===================================================================
RCS file:
/cvsroot/jboss/jbosssx/src/main/org/jboss/security/auth/spi/ProxyLoginModule.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- ProxyLoginModule.java 17 Dec 2001 00:47:23 -0000 1.3
+++ ProxyLoginModule.java 8 Feb 2002 23:56:47 -0000 1.4
@@ -1,120 +1,117 @@
/*
- * JBoss, the OpenSource EJB server
+ * JBoss, the OpenSource WebOS
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
-
package org.jboss.security.auth.spi;
+import java.io.IOException;
+import java.io.InputStream;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.Callback;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
-/**
- * A proxy LoginModule that loads a delegate LoginModule using
- * the current thread context class loader. The purpose of this
- * module is to work around the current JAAS class loader limitation
- * that requires LoginModules to be on the classpath. Some LoginModules
- * use core JBoss classes that would have to be moved into the jboss-jaas.jar
- * and packaging becomes a mess. Instead, these LoginModules are left
- * in the jbosssx.jar and the ProxyLoginModule is used to bootstrap
- * the non-classpath LoginModule.
- *
- * @author [EMAIL PROTECTED]
- * @version $Revision: 1.3 $
- */
+/** A proxy LoginModule that loads a delegate LoginModule using
+the current thread context class loader. The purpose of this
+module is to work around the current JAAS class loader limitation
+that requires LoginModules to be on the classpath. Some LoginModules
+use core JBoss classes that would have to be moved into the jboss-jaas.jar
+and packaging becomes a mess. Instead, these LoginModules are left
+in the jbosssx.jar and the ProxyLoginModule is used to bootstrap
+the non-classpath LoginModule.
+
+@author [EMAIL PROTECTED]
+@version $Revision: 1.4 $
+*/
public class ProxyLoginModule implements LoginModule
{
- private String moduleName;
- private LoginModule delegate;
+ private String moduleName;
+ private LoginModule delegate;
- public ProxyLoginModule()
- {
- }
+ public ProxyLoginModule()
+ {
+ }
// --- Begin LoginModule interface methods
-
- /**
- * Initialize this LoginModule. This method loads the LoginModule
- * specified by the moduleName option using the current thread
- * context class loader and then delegates the initialize call
- * to it.
- *
- * @param options include:
- * <em>moduleName</em>: the classname of the module that this proxy module
- * delegates all calls to.
- */
- public void initialize(Subject subject, CallbackHandler callbackHandler, Map
sharedState, Map options)
- {
- moduleName = (String)options.get("moduleName");
- if( moduleName == null)
- {
- System.out.println("Required moduleName option not given");
- return;
- }
-
- // Load the delegate module using the thread class loader
- ClassLoader loader = Thread.currentThread().getContextClassLoader();
- try
- {
- Class clazz = loader.loadClass(moduleName);
- delegate = (LoginModule)clazz.newInstance();
- }
- catch(Throwable t)
- {
- System.out.println("ProxyLoginModule failed to load: " + moduleName);
- t.printStackTrace();
- return;
- }
-
- delegate.initialize(subject, callbackHandler, sharedState, options);
- }
-
- /**
- * Perform the login. If either the moduleName option was not specified or
- * the module could not be loaded in initalize(), this method throws a
- * LoginException.
- *
- * @exception LoginException thrown if the delegate login module failed.
+ /** Initialize this LoginModule. This method loads the LoginModule
+ specified by the moduleName option using the current thread
+ context class loader and then delegates the initialize call
+ to it.
+
+ @param options, include:
+ moduleName: the classname of the module that this proxy module
+ delegates all calls to.
