[JBoss-dev] CVS update: jbosssx/src/main/org/jboss/security/plugins AbstractServerLoginModule.java

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

  User: starksm 
  Date: 01/03/28 18:28:38

  Modified:    src/main/org/jboss/security/plugins
                        AbstractServerLoginModule.java
  Log:
  Further generalize the notion of role mapping to allow sets of named
  roles using any number of Groups
  
  Revision  Changes    Path
  1.4       +63 -45    jbosssx/src/main/org/jboss/security/plugins/AbstractServerLoginModule.java
  
  Index: AbstractServerLoginModule.java
  ===================================================================
  RCS file: /cvsroot/jboss/jbosssx/src/main/org/jboss/security/plugins/AbstractServerLoginModule.java,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- AbstractServerLoginModule.java	2001/03/22 09:40:03	1.3
  +++ AbstractServerLoginModule.java	2001/03/29 02:28:38	1.4
  @@ -31,24 +31,19 @@
   own custom LoginModule and override the getRoles() and getIdentity()
   methods.
   
  -Roles to the subject as Principals in a Group named 'Roles'
  -to the 
  - *
  - * You may also wish to override
  - *
  - *    public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
  - *
  - * In which case the first line of your initialize() method should be super.initialize(subject, callbackHandler, sharedState, options);
  - *
  - * You may also wish to override
  - *
  - *    public boolean login() throws LoginException
  - *
  - * In which case the last line of your login() method should be return super.login();
  - *
  +You may also wish to override
  +    public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
  +
  +In which case the first line of your initialize() method should be:
  +    super.initialize(subject, callbackHandler, sharedState, options);
  +You may also wish to override
  +    public boolean login() throws LoginException
  +In which case the last line of your login() method should be
  +    return super.login();
  +
   @author <a href="edw...@cr...">Edward Kenworthy</a>, 12th Dec 2000
   @author Sco...@di...
  -@version $Revision: 1.3 $
  +@version $Revision: 1.4 $
   */
   public abstract class AbstractServerLoginModule implements LoginModule
   {
  @@ -113,9 +108,9 @@
       }
   
       /** Method to commit the authentication process (phase 2).
  -        It adds the getIdentity() value to the subject getPrincipals() Set
  -        and adds the Principals returned by getRoles() to a Group named
  -        'Roles' to the subject getPrincipals() Set.
  +        It adds the getIdentity() value to the subject getPrincipals() Set.
  +        It also adds the members of each Group returned by getRoleSets()
  +        to the subject getPrincipals() Set.
   
        @see javax.security.auth.Subject;
        @see java.security.acl.Group;
  @@ -126,56 +121,79 @@
           Set principals = subject.getPrincipals();
           Principal identity = getIdentity();
           principals.add(identity);
  -        Principal[] roles = getRoles();
  -        Group subjectRoles = getRolesGroup(principals);
  -        if( subjectRoles instanceof NestableGroup )
  +        Group[] roleSets = getRoleSets();
  +        for(int g = 0; g < roleSets.length; g ++)
           {
  -            /* A NestableGroup only allows Groups to be added to it so we
  -             need to add a SimpleGroup to subjectRoles that contains roles
  -            */
  -            SimpleGroup tmp = new SimpleGroup("Roles");
  -            subjectRoles.addMember(tmp);
  -            subjectRoles = tmp;
  -        }
  -        for(int r = 0; roles != null && r < roles.length; r ++)
  -        {
  -            Principal role = roles[r];
  -            subjectRoles.addMember(role);
  +            Group group = roleSets[g];
  +            String name = group.getName();
  +            Group subjectGroup = createGroup(name, principals);
  +            if( subjectGroup instanceof NestableGroup )
  +            {
  +                /* A NestableGroup only allows Groups to be added to it so we
  +                 need to add a SimpleGroup to subjectRoles to contain the roles
  +                */
  +                SimpleGroup tmp = new SimpleGroup("Roles");
  +                subjectGroup.addMember(tmp);
  +                subjectGroup = tmp;
  +            }
  +            // Copy the group members to the Subject group
  +            Enumeration members = group.members();
  +            while( members.hasMoreElements() )
  +            {
  +                Principal role = (Principal) members.nextElement();
  +                subjectGroup.addMember(role);
  +            }
           }
           return true;
       }
   
  -    /**
  -     * Method to abort the authentication process (phase 2).
  -     */
  +    /** Method to abort the authentication process (phase 2).
  +    @return true alaways
  +    */
       public boolean abort() throws LoginException
       {
           return true;
       }
   
  +    /** Remove the user identity and roles added to the Subject during commit.
  +    @return true always.
  +    */
   	public boolean logout() throws LoginException
   	{
  +        // Remove the user identity
           Principal identity = getIdentity();
  -		subject.getPrincipals().remove(identity);
  +        Set principals = subject.getPrincipals();
  +		principals.remove(identity);
  +        // Remove any added Groups...
   		return true;
   	}
   //--- End LoginModule interface methods
   
   // --- Protected methods
   
  -    /** Overriden by subclasses to return the
  +    /** Overriden by subclasses to return the Principal that corresponds to
  +     the user primary identity.
       */
       abstract protected Principal getIdentity();
  -    abstract protected Principal[] getRoles();
  +    /** Overriden by subclasses to return the Groups that correspond to the
  +        to the role sets assigned to the user. Subclasses should create at
  +        least a Group named "Roles" that contains the roles assigned to the user.
  +        A second common group is "CallerPrincipal" that provides the application
  +        identity of the user rather than the security domain identity.
  +    @return Group[] containing the sets of roles 
  +    */
  +    abstract protected Group[] getRoleSets() throws LoginException;
   
       protected boolean getUseFirstPass()
       {
           return useFirstPass;
       }
   
  -    /** Look for a Group named 'Roles'
  +    /** Find or create a Group with the given name. Subclasses should use this
  +    method to locate the 'Roles' group or create additional types of groups.
  +    @return A named Group from the principals set.
       */
  -    protected Group getRolesGroup(Set principals)
  +    protected Group createGroup(String name, Set principals)
       {
           Group roles = null;
           Iterator iter = principals.iterator();
  @@ -184,17 +202,17 @@
               Object next = iter.next();
               if( (next instanceof Group) == false )
                   continue;
  -            Group grp = (Group) iter.next();
  -            if( grp.getName().equals("Roles") )
  +            Group grp = (Group) next;
  +            if( grp.getName().equals(name) )
               {
                   roles = grp;
                   break;
               }
           }
  -        // If we did not find a Roles group create one
  +        // If we did not find a group create one
           if( roles == null )
           {
  -            roles = new NestableGroup("Roles");
  +            roles = new NestableGroup(name);
               principals.add(roles);
           }
           return roles;