User: starksm Date: 02/02/08 15:56:47 Modified: src/main/org/jboss/security/auth/spi AbstractServerLoginModule.java AnonLoginModule.java DatabaseServerLoginModule.java IdentityLoginModule.java LdapLoginModule.java ProxyLoginModule.java SimpleServerLoginModule.java UsernamePasswordLoginModule.java UsersRolesLoginModule.java Log: Synch with changes in the 2.4 branch Revision Changes Path 1.6 +74 -77 jbosssx/src/main/org/jboss/security/auth/spi/AbstractServerLoginModule.java Index: AbstractServerLoginModule.java =================================================================== RCS file: /cvsroot/jboss/jbosssx/src/main/org/jboss/security/auth/spi/AbstractServerLoginModule.java,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- AbstractServerLoginModule.java 19 Dec 2001 02:29:39 -0000 1.5 +++ AbstractServerLoginModule.java 8 Feb 2002 23:56:47 -0000 1.6 @@ -1,10 +1,9 @@ /* - * JBoss, the OpenSource EJB server + * JBoss, the OpenSource WebOS * * Distributable under LGPL license. * See terms of license at gnu.org. */ - package org.jboss.security.auth.spi; import java.util.*; @@ -13,15 +12,19 @@ import java.security.Principal; import java.security.acl.Group; import javax.security.auth.Subject; +import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.NameCallback; +import javax.security.auth.callback.PasswordCallback; +import javax.security.auth.callback.UnsupportedCallbackException; import javax.security.auth.login.LoginException; +import javax.security.auth.login.FailedLoginException; import javax.security.auth.spi.LoginModule; +import org.jboss.logging.Logger; import org.jboss.security.NestableGroup; import org.jboss.security.SimpleGroup; -import org.jboss.logging.Logger; - /** * This class implements the common functionality required for a JAAS * server side LoginModule and implements the JBossSX standard Subject usage @@ -48,8 +51,8 @@ * </pre> * *@author <a href="[EMAIL PROTECTED]">Edward Kenworthy</a>, 12th Dec 2000 - *@author [EMAIL PROTECTED] - *@version $Revision: 1.5 $ + *@author [EMAIL PROTECTED] + *@version $Revision: 1.6 $ */ public abstract class AbstractServerLoginModule implements LoginModule { @@ -57,14 +60,12 @@ protected CallbackHandler callbackHandler; protected Map sharedState; protected Map options; - + protected Logger log; + /** Flag indicating if the shared credential should be used */ protected boolean useFirstPass; - - protected final Logger log = Logger.getLogger(getClass().getName()); - + //--- Begin LoginModule interface methods - /** * Initialize the login module. This stores the subject, callbackHandler * and sharedState and options for the login session. Subclasses should override @@ -89,98 +90,100 @@ this.callbackHandler = callbackHandler; this.sharedState = sharedState; this.options = options; - + log = Logger.getLogger(getClass()); + log.trace("initialize"); /* Check for password sharing options. Any non-null value for password_stacking sets useFirstPass as this module has no way to validate any shared password. */ - String passwordStacking = (String)options.get("password-stacking"); - if(passwordStacking != null && passwordStacking.equalsIgnoreCase("useFirstPass")) + String passwordStacking = (String) options.get("password-stacking"); + if( passwordStacking != null && passwordStacking.equalsIgnoreCase("useFirstPass") ) useFirstPass = true; } - - /** - * Looks for javax.security.auth.login.name and javax.security.auth.login.password - * values in the sharedState map if the useFirstPass option was true and returns - * true if they exist. If they do not or are null this method returns false. + + /** Looks for javax.security.auth.login.name and javax.security.auth.login.password + values in the sharedState map if the useFirstPass option was true and returns + true if they exist. If they do not or are null this method returns false. */ public boolean login() throws LoginException { - // If useFirstPass is true, look for the shared password - if(useFirstPass == true) + log.trace("login"); + // If useFirstPass is true, look for the shared password + if( useFirstPass == true ) { try { Object identity = sharedState.get("javax.security.auth.login.name"); Object credential = sharedState.get("javax.security.auth.login.password"); - if(identity != null && credential != null) + if( identity != null && credential != null ) return true; - // Else, fall through and perform the login + // Else, fall through and perform the login } catch(Exception e) - { // Dump the exception and continue - e.printStackTrace(); + { // Dump the exception and continue + log.error("login failed", e); } } + return false; } - - /** - * Method to commit the authentication process (phase 2). - * It adds the getIdentity() value to the subject getPrincipals() Set. - * It also adds the members of each Group returned by getRoleSets() - * to the subject getPrincipals() Set. - * - * @see javax.security.auth.Subject; - * @see java.security.acl.Group; - * @return true always. + + /** Method to commit the authentication process (phase 2). + It adds the getIdentity() value to the subject getPrincipals() Set. + It also adds the members of each Group returned by getRoleSets() + to the subject getPrincipals() Set. + + @see javax.security.auth.Subject; + @see java.security.acl.Group; + @return true always. */ public boolean commit() throws LoginException { + log.trace("commit"); Set principals = subject.getPrincipals(); Principal identity = getIdentity(); principals.add(identity); Group[] roleSets = getRoleSets(); - for(int g = 0; g < roleSets.length; g++) + for(int g = 0; g < roleSets.length; g ++) { Group group = roleSets[g]; String name = group.getName(); Group subjectGroup = createGroup(name, principals); - if(subjectGroup instanceof NestableGroup) + if( subjectGroup instanceof NestableGroup ) { - /* A NestableGroup only allows Groups to be added to it so we + /* A NestableGroup only allows Groups to be added to it so we need to add a SimpleGroup to subjectRoles to contain the roles - */ + */ SimpleGroup tmp = new SimpleGroup("Roles"); subjectGroup.addMember(tmp); subjectGroup = tmp; } // Copy the group members to the Subject group Enumeration members = group.members(); - while(members.hasMoreElements()) + while( members.hasMoreElements() ) { - Principal role = (Principal)members.nextElement(); + Principal role = (Principal) members.nextElement(); subjectGroup.addMember(role); } } return true; } - - /** - * Method to abort the authentication process (phase 2). - * @return true alaways + + /** Method to abort the authentication process (phase 2). + @return true alaways */ public boolean abort() throws LoginException { + log.trace("abort"); return true; } - - /** - * Remove the user identity and roles added to the Subject during commit. - * @return true always. + + /** Remove the user identity and roles added to the Subject during commit. + @return true always. */ public boolean