+ */
+ public void initialize(Subject subject, CallbackHandler callbackHandler, Map
sharedState, Map options)
+ {
+ moduleName = (String) options.get("moduleName");
+ if( moduleName == null )
+ {
+ System.out.println("Required moduleName option not given");
+ return;
+ }
+
+ // Load the delegate module using the thread class loader
+ ClassLoader loader = Thread.currentThread().getContextClassLoader();
+ try
+ {
+ Class clazz = loader.loadClass(moduleName);
+ delegate = (LoginModule) clazz.newInstance();
+ }
+ catch(Throwable t)
+ {
+ System.out.println("ProxyLoginModule failed to load: "+moduleName);
+ t.printStackTrace();
+ return;
+ }
+
+ delegate.initialize(subject, callbackHandler, sharedState, options);
+ }
+
+ /** Perform the login. If either the moduleName option was not
+ specified or the module could not be loaded in initalize(),
+ this method throws a LoginException.
+ @exception LoginException, throw in the delegate login module failed.
*/
- public boolean login() throws LoginException
- {
- if( moduleName == null )
- throw new LoginException("Required moduleName option not given");
- if( delegate == null )
- throw new LoginException("Failed to load LoginModule: " + moduleName);
-
- return delegate.login();
- }
-
- public boolean commit() throws LoginException
- {
- boolean ok = false;
- if( delegate != null )
- ok = delegate.commit();
- return ok;
- }
-
- public boolean abort() throws LoginException
- {
- boolean ok = true;
- if( delegate != null )
- ok = delegate.abort();
- return ok;
- }
-
- public boolean logout() throws LoginException
- {
- boolean ok = true;
- if( delegate != null )
- ok = delegate.logout();
- return ok;
- }
+ public boolean login() throws LoginException
+ {
+ if( moduleName == null )
+ throw new LoginException("Required moduleName option not given");
+ if( delegate == null )
+ throw new LoginException("Failed to load LoginModule: "+moduleName);
+
+ return delegate.login();
+ }
+
+ public boolean commit() throws LoginException
+ {
+ boolean ok = false;
+ if( delegate != null )
+ ok = delegate.commit();
+ return ok;
+ }
+
+ public boolean abort() throws LoginException
+ {
+ boolean ok = true;
+ if( delegate != null )
+ ok = delegate.abort();
+ return ok;
+ }
+
+ public boolean logout() throws LoginException
+ {
+ boolean ok = true;
+ if( delegate != null )
+ ok = delegate.logout();
+ return ok;
+ }
// --- End LoginModule interface methods
}
1.4 +3 -3
jbosssx/src/main/org/jboss/security/auth/spi/SimpleServerLoginModule.java
Index: SimpleServerLoginModule.java
===================================================================
RCS file:
/cvsroot/jboss/jbosssx/src/main/org/jboss/security/auth/spi/SimpleServerLoginModule.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- SimpleServerLoginModule.java 17 Dec 2001 00:47:23 -0000 1.3
+++ SimpleServerLoginModule.java 8 Feb 2002 23:56:47 -0000 1.4
@@ -1,5 +1,5 @@
/*
- * JBoss, the OpenSource EJB server
+ * JBoss, the OpenSource WebOS
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
@@ -27,8 +27,8 @@
* </ul>
*
* @author <a href="[EMAIL PROTECTED]">Oleg Nitz</a>
- * @author [EMAIL PROTECTED]
- * @version $Revision: 1.3 $
+ * @author [EMAIL PROTECTED]
+ * @version $Revision: 1.4 $
*/
public class SimpleServerLoginModule extends UsernamePasswordLoginModule
{
1.9 +55 -140
jbosssx/src/main/org/jboss/security/auth/spi/UsernamePasswordLoginModule.java
Index: UsernamePasswordLoginModule.java
===================================================================
RCS file:
/cvsroot/jboss/jbosssx/src/main/org/jboss/security/auth/spi/UsernamePasswordLoginModule.java,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- UsernamePasswordLoginModule.java 19 Dec 2001 02:47:02 -0000 1.8
+++ UsernamePasswordLoginModule.java 8 Feb 2002 23:56:47 -0000 1.9
@@ -1,10 +1,9 @@
/*
- * JBoss, the OpenSource EJB server
+ * JBoss, the OpenSource WebOS
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
-
package org.jboss.security.auth.spi;
import java.io.IOException;
@@ -13,6 +12,7 @@
import java.security.Principal;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
+import java.security.acl.Group;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
@@ -21,15 +21,15 @@
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.login.FailedLoginException;
+import javax.security.auth.spi.LoginModule;
+import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.Util;
-import org.jboss.security.Base64Encoder;
import org.jboss.security.auth.spi.AbstractServerLoginModule;
-/**
- * An abstract subclass of AbstractServerLoginModule that imposes
+/** An abstract subclass of AbstractServerLoginModule that imposes
* an identity == String username, credentials == String password view on
* the login process.
