01: /* Copyright 2001, 2003, 2004 The JA-SIG Collaborative. All rights reserved.
02: * See license distributed with this file and
03: * available online at http://www.uportal.org/license.html
04: */
05:
06: package org.jasig.portal.security.provider;
07:
08: import java.io.Serializable;
09:
10: import javax.security.auth.login.LoginContext;
11: import javax.security.auth.login.LoginException;
12:
13: import org.apache.commons.logging.Log;
14: import org.apache.commons.logging.LogFactory;
15: import org.jasig.portal.security.IAdditionalDescriptor;
16: import org.jasig.portal.security.ISecurityContext;
17: import org.jasig.portal.security.PortalSecurityException;
18:
19: /**
20: * <p>This is an implementation of a SecurityContext that checks a user's
21: * credentials using JAAS.
22: *
23: * @author Nathan Jacobs
24: * @version $Revision: 35502 $
25: *
26: */
27:
28: class JAASSecurityContext extends ChainingSecurityContext implements
29: ISecurityContext, Serializable {
30:
31: private static final Log log = LogFactory
32: .getLog(JAASSecurityContext.class);
33:
34: private final int JAASSECURITYAUTHTYPE = 0xFF05;
35: private IAdditionalDescriptor additionalDescriptor;
36:
37: JAASSecurityContext() {
38: super ();
39: }
40:
41: public int getAuthType() {
42: return this .JAASSECURITYAUTHTYPE;
43: }
44:
45: public IAdditionalDescriptor getAdditionalDescriptor() {
46: return additionalDescriptor;
47: }
48:
49: public synchronized void authenticate()
50: throws PortalSecurityException {
51: this .isauth = false;
52:
53: if (this .myPrincipal.UID != null
54: && this .myOpaqueCredentials.credentialstring != null) {
55:
56: try {
57: // JAAS Stuff
58:
59: LoginContext lc = null;
60:
61: lc = new LoginContext(
62: "uPortal",
63: new JAASInlineCallbackHandler(
64: this .myPrincipal.UID,
65: (new String(
66: this .myOpaqueCredentials.credentialstring))
67: .toCharArray())); // could not come up w/ a better way to do this
68:
69: lc.login();
70: additionalDescriptor = new JAASSubject(lc.getSubject());
71:
72: // the above will throw an exception if authentication does not succeed
73:
74: if (log.isInfoEnabled())
75: log.info("User " + this .myPrincipal.UID
76: + " is authenticated");
77: this .isauth = true;
78:
79: } catch (LoginException e) {
80: if (log.isInfoEnabled())
81: log.info("User " + this .myPrincipal.UID
82: + ": invalid password");
83: if (log.isDebugEnabled())
84: log.debug("LoginException", e);
85: }
86: } else {
87: log
88: .error("Principal or OpaqueCredentials not initialized prior to authenticate");
89: }
90:
91: // authenticate all subcontexts.
92: super.authenticate();
93:
94: return;
95: }
96: }
|