logout() throws LoginException { + log.trace("logout"); // Remove the user identity Principal identity = getIdentity(); Set principals = subject.getPrincipals(); @@ -188,56 +191,50 @@ // Remove any added Groups... return true; } -//--- End LoginModule interface methods - -// --- Protected methods - - /** - * Overriden by subclasses to return the Principal that corresponds to - * the user primary identity. + //--- End LoginModule interface methods + + // --- Protected methods + + /** Overriden by subclasses to return the Principal that corresponds to + the user primary identity. */ abstract protected Principal getIdentity(); - - /** - * Overriden by subclasses to return the Groups that correspond to the - * to the role sets assigned to the user. Subclasses should create at - * least a Group named "Roles" that contains the roles assigned to the user. - * A second common group is "CallerPrincipal" that provides the application - * identity of the user rather than the security domain identity. - * - * @return Group[] containing the sets of roles + /** Overriden by subclasses to return the Groups that correspond to the + to the role sets assigned to the user. Subclasses should create at + least a Group named "Roles" that contains the roles assigned to the user. + A second common group is "CallerPrincipal" that provides the application + identity of the user rather than the security domain identity. + @return Group[] containing the sets of roles */ abstract protected Group[] getRoleSets() throws LoginException; - + protected boolean getUseFirstPass() { return useFirstPass; } - - /** - * Find or create a Group with the given name. Subclasses should use this - * method to locate the 'Roles' group or create additional types of groups. - * - * @return A named Group from the principals set. + + /** Find or create a Group with the given name. Subclasses should use this + method to locate the 'Roles' group or create additional types of groups. + @return A named Group from the principals set. */ protected Group createGroup(String name, Set principals) { Group roles = null; Iterator iter = principals.iterator(); - while(iter.hasNext()) + while( iter.hasNext() ) { Object next = iter.next(); - if((next instanceof Group) == false) + if( (next instanceof Group) == false ) continue; - Group grp = (Group)next; - if(grp.getName().equals(name)) + Group grp = (Group) next; + if( grp.getName().equals(name) ) { roles = grp; break; } } // If we did not find a group create one - if(roles == null) + if( roles == null ) { roles = new NestableGroup(name); principals.add(roles); 1.5 +3 -3 jbosssx/src/main/org/jboss/security/auth/spi/AnonLoginModule.java Index: AnonLoginModule.java =================================================================== RCS file: /cvsroot/jboss/jbosssx/src/main/org/jboss/security/auth/spi/AnonLoginModule.java,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- AnonLoginModule.java 17 Dec 2001 00:47:23 -0000 1.4 +++ AnonLoginModule.java 8 Feb 2002 23:56:47 -0000 1.5 @@ -1,5 +1,5 @@ /* - * JBoss, the OpenSource EJB server + * JBoss, the OpenSource WebOS * * Distributable under LGPL license. * See terms of license at gnu.org. @@ -17,8 +17,8 @@ * A simple login module that simply allows for the specification of the * identity of unauthenticated users via the unauthenticatedIdentity property. * - * @author [EMAIL PROTECTED] - * @version $Revision: 1.4 $ + * @author [EMAIL PROTECTED] + * @version $Revision: 1.5 $ */ public class AnonLoginModule extends UsernamePasswordLoginModule { 1.6 +46 -32 jbosssx/src/main/org/jboss/security/auth/spi/DatabaseServerLoginModule.java Index: DatabaseServerLoginModule.java =================================================================== RCS file: /cvsroot/jboss/jbosssx/src/main/org/jboss/security/auth/spi/DatabaseServerLoginModule.java,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- DatabaseServerLoginModule.java 17 Dec 2001 00:47:23 -0000 1.5 +++ DatabaseServerLoginModule.java 8 Feb 2002 23:56:47 -0000 1.6 @@ -1,10 +1,9 @@ /* - * JBoss, the OpenSource EJB server + * JBoss, the OpenSource WebOS * * Distributable under LGPL license. * See terms of license at gnu.org. */ - package org.jboss.security.auth.spi; import java.security.acl.Group; @@ -48,17 +47,18 @@ * </ul> * * @author <a href="mailto:[EMAIL PROTECTED]">Oleg Nitz</a> - * @author [EMAIL PROTECTED] - * @version $Revision: 1.5 $ + * @author [EMAIL PROTECTED] + * @version $Revision: 1.6 $ */ public class DatabaseServerLoginModule extends UsernamePasswordLoginModule { private String dsJndiName; private String principalsQuery = "select Password from Principals where PrincipalID=?"; private String rolesQuery = "select Role, RoleGroup from Roles where PrincipalID=?"; - - // UsernamePasswordLoginModule overrides ------------------------------------ - + + /** + * Initialize this LoginModule. + */ public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { super.initialize(subject, callbackHandler, sharedState, options); @@ -71,18 +71,24 @@ tmp = options.get("rolesQuery"); if( tmp != null ) rolesQuery = tmp.toString(); - //System.out.println("DatabaseServerLoginModule, dsJndiName="+dsJndiName); - //System.out.println("principalsQuery="+principalsQuery); - //System.out.println("rolesQuery="+rolesQuery); + log.trace("DatabaseServerLoginModule, dsJndiName="+dsJndiName); + log.trace("principalsQuery="+principalsQuery); + log.trace("rolesQuery="+rolesQuery); } + /** Get the expected password for the current username available via + * the getUsername() method. This is called from within the login() + * method after the CallbackHandler has returned the username and + * candidate password. + * @return the valid password String + */ protected String getUsersPassword() throws LoginException { String username = getUsername(); String password = null; Connection conn = null; PreparedStatement ps = null; - + try { InitialContext ctx = new InitialContext(); @@ -94,7 +100,7 @@ ResultSet rs = ps.executeQuery(); if( rs.next() == false ) throw new FailedLoginException("No matching username found in Principals"); - + password = rs.getString(1); password = convertRawPassword(password); rs.close(); @@ -105,7 +111,7 @@ } catch(SQLException ex) { - ex.printStackTrace(); + log.error("Query failed", ex); throw new LoginException(ex.toString()); } finally @@ -125,15 +131,20 @@ { conn.close(); } - catch(SQLException ex) + catch (SQLException ex) {} } } return password; } - // AbstractLoginModule overrides ------------------------------------------- - + /** Overriden by subclasses to return the Groups that correspond to the + to the role sets assigned to the user. Subclasses should create at + least a Group named "Roles" that contains the roles assigned to the user. + A second common group is "CallerPrincipal" that provides the application + identity of the user rather than the security domain identity. + @return