* <p>
@@ -40,51 +40,33 @@
* @see #getUsername()
* @see #getUsersPassword()
* @see #getRoleSets()
- *
- * @author [EMAIL PROTECTED]
- * @author [EMAIL PROTECTED]
- * @version $Revision: 1.8 $
+
+ @author [EMAIL PROTECTED]
+ @version $Revision: 1.9 $
*/
public abstract class UsernamePasswordLoginModule extends AbstractServerLoginModule
{
/** The login identity */
private Principal identity;
-
/** The proof of login identity */
private char[] credential;
-
/** the principal to use when a null username and password are seen */
private Principal unauthenticatedIdentity;
-
- /** the message digest algorithm used to hash passwords. If null then plain
passwords will be used. */
+ /** the message digest algorithm used to hash passwords. If null then
+ plain passwords will be used. */
private String hashAlgorithm = null;
- /**
- * the name of the charset/encoding to use when converting the password String to
a byte array.
- * Default is the platform's default encoding.
+ /** the name of the charset/encoding to use when converting the password
+ String to a byte array. Default is the platform's default encoding.
*/
private String hashCharset = null;
/** the string encoding format to use. Defaults to base64. */
private String hashEncoding = null;
- /**
- * Override the superclass method to look for an <em>unauthenticatedIdentity</em>
- * property. This is the name of the principal to assign and authenticate
- * when a null username and password are seen.
- * <p>
- * The options map will also be checked for the parameter <em>hashAlgorithm</em>
- * to see if password hashing should be used instead of plain passwords.
- * If you set this parameter, passwords will be hashed using the specified
- * algorithm (for example "SHA" or "MD5") and will be encoded as strings.
- * <p>
- * The string encoding format is set using the optional parameter
- * <em>hashEncoding</em>. Currently supported are MIME "BASE64" encoded
- * strings as defined in
- * (<a href="http://ietf.org/rfc/rfc1521.txt";>rfc1521</a>)
- * or "HEX" encoded strings. BASE64 is the default if omitted.
- * <p>
- * This method first invokes the super version.
- *
- * @param options the map of paramers passed to this login module.
+ /** Override the superclass method to look for a unauthenticatedIdentity
+ property. This method first invokes the super version.
+ @param options,
+ @option unauthenticatedIdentity: the name of the principal to asssign
+ and authenticate when a null username and password are seen.
*/
public void initialize(Subject subject, CallbackHandler callbackHandler, Map
sharedState, Map options)
{
@@ -92,29 +74,34 @@
// Check for unauthenticatedIdentity option.
String name = (String) options.get("unauthenticatedIdentity");
if( name != null )
+ {
unauthenticatedIdentity = new SimplePrincipal(name);
+ super.log.trace("Saw unauthenticatedIdentity="+name);
+ }
// Check to see if password hashing has been enabled.
