001: /*
002: * Copyright 2006 the original author or authors.
003: *
004: * Licensed under the Apache License, Version 2.0 (the "License");
005: * you may not use this file except in compliance with the License.
006: * You may obtain a copy of the License at
007: *
008: * http://www.apache.org/licenses/LICENSE-2.0
009: *
010: * Unless required by applicable law or agreed to in writing, software
011: * distributed under the License is distributed on an "AS IS" BASIS,
012: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013: * See the License for the specific language governing permissions and
014: * limitations under the License.
015: */
016:
017: package org.springframework.ws.soap.security.xwss.callback.jaas;
018:
019: import javax.security.auth.Subject;
020: import javax.security.auth.callback.Callback;
021: import javax.security.auth.callback.NameCallback;
022: import javax.security.auth.callback.PasswordCallback;
023: import javax.security.auth.callback.UnsupportedCallbackException;
024: import javax.security.auth.login.LoginContext;
025: import javax.security.auth.login.LoginException;
026:
027: import com.sun.xml.wss.impl.callback.PasswordValidationCallback;
028:
029: import org.springframework.ws.soap.security.xwss.callback.AbstractCallbackHandler;
030:
031: /**
032: * Provides basic support for integrating with JAAS and plain text passwords.
033: * <p/>
034: * This class only handles <code>PasswordValidationCallback</code>s that contain a
035: * <code>PlainTextPasswordRequest</code>, and throws an <code>UnsupportedCallbackException</code> for others.
036: *
037: * @author Arjen Poutsma
038: * @see #getLoginContextName()
039: */
040: public class JaasPlainTextPasswordValidationCallbackHandler extends
041: AbstractJaasValidationCallbackHandler {
042:
043: protected JaasPlainTextPasswordValidationCallbackHandler() {
044: }
045:
046: /**
047: * Handles <code>PasswordValidationCallback</code>s that contain a <code>PlainTextPasswordRequest</code>, and throws
048: * an <code>UnsupportedCallbackException</code> for others.
049: *
050: * @throws UnsupportedCallbackException when the callback is not supported
051: */
052: protected final void handleInternal(Callback callback)
053: throws UnsupportedCallbackException {
054: if (callback instanceof PasswordValidationCallback) {
055: PasswordValidationCallback validationCallback = (PasswordValidationCallback) callback;
056: if (validationCallback.getRequest() instanceof PasswordValidationCallback.PlainTextPasswordRequest) {
057: validationCallback
058: .setValidator(new JaasPlainTextPasswordValidator());
059: return;
060: }
061: }
062: throw new UnsupportedCallbackException(callback);
063: }
064:
065: private class JaasPlainTextPasswordValidator implements
066: PasswordValidationCallback.PasswordValidator {
067:
068: public boolean validate(
069: PasswordValidationCallback.Request request)
070: throws PasswordValidationCallback.PasswordValidationException {
071: PasswordValidationCallback.PlainTextPasswordRequest plainTextRequest = (PasswordValidationCallback.PlainTextPasswordRequest) request;
072:
073: final String username = plainTextRequest.getUsername();
074: final String password = plainTextRequest.getPassword();
075:
076: LoginContext loginContext = null;
077: try {
078: loginContext = new LoginContext(getLoginContextName(),
079: new AbstractCallbackHandler() {
080:
081: protected void handleInternal(
082: Callback callback)
083: throws UnsupportedCallbackException {
084: if (callback instanceof NameCallback) {
085: ((NameCallback) callback)
086: .setName(username);
087: } else if (callback instanceof PasswordCallback) {
088: ((PasswordCallback) callback)
089: .setPassword(password
090: .toCharArray());
091: } else {
092: throw new UnsupportedCallbackException(
093: callback);
094: }
095: }
096: });
097: } catch (LoginException ex) {
098: throw new PasswordValidationCallback.PasswordValidationException(
099: ex);
100: } catch (SecurityException ex) {
101: throw new PasswordValidationCallback.PasswordValidationException(
102: ex);
103: }
104:
105: try {
106: loginContext.login();
107: Subject subject = loginContext.getSubject();
108: if (!subject.getPrincipals().isEmpty()) {
109: if (logger.isDebugEnabled()) {
110: logger
111: .debug("Authentication request for user '"
112: + username + "' successful");
113: }
114: return true;
115: } else {
116: if (logger.isDebugEnabled()) {
117: logger
118: .debug("Authentication request for user '"
119: + username + "' failed");
120: }
121: return false;
122: }
123: } catch (LoginException ex) {
124: if (logger.isDebugEnabled()) {
125: logger.debug("Authentication request for user '"
126: + username + "' failed");
127: }
128: return false;
129: }
130: }
131:
132: }
133: }
|