001: /*
002: * JOSSO: Java Open Single Sign-On
003: *
004: * Copyright 2004-2008, Atricore, Inc.
005: *
006: * This is free software; you can redistribute it and/or modify it
007: * under the terms of the GNU Lesser General Public License as
008: * published by the Free Software Foundation; either version 2.1 of
009: * the License, or (at your option) any later version.
010: *
011: * This software is distributed in the hope that it will be useful,
012: * but WITHOUT ANY WARRANTY; without even the implied warranty of
013: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
014: * Lesser General Public License for more details.
015: *
016: * You should have received a copy of the GNU Lesser General Public
017: * License along with this software; if not, write to the Free
018: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
019: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
020: */
021:
022: package org.josso.wls92.agent.mbeans;
023:
024: //import org.apache.commons.logging.Log;
025: //import org.apache.commons.logging.LogFactory;
026:
027: import org.apache.commons.logging.Log;
028: import org.apache.commons.logging.LogFactory;
029: import org.josso.Lookup;
030: import org.josso.wls92.agent.WLSAgentServletFilter;
031: import weblogic.management.security.ProviderMBean;
032: import weblogic.security.provider.PrincipalValidatorImpl;
033: import weblogic.security.spi.*;
034:
035: import javax.security.auth.login.AppConfigurationEntry;
036: import javax.servlet.Filter;
037: import java.util.HashMap;
038:
039: /**
040: * Date: Nov 20, 2007
041: * Time: 1:05:08 PM
042: *
043: * @author <a href="mailto:sgonzalez@josso.org">Sebastian Gonzalez Oyuela</a>
044: */
045: public class JOSSOAuthenticationProviderImpl implements
046: AuthenticationProviderV2, ServletAuthenticationFilter {
047:
048: private static final Log logger = LogFactory
049: .getLog(JOSSOAuthenticationProviderImpl.class);
050:
051: /**
052: * a description of this provider
053: */
054: private String description;
055:
056: private Filter[] filters;
057:
058: /**
059: * how this provider's login module should be used during the JAAS login
060: */
061: private AppConfigurationEntry.LoginModuleControlFlag controlFlag;
062:
063: /**
064: * Initialize the JOSSO authenticator.
065: *
066: * @param mbean A ProviderMBean that holds the JOSSO authenticator's
067: * configuration data. This mbean must be an instance of the JOSSO
068: * authenticator's mbean.
069: * @param services The SecurityServices gives access to the auditor
070: * so that the provider can to post audit events.
071: * <p/>
072: * The JOSSO authenticator doesn't use this parameter.
073: * @see weblogic.security.spi.SecurityProvider
074: */
075: public void initialize(ProviderMBean mbean,
076: SecurityServices services) {
077:
078: logger.info("JOSSOAuthenticationProviderImpl.initialize");
079:
080: // Cast the mbean from a generic ProviderMBean to a JOSSOAuthenticatorMBean.
081: JOSSOAuthenticatorMBean myMBean = (JOSSOAuthenticatorMBean) mbean;
082:
083: // Set the description to the JOSSO authenticator's mbean's description and version
084: description = myMBean.getDescription() + "\n"
085: + myMBean.getVersion();
086:
087: // Extract the JAAS control flag from the JOSSO authenticator's mbean.
088: // This flag controls how the JOSSO authenticator's login module is used
089: // by the JAAS login, both for authentication and for identity assertion.
090: String flag = myMBean.getControlFlag();
091: if (flag.equalsIgnoreCase("REQUIRED")) {
092: controlFlag = AppConfigurationEntry.LoginModuleControlFlag.REQUIRED;
093: } else if (flag.equalsIgnoreCase("OPTIONAL")) {
094: controlFlag = AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL;
095: } else if (flag.equalsIgnoreCase("REQUISITE")) {
096: controlFlag = AppConfigurationEntry.LoginModuleControlFlag.REQUISITE;
097: } else if (flag.equalsIgnoreCase("SUFFICIENT")) {
098: controlFlag = AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT;
099: } else {
100: throw new IllegalArgumentException("invalid flag value"
101: + flag);
102: }
103:
104: try {
105:
106: // For an agent lookup
107: Lookup.getInstance().lookupSSOAgent().start();
108:
109: if (logger.isDebugEnabled())
110: logger
111: .debug("Creating new JOSSO Servlet Agent Filter instance ...");
112:
113: filters = new Filter[1];
114: filters[0] = new WLSAgentServletFilter();
115:
116: } catch (Exception e) {
117: logger.error(e.getMessage(), e);
118:
119: }
120: }
121:
122: /**
123: * Get the JOSSO authenticator's description.