// If an algorithm is set, check for a format and charset.
hashAlgorithm = (String) options.get("hashAlgorithm");
- if(hashAlgorithm != null)
+ if( hashAlgorithm != null )
{
hashEncoding = (String) options.get("hashEncoding");
- if(hashEncoding == null)
- hashEncoding = "BASE64";
+ if( hashEncoding == null )
+ hashEncoding = Util.BASE64_ENCODING;
hashCharset = (String) options.get("hashCharset");
- if(log.isDebugEnabled())
+ if( log.isTraceEnabled() )
{
- log.debug("Passworg hashing activated: algorithm = " + hashAlgorithm +
+ log.trace("Passworg hashing activated: algorithm = " + hashAlgorithm +
", encoding = " + hashEncoding+ (hashCharset == null ? "" : "charset
= " + hashCharset));
}
}
}
+ /**
+ */
public boolean login() throws LoginException
{
// See if shared credentials exist
- if( super.login() )
+ if( super.login() == true )
{
// Setup our view of the user
Object username = sharedState.get("javax.security.auth.login.name");
@@ -140,26 +127,29 @@
String username = info[0];
String password = info[1];
if( username == null && password == null )
+ {
identity = unauthenticatedIdentity;
+ super.log.trace("Authenticating as unauthenticatedIdentity="+identity);
+ }
+
if( identity == null )
{
identity = new SimplePrincipal(username);
- // hash the user entered password if password hashing is in use
- if(hashAlgorithm != null)
+ // Hash the user entered password if password hashing is in use
+ if( hashAlgorithm != null )
password = createPasswordHash(username, password);
// Validate the password supplied by the subclass
String expectedPassword = getUsersPassword();
if( validatePassword(password, expectedPassword) == false )
{
- log.warn("Bad password for username = " + username);
+ super.log.debug("Bad password for username="+username);
throw new FailedLoginException("Password Incorrect/Password Required");
}
}
- if( log.isInfoEnabled() )
- log.info("User '" + identity + "' authenticated.");
+ super.log.trace("User '" + identity + "' authenticated.");
if( getUseFirstPass() == true )
- { // Add the username and password to the shared state map
+ { // Add the username and password to the shared state map
sharedState.put("javax.security.auth.login.name", username);
sharedState.put("javax.security.auth.login.password", credential);
}
@@ -170,7 +160,6 @@
{
return identity;
}
-
protected Principal getUnauthenticatedIdentity()
{
return unauthenticatedIdentity;
@@ -180,18 +169,15 @@
{
return credential;
}
-
protected String getUsername()
{
return getIdentity().getName();
}
- /**
- * Called by login() to acquire the username and password strings for
- * authentication. This method does no validation of either.
- *
- * @return String[], [0] = username, [1] = password
- * @exception LoginException thrown if CallbackHandler is not set or fails.
+ /** Called by login() to acquire the username and password strings for
+ authentication. This method does no validation of either.
+ @return String[], [0] = username, [1] = password
+ @exception LoginException thrown if CallbackHandler is not set or fails.
*/
protected String[] getUsernameAndPassword() throws LoginException
{
@@ -255,102 +241,31 @@
*/
protected String createPasswordHash(String username, String password)
{
- byte[] passBytes;
- byte[] hash;
- String passwordHash = null;
-
- // convert password to byte data
- try
- {
- if(hashCharset == null)
- passBytes = password.getBytes();
- else
- passBytes = password.getBytes(hashCharset);
- }
- catch(UnsupportedEncodingException uee)
- {
- log.error("charset " + hashCharset + " not found. Using platform
default.", uee);
- passBytes = password.getBytes();
- }
-
- // calculate the hash and apply the encoding.
- try
- {
- hash = MessageDigest.getInstance(hashAlgorithm).digest(passBytes);
- if(hashEncoding.equalsIgnoreCase("BASE64"))
- {
- passwordHash = Base64Encoder.encode(hash);
-// test to compare with sun's builtin encoder.