Group[] containing the sets of roles + */ protected Group[] getRoleSets() throws LoginException { String username = getUsername(); @@ -151,7 +162,15 @@ ps.setString(1, username); ResultSet rs = ps.executeQuery(); if( rs.next() == false ) - throw new FailedLoginException("No matching username found in Roles"); + { + if( getUnauthenticatedIdentity() == null ) + throw new FailedLoginException("No matching username found in Roles"); + /* We are running with an unauthenticatedIdentity so create an + empty Roles set and return. + */ + Group[] roleSets = { new SimpleGroup("Roles") }; + return roleSets; + } do { @@ -166,8 +185,7 @@ setsMap.put(groupName, group); } group.addMember(new SimplePrincipal(name)); - } - while( rs.next() ); + } while( rs.next() ); rs.close(); } catch(NamingException ex) @@ -176,7 +194,7 @@ } catch(SQLException ex) { - ex.printStackTrace(); + super.log.error("SQL failure", ex); throw new LoginException(ex.toString()); } finally @@ -196,25 +214,21 @@ { conn.close(); } - catch(Exception ex) + catch (Exception ex) {} } } - + Group[] roleSets = new Group[setsMap.size()]; setsMap.values().toArray(roleSets); return roleSets; } - - // Protected ----------------------------------------------------- - - /** - * A hook to allow subclasses to convert a password from the database - * into a plain text string or whatever form is used for matching against - * the user input. It is called from within the getUsersPassword() method. - * - * @param rawPassword, the password as obtained from the database - * @return the argument rawPassword + + /** A hook to allow subclasses to convert a password from the database + into a plain text string or whatever form is used for matching against + the user input. It is called from within the getUsersPassword() method. + @param rawPassword, the password as obtained from the database + @return the argument rawPassword */ protected String convertRawPassword(String rawPassword) { 1.5 +3 -3 jbosssx/src/main/org/jboss/security/auth/spi/IdentityLoginModule.java Index: IdentityLoginModule.java =================================================================== RCS file: /cvsroot/jboss/jbosssx/src/main/org/jboss/security/auth/spi/IdentityLoginModule.java,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- IdentityLoginModule.java 17 Dec 2001 00:47:23 -0000 1.4 +++ IdentityLoginModule.java 8 Feb 2002 23:56:47 -0000 1.5 @@ -1,5 +1,5 @@ /* - * JBoss, the OpenSource EJB server + * JBoss, the OpenSource WebOS * * Distributable under LGPL license. * See terms of license at gnu.org. @@ -31,8 +31,8 @@ * @see org.jboss.security.SimpleGroup * @see org.jboss.security.SimplePrincipal * - * @author [EMAIL PROTECTED] - * @version $Revision: 1.4 $ + * @author [EMAIL PROTECTED] + * @version $Revision: 1.5 $ */ public class IdentityLoginModule extends AbstractServerLoginModule { 1.7 +55 -50 jbosssx/src/main/org/jboss/security/auth/spi/LdapLoginModule.java Index: LdapLoginModule.java =================================================================== RCS file: /cvsroot/jboss/jbosssx/src/main/org/jboss/security/auth/spi/LdapLoginModule.java,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- LdapLoginModule.java 17 Dec 2001 00:47:23 -0000 1.6 +++ LdapLoginModule.java 8 Feb 2002 23:56:47 -0000 1.7 @@ -4,10 +4,11 @@ * Distributable under LGPL license. * See terms of license at gnu.org. */ - package org.jboss.security.auth.spi; +import java.security.Principal; import java.security.acl.Group; +import java.util.ArrayList; import java.util.Iterator; import java.util.Map; import java.util.Map.Entry; @@ -20,12 +21,19 @@ import javax.naming.directory.BasicAttributes; import javax.naming.directory.SearchResult; import javax.naming.ldap.InitialLdapContext; +import javax.security.auth.Subject; +import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.NameCallback; +import javax.security.auth.callback.PasswordCallback; +import javax.security.auth.callback.UnsupportedCallbackException; +import javax.security.auth.login.FailedLoginException; import javax.security.auth.login.LoginException; import javax.security.auth.spi.LoginModule; import org.jboss.security.SimpleGroup; import org.jboss.security.SimplePrincipal; +import org.jboss.security.auth.callback.ObjectCallback; import org.jboss.security.auth.spi.UsernamePasswordLoginModule; /** @@ -70,22 +78,22 @@ * </ul> * A sample login config: * <p> - * <pre> - * testLdap { - * org.jboss.security.plugins.samples.LdapLoginModule required - * java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory - * principalDNPrefix=uid= - * uidAttributeID=userid - * roleAttributeID=rolenames - * principalDNSuffix=,ou=People,o=displayscape.com - * rolesCtxDN=ou=Users,cn=Project1,ou=Projects,o=displayscape.com - * java.naming.provider.url=ldap://siren-int/ - * java.naming.security.authentication=simple - * }; - * </pre> +<pre> +testLdap { + org.jboss.security.auth.spi.LdapLoginModule required + java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory + java.naming.provider.url="ldap://ldaphost.jboss.org:1389/" + java.naming.security.authentication=simple + principalDNPrefix=uid= + uidAttributeID=userid + roleAttributeID=roleName + principalDNSuffix=,ou=People,o=jboss.org + rolesCtxDN=cn=JBossSX Tests,ou=Roles,o=jboss.org +}; +</pre> * - * @author [EMAIL PROTECTED] - * @version $Revision: 1.6 $ + * @author [EMAIL PROTECTED] + * @version $Revision: 1.7 $ */ public class LdapLoginModule extends UsernamePasswordLoginModule { @@ -96,41 +104,40 @@ private static final String UID_ATTRIBUTE_ID_OPT = "uidAttributeID"; private static final String ROLE_ATTRIBUTE_ID_OPT = "roleAttributeID"; private static final String MATCH_ON_USER_DN_OPT = "matchOnUserDN"; - + public LdapLoginModule() { } - + private transient SimpleGroup userRoles = new SimpleGroup("Roles"); - - // AbstractLoginModule overrides -------------------------------------------- - + + /** Overriden to return an empty password string as typically one cannot + obtain a user's password. We also override the validatePassword so + this is ok. + @return and empty password String + */ + protected String getUsersPassword() throws LoginException + { + return ""; + } + /** Overriden by subclasses to return the Groups that correspond to the + to the role sets assigned to the user. Subclasses should create at + least a Group named "Roles" that contains the roles assigned to the user. + A second common group is "CallerPrincipal" that provides the application + identity of the user rather than the security domain identity. + @return Group[] containing the sets of roles + */ protected Group[] getRoleSets() throws LoginException { Group[] roleSets = {userRoles}; return roleSets; } - // UsernamePasswordLoginModule overrides ------------------------------------ - - /** - * Overriden to return an empty password string, as typically one cannot - * obtain a user's password. We also override