001: /*
002: * JOSSO: Java Open Single Sign-On
003: *
004: * Copyright 2004-2008, Atricore, Inc.
005: *
006: * This is free software; you can redistribute it and/or modify it
007: * under the terms of the GNU Lesser General Public License as
008: * published by the Free Software Foundation; either version 2.1 of
009: * the License, or (at your option) any later version.
010: *
011: * This software is distributed in the hope that it will be useful,
012: * but WITHOUT ANY WARRANTY; without even the implied warranty of
013: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
014: * Lesser General Public License for more details.
015: *
016: * You should have received a copy of the GNU Lesser General Public
017: * License along with this software; if not, write to the Free
018: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
019: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
020: */
021: package org.josso.auth.scheme;
022:
023: import org.apache.commons.logging.Log;
024: import org.apache.commons.logging.LogFactory;
025: import org.josso.auth.*;
026: import org.josso.auth.exceptions.SSOAuthenticationException;
027: import org.josso.gateway.identity.exceptions.SSOIdentityException;
028:
029: import javax.security.auth.Subject;
030: import java.security.Principal;
031: import java.util.Set;
032:
033: /**
034: * Specific authentiation schemes can extend this base implementation providing
035: * specific logic in the authenticate method.
036: *
037: * @author <a href="mailto:sgonzalez@josso.org">Sebastian Gonzalez Oyuela</a>
038: * @version $Id: AbstractAuthenticationScheme.java 508 2008-02-18 13:32:29Z sgonzalez $
039: */
040: public abstract class AbstractAuthenticationScheme implements
041: AuthenticationScheme {
042:
043: private static final Log logger = LogFactory
044: .getLog(AbstractAuthenticationScheme.class);
045:
046: private boolean _authenticated;
047:
048: // The subjtect beeng authenticated.
049: protected Subject _subject;
050:
051: // The credential store used to retrieve konw or trusted credentials.
052: protected CredentialStore _credentialStore;
053: protected CredentialStoreKeyAdapter _credentialStoreKeyAdapter;
054: protected CredentialProvider _credentialProvider;
055:
056: // The credentials provided by the user as input.
057: protected Credential[] _inputCredentials;
058: private String _name;
059:
060: public AbstractAuthenticationScheme() {
061: _credentialProvider = doMakeCredentialProvider();
062: }
063:
064: /**
065: * Initializes the authentication scheme.
066: *
067: * @param userCredentials
068: */
069: public void initialize(Credential[] userCredentials, Subject s) {
070: _inputCredentials = userCredentials;
071: _subject = s;
072: _authenticated = false;
073: _credentialProvider = doMakeCredentialProvider();
074: }
075:
076: /**
077: * Confirms the authentication process, populates the Subject with Principal and Credentials information.
078: */
079: public void confirm() {
080:
081: // Only add security information if authentication was successful.
082: if (!isAuthenticated()) {
083: if (logger.isDebugEnabled())
084: logger
085: .debug("[cancel()], ignored. Not authenticated for this scheme.");
086: return;
087: }
088:
089: // Get the username associated with input credentials.
090: Principal principal = getPrincipal();
091:
092: // Public / Private credentials.
093: Credential[] pc = null;
094:
095: // Populate the Subject
096: Set principals = _subject.getPrincipals();
097: principals.add(principal);
098:
099: // Private credentials :
100: Set privateCredentials = _subject.getPrivateCredentials();
101: pc = getPrivateCredentials();
102: for (int i = 0; i < pc.length; i++) {
103: privateCredentials.add(pc[i]);
104: }
105:
106: // Public credentials :
107: Set publicCredentials = _subject.getPublicCredentials();
108: pc = getPublicCredentials();
109: for (int i = 0; i < pc.length; i++) {
110: publicCredentials.add(pc[i]);
111: }
112:
113: if (logger.isDebugEnabled())
114: logger.debug("[confirm()], ok");
115:
116: }
117:
118: /**
119: * Cancels the authentication process.
120: */
121: public void cancel() {
122: if (logger.isDebugEnabled())
123: logger.debug("[cancel()], ok");
124: setAuthenticated(false);
125: }
126:
127: public Credential newCredential(String name, Object value) {
128: return _credentialProvider.newCredential(name, value);
129: }
130:
131: // ------------------------------------------------------------------------------
132: // Protected utils
133: // ------------------------------------------------------------------------------
134:
135: /**
136: * Gets the authentication status associated to the scheme. Subclasses should set this flag
137: * in the authenticate method implementation.
138: */
139: protected boolean isAuthenticated() {
140: return _authenticated;
141: }
142:
143: /**
144: * Sets the authentication status associated to the scheme. Subclasses should set this flag
145: * in the authenticate method implementation.
146: */
147: protected void setAuthenticated(boolean a) {
148: _authenticated = a;
149: }
150:
151: /**
152: * Utility to load credentials from the store.
153: *
154: * @return the array of konw credentials associated with the authenticated Principal.
155: *
156: * @throws SSOAuthenticationException if an error occures while accessing the store.
157: */
158: protected Credential[] getKnownCredentials()
159: throws SSOAuthenticationException {
160: try {
161: CredentialKey key = getCredentialStoreKeyAdapter()
162: .getKeyForPrincipal(getPrincipal());
163: return _credentialStore.loadCredentials(key);
164: } catch (SSOIdentityException e) {
165: throw new SSOAuthenticationException(e.getMessage(), e);
166: }
167: }
168:
169: protected CredentialStore getCredentialStore() {
170: return _credentialStore;
171: }
172:
173: protected CredentialStoreKeyAdapter getCredentialStoreKeyAdapter() {
174: return _credentialStoreKeyAdapter;
175: }
176:
177: public void setCredentialStore(CredentialStore c) {
178: _credentialStore = c;
179: }
180:
181: public void setCredentialStoreKeyAdapter(CredentialStoreKeyAdapter a) {
182: _credentialStoreKeyAdapter = a;
183: }
184:
185: /**
186: * Clones this authentication scheme.
187: */
188: public Object clone() {
189: try {
190: return super .clone();
191: } catch (CloneNotSupportedException e) { /* Ignore this ... */
192: }
193: return null;
194: }
195:
196: /**
197: * Subclasses must provide specific credential providers.
198: * @return
199: */
200: protected abstract CredentialProvider doMakeCredentialProvider();
201:
202: /*------------------------------------------------------------ Properties
203:
204: /**
205: * Sets Authentication Scheme name
206: */
207: public void setName(String name) {
208: logger.debug("setName() = " + name);
209: _name = name;
210: }
211:
212: /**
213: * Obtains the Authentication Scheme name
214: */
215: public String getName() {
216: return _name;
217: }
218:
219: }
|