Return-Path: Delivered-To: apmail-geronimo-scm-archive@www.apache.org Received: (qmail 97049 invoked from network); 18 Nov 2009 04:29:32 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 18 Nov 2009 04:29:32 -0000 Received: (qmail 77581 invoked by uid 500); 18 Nov 2009 04:29:32 -0000 Delivered-To: apmail-geronimo-scm-archive@geronimo.apache.org Received: (qmail 77505 invoked by uid 500); 18 Nov 2009 04:29:31 -0000 Mailing-List: contact scm-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list scm@geronimo.apache.org Received: (qmail 77496 invoked by uid 99); 18 Nov 2009 04:29:31 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 18 Nov 2009 04:29:31 +0000 X-ASF-Spam-Status: No, hits=-2.5 required=5.0 tests=AWL,BAYES_00 X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 18 Nov 2009 04:29:29 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 7DB1823888D8; Wed, 18 Nov 2009 04:29:09 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r881666 - /geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/KerberosLoginModule.java Date: Wed, 18 Nov 2009 04:29:09 -0000 To: scm@geronimo.apache.org From: kevan@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20091118042909.7DB1823888D8@eris.apache.org> Author: kevan Date: Wed Nov 18 04:29:09 2009 New Revision: 881666 URL: http://svn.apache.org/viewvc?rev=881666&view=rev Log: GERONIMO-4865 Add support for login using kerberos protocol. Patch from Ashish Jain Added: geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/KerberosLoginModule.java (with props) Added: geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/KerberosLoginModule.java URL: http://svn.apache.org/viewvc/geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/KerberosLoginModule.java?rev=881666&view=auto ============================================================================== --- geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/KerberosLoginModule.java (added) +++ geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/KerberosLoginModule.java Wed Nov 18 04:29:09 2009 @@ -0,0 +1,94 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.geronimo.security.realm.providers; + +import java.security.Principal; +import java.util.HashMap; +import java.util.Map; + +import javax.security.auth.Subject; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.login.LoginException; +import javax.security.auth.spi.LoginModule; + +public class KerberosLoginModule implements LoginModule { + + private Subject subject; + private LoginModule krb5LoginModule; + private Subject krb5Subject; + private Principal addOnPrincipal; + + public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { + this.subject = subject; + String krb5LoginModuleClass = (String) options.get("krb5LoginModuleClass"); + try { + krb5LoginModule = (LoginModule)Class.forName(krb5LoginModuleClass).newInstance(); + } catch (Exception e) { + throw new IllegalArgumentException("Unable to configure kerberos login module: " + e.getMessage(), e); + } + + Map options1 = new HashMap(); + for(Object key : options.keySet()) { + String key1 = (String) key; + if(key1.startsWith("krb_")) { + options1.put(key1.substring(4), options.get(key1)); + } + } + + krb5Subject = new Subject(); + krb5LoginModule.initialize(krb5Subject, callbackHandler, sharedState, options1); + String addOnPrincipalClass = (String) options.get("addOnPrincipalClass"); + String addOnPrincipalName = (String) options.get("addOnPrincipalName"); + if(addOnPrincipalClass != null && !addOnPrincipalClass.equals("")) { + try { + addOnPrincipal = (Principal) Class.forName(addOnPrincipalClass).getConstructor(String.class).newInstance(addOnPrincipalName); + } catch (Exception e) { + throw new IllegalArgumentException("Unable to configure kerberos login module: " + e.getMessage(), e); + } + } + } + + public boolean login() throws LoginException { + return krb5LoginModule.login(); + } + + public boolean commit() throws LoginException { + boolean result = krb5LoginModule.commit(); + if(result) { + if(addOnPrincipal != null) subject.getPrincipals().add(addOnPrincipal); + subject.getPrincipals().addAll(krb5Subject.getPrincipals()); + subject.getPublicCredentials().addAll(krb5Subject.getPublicCredentials()); + subject.getPrivateCredentials().addAll(krb5Subject.getPrivateCredentials()); + } + return result; + } + + public boolean abort() throws LoginException { + return krb5LoginModule.abort(); + } + + public boolean logout() throws LoginException { + if(!subject.isReadOnly()) { + // Remove principals and credentials added by this LoginModule + if(addOnPrincipal != null) subject.getPrincipals().remove(addOnPrincipal); + subject.getPrincipals().removeAll(krb5Subject.getPrincipals()); + subject.getPublicCredentials().removeAll(krb5Subject.getPublicCredentials()); + subject.getPrivateCredentials().removeAll(krb5Subject.getPrivateCredentials()); + } + return krb5LoginModule.logout(); + } +} Propchange: geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/KerberosLoginModule.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/KerberosLoginModule.java ------------------------------------------------------------------------------ svn:keywords = Date Revision Propchange: geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/KerberosLoginModule.java ------------------------------------------------------------------------------ svn:mime-type = text/plain