-// String sunB64 = new sun.misc.BASE64Encoder().encode(hash);
-// System.out.println("Hashes: sun " + sunB64 + ", jboss " +
passwordHash);
- }
- else if(hashEncoding.equalsIgnoreCase("HEX"))
- {
- passwordHash = hexEncode(hash);
- }
- else
- {
- log.error("Unsupported hash encoding format " + hashEncoding);
- }
- }
- catch(Exception e)
- {
- log.error("Password hash calculation failed ", e);
- }
+ String passwordHash = Util.createPasswordHash(hashAlgorithm, hashEncoding,
+ hashCharset, username, password);
return passwordHash;
}
- /**
- * A hook that allows subclasses to change the validation of the input
- * password against the expected password. This version checks that
- * neither inputPassword or expectedPassword are null that that
- * inputPassword.equals(expectedPassword) is true;
- *
- * @return true if the inputPassword is valid, false otherwise.
+ /** A hook that allows subclasses to change the validation of the input
+ password against the expected password. This version checks that
+ neither inputPassword or expectedPassword are null that that
+ inputPassword.equals(expectedPassword) is true;
+ @return true if the inputPassword is valid, false otherwise.
*/
protected boolean validatePassword(String inputPassword, String expectedPassword)
{
+System.out.println("validatePassword, inputPassword="+inputPassword+",
expectedPassword="+expectedPassword);
if( inputPassword == null || expectedPassword == null )
return false;
return inputPassword.equals(expectedPassword);
}
- /**
- * Get the expected password for the current username available via
- * the getUsername() method. This is called from within the login()
- * method after the CallbackHandler has returned the username and
- * candidate password.
- *
- * @return the valid password String
+ /** Get the expected password for the current username available via
+ the getUsername() method. This is called from within the login()
+ method after the CallbackHandler has returned the username and
+ candidate password.
+ @return the valid password String
*/
abstract protected String getUsersPassword() throws LoginException;
-
-// Private ---------------------------------------------------------------------
- /**
- * Hex encoding of hashes, as used by Catalina. Each byte is converted to
- * the corresponding two hex characters.
- */
- private String hexEncode(byte[] bytes)
- {
- StringBuffer sb = new StringBuffer(bytes.length * 2);
- for (int i = 0; i < bytes.length; i++)
- {
- byte b = bytes[i];
- // top 4 bits
- char c = (char)((b >> 4) & 0xf);
- if(c > 9)
- c = (char)((c - 10) + 'a');
- else
- c = (char)(c + '0');
- sb.append(c);
- // bottom 4 bits
- c = (char)(b & 0xf);
- if (c > 9)
- c = (char)((c - 10) + 'a');
- else
- c = (char)(c + '0');
- sb.append(c);
- }
- return sb.toString();
- }
+
}
1.9 +188 -187
jbosssx/src/main/org/jboss/security/auth/spi/UsersRolesLoginModule.java
Index: UsersRolesLoginModule.java
===================================================================
RCS file:
/cvsroot/jboss/jbosssx/src/main/org/jboss/security/auth/spi/UsersRolesLoginModule.java,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- UsersRolesLoginModule.java 17 Dec 2001 00:47:23 -0000 1.8
+++ UsersRolesLoginModule.java 8 Feb 2002 23:56:47 -0000 1.9
@@ -1,10 +1,9 @@
/*
- * JBoss, the OpenSource EJB server
+ * JBoss, the OpenSource WebOS
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
-
package org.jboss.security.auth.spi;
import java.io.InputStream;
@@ -18,208 +17,210 @@
import java.security.acl.Group;
import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
+import javax.security.auth.login.FailedLoginException;
import javax.security.auth.spi.LoginModule;
import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.auth.spi.UsernamePasswordLoginModule;
-/**
- * A simple properties file based login module that consults two Java Properties
- * formatted text files for username to password("users.properties") and
- * username to roles("roles.properties") mapping. The properties files are loaded
- * during initialization using the thread context class loader. This means that
- * these files can be placed into the J2EE deployment jar or the JBoss config
- * directory.
- * <p>
- * The users.properties file uses a format:
- * <p>
- * <pre>
- * username1=password1
- * username2=password2
- * ...
