001: /*
002: * JBoss, Home of Professional Open Source.
003: * Copyright 2006, Red Hat Middleware LLC, and individual contributors
004: * as indicated by the @author tags. See the copyright.txt file in the
005: * distribution for a full listing of individual contributors.
006: *
007: * This is free software; you can redistribute it and/or modify it
008: * under the terms of the GNU Lesser General Public License as
009: * published by the Free Software Foundation; either version 2.1 of
010: * the License, or (at your option) any later version.
011: *
012: * This software is distributed in the hope that it will be useful,
013: * but WITHOUT ANY WARRANTY; without even the implied warranty of
014: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
015: * Lesser General Public License for more details.
016: *
017: * You should have received a copy of the GNU Lesser General Public
018: * License along with this software; if not, write to the Free
019: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
020: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
021: */
022: package org.jboss.mq.sm.file;
023:
024: import java.security.acl.Group;
025: import java.util.Map;
026:
027: import javax.security.auth.Subject;
028: import javax.security.auth.callback.CallbackHandler;
029: import javax.security.auth.login.LoginException;
030:
031: import org.jboss.security.SimpleGroup;
032: import org.jboss.security.SimplePrincipal;
033: import org.jboss.security.auth.spi.UsernamePasswordLoginModule;
034:
035: /**
036: * JAAS LoginModule that is backed by the DynamicStateManager.
037: *
038: * Must have the attribute sm.objectname set,
039: * and may have the unauthenticatedIdentity set to some value.
040: * @author <a href="pra@tim.se">Peter Antman</a>
041: * @version $Revision: 57198 $
042: */
043:
044: public class DynamicLoginModule extends UsernamePasswordLoginModule {
045: static final String DEFAULT_SM_NAME = "jboss.mq:service=StateManager";
046:
047: DynamicStateManager sm = null;
048:
049: public DynamicLoginModule() {
050:
051: }
052:
053: public void initialize(Subject subject,
054: CallbackHandler callbackHandler, Map sharedState,
055: Map options) {
056: super
057: .initialize(subject, callbackHandler, sharedState,
058: options);
059: try {
060: String smName = (String) options.get("sm.objectname");
061: if (smName == null)
062: smName = DEFAULT_SM_NAME;
063:
064: javax.management.ObjectName smObjectName = new javax.management.ObjectName(
065: smName);
066:
067: // Lokup the state manager. FIXME
068: javax.management.MBeanServer server = org.jboss.mx.util.MBeanServerLocator
069: .locateJBoss();
070: sm = (DynamicStateManager) server.getAttribute(
071: smObjectName, "Instance");
072:
073: } catch (Exception ex) {
074: super .log
075: .error("Failed to load DynamicSecurityManager", ex);
076: }
077:
078: }
079:
080: /**
081: * Check we have contact to a state manager.
082: */
083: public boolean login() throws LoginException {
084: if (sm == null)
085: throw new LoginException("StateManager is null");
086:
087: return super .login();
088: }
089:
090: /** Overriden to return an empty password string as typically one cannot
091: obtain a user's password. We also override the validatePassword so
092: this is ok.
093: @return and empty password String
094: */
095: protected String getUsersPassword() throws LoginException {
096: return "";
097: }
098:
099: /**
100: * Validate the password againts the state manager.
101: *
102: * @param inputPassword the password to validate.
103: * @param expectedPassword ignored
104: */
105: protected boolean validatePassword(String inputPassword,
106: String expectedPassword) {
107: boolean valid = false;
108: try {
109: valid = sm.validatePassword(getUsername(), inputPassword);
110: } catch (Throwable e) {
111: super .setValidateError(e);
112: }
113: return valid;
114: }
115:
116: /** Overriden by subclasses to return the Groups that correspond to the
117: * to the role sets assigned to the user. Subclasses should create at
118: * least a Group named "Roles" that contains the roles assigned to the user.
119: * A second common group is "CallerPrincipal" that provides the application
120: * identity of the user rather than the security domain identity.
121: *
122: * Only a Roles Group is returned.
123: * @return Group[] containing the sets of roles
124: */
125: protected Group[] getRoleSets() throws LoginException {
126: SimpleGroup userRoles = new SimpleGroup("Roles");
127: String[] roles = null;
128: try {
129: roles = sm.getRoles(getUsername());
130: } catch (Exception ex) {
131: super .log.error("Could not get roleSets for user "
132: + getUsername(), ex);
133: throw new LoginException("Could not get roleSets for user");
134: }
135: if (roles != null) {
136: for (int i = 0; i < roles.length; i++) {
137: userRoles.addMember(new SimplePrincipal(roles[i]));
138: }
139: }
140:
141: Group[] roleSets = { userRoles };
142: return roleSets;
143: }
144: } // DynamicLoginModule
|