the <code>validatePassword</code> - * method so this is ok. - * - * @return an empty password String - */ - protected String getUsersPassword() throws LoginException - { - return ""; - } + /** Validate the inputPassword by creating a ldap InitialContext with the + SECURITY_CREDENTIALS set to the password. - /** - * Validate the inputPassword by creating a ldap InitialContext with the - * SECURITY_CREDENTIALS set to the password. - * - * @param inputPassword the password to validate. - * @param expectedPassword ignored + @param inputPassword the password to validate. + @param expectedPassword ignored */ protected boolean validatePassword(String inputPassword, String expectedPassword) { @@ -146,14 +153,12 @@ } catch(NamingException e) { - e.printStackTrace(); + super.log.error("Failed to validate password", e); } } return isValid; } - - // Private ------------------------------------------------------------------ - + private void createLdapInitContext(String username, Object credential) throws NamingException { Properties env = new Properties(); @@ -164,7 +169,7 @@ Entry entry = (Entry) iter.next(); env.put(entry.getKey(), entry.getValue()); } - + // Set defaults for key values if they are missing String factoryName = env.getProperty(Context.INITIAL_CONTEXT_FACTORY); if( factoryName == null ) @@ -182,19 +187,19 @@ String principalDNPrefix = (String) options.get(PRINCIPAL_DN_PREFIX_OPT); if( principalDNPrefix == null ) - principalDNPrefix = ""; + principalDNPrefix=""; String principalDNSuffix = (String) options.get(PRINCIPAL_DN_SUFFIX_OPT); if( principalDNSuffix == null ) - principalDNSuffix = ""; + principalDNSuffix=""; String matchType = (String) options.get(MATCH_ON_USER_DN_OPT); boolean matchOnUserDN = Boolean.valueOf(matchType).booleanValue(); String userDN = principalDNPrefix + username + principalDNSuffix; env.setProperty(Context.PROVIDER_URL, providerURL); env.setProperty(Context.SECURITY_PRINCIPAL, userDN); env.put(Context.SECURITY_CREDENTIALS, credential); - System.out.println("Logging into LDAP server, env=" + env); + super.log.trace("Logging into LDAP server, env="+env); InitialLdapContext ctx = new InitialLdapContext(env, null); - System.out.println("Logged into LDAP server, " + ctx); + super.log.trace("Logged into LDAP server, "+ctx); // Query the user's roles... String rolesCtxDN = (String) options.get(ROLES_CTX_DN_OPT); if( rolesCtxDN != null ) @@ -211,7 +216,7 @@ else matchAttrs.put(uidAttrName, username); String[] roleAttr = - {roleAttrName}; + {roleAttrName}; try { NamingEnumeration answer = ctx.search(rolesCtxDN, matchAttrs, roleAttr); 1.4 +93 -96 jbosssx/src/main/org/jboss/security/auth/spi/ProxyLoginModule.java Index: ProxyLoginModule.java =================================================================== RCS file: /cvsroot/jboss/jbosssx/src/main/org/jboss/security/auth/spi/ProxyLoginModule.java,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- ProxyLoginModule.java 17 Dec 2001 00:47:23 -0000 1.3 +++ ProxyLoginModule.java 8 Feb 2002 23:56:47 -0000 1.4 @@ -1,120 +1,117 @@ /* - * JBoss, the OpenSource EJB server + * JBoss, the OpenSource WebOS * * Distributable under LGPL license. * See terms of license at gnu.org. */ - package org.jboss.security.auth.spi; +import java.io.IOException; +import java.io.InputStream; import java.util.Map; import java.util.Set; import javax.security.auth.Subject; import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.Callback; import javax.security.auth.login.LoginException; import javax.security.auth.spi.LoginModule; -/** - * A proxy LoginModule that loads a delegate LoginModule using - * the current thread context class loader. The purpose of this - * module is to work around the current JAAS class loader limitation - * that requires LoginModules to be on the classpath. Some LoginModules - * use core JBoss classes that would have to be moved into the jboss-jaas.jar - * and packaging becomes a mess. Instead, these LoginModules are left - * in the jbosssx.jar and the ProxyLoginModule is used to bootstrap - * the non-classpath LoginModule. - * - * @author [EMAIL PROTECTED] - * @version $Revision: 1.3 $ - */ +/** A proxy LoginModule that loads a delegate LoginModule using +the current thread context class loader. The purpose of this +module is to work around the current JAAS class loader limitation +that requires LoginModules to be on the classpath. Some LoginModules +use core JBoss classes that would have to be moved into the jboss-jaas.jar +and packaging becomes a mess. Instead, these LoginModules are left +in the jbosssx.jar and the ProxyLoginModule is used to bootstrap +the non-classpath LoginModule. + +@author [EMAIL PROTECTED] +@version $Revision: 1.4 $ +*/ public class ProxyLoginModule implements LoginModule { - private String moduleName; - private LoginModule delegate; + private String moduleName; + private LoginModule delegate; - public ProxyLoginModule() - { - } + public ProxyLoginModule() + { + } // --- Begin LoginModule interface methods - - /** - * Initialize this LoginModule. This method loads the LoginModule - * specified by the moduleName option using the current thread - * context class loader and then delegates the initialize call - * to it. - * - * @param options include: - * <em>moduleName</em>: the classname of the module that this proxy module - * delegates all calls to. - */ - public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) - { - moduleName = (String)options.get("moduleName"); - if( moduleName == null) - { - System.out.println("Required moduleName option not given"); - return; - } - - // Load the delegate module using the thread class loader - ClassLoader loader = Thread.currentThread().getContextClassLoader(); - try - { - Class clazz = loader.loadClass(moduleName); - delegate = (LoginModule)clazz.newInstance(); - } - catch(Throwable t) - { - System.out.println("ProxyLoginModule failed to load: " + moduleName); - t.printStackTrace(); - return; - } - - delegate.initialize(subject, callbackHandler, sharedState, options); - } - - /** - * Perform the login. If either the moduleName option was not specified or - * the module could not be loaded in initalize(), this method throws a - * LoginException. - * - * @exception LoginException thrown if the delegate login module failed. + /** Initialize this LoginModule. This method loads the LoginModule + specified by the moduleName option using the current thread + context class loader and then delegates the initialize call + to it. + + @param options, include: + moduleName: the classname of the module that this proxy module + delegates all calls to. + */ + public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) + { + moduleName = (String) options.get("moduleName"); + if( moduleName == null ) + { + System.out.println("Required moduleName option not given"); + return; + } + + // Load the delegate module using the thread class loader + ClassLoader loader = Thread.currentThread().getContextClassLoader(); + try + { + Class clazz = loader.loadClass(moduleName); + delegate = (LoginModule) clazz.newInstance(); + } + catch(Throwable t) + { + System.out.println("ProxyLoginModule failed to load: "+moduleName); + t.printStackTrace(); + return; + } + + delegate.initialize(subject, callbackHandler, sharedState, options); + } + + /** Perform the login. If either the moduleName option was not + specified or the module could not be loaded in initalize(), + this method throws a LoginException. + @exception LoginException, throw in the delegate login module failed. */ - public boolean login() throws LoginException - { - if( moduleName == null ) - throw new LoginException("Required moduleName option not given"); - if( delegate == null ) - throw new LoginException("Failed to load LoginModule: " + moduleName); - - return delegate.login(); - } - - public boolean commit() throws LoginException - { - boolean ok = false; - if( delegate != null ) - ok = delegate.commit(); - return ok; - } - - public boolean abort() throws LoginException - { - boolean ok = true; - if( delegate != null ) - ok = delegate.abort(); - return ok; - } - - public boolean logout() throws LoginException - { - boolean ok = true; - if( delegate != null ) - ok = delegate.logout(); - return ok; - } + public boolean login() throws LoginException + { + if( moduleName == null ) + throw new LoginException("Required moduleName option not given"); + if( delegate == null ) + throw new LoginException("Failed to load LoginModule: "+moduleName); + + return delegate.login(); + } + + public boolean commit() throws LoginException + { + boolean ok = false; + if( delegate != null ) + ok = delegate.commit(); + return ok; + } + + public boolean abort() throws LoginException + { + boolean ok = true; + if( delegate != null ) + ok = delegate.abort(); + return ok; + } + + public boolean logout() throws LoginException + { + boolean ok = true; + if( delegate != null ) + ok = delegate.logout(); + return ok; + } // --- End LoginModule interface methods } 1.4 +3 -3 jbosssx/src/main/org/jboss/security/auth/spi/SimpleServerLoginModule.java Index: SimpleServerLoginModule.java =================================================================== RCS file: /cvsroot/jboss/jbosssx/src/main/org/jboss/security/auth/spi/SimpleServerLoginModule.java,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- SimpleServerLoginModule.java 17 Dec 2001 00:47:23 -0000 1.3 +++ SimpleServerLoginModule.java 8 Feb 2002 23:56:47 -0000 1.4 @@ -1,5 +1,5 @@ /* - * JBoss, the OpenSource EJB server + * JBoss, the OpenSource WebOS * * Distributable under LGPL license. * See terms of license at gnu.org. @@ -27,8 +27,8 @@ * </ul> * * @author <a href="[EMAIL PROTECTED]">Oleg Nitz</a> - * @author [EMAIL PROTECTED] - * @version $Revision: 1.3 $ + * @author [EMAIL PROTECTED] + * @version $Revision: 1.4 $ */ public class SimpleServerLoginModule extends UsernamePasswordLoginModule { 1.9 +55 -140 jbosssx/src/main/org/jboss/security/auth/spi/UsernamePasswordLoginModule.java Index: UsernamePasswordLoginModule.java =================================================================== RCS file: /cvsroot/jboss/jbosssx/src/main/org/jboss/security/auth/spi/UsernamePasswordLoginModule.java,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- UsernamePasswordLoginModule.java 19 Dec 2001 02:47:02 -0000 1.8 +++ UsernamePasswordLoginModule.java 8 Feb 2002 23:56:47 -0000 1.9 @@ -1,10 +1,9 @@ /* - * JBoss, the OpenSource EJB server + * JBoss, the OpenSource WebOS * * Distributable under LGPL license. * See terms of license at gnu.org. */ - package org.jboss.security.auth.spi; import java.io.IOException; @@ -13,6 +12,7 @@ import java.security.Principal; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; +import java.security.acl.Group; import javax.security.auth.Subject; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; @@ -21,15 +21,15 @@ import javax.security.auth.callback.UnsupportedCallbackException; import javax.security.auth.login.LoginException; import javax.security.auth.login.FailedLoginException; +import javax.security.auth.spi.LoginModule; +import org.jboss.security.SimpleGroup; import org.jboss.security.SimplePrincipal; import org.jboss.security.Util; -import org.jboss.security.Base64Encoder; import org.jboss.security.auth.spi.AbstractServerLoginModule; -/** - * An abstract subclass of AbstractServerLoginModule that imposes +/** An abstract subclass of AbstractServerLoginModule that imposes * an identity == String username, credentials == String password view on * the login process. * <p> @@ -40,51 +40,33 @@ * @see #getUsername() * @see #getUsersPassword() * @see #getRoleSets() - * - * @author [EMAIL PROTECTED] - * @author [EMAIL PROTECTED] - * @version $Revision: 1.8 $ + + @author [EMAIL PROTECTED] + @version $Revision: 1.9 $ */ public abstract class UsernamePasswordLoginModule extends AbstractServerLoginModule { /** The login identity */ private Principal identity; - /** The proof of login identity */ private char[] credential; - /** the principal to use when a null username and password are seen */ private Principal unauthenticatedIdentity; - - /** the message digest algorithm used to hash passwords. If null then plain passwords will be used. */ + /** the message digest algorithm used to hash passwords. If null then + plain passwords will be used. */ private String hashAlgorithm = null; - /** - * the name of the charset/encoding to use when converting the password String to a byte array. - * Default is the platform's default encoding. + /** the name of the charset/encoding to use when converting the password + String to a byte array. Default is the platform's default encoding. */ private String hashCharset = null; /** the string encoding format to use. Defaults to base64. */ private String hashEncoding = null; - /** - * Override the superclass method to look for an <em>unauthenticatedIdentity</em> - * property. This is the name of the principal to assign and authenticate - * when a null username and password are seen. - * <p> - * The options map will also be checked for the parameter <em>hashAlgorithm</em> - * to see if password hashing should be used instead of plain passwords. - * If you set this parameter, passwords will be hashed using the specified - * algorithm (for example "SHA" or "MD5") and will be encoded as strings. - * <p> - * The string encoding format is set using the optional parameter - * <em>hashEncoding</em>. Currently supported are MIME "BASE64" encoded - * strings as defined in - * (<a href="http://ietf.org/rfc/rfc1521.txt">rfc1521</a>) - * or "HEX" encoded strings. BASE64 is the default if omitted. - * <p> - * This method first invokes the super version. - * - * @param options the map of paramers passed to this login module. + /** Override the superclass method to look for a unauthenticatedIdentity + property. This method first invokes the super version. + @param options, + @option unauthenticatedIdentity: the name of the principal to asssign + and authenticate when a null username and password are seen. */ public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { @@ -92,29 +74,34 @@ // Check for unauthenticatedIdentity option. String name = (String) options.get("unauthenticatedIdentity"); if( name != null ) + { unauthenticatedIdentity = new SimplePrincipal(name); + super.log.trace("Saw unauthenticatedIdentity="+name); + } // Check to see if password hashing has been enabled. // If an algorithm is set, check for a format and charset. hashAlgorithm = (String) options.get("hashAlgorithm"); - if(hashAlgorithm != null) + if( hashAlgorithm != null ) { hashEncoding = (String) options.get("hashEncoding"); - if(hashEncoding == null) - hashEncoding = "BASE64"; + if( hashEncoding == null ) + hashEncoding = Util.BASE64_ENCODING; hashCharset = (String) options.get("hashCharset"); - if(log.isDebugEnabled()) + if( log.isTraceEnabled() ) { - log.debug("Passworg hashing activated: algorithm = " + hashAlgorithm + + log.trace("Passworg hashing activated: algorithm = " + hashAlgorithm + ", encoding = " + hashEncoding+ (hashCharset == null ? "" : "charset = " + hashCharset)); } } } + /** + */ public boolean login() throws LoginException { // See if shared credentials exist - if( super.login() ) + if( super.login() == true ) { // Setup our view of the user Object username = sharedState.get("javax.security.auth.login.name"); @@ -140,26 +127,29 @@ String username = info[0]; String password = info[1]; if( username == null && password == null ) + { identity = unauthenticatedIdentity; + super.log.trace("Authenticating as unauthenticatedIdentity="+identity); + } + if( identity == null ) { identity = new SimplePrincipal(username); - // hash the user entered password if password hashing is in use - if(hashAlgorithm != null) + // Hash the user entered password if password hashing is in use + if( hashAlgorithm != null ) password = createPasswordHash(username, password); // Validate the password supplied by the subclass String expectedPassword = getUsersPassword(); if( validatePassword(password, expectedPassword) == false ) { - log.warn("Bad password for username = " + username); + super.log.debug("Bad password for username="+username); throw new FailedLoginException("Password Incorrect/Password Required"); } } - if( log.isInfoEnabled() ) - log.info("User '" + identity + "' authenticated."); + super.log.trace("User '" + identity + "' authenticated."); if( getUseFirstPass() == true ) - { // Add the username and password to the shared state map + { // Add the username and password to the shared state map sharedState.put("javax.security.auth.login.name", username); sharedState.put("javax.security.auth.login.password", credential); } @@ -170,7 +160,6 @@ { return identity; } - protected Principal getUnauthenticatedIdentity() { return unauthenticatedIdentity; @@ -180,18 +169,15 @@ { return credential; } - protected String getUsername() { return getIdentity().getName(); } - /** - * Called by login() to acquire the username and password strings for - * authentication. This method does no validation of either. - * - * @return String[], [0] = username, [1] = password - * @exception LoginException thrown if CallbackHandler is not set or fails. + /** Called by login() to acquire the username and password strings for + authentication. This method does no validation of either. + @return String[], [0] = username, [1] = password + @exception LoginException thrown if CallbackHandler is not set or fails. */ protected String[] getUsernameAndPassword() throws LoginException { @@ -255,102 +241,31 @@ */ protected String createPasswordHash(String username, String password) { - byte[] passBytes; - byte[] hash; - String passwordHash = null; - - // convert password to byte data - try - { - if(hashCharset == null) - passBytes = password.getBytes(); - else - passBytes = password.getBytes(hashCharset); - } - catch(UnsupportedEncodingException uee) - { - log.error("charset " + hashCharset + " not found. Using platform default.", uee); - passBytes = password.getBytes(); - } - - // calculate the hash and apply the encoding. - try - { - hash = MessageDigest.getInstance(hashAlgorithm).digest(passBytes); - if(hashEncoding.equalsIgnoreCase("BASE64")) - { - passwordHash = Base64Encoder.encode(hash); -// test to compare with sun's builtin encoder. -// String sunB64 = new sun.misc.BASE64Encoder().encode(hash); -// System.out.println("Hashes: sun " + sunB64 + ", jboss " + passwordHash); - } - else if(hashEncoding.equalsIgnoreCase("HEX")) - { - passwordHash = hexEncode(hash); - } - else - { - log.error("Unsupported hash encoding format " + hashEncoding); - } - } - catch(Exception e) - { - log.error("Password hash calculation failed ", e); - } + String passwordHash = Util.createPasswordHash(hashAlgorithm, hashEncoding, + hashCharset, username, password); return passwordHash; } - /** - * A hook that allows subclasses to change the validation of the input - * password against the expected password. This version checks that - * neither inputPassword or expectedPassword are null that that - * inputPassword.equals(expectedPassword) is true; - * - * @return true if the inputPassword is valid, false otherwise. + /** A hook that allows subclasses to change the validation of the input + password against the expected password. This version checks that + neither inputPassword or expectedPassword are null that that + inputPassword.equals(expectedPassword) is true; + @return true if the inputPassword is valid, false otherwise. */ protected boolean validatePassword(String inputPassword, String expectedPassword) { +System.out.println("validatePassword, inputPassword="+inputPassword+", expectedPassword="+expectedPassword); if( inputPassword == null || expectedPassword == null ) return false; return inputPassword.equals(expectedPassword); } - /** - * Get the expected password for the current username available via - * the getUsername() method. This is called from within the login() - * method after the CallbackHandler has returned the username and - * candidate password. - * - * @return the valid password String + /** Get the expected password for the current username available via + the getUsername() method. This is called from within the login() + method after the CallbackHandler has returned the username and + candidate password. + @return the valid password String */ abstract protected String getUsersPassword() throws LoginException; - -// Private --------------------------------------------------------------------- - /** - * Hex encoding of hashes, as used by Catalina. Each byte is converted to - * the corresponding two hex characters. - */ - private String hexEncode(byte[] bytes) - { - StringBuffer sb = new StringBuffer(bytes.length * 2); - for (int i = 0; i < bytes.length; i++) - { - byte b = bytes[i]; - // top 4 bits - char c = (char)((b >> 4) & 0xf); - if(c > 9) - c = (char)((c - 10) + 'a'); - else - c = (char)(c + '0'); - sb.append(c); - // bottom 4 bits - c = (char)(b & 0xf); - if (c > 9) - c = (char)((c - 10) + 'a'); - else - c = (char)(c + '0'); - sb.append(c); - } - return sb.toString(); - } + } 1.9 +188 -187 jbosssx/src/main/org/jboss/security/auth/spi/UsersRolesLoginModule.java Index: UsersRolesLoginModule.java =================================================================== RCS file: /cvsroot/jboss/jbosssx/src/main/org/jboss/security/auth/spi/UsersRolesLoginModule.java,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- UsersRolesLoginModule.java 17 Dec 2001 00:47:23 -0000 1.8 +++ UsersRolesLoginModule.java 8 Feb 2002 23:56:47 -0000 1.9 @@ -1,10 +1,9 @@ /* - * JBoss, the OpenSource EJB server + * JBoss, the OpenSource WebOS * * Distributable under LGPL license. * See terms of license at gnu.org. */ - package org.jboss.security.auth.spi; import java.io.InputStream; @@ -18,208 +17,210 @@ import java.security.acl.Group; import javax.security.auth.Subject; +import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.NameCallback; +import javax.security.auth.callback.PasswordCallback; +import javax.security.auth.callback.UnsupportedCallbackException; import javax.security.auth.login.LoginException; +import javax.security.auth.login.FailedLoginException; import javax.security.auth.spi.LoginModule; import org.jboss.security.SimpleGroup; import org.jboss.security.SimplePrincipal; import org.jboss.security.auth.spi.UsernamePasswordLoginModule; -/** - * A simple properties file based login module that consults two Java Properties - * formatted text files for username to password("users.properties") and - * username to roles("roles.properties") mapping. The properties files are loaded - * during initialization using the thread context class loader. This means that - * these files can be placed into the J2EE deployment jar or the JBoss config - * directory. - * <p> - * The users.properties file uses a format: - * <p> - * <pre> - * username1=password1 - * username2=password2 - * ... - * </pre> - * to define all valid usernames and their corresponding passwords. - * The roles.properties file uses a format: - * <pre> - * username1=role1,role2,... - * username1.RoleGroup1=role3,role4,... - * username2=role1,role3,... - * </pre> - * to define the sets of roles for valid usernames. The "username.XXX" form of - * property name is used to assign the username roles to a particular named - * group of roles where the XXX portion of the property name is the group name. - * The "username=..." form is an abbreviation for "username.Roles=...". - * <p> - * The following are therefore equivalent: - * <p> - * <pre> - * jduke=TheDuke,AnimatedCharacter - * jduke.Roles=TheDuke,AnimatedCharacter - * </pre> - * - * @author <a href="mailto:[EMAIL PROTECTED]">Edward Kenworthy</a>, 12th Dec 2000 - * @author [EMAIL PROTECTED] - */ +/** A simple properties file based login module that consults two Java Properties +formatted text files for username to password("users.properties") and +username to roles("roles.properties") mapping. The names of the properties +files may be overriden by the usersProperties and rolesProperties options. +The properties files are loaded during initialization using the thread context +class loader. This means that these files can be placed into the J2EE +deployment jar or the JBoss config directory. + +The users.properties file uses a format: + username1=password1 + username2=password2 + ... + +to define all valid usernames and their corresponding passwords. + +The roles.properties file uses a format: + username1=role1,role2,... + username1.RoleGroup1=role3,role4,... + username2=role1,role3,... + +to define the sets of roles for valid usernames. The "username.XXX" form of +property name is used to assign the username roles to a particular named +group of roles where the XXX portion of the property name is the group name. +The "username=..." form is an abbreviation for "username.Roles=...". +The following are therefore equivalent: + jduke=TheDuke,AnimatedCharacter + jduke.Roles=TheDuke,AnimatedCharacter + +@author <a href="[EMAIL PROTECTED]">Edward Kenworthy</a>, 12th Dec 2000 +@author [EMAIL PROTECTED] +*/ public class UsersRolesLoginModule extends UsernamePasswordLoginModule { - /** The users.properties values */ - private Properties users; - - /** The roles.properties values */ - private Properties roles; - - /** Initialize this LoginModule. */ - public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) - { - super.initialize(subject, callbackHandler, sharedState, options); - try - { - // Load the properties file that contains the list of users and passwords - loadUsers(); - loadRoles(); - } - catch(Exception e) - { - // Note that although this exception isn't passed on, users or roles will be null - // so that any call to login will throw a LoginException. - System.out.print("Error, couldn't load users/passwords/role files.\n"); - e.printStackTrace(); - } - } - - /** - * Method to authenticate a Subject (phase 1). - * - * Most of the changes from the original SimpleServerLoginModule - * are made in this method. They are: - * <ul> - * <li>users and passwords read from users.properties file - * <li>users and roles read from roles.properties file - * </ul> - * I've also removed the notion of a guest login. If you want to provide 'guest' - * access to your beans then simply disable security on them. - * + /** The name of the properties resource containing user/passwords */ + private String usersRsrcName = "users.properties"; + /** The name of the properties resource containing user/roles */ + private String rolesRsrcName = "roles.properties"; + /** The users.properties values */ + private Properties users; + /** The roles.properties values */ + private Properties roles; + + /** Initialize this LoginModule. + *@param options, the login module option map. Supported options include: + *usersProperties: The name of the properties resource containing + user/passwords. The default is "users.properties" + *rolesProperties: The name of the properties resource containing user/roles + The default is "roles.properties". + */ + public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) + { + super.initialize(subject, callbackHandler, sharedState, options); + try + { + // Check for usersProperties & rolesProperties + String option = (String) options.get("usersProperties"); + if( option != null ) + usersRsrcName = option; + option = (String) options.get("rolesProperties"); + if( option != null ) + rolesRsrcName = option; + // Load the properties file that contains the list of users and passwords + loadUsers(); + loadRoles(); + } + catch(Exception e) + { + // Note that although this exception isn't