- * </pre>
- * to define all valid usernames and their corresponding passwords.
- * The roles.properties file uses a format:
- * <pre>
- * username1=role1,role2,...
- * username1.RoleGroup1=role3,role4,...
- * username2=role1,role3,...
- * </pre>
- * to define the sets of roles for valid usernames. The "username.XXX" form of
- * property name is used to assign the username roles to a particular named
- * group of roles where the XXX portion of the property name is the group name.
- * The "username=..." form is an abbreviation for "username.Roles=...".
- * <p>
- * The following are therefore equivalent:
- * <p>
- * <pre>
- * jduke=TheDuke,AnimatedCharacter
- * jduke.Roles=TheDuke,AnimatedCharacter
- * </pre>
- *
- * @author <a href="mailto:[EMAIL PROTECTED]";>Edward Kenworthy</a>,
12th Dec 2000
- * @author [EMAIL PROTECTED]
- */
+/** A simple properties file based login module that consults two Java Properties
+formatted text files for username to password("users.properties") and
+username to roles("roles.properties") mapping. The names of the properties
+files may be overriden by the usersProperties and rolesProperties options.
+The properties files are loaded during initialization using the thread context
+class loader. This means that these files can be placed into the J2EE
+deployment jar or the JBoss config directory.
+
+The users.properties file uses a format:
+ username1=password1
+ username2=password2
+ ...
+
+to define all valid usernames and their corresponding passwords.
+
+The roles.properties file uses a format:
+ username1=role1,role2,...
+ username1.RoleGroup1=role3,role4,...
+ username2=role1,role3,...
+
+to define the sets of roles for valid usernames. The "username.XXX" form of
+property name is used to assign the username roles to a particular named
+group of roles where the XXX portion of the property name is the group name.
+The "username=..." form is an abbreviation for "username.Roles=...".
+The following are therefore equivalent:
+ jduke=TheDuke,AnimatedCharacter
+ jduke.Roles=TheDuke,AnimatedCharacter
+
+@author <a href="[EMAIL PROTECTED]">Edward Kenworthy</a>, 12th Dec
2000
+@author [EMAIL PROTECTED]
+*/
public class UsersRolesLoginModule extends UsernamePasswordLoginModule
{
- /** The users.properties values */
- private Properties users;
-
- /** The roles.properties values */
- private Properties roles;
-
- /** Initialize this LoginModule. */
- public void initialize(Subject subject, CallbackHandler callbackHandler, Map
sharedState, Map options)
- {
- super.initialize(subject, callbackHandler, sharedState, options);
- try
- {
- // Load the properties file that contains the list of users and passwords
- loadUsers();
- loadRoles();
- }
- catch(Exception e)
- {
- // Note that although this exception isn't passed on, users or roles will
be null
- // so that any call to login will throw a LoginException.
- System.out.print("Error, couldn't load users/passwords/role files.\n");
- e.printStackTrace();
- }
- }
-
- /**
- * Method to authenticate a Subject (phase 1).
- *
- * Most of the changes from the original SimpleServerLoginModule
- * are made in this method. They are:
- * <ul>
- * <li>users and passwords read from users.properties file
- * <li>users and roles read from roles.properties file
- * </ul>
- * I've also removed the notion of a guest login. If you want to provide 'guest'
- * access to your beans then simply disable security on them.
- *
+ /** The name of the properties resource containing user/passwords */
+ private String usersRsrcName = "users.properties";
+ /** The name of the properties resource containing user/roles */
+ private String rolesRsrcName = "roles.properties";
+ /** The users.properties values */
+ private Properties users;
+ /** The roles.properties values */
+ private Properties roles;
+
+ /** Initialize this LoginModule.
+ *@param options, the login module option map. Supported options include:
+ *usersProperties: The name of the properties resource containing
+ user/passwords. The default is "users.properties"
+ *rolesProperties: The name of the properties resource containing user/roles
+ The default is "roles.properties".
