001: /**
002: * JOnAS: Java(TM) Open Application Server
003: * Copyright (C) 2004 Bull S.A.
004: * Contact: jonas-team@objectweb.org
005: *
006: * This library is free software; you can redistribute it and/or
007: * modify it under the terms of the GNU Lesser General Public
008: * License as published by the Free Software Foundation; either
009: * version 2.1 of the License, or any later version.
010: *
011: * This library is distributed in the hope that it will be useful,
012: * but WITHOUT ANY WARRANTY; without even the implied warranty of
013: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
014: * Lesser General Public License for more details.
015: *
016: * You should have received a copy of the GNU Lesser General Public
017: * License along with this library; if not, write to the Free Software
018: * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
019: * USA
020: *
021: * --------------------------------------------------------------------------
022: * $Id: SecurityContextHelper.java 6058 2005-01-07 13:28:28Z joaninh $
023: * --------------------------------------------------------------------------
024: */package org.objectweb.jonas.security.iiop;
025:
026: import java.io.UnsupportedEncodingException;
027:
028: import org.omg.GSSUP.InitialContextToken;
029:
030: import org.objectweb.carol.util.csiv2.gss.GSSHelper;
031:
032: import org.objectweb.jonas.common.Log;
033: import org.objectweb.jonas.security.AbsSecurityContextHelper;
034:
035: import org.objectweb.security.context.SecurityContext;
036: import org.objectweb.security.context.SecurityCurrent;
037:
038: import org.objectweb.util.monolog.api.Logger;
039:
040: /**
041: * This class is used by Csiv2 server interceptor and by the JOnAS EJB provider Web Service.
042: * It allows to authenticate users.
043: * @author Florent Benoit : Initial developper
044: * @author Helene Joanin : Refactoring
045: */
046: public class SecurityContextHelper extends AbsSecurityContextHelper {
047:
048: /**
049: * The singleton instance
050: */
051: private static SecurityContextHelper instance = null;
052:
053: /**
054: * Csiv2 Realm key
055: */
056: private static final String CSIV2_REALM_KEY = "jonas.service.security.csiv2.realm";
057:
058: /**
059: * Default Interop resource name
060: */
061: private static final String DEFAULT_CSIV2_REALM = "memrlm_1";
062:
063: /**
064: * Domain separator
065: */
066: private static final String DOMAIN_SEPARATOR = "@";
067:
068: /**
069: * Default domain name
070: */
071: private static final String DEFAULT_DOMAIN_NAME = "default";
072:
073: /**
074: * Encoding
075: */
076: private static final String ENCODING = "UTF-8";
077:
078: /**
079: * Logger
080: */
081: private static Logger logger = Log
082: .getLogger(Log.JONAS_CSIV2_SECURITY_PREFIX);
083:
084: /**
085: * Private constructor because of singleton
086: */
087: private SecurityContextHelper() {
088: }
089:
090: /**
091: * @return return the singleton instance
092: */
093: public static SecurityContextHelper getInstance() {
094: if (instance == null) {
095: instance = new SecurityContextHelper();
096: }
097: return instance;
098: }
099:
100: /**
101: * @return the associated logger
102: */
103: protected Logger getLogger() {
104: return logger;
105: }
106:
107: /**
108: * @return return the CSIV2 Realm key
109: */
110: protected String getRealmKey() {
111: return CSIV2_REALM_KEY;
112: }
113:
114: /**
115: * @return return the CSIV2 default Realm
116: */
117: protected String getRealmDefault() {
118: return DEFAULT_CSIV2_REALM;
119: }
120:
121: /**
122: * Authenticate with csiv2 authentication token
123: * @param userName user for login
124: * @param password of the user
125: */
126: protected void loginAuthenticationToken(String userName,
127: String password) {
128: // need to remove domain of userName which is GSS NT_USERNAME
129: String principalName = userName.split(DOMAIN_SEPARATOR)[0];
130: String credential = password;
131: login(principalName, credential);
132: }
133:
134: /**
135: * Authenticate with csiv2 identity token (no password)
136: * @param principalName the username
137: */
138: protected void loginIdentiyToken(String principalName) {
139: String credential = principalName;
140: login(principalName, credential);
141: }
142:
143: /**
144: * @return the identity of the authenticated user.
145: * In run-as, it returns run-as identity.
146: */
147: public String getIdentityToken() {
148: SecurityCurrent current = SecurityCurrent.getCurrent();
149: SecurityContext securityContext = current.getSecurityContext();
150:
151: if (securityContext.peekRunAsPrincipal() != null) {
152: return securityContext.peekRunAsPrincipal();
153: } else {
154: return securityContext.getCallerPrincipal(false).getName();
155: }
156: }
157:
158: /**
159: * @return the identity of the authenticated user.
160: * In run-as, it returns run-as identity.
161: * @throws UnsupportedEncodingException if UTF-8 encoding is not supported
162: */
163: public InitialContextToken getInitialContextToken()
164: throws UnsupportedEncodingException {
165: SecurityCurrent current = SecurityCurrent.getCurrent();
166: SecurityContext securityContext = current.getSecurityContext();
167: String principalName = securityContext.getPrincipalName();
168: String userName = principalName + DOMAIN_SEPARATOR
169: + DEFAULT_DOMAIN_NAME;
170: String password = principalName;
171: byte[] user = userName.getBytes(ENCODING);
172: byte[] pass = password.getBytes(ENCODING);
173: byte[] domain = GSSHelper.encodeExported(DEFAULT_DOMAIN_NAME);
174: return new InitialContextToken(user, pass, domain);
175:
176: }
177:
178: }
|