geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a..@apache.org
Subject cvs commit: incubator-geronimo/modules/core/src/java/org/apache/geronimo/security LoginModuleWrapper.java
Date Sat, 08 Nov 2003 06:15:52 GMT
adc         2003/11/07 22:15:52

  Added:       modules/core/src/java/org/apache/geronimo/security
                        LoginModuleWrapper.java
  Log:
  LoginModule wrapper that injects RealmPrincipals into the Subject
  
  Revision  Changes    Path
  1.1                  incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/LoginModuleWrapper.java
  
  Index: LoginModuleWrapper.java
  ===================================================================
  /* ====================================================================
   * The Apache Software License, Version 1.1
   *
   * Copyright (c) 2003 The Apache Software Foundation.  All rights
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer.
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution,
   *    if any, must include the following acknowledgment:
   *       "This product includes software developed by the
   *        Apache Software Foundation (http:www.apache.org/)."
   *    Alternately, this acknowledgment may appear in the software itself,
   *    if and wherever such third-party acknowledgments normally appear.
   *
   * 4. The names "Apache" and "Apache Software Foundation" and
   *    "Apache Geronimo" must not be used to endorse or promote products
   *    derived from this software without prior written permission. For
   *    written permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache",
   *    "Apache Geronimo", nor may "Apache" appear in their name, without
   *    prior written permission of the Apache Software Foundation.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http:www.apache.org/>.
   *
   * ====================================================================
   */
  package org.apache.geronimo.security;
  
  import javax.security.auth.spi.LoginModule;
  import javax.security.auth.Subject;
  import javax.security.auth.login.LoginException;
  import javax.security.auth.callback.CallbackHandler;
  import java.util.Map;
  import java.util.Set;
  import java.util.Iterator;
  import java.security.Principal;
  import java.security.PrivilegedActionException;
  
  
  /**
   * A wrapper used by the Geronimo security system to make sure that the
   * principals that are put into the subject get copied into RealmPrincipals
   * which, in turn, also get placed into the subject.  It is these RealmPrincipals
   * that are used in the principal to role mapping.
   *
   * @version $Revision: 1.1 $ $Date: 2003/11/08 06:15:52 $
   */
  public class LoginModuleWrapper implements LoginModule {
      private String realm;
      private LoginModule module;
      private Subject internalSubject = new Subject();
      private Subject externalSubject;
      private static ClassLoader classLoader;
  
      static {
          classLoader = (ClassLoader) java.security.AccessController.doPrivileged(
                  new java.security.PrivilegedAction() {
                      public Object run() {
                          return Thread.currentThread().getContextClassLoader();
                      }
                  });
      };
  
      public final static String REALM = "org.apache.geronimo.security.LoginModuleWrapper.REALM";
      public final static String MODULE = "org.apache.geronimo.security.LoginModuleWrapper.MODULE";
      public final static String LOADER = "org.apache.geronimo.security.LoginModuleWrapper.LOADER";
  
  
      public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState,
Map options) {
  
          externalSubject = subject;
          realm = (String) options.get(REALM);
          try {
              final String finalClass = (String) options.get(MODULE);
              module = (LoginModule) java.security.AccessController.doPrivileged(
                      new java.security.PrivilegedExceptionAction() {
                          public Object run() throws ClassNotFoundException, InstantiationException,
IllegalAccessException {
                              return Class.forName(finalClass, true, classLoader).newInstance();
                          }
                      });
              module.initialize(internalSubject, callbackHandler, sharedState, options);
          } catch (PrivilegedActionException pae) {
              Exception e = pae.getException();
              if (e instanceof InstantiationException) {
                  throw (GeronimoSecurityException) new GeronimoSecurityException("Initialize
error:" + e.getCause().getMessage() + "\n").initCause(e.getCause());
              } else {
                  throw (GeronimoSecurityException) new GeronimoSecurityException("Initialize
error: " + e.toString() + "\n").initCause(e);
              }
          }
      }
  
      public boolean login() throws LoginException {
          return module.login();
      }
  
      public boolean commit() throws LoginException {
  
          if (!module.commit()) return false;
  
          Set set = internalSubject.getPrincipals();
          Iterator iter = set.iterator();
          while (iter.hasNext()) {
              externalSubject.getPrincipals().add(new RealmPrincipal(realm, (Principal) iter.next()));
          }
          externalSubject.getPrincipals().addAll(internalSubject.getPrincipals());
          externalSubject.getPrivateCredentials().addAll(internalSubject.getPrivateCredentials());
          externalSubject.getPublicCredentials().addAll(internalSubject.getPublicCredentials());
  
          return true;
      }
  
      public boolean abort() throws LoginException {
          return module.abort();
      }
  
      public boolean logout() throws LoginException {
          return module.logout();
      }
  }
  
  
  

Mime
View raw message