+ */
+ public void initialize(Subject subject, CallbackHandler callbackHandler, Map
sharedState, Map options)
+ {
+ super.initialize(subject, callbackHandler, sharedState, options);
+ try
+ {
+ // Check for usersProperties & rolesProperties
+ String option = (String) options.get("usersProperties");
+ if( option != null )
+ usersRsrcName = option;
+ option = (String) options.get("rolesProperties");
+ if( option != null )
+ rolesRsrcName = option;
+ // Load the properties file that contains the list of users and
passwords
+ loadUsers();
+ loadRoles();
+ }
+ catch(Exception e)
+ {
+ // Note that although this exception isn't passed on, users or roles
will be null
+ // so that any call to login will throw a LoginException.
+ super.log.error("Failed to load users/passwords/role files", e);
+ }
+ }
+
+ /** Method to authenticate a Subject (phase 1). This validates that the
+ *users and roles properties files were loaded and then calls
+ *super.login to perform the validation of the password.
+ *@exception LoginException, thrown if the users or roles properties files
+ *were not found or the super.login method fails.
+ */
+ public boolean login() throws LoginException
+ {
+ if( users == null )
+ throw new LoginException("Missing users.properties file.");
+ if( roles == null )
+ throw new LoginException("Missing roles.properties file.");
+
+ return super.login();
+ }
+
+ /** Create the set of roles the user belongs to by parsing the roles.properties
+ data for username=role1,role2,... and username.XXX=role1,role2,...
+ patterns.
+ @return Group[] containing the sets of roles
*/
- public boolean login() throws LoginException
- {
- if( users == null )
- throw new LoginException("Missing users.properties file.");
- if( roles == null )
- throw new LoginException("Missing roles.properties file.");
- return super.login();
- }
-
- // AbstractLoginModule overrides --------------------------------------------
-
- /**
- * Create the set of roles the user belongs to by parsing the roles.properties
- * data for username=role1,role2,... and username.XXX=role1,role2,... patterns.
- *
- * @return Group[] containing the sets of roles
- */
- protected Group[] getRoleSets() throws LoginException
- {
- String targetUser = getUsername();
- Enumeration users = roles.propertyNames();
- SimpleGroup rolesGroup = new SimpleGroup("Roles");
- ArrayList groups = new ArrayList();
- groups.add(rolesGroup);
- while( users.hasMoreElements() )
- {
- String user = (String) users.nextElement();
- String value = roles.getProperty(user);
-
- // See if this entry is of the form targetUser[.GroupName]=roles
- int index = user.indexOf('.');
- int length = index > 0 ? index : user.length();
- if( targetUser.regionMatches(0, user, 0, length) == false )
- continue;
-
- // Check for username.RoleGroup pattern
- if( index > 0 )
- {
- String groupName = user.substring(index + 1);
- if( groupName.equals("Roles") )
- parseGroupMembers(rolesGroup, value);
+ protected Group[] getRoleSets() throws LoginException
+ {
+ String targetUser = getUsername();
+ Enumeration users = roles.propertyNames();
+ SimpleGroup rolesGroup = new SimpleGroup("Roles");
+ ArrayList groups = new ArrayList();
+ groups.add(rolesGroup);
+ while( users.hasMoreElements() )
+ {
+ String user = (String) users.nextElement();
+ String value = roles.getProperty(user);
+ // See if this entry is of the form targetUser[.GroupName]=roles
+ int index = user.indexOf('.');
+ boolean isRoleGroup = false;
+ boolean userMatch = false;
+ if( index > 0 && targetUser.regionMatches(0, user, 0, index) == true )
+ isRoleGroup = true;
else
+ userMatch = targetUser.equals(user);
+
+ // Check for username.RoleGroup pattern
+ if( isRoleGroup == true )
{
- SimpleGroup group = new SimpleGroup(groupName);