passed on, users or roles will be null + // so that any call to login will throw a LoginException. + super.log.error("Failed to load users/passwords/role files", e); + } + } + + /** Method to authenticate a Subject (phase 1). This validates that the + *users and roles properties files were loaded and then calls + *super.login to perform the validation of the password. + *@exception LoginException, thrown if the users or roles properties files + *were not found or the super.login method fails. + */ + public boolean login() throws LoginException + { + if( users == null ) + throw new LoginException("Missing users.properties file."); + if( roles == null ) + throw new LoginException("Missing roles.properties file."); + + return super.login(); + } + + /** Create the set of roles the user belongs to by parsing the roles.properties + data for username=role1,role2,... and username.XXX=role1,role2,... + patterns. + @return Group[] containing the sets of roles */ - public boolean login() throws LoginException - { - if( users == null ) - throw new LoginException("Missing users.properties file."); - if( roles == null ) - throw new LoginException("Missing roles.properties file."); - return super.login(); - } - - // AbstractLoginModule overrides -------------------------------------------- - - /** - * Create the set of roles the user belongs to by parsing the roles.properties - * data for username=role1,role2,... and username.XXX=role1,role2,... patterns. - * - * @return Group[] containing the sets of roles - */ - protected Group[] getRoleSets() throws LoginException - { - String targetUser = getUsername(); - Enumeration users = roles.propertyNames(); - SimpleGroup rolesGroup = new SimpleGroup("Roles"); - ArrayList groups = new ArrayList(); - groups.add(rolesGroup); - while( users.hasMoreElements() ) - { - String user = (String) users.nextElement(); - String value = roles.getProperty(user); - - // See if this entry is of the form targetUser[.GroupName]=roles - int index = user.indexOf('.'); - int length = index > 0 ? index : user.length(); - if( targetUser.regionMatches(0, user, 0, length) == false ) - continue; - - // Check for username.RoleGroup pattern - if( index > 0 ) - { - String groupName = user.substring(index + 1); - if( groupName.equals("Roles") ) - parseGroupMembers(rolesGroup, value); + protected Group[] getRoleSets() throws LoginException + { + String targetUser = getUsername(); + Enumeration users = roles.propertyNames(); + SimpleGroup rolesGroup = new SimpleGroup("Roles"); + ArrayList groups = new ArrayList(); + groups.add(rolesGroup); + while( users.hasMoreElements() ) + { + String user = (String) users.nextElement(); + String value = roles.getProperty(user); + // See if this entry is of the form targetUser[.GroupName]=roles + int index = user.indexOf('.'); + boolean isRoleGroup = false; + boolean userMatch = false; + if( index > 0 && targetUser.regionMatches(0, user, 0, index) == true ) + isRoleGroup = true; else + userMatch = targetUser.equals(user); + + // Check for username.RoleGroup pattern + if( isRoleGroup == true ) { - SimpleGroup group = new SimpleGroup(groupName); - parseGroupMembers(group, value); - groups.add(group); + String groupName = user.substring(index+1); + if( groupName.equals("Roles") ) + parseGroupMembers(rolesGroup, value); + else + { + SimpleGroup group = new SimpleGroup(groupName); + parseGroupMembers(group, value); + groups.add(group); + } } - } - else - { - // Place these roles into the Default "Roles" group - parseGroupMembers(rolesGroup, value); - } - } - Group[] roleSets = new Group[groups.size()]; - groups.toArray(roleSets); - return roleSets; - } - - // UsernamePasswordLoginModule overrides ------------------------------------ - - protected String getUsersPassword() - { - String username = getUsername(); - String password = null; - if( username != null ) - password = users.getProperty(username, null); - return password; - } - - // Private ------------------------------------------------------------------ - - private void parseGroupMembers(Group group, String value) - { - StringTokenizer tokenizer = new StringTokenizer(value, ","); - while( tokenizer.hasMoreTokens() ) - { - String token = tokenizer.nextToken(); - SimplePrincipal p = new SimplePrincipal(token); - group.addMember(p); - } - } - - private void loadUsers() throws IOException - { - users = loadProperties("users.properties"); - } - - private void loadRoles() throws IOException - { - roles = loadProperties("roles.properties"); - } + else if( userMatch == true ) + { + // Place these roles into the Default "Roles" group + parseGroupMembers(rolesGroup, value); + } + } + Group[] roleSets = new Group[groups.size()]; + groups.toArray(roleSets); + return roleSets; + } + protected String getUsersPassword() + { + String username = getUsername(); + String password = null; + if( username != null ) + password = users.getProperty(username , null); + return password; + } + +// utility methods + private void parseGroupMembers(Group group, String value) + { + StringTokenizer tokenizer = new StringTokenizer(value, ","); + while( tokenizer.hasMoreTokens() ) + { + String token = tokenizer.nextToken(); + SimplePrincipal p = new SimplePrincipal(token); + group.addMember(p); + } + } + + private void loadUsers() throws IOException + { + users = loadProperties(usersRsrcName); + } + + private void loadRoles() throws IOException + { + roles = loadProperties(rolesRsrcName); + } - /** + /** * Loads the given properties file and returns a Properties object containing the * key,value pairs in that file. - * <p> * The properties files should be in the class path. */ - private Properties loadProperties(String propertiesName) throws IOException - { - Properties bundle = null; - ClassLoader loader = Thread.currentThread().getContextClassLoader(); - URL url = loader.getResource(propertiesName); - if( url == null ) - throw new IOException("Properties file " + propertiesName + " not found"); - InputStream is = url.openStream(); - if( is != null ) - { - bundle = new Properties(); - bundle.load(is); - } - else - { - throw new IOException("Properties file " + propertiesName + " not avilable"); - } - return bundle; - } + private Properties loadProperties(String propertiesName) throws IOException + { + Properties bundle = null; + ClassLoader loader = Thread.currentThread().getContextClassLoader(); + URL url = loader.getResource(propertiesName); + if( url == null ) + throw new IOException("Properties file " + propertiesName + " not found"); + super.log.trace("Properties file="+url); + InputStream is = url.openStream(); + if( is != null ) + { + bundle = new Properties(); + bundle.load(is); + } + else + { + throw new IOException("Properties file " + propertiesName + " not avilable"); + } + return bundle; + } } -
_______________________________________________ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development