124: *
125: * @return A String containing a brief description of the JOSSO authenticator.
126: */
127: public String getDescription() {
128: return description;
129: }
130:
131: /**
132: * Shutdown the JOSSO authenticator.
133: * <p/>
134: * A no-op.
135: */
136: public void shutdown() {
137: logger.info("JOSSOAuthenticationProviderImpl.shutdown");
138: }
139:
140: /**
141: * Create a JAAS AppConfigurationEntry (which tells JAAS
142: * how to create the login module and how to use it).
143: * This helper method is used both for authentication mode
144: * and identity assertion mode.
145: *
146: * @param options A HashMap containing the options to pass to the
147: * JOSSO authenticator's login module.
148: * @return An AppConfigurationEntry that tells JAAS how to use the JOSSO
149: * authenticator's login module.
150: */
151: private AppConfigurationEntry getConfiguration(HashMap options) {
152: // make sure to specify the JOSSO authenticator's login module
153: // and to use the control flag from the JOSSO authenticator's mbean.
154: return new AppConfigurationEntry(
155: "org.josso.wls92.agent.jaas.SSOGatewayLoginModuleImpl",
156: controlFlag, options);
157: }
158:
159: /**
160: * Create a JAAS AppConfigurationEntry (which tells JAAS
161: * how to create the login module and how to use it) when
162: * the JOSSO authenticator is used to authenticate (vs. to
163: * complete identity assertion).
164: *
165: * @return An AppConfigurationEntry that tells JAAS how to use the JOSSO
166: * authenticator's login module for authentication.
167: */
168: public AppConfigurationEntry getLoginModuleConfiguration() {
169: // Don't pass in any special options.
170: // By default, the JOSSO authenticator's login module
171: // will authenticate (by checking that the passwords match).
172: HashMap options = new HashMap();
173: return getConfiguration(options);
174: }
175:
176: /**
177: * Create a JAAS AppConfigurationEntry (which tells JAAS
178: * how to create the login module and how to use it) when
179: * the JOSSO authenticator is used to complete identity
180: * assertion (vs. to authenticate).
181: *
182: * @return An AppConfigurationEntry that tells JAAS how to use the JOSSO
183: * authenticator's login module for identity assertion.
184: */
185: public AppConfigurationEntry getAssertionModuleConfiguration() {
186: // Pass an option indicating that we're doing identity
187: // assertion (vs. authentication) therefore the login module
188: // should only check that the user exists (instead of checking
189: // the password)
190: HashMap options = new HashMap();
191: options.put("IdentityAssertion", "true");
192: return getConfiguration(options);
193: }
194:
195: /**
196: * Return the principal validator that can validate the
197: * principals that the authenticator's login module
198: * puts into the subject.
199: * <p/>
200: * Since the JOSSO authenticator uses the built in
201: * WLSUserImpl and WLSGroupImpl principal classes, just
202: * returns the built in PrincipalValidatorImpl that knows
203: * how to handle these kinds of principals.
204: *
205: * @return A PrincipalValidator that can validate the
206: * principals that the JOSSO authenticator's login module
207: * puts in the subject.
208: */
209: public PrincipalValidator getPrincipalValidator() {
210: return new PrincipalValidatorImpl();
211: }
212:
213: /**
214: * Returns this providers identity asserter object.
215: *
216: * @return null since the JOSSO authenticator doesn't
217: * support identity assertion (that is, mapping a token
218: * to a user name). Do not confuse this with using a
219: * login module in identity assertion mode where the
220: * login module shouldn't try to validate the user.
221: */
222: public IdentityAsserterV2 getIdentityAsserter() {
223: return null;
224: }
225:
226: /**
227: * This implementation returns an array with a GenericServletSSOAgentFilter
228: * @see org.josso.servlet.agent.GenericServletSSOAgentFilter
229: */
230: public Filter[] getServletAuthenticationFilters() {
231:
232: return filters;
233: }
234: }
|