From: Thomas D. <tdi...@us...> - 2004-03-30 21:32:52
|
User: tdiesler Date: 04/03/30 13:21:12 Added: src/main/org/jboss/security/auth/spi DeploymentRolesLoginModule.java UsersLoginModule.java Log: + associate security-roles defined in jboss.xml with current principal + provide two new LoginModules + UsersLoginModule authenticates the user and does not provide roles + DeploymentRolesLoginModule adds the roles defined in jboss.xml Revision Changes Path 1.1 jbosssx/src/main/org/jboss/security/auth/spi/DeploymentRolesLoginModule.java Index: DeploymentRolesLoginModule.java =================================================================== /* * JBoss, the OpenSource WebOS * * Distributable under LGPL license. * See terms of license at gnu.org. */ package org.jboss.security.auth.spi; // $Id: DeploymentRolesLoginModule.java,v 1.1 2004/03/30 21:21:11 tdiesler Exp $ import org.jboss.metadata.SecurityRoleMetaData; import org.jboss.security.SecurityRolesAssociation; import org.jboss.security.SimpleGroup; import org.jboss.security.SimplePrincipal; import javax.security.auth.Subject; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.login.LoginException; import java.security.Principal; import java.security.acl.Group; import java.util.HashSet; import java.util.Iterator; import java.util.Map; import java.util.Set; /** * The DeploymentRolesLoginModule adds the roles to the subject that were declared in the * assembly-descriptor element in jboss.xml. * * It gets the roles from the SecurityRolesAssociation, which holds a Map of SecurityRoleMetaData. * * @author Tho...@jb... * @version $Revision: 1.1 $ */ public class DeploymentRolesLoginModule extends AbstractServerLoginModule { /** * Initialize the login module. * * @param subject the Subject to update after a successful login. * @param callbackHandler the CallbackHandler that will be used to obtain the * the user identity and credentials. * @param sharedState a Map shared between all configured login module instances * @param options the parameters passed to the login module. */ public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { super.initialize(subject, callbackHandler, sharedState, options); // Relies on another LoginModule having done the authentication useFirstPass = true; } /** * Overriden by subclasses to return the Principal that corresponds to * the user primary identity. */ protected Principal getIdentity() { // Setup our view of the user Object username = sharedState.get("javax.security.auth.login.name"); if(username == null) throw new IllegalStateException("Expected to find the username in the shared state"); if (username instanceof Principal) return (Principal)username; return new SimplePrincipal((String)username); } /** * Create the 'Roles' group and populate it with the * principals security roles from the SecurityRolesAssociation * @return Group[] containing the sets of roles */ protected Group[] getRoleSets() throws LoginException { Group group = new SimpleGroup("Roles"); Iterator itRoleNames = getSecurityRoleNames().iterator(); while (itRoleNames.hasNext()) { String roleName = (String) itRoleNames.next(); group.addMember(new SimplePrincipal(roleName)); } return new Group[]{group}; } /** * Get the securtiy role names for the current principal from the * SecurityRolesAssociation. */ private Set getSecurityRoleNames() { HashSet roleNames = new HashSet(); String userName = getIdentity().getName(); Map securityRoles = SecurityRolesAssociation.getSecurityRoles(); if (securityRoles != null) { Iterator it = securityRoles.values().iterator(); while (it.hasNext()) { SecurityRoleMetaData srMetaData = (SecurityRoleMetaData) it.next(); if (srMetaData.getPrincipals().contains(userName)) roleNames.add(srMetaData.getRoleName()); } } return roleNames; } } 1.1 jbosssx/src/main/org/jboss/security/auth/spi/UsersLoginModule.java Index: UsersLoginModule.java =================================================================== /* * JBoss, the OpenSource WebOS * * Distributable under LGPL license. * See terms of license at gnu.org. */ package org.jboss.security.auth.spi; // $Id: UsersLoginModule.java,v 1.1 2004/03/30 21:21:11 tdiesler Exp $ import org.jboss.security.SimpleGroup; import javax.security.auth.Subject; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.login.LoginException; import java.io.IOException; import java.io.InputStream; import java.net.URL; import java.security.acl.Group; import java.util.Map; import java.util.Properties; /** * A simple properties file based login module that consults a Java Properties * formatted text files for username to password("users.properties") mapping. * The name of the properties file may be overriden by the usersProperties option. * The properties file are loaded during initialization using the thread context * class loader. This means that these files can be placed into the J2EE * deployment jar or the JBoss config directory. * * The users.properties file uses a format: * username1=password1 * username2=password2 * ... * * to define all valid usernames and their corresponding passwords. * * @author Tho...@jb... * @version $Revision: 1.1 $ */ public class UsersLoginModule extends UsernamePasswordLoginModule { /** The name of the properties resource containing user/passwords */ private String usersRsrcName = "users.properties"; /** The users.properties values */ private Properties users; /** * Initialize this LoginModule. * @param options the login module option map. Supported options include: * usersProperties: The name of the properties resource containing * user/passwords. The default is "users.properties" */ public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { super.initialize(subject, callbackHandler, sharedState, options); try { // Check for usersProperties & rolesProperties String option = (String) options.get("usersProperties"); if (option != null) usersRsrcName = option; // Load the properties file that contains the list of users and passwords loadUsers(); } catch (Exception e) { // Note that although this exception isn't passed on, users or roles will be null // so that any call to login will throw a LoginException. super.log.error("Failed to load users/passwords/role files", e); } } /** * Method to authenticate a Subject (phase 1). This validates that the * users properties file were loaded and then calls * super.login to perform the validation of the password. * * @exception javax.security.auth.login.LoginException thrown if the users or roles properties files * were not found or the super.login method fails. */ public boolean login() throws LoginException { if (users == null) throw new LoginException("Missing users.properties file."); return super.login(); } /** * Return a group Roles with no members * * @return Group[] containing the sets of roles */ protected Group[] getRoleSets() throws LoginException { return new Group[0]; } protected String getUsersPassword() { String username = getUsername(); String password = null; if (username != null) password = users.getProperty(username, null); return password; } private void loadUsers() throws IOException { users = loadProperties(usersRsrcName); } /** * Loads the given properties file and returns a Properties object containing the * key,value pairs in that file. * The properties files should be in the class path. */ private Properties loadProperties(String propertiesName) throws IOException { Properties bundle = null; ClassLoader loader = Thread.currentThread().getContextClassLoader(); URL url = loader.getResource(propertiesName); if (url == null) throw new IOException("Properties file " + propertiesName + " not found"); super.log.trace("Properties file=" + url); InputStream is = url.openStream(); if (is != null) { bundle = new Properties(); bundle.load(is); } else { throw new IOException("Properties file " + propertiesName + " not avilable"); } return bundle; } } |