From: <st...@us...> - 2001-03-29 02:28:40
|
User: starksm Date: 01/03/28 18:28:38 Modified: src/main/org/jboss/security/plugins AbstractServerLoginModule.java Log: Further generalize the notion of role mapping to allow sets of named roles using any number of Groups Revision Changes Path 1.4 +63 -45 jbosssx/src/main/org/jboss/security/plugins/AbstractServerLoginModule.java Index: AbstractServerLoginModule.java =================================================================== RCS file: /cvsroot/jboss/jbosssx/src/main/org/jboss/security/plugins/AbstractServerLoginModule.java,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- AbstractServerLoginModule.java 2001/03/22 09:40:03 1.3 +++ AbstractServerLoginModule.java 2001/03/29 02:28:38 1.4 @@ -31,24 +31,19 @@ own custom LoginModule and override the getRoles() and getIdentity() methods. -Roles to the subject as Principals in a Group named 'Roles' -to the - * - * You may also wish to override - * - * public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) - * - * In which case the first line of your initialize() method should be super.initialize(subject, callbackHandler, sharedState, options); - * - * You may also wish to override - * - * public boolean login() throws LoginException - * - * In which case the last line of your login() method should be return super.login(); - * +You may also wish to override + public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) + +In which case the first line of your initialize() method should be: + super.initialize(subject, callbackHandler, sharedState, options); +You may also wish to override + public boolean login() throws LoginException +In which case the last line of your login() method should be + return super.login(); + @author <a href="edw...@cr...">Edward Kenworthy</a>, 12th Dec 2000 @author Sco...@di... -@version $Revision: 1.3 $ +@version $Revision: 1.4 $ */ public abstract class AbstractServerLoginModule implements LoginModule { @@ -113,9 +108,9 @@ } /** Method to commit the authentication process (phase 2). - It adds the getIdentity() value to the subject getPrincipals() Set - and adds the Principals returned by getRoles() to a Group named - 'Roles' to the subject getPrincipals() Set. + It adds the getIdentity() value to the subject getPrincipals() Set. + It also adds the members of each Group returned by getRoleSets() + to the subject getPrincipals() Set. @see javax.security.auth.Subject; @see java.security.acl.Group; @@ -126,56 +121,79 @@ Set principals = subject.getPrincipals(); Principal identity = getIdentity(); principals.add(identity); - Principal[] roles = getRoles(); - Group subjectRoles = getRolesGroup(principals); - if( subjectRoles instanceof NestableGroup ) + Group[] roleSets = getRoleSets(); + for(int g = 0; g < roleSets.length; g ++) { - /* A NestableGroup only allows Groups to be added to it so we - need to add a SimpleGroup to subjectRoles that contains roles - */ - SimpleGroup tmp = new SimpleGroup("Roles"); - subjectRoles.addMember(tmp); - subjectRoles = tmp; - } - for(int r = 0; roles != null && r < roles.length; r ++) - { - Principal role = roles[r]; - subjectRoles.addMember(role); + Group group = roleSets[g]; + String name = group.getName(); + Group subjectGroup = createGroup(name, principals); + if( subjectGroup instanceof NestableGroup ) + { + /* A NestableGroup only allows Groups to be added to it so we + need to add a SimpleGroup to subjectRoles to contain the roles + */ + SimpleGroup tmp = new SimpleGroup("Roles"); + subjectGroup.addMember(tmp); + subjectGroup = tmp; + } + // Copy the group members to the Subject group + Enumeration members = group.members(); + while( members.hasMoreElements() ) + { + Principal role = (Principal) members.nextElement(); + subjectGroup.addMember(role); + } } return true; } - /** - * Method to abort the authentication process (phase 2). - */ + /** Method to abort the authentication process (phase 2). + @return true alaways + */ public boolean abort() throws LoginException { return true; } + /** Remove the user identity and roles added to the Subject during commit. + @return true always. + */ public boolean logout() throws LoginException { + // Remove the user identity Principal identity = getIdentity(); - subject.getPrincipals().remove(identity); + Set principals = subject.getPrincipals(); + principals.remove(identity); + // Remove any added Groups... return true; } //--- End LoginModule interface methods // --- Protected methods - /** Overriden by subclasses to return the + /** Overriden by subclasses to return the Principal that corresponds to + the user primary identity. */ abstract protected Principal getIdentity(); - abstract protected Principal[] getRoles(); + /** Overriden by subclasses to return the Groups that correspond to the + to the role sets assigned to the user. Subclasses should create at + least a Group named "Roles" that contains the roles assigned to the user. + A second common group is "CallerPrincipal" that provides the application + identity of the user rather than the security domain identity. + @return Group[] containing the sets of roles + */ + abstract protected Group[] getRoleSets() throws LoginException; protected boolean getUseFirstPass() { return useFirstPass; } - /** Look for a Group named 'Roles' + /** Find or create a Group with the given name. Subclasses should use this + method to locate the 'Roles' group or create additional types of groups. + @return A named Group from the principals set. */ - protected Group getRolesGroup(Set principals) + protected Group createGroup(String name, Set principals) { Group roles = null; Iterator iter = principals.iterator(); @@ -184,17 +202,17 @@ Object next = iter.next(); if( (next instanceof Group) == false ) continue; - Group grp = (Group) iter.next(); - if( grp.getName().equals("Roles") ) + Group grp = (Group) next; + if( grp.getName().equals(name) ) { roles = grp; break; } } - // If we did not find a Roles group create one + // If we did not find a group create one if( roles == null ) { - roles = new NestableGroup("Roles"); + roles = new NestableGroup(name); principals.add(roles); } return roles; |