001: /*
002: * BEGIN_HEADER - DO NOT EDIT
003: *
004: * The contents of this file are subject to the terms
005: * of the Common Development and Distribution License
006: * (the "License"). You may not use this file except
007: * in compliance with the License.
008: *
009: * You can obtain a copy of the license at
010: * https://open-esb.dev.java.net/public/CDDLv1.0.html.
011: * See the License for the specific language governing
012: * permissions and limitations under the License.
013: *
014: * When distributing Covered Code, include this CDDL
015: * HEADER in each file and include the License file at
016: * https://open-esb.dev.java.net/public/CDDLv1.0.html.
017: * If applicable add the following below this CDDL HEADER,
018: * with the fields enclosed by brackets "[]" replaced with
019: * your own identifying information: Portions Copyright
020: * [year] [name of copyright owner]
021: */
022:
023: /*
024: * @(#)JaasAuthenticator.java
025: * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
026: *
027: * END_HEADER - DO NOT EDIT
028: */
029: /**
030: * Authenticator.java
031: *
032: * SUN PROPRIETARY/CONFIDENTIAL.
033: * This software is the proprietary information of Sun Microsystems, Inc.
034: * Use is subject to license terms.
035: *
036: * Created on January 25, 2005, 10:29 PM
037: */package com.sun.jbi.internal.security.auth;
038:
039: import com.sun.jbi.internal.security.UserDomain;
040: import com.sun.jbi.internal.security.callback.UsrPwdCallbackHandler;
041:
042: // -- This will be replaced with the JSR 196 Callback later.
043: import com.sun.enterprise.security.jauth.callback.PasswordValidationCallback;
044:
045: import javax.security.auth.callback.Callback;
046: import javax.security.auth.callback.CallbackHandler;
047: import javax.security.auth.callback.UnsupportedCallbackException;
048: import javax.security.auth.login.Configuration;
049: import javax.security.auth.login.LoginContext;
050: import javax.security.auth.login.LoginException;
051: import javax.security.auth.Subject;
052:
053: /**
054: * This class enforces user authentication.
055: *
056: * @author Sun Microsystems, Inc.
057: */
058: public class JaasAuthenticator implements Authenticator {
059: /** The User Domain. */
060: private UserDomain mDomain;
061:
062: /**
063: * The Privileged Action to create a Login Context etc.
064: *
065: * @author Sun Microsystems, Inc.
066: */
067: class LoginPrivilegedAction implements
068: java.security.PrivilegedExceptionAction {
069: /** Callback Handler. */
070: private CallbackHandler mHandler = null;
071:
072: /** Subject. */
073: private Subject mSubject = null;
074:
075: /**
076: * Ctor.
077: *
078: * @param subj - Subject.
079: * @param hndlr - CallbackHandler
080: */
081: public LoginPrivilegedAction(Subject subj, CallbackHandler hndlr) {
082: mSubject = subj;
083: mHandler = hndlr;
084: }
085:
086: /**
087: * @throws LoginException if Login fails.
088: * @return null.
089: */
090: public Object run() throws LoginException {
091: try {
092: login();
093: } catch (LoginException lex) {
094: // -- reattempt login after refreshing configuration
095: Configuration.getConfiguration().refresh();
096: login();
097: }
098: return null;
099:
100: }
101:
102: /**
103: * login.
104: *
105: * @throws LoginException if login fails.
106: */
107: private void login() throws LoginException {
108: LoginContext lc = new LoginContext(mDomain.getName(),
109: mSubject, mHandler);
110: lc.login();
111: lc = null;
112: }
113:
114: }
115:
116: /**
117: * Authenticate a user and update the Subject with the authenticated
118: * Identity. This authenticator uses the name of the User Domain as
119: * the JAAS Context used for authentication.
120: *
121: * @param subject is the Subject to be authneticated. If the passed Subject is null
122: * then the TLS is checked to see if there is a Subject set there, if not then
123: * a new Subject is created.
124: * @param handler is the CallbackHandler the authneticator can use for
125: * authentication. The
126: * @return true if authentication succeeds, false otherwise.
127: */
128: public boolean authenticate(Subject subject, CallbackHandler handler) {
129: try {
130: java.security.AccessController.doPrivileged(
131: new LoginPrivilegedAction(subject, handler),
132: java.security.AccessController.getContext());
133: return true;
134: } catch (Throwable lex) {
135: lex.printStackTrace();
136: }
137: return false;
138:
139: }
140:
141: /**
142: * Initialize the authenticator with the UserDomain.
143: *
144: * @param domain is the UserDomain which has the Authentication Context.
145: * @throws IllegalStateException if initilaization fails.
146: */
147: public void initialize(UserDomain domain)
148: throws IllegalStateException {
149: mDomain = domain;
150: }
151:
152: /**
153: * The implementation on the CallbackHandlerInterface. This class only supports
154: * PasswordValidationCallback
155: *
156: *
157: * @param callbacks - array of Callbacks to be handled.
158: * @throws java.io.IOException - if an input or output error occurs.
159: * @throws UnsupportedCallbackException - if the implementation of this method
160: * does not support one or more of the Callbacks specified in the callbacks
161: * parameter.
162: */
163: public void handle(Callback[] callbacks)
164: throws java.io.IOException, UnsupportedCallbackException {
165: for (int i = 0; i < callbacks.length; i++) {
166: CallbackHandler handler = null;
167:
168: if (callbacks[i] instanceof PasswordValidationCallback) {
169: PasswordValidationCallback authCb = (PasswordValidationCallback) callbacks[i];
170:
171: authCb
172: .setResult(authenticate(
173: com.sun.jbi.internal.security.ThreadLocalContext
174: .getLocalSubject(),
175: new UsrPwdCallbackHandler(authCb
176: .getUsername(), authCb
177: .getPassword())));
178: } else {
179: throw new UnsupportedCallbackException(callbacks[i]);
180: }
181: }
182: }
183: }
|