Home » geronimo-2.2-source-release » org.apache.geronimo.tomcat.realm » [javadoc | source]

    1   /**
    2    *
    3    * Copyright 2003-2004 The Apache Software Foundation
    4    *
    5    *  Licensed under the Apache License, Version 2.0 (the "License");
    6    *  you may not use this file except in compliance with the License.
    7    *  You may obtain a copy of the License at
    8    *
    9    *     http://www.apache.org/licenses/LICENSE-2.0
   10    *
   11    *  Unless required by applicable law or agreed to in writing, software
   12    *  distributed under the License is distributed on an "AS IS" BASIS,
   13    *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   14    *  See the License for the specific language governing permissions and
   15    *  limitations under the License.
   16    */
   17   package org.apache.geronimo.tomcat.realm;
   18   
   19   import java.security.Principal;
   20   import javax.security.auth.Subject;
   21   import javax.security.auth.login.AccountExpiredException;
   22   import javax.security.auth.login.CredentialExpiredException;
   23   import javax.security.auth.login.FailedLoginException;
   24   import javax.security.auth.login.LoginContext;
   25   import javax.security.auth.login.LoginException;
   26   
   27   import org.apache.catalina.realm.JAASCallbackHandler;
   28   import org.apache.catalina.realm.JAASRealm;
   29   import org.apache.commons.logging.Log;
   30   import org.apache.commons.logging.LogFactory;
   31   
   32   import org.apache.geronimo.security.ContextManager;
   33   
   34   
   35   /**
   36    * @version $Rev: 106522 $ $Date: 2004-11-25 01:28:57 +0100 (Thu, 25 Nov 2004) $
   37    */
   38   public class TomcatJAASRealm extends JAASRealm implements Cloneable {
   39       private static final Log log = LogFactory.getLog(TomcatJAASRealm.class);
   40       
   41       private static final String DEFAULT_NAME = "tomcat";
   42   
   43       /**
   44        * Descriptive information about this <code>Realm</code> implementation.
   45        */
   46       protected static final String info = "org.apache.geronimo.tomcat.realm.TomcatJAASRealm/1.0";
   47   
   48       /**
   49        * Descriptive information about this <code>Realm</code> implementation.
   50        */
   51       protected static final String name = "TomcatJAASRealm";
   52   
   53       public TomcatJAASRealm() {
   54           super();
   55       }
   56   
   57   
   58       /**
   59        * Return the <code>Principal</code> associated with the specified
   60        * username and credentials, if there is one; otherwise return
   61        * <code>null</code>.
   62        * <p/>
   63        * If there are any errors with the JDBC connection, executing the query or
   64        * anything we return null (don't authenticate). This event is also logged,
   65        * and the connection will be closed so that a subsequent request will
   66        * automatically re-open it.
   67        *
   68        * @param username    Username of the <code>Principal</code> to look up
   69        * @param credentials Password or other credentials to use in authenticating this
   70        *                    username
   71        */
   72       public Principal authenticate(String username, String credentials) {
   73   
   74           // Establish a LoginContext to use for authentication
   75           try {
   76               LoginContext loginContext = null;
   77               if (appName == null)
   78                   appName = DEFAULT_NAME;
   79   
   80               if (log.isDebugEnabled())
   81                   log.debug(sm.getString("jaasRealm.beginLogin", username, appName));
   82   
   83               // What if the LoginModule is in the container class loader ?
   84               ClassLoader ocl = null;
   85   
   86               if (isUseContextClassLoader()) {
   87                   ocl = Thread.currentThread().getContextClassLoader();
   88                   Thread.currentThread().setContextClassLoader(this.getClass().getClassLoader());
   89               }
   90   
   91               try {
   92                   loginContext = new LoginContext(appName, new JAASCallbackHandler(this, username, credentials));
   93               } catch (Throwable e) {
   94                   log.error(sm.getString("jaasRealm.unexpectedError"), e);
   95                   return (null);
   96               } finally {
   97                   if (isUseContextClassLoader()) {
   98                       Thread.currentThread().setContextClassLoader(ocl);
   99                   }
  100               }
  101   
  102               if (log.isDebugEnabled())
  103                   log.debug("Login context created " + username);
  104   
  105               // Negotiate a login via this LoginContext
  106               Subject subject = null;
  107               try {
  108                   loginContext.login();
  109                   Subject tempSubject = loginContext.getSubject();
  110                   if (tempSubject == null) {
  111                       if (log.isDebugEnabled())
  112                           log.debug(sm.getString("jaasRealm.failedLogin", username));
  113                       return (null);
  114                   }
  115   
  116                   subject = ContextManager.getServerSideSubject(tempSubject);
  117                   if (subject == null) {
  118                       if (log.isDebugEnabled())
  119                           log.debug(sm.getString("jaasRealm.failedLogin", username));
  120                       return (null);
  121                   }
  122   
  123               } catch (AccountExpiredException e) {
  124                   if (log.isDebugEnabled())
  125                       log.debug(sm.getString("jaasRealm.accountExpired", username));
  126                   return (null);
  127               } catch (CredentialExpiredException e) {
  128                   if (log.isDebugEnabled())
  129                       log.debug(sm.getString("jaasRealm.credentialExpired", username));
  130                   return (null);
  131               } catch (FailedLoginException e) {
  132                   if (log.isDebugEnabled())
  133                       log.debug(sm.getString("jaasRealm.failedLogin", username));
  134                   return (null);
  135               } catch (LoginException e) {
  136                   log.warn(sm.getString("jaasRealm.loginException", username), e);
  137                   return (null);
  138               } catch (Throwable e) {
  139                   log.error(sm.getString("jaasRealm.unexpectedError"), e);
  140                   return (null);
  141               }
  142   
  143               if (log.isDebugEnabled())
  144                   log.debug(sm.getString("jaasRealm.loginContextCreated", username));
  145   
  146               // Return the appropriate Principal for this authenticated Subject
  147               Principal principal = createPrincipal(username, subject);
  148               if (principal == null) {
  149                   log.debug(sm.getString("jaasRealm.authenticateFailure", username));
  150                   return (null);
  151               }
  152               if (log.isDebugEnabled()) {
  153                   log.debug(sm.getString("jaasRealm.authenticateSuccess", username));
  154               }
  155   
  156               return (principal);
  157           } catch (Throwable t) {
  158               log.error("error ", t);
  159               return null;
  160           }
  161       }
  162   
  163       public Object clone() throws CloneNotSupportedException{
  164           return super.clone();
  165       }
  166   }

Home » geronimo-2.2-source-release » org.apache.geronimo.tomcat.realm » [javadoc | source]