Home » geronimo-2.2-source-release » org.apache.geronimo.security.credentialstore » [javadoc | source]

    1   /*
    2    * Licensed to the Apache Software Foundation (ASF) under one
    3    * or more contributor license agreements.  See the NOTICE file
    4    * distributed with this work for additional information
    5    * regarding copyright ownership.  The ASF licenses this file
    6    * to you under the Apache License, Version 2.0 (the
    7    * "License"); you may not use this file except in compliance
    8    * with the License.  You may obtain a copy of the License at
    9    *
   10    *  http://www.apache.org/licenses/LICENSE-2.0
   11    *
   12    * Unless required by applicable law or agreed to in writing,
   13    * software distributed under the License is distributed on an
   14    * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
   15    * KIND, either express or implied.  See the License for the
   16    * specific language governing permissions and limitations
   17    * under the License.
   18    */
   19   
   20   
   21   package org.apache.geronimo.security.credentialstore;
   22   
   23   import java.util.Map;
   24   import java.util.List;
   25   import java.util.Arrays;
   26   import java.io.IOException;
   27   import java.security.Principal;
   28   import java.lang.reflect.Constructor;
   29   import java.lang.reflect.InvocationTargetException;
   30   
   31   import javax.security.auth.spi.LoginModule;
   32   import javax.security.auth.Subject;
   33   import javax.security.auth.login.LoginException;
   34   import javax.security.auth.login.FailedLoginException;
   35   import javax.security.auth.callback.CallbackHandler;
   36   import javax.security.auth.callback.NameCallback;
   37   import javax.security.auth.callback.Callback;
   38   import javax.security.auth.callback.UnsupportedCallbackException;
   39   
   40   import org.apache.geronimo.security.jaas.JaasLoginModuleUse;
   41   
   42   /**
   43    * Simple login module that may help create subjects for run-as roles.  List the desired class as the principalClass and the
   44    * desired allowed names for principals as allowedNames in a comma-separated list.
   45    *
   46    * @version $Rev: 723240 $ $Date: 2008-12-04 00:19:31 -0800 (Thu, 04 Dec 2008) $
   47    */
   48   public class RunAsLoginModule implements LoginModule {
   49   
   50       private Subject subject;
   51       private CallbackHandler callbackHandler;
   52       private Class<Principal> principalClass;
   53       private List<String> allowedNames;
   54       private String name;
   55   
   56       public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) {
   57           this.subject = subject;
   58           this.callbackHandler = callbackHandler;
   59           ClassLoader classLoader = (ClassLoader) options.get(JaasLoginModuleUse.CLASSLOADER_LM_OPTION);
   60           String principalClassName = (String) options.get("principalClass");
   61           try {
   62               principalClass = (Class<Principal>) classLoader.loadClass(principalClassName);
   63           } catch (ClassNotFoundException e) {
   64               throw new IllegalArgumentException(principalClassName + " not found", e);
   65           }
   66           String allNames = (String) options.get("principalNames");
   67           allowedNames = Arrays.asList(allNames.split(","));
   68       }
   69   
   70       public boolean login() throws LoginException {
   71           NameCallback callback = new NameCallback("foo");
   72           try {
   73               callbackHandler.handle(new Callback[] {callback});
   74           } catch (IOException e) {
   75               throw (LoginException) new LoginException().initCause(e);
   76           } catch (UnsupportedCallbackException e) {
   77               throw (LoginException) new LoginException().initCause(e);
   78           }
   79           name = callback.getName();
   80           if (allowedNames.contains(name)) {
   81               return true;
   82           }
   83           throw new FailedLoginException("name not recognized " + name);
   84       }
   85   
   86       public boolean commit() throws LoginException {
   87           try {
   88               Constructor<Principal> c = principalClass.getConstructor(String.class);
   89               Principal principal = c.newInstance(name);
   90               subject.getPrincipals().add(principal);
   91               return true;
   92           } catch (InstantiationException e) {
   93               throw (LoginException) new LoginException().initCause(e);
   94           } catch (IllegalAccessException e) {
   95               throw (LoginException) new LoginException().initCause(e);
   96           } catch (NoSuchMethodException e) {
   97               throw (LoginException) new LoginException().initCause(e);
   98           } catch (InvocationTargetException e) {
   99               throw (LoginException) new LoginException().initCause(e);
  100           }
  101       }
  102   
  103       public boolean abort() throws LoginException {
  104           return false;
  105       }
  106   
  107       public boolean logout() throws LoginException {
  108           return false;
  109       }
  110   }

Home » geronimo-2.2-source-release » org.apache.geronimo.security.credentialstore » [javadoc | source]