- parseGroupMembers(group, value);
- groups.add(group);
+ String groupName = user.substring(index+1);
+ if( groupName.equals("Roles") )
+ parseGroupMembers(rolesGroup, value);
+ else
+ {
+ SimpleGroup group = new SimpleGroup(groupName);
+ parseGroupMembers(group, value);
+ groups.add(group);
+ }
}
- }
- else
- {
- // Place these roles into the Default "Roles" group
- parseGroupMembers(rolesGroup, value);
- }
- }
- Group[] roleSets = new Group[groups.size()];
- groups.toArray(roleSets);
- return roleSets;
- }
-
- // UsernamePasswordLoginModule overrides ------------------------------------
-
- protected String getUsersPassword()
- {
- String username = getUsername();
- String password = null;
- if( username != null )
- password = users.getProperty(username, null);
- return password;
- }
-
- // Private ------------------------------------------------------------------
-
- private void parseGroupMembers(Group group, String value)
- {
- StringTokenizer tokenizer = new StringTokenizer(value, ",");
- while( tokenizer.hasMoreTokens() )
- {
- String token = tokenizer.nextToken();
- SimplePrincipal p = new SimplePrincipal(token);
- group.addMember(p);
- }
- }
-
- private void loadUsers() throws IOException
- {
- users = loadProperties("users.properties");
- }
-
- private void loadRoles() throws IOException
- {
- roles = loadProperties("roles.properties");
- }
+ else if( userMatch == true )
+ {
+ // Place these roles into the Default "Roles" group
+ parseGroupMembers(rolesGroup, value);
+ }
+ }
+ Group[] roleSets = new Group[groups.size()];
+ groups.toArray(roleSets);
+ return roleSets;
+ }
+ protected String getUsersPassword()
+ {
+ String username = getUsername();
+ String password = null;
+ if( username != null )
+ password = users.getProperty(username , null);
+ return password;
+ }
+
+// utility methods
+ private void parseGroupMembers(Group group, String value)
+ {
+ StringTokenizer tokenizer = new StringTokenizer(value, ",");
+ while( tokenizer.hasMoreTokens() )
+ {
+ String token = tokenizer.nextToken();
+ SimplePrincipal p = new SimplePrincipal(token);
+ group.addMember(p);
+ }
+ }
+
+ private void loadUsers() throws IOException
+ {
+ users = loadProperties(usersRsrcName);
+ }
+
+ private void loadRoles() throws IOException
+ {
+ roles = loadProperties(rolesRsrcName);
+ }
- /**
+ /**
* Loads the given properties file and returns a Properties object containing the
* key,value pairs in that file.
- * <p>
* The properties files should be in the class path.
*/
- private Properties loadProperties(String propertiesName) throws IOException
- {
- Properties bundle = null;
- ClassLoader loader = Thread.currentThread().getContextClassLoader();
- URL url = loader.getResource(propertiesName);
- if( url == null )
- throw new IOException("Properties file " + propertiesName + " not found");
- InputStream is = url.openStream();
- if( is != null )
- {
- bundle = new Properties();
- bundle.load(is);
- }
- else
- {
- throw new IOException("Properties file " + propertiesName + " not
avilable");
- }
- return bundle;
- }
+ private Properties loadProperties(String propertiesName) throws IOException
+ {
+ Properties bundle = null;
+ ClassLoader loader = Thread.currentThread().getContextClassLoader();
+ URL url = loader.getResource(propertiesName);
+ if( url == null )
+ throw new IOException("Properties file " + propertiesName + " not
found");
+ super.log.trace("Properties file="+url);
+ InputStream is = url.openStream();
+ if( is != null )
+ {
+ bundle = new Properties();
+ bundle.load(is);
+ }
+ else
+ {
+ throw new IOException("Properties file " + propertiesName + " not
avilable");
+ }
+ return bundle;
+ }
}
-
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development
