Menu
▾
▴
[jboss-cvs] jbosssx/src/main/org/jboss/security/auth/spi DeploymentRolesLoginModule.java UsersLoginModule.java
|
From: Thomas D. <tdi...@us...> - 2004-03-30 21:32:52
|
User: tdiesler
Date: 04/03/30 13:21:12
Added: src/main/org/jboss/security/auth/spi
DeploymentRolesLoginModule.java
UsersLoginModule.java
Log:
+ associate security-roles defined in jboss.xml with current principal
+ provide two new LoginModules
+ UsersLoginModule authenticates the user and does not provide roles
+ DeploymentRolesLoginModule adds the roles defined in jboss.xml
Revision Changes Path
1.1 jbosssx/src/main/org/jboss/security/auth/spi/DeploymentRolesLoginModule.java
Index: DeploymentRolesLoginModule.java
===================================================================
/*
* JBoss, the OpenSource WebOS
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
package org.jboss.security.auth.spi;
// $Id: DeploymentRolesLoginModule.java,v 1.1 2004/03/30 21:21:11 tdiesler Exp $
import org.jboss.metadata.SecurityRoleMetaData;
import org.jboss.security.SecurityRolesAssociation;
import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import java.security.Principal;
import java.security.acl.Group;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
/**
* The DeploymentRolesLoginModule adds the roles to the subject that were declared in the
* assembly-descriptor element in jboss.xml.
*
* It gets the roles from the SecurityRolesAssociation, which holds a Map of SecurityRoleMetaData.
*
* @author Tho...@jb...
* @version $Revision: 1.1 $
*/
public class DeploymentRolesLoginModule extends AbstractServerLoginModule
{
/**
* Initialize the login module.
*
* @param subject the Subject to update after a successful login.
* @param callbackHandler the CallbackHandler that will be used to obtain the
* the user identity and credentials.
* @param sharedState a Map shared between all configured login module instances
* @param options the parameters passed to the login module.
*/
public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
{
super.initialize(subject, callbackHandler, sharedState, options);
// Relies on another LoginModule having done the authentication
useFirstPass = true;
}
/**
* Overriden by subclasses to return the Principal that corresponds to
* the user primary identity.
*/
protected Principal getIdentity()
{
// Setup our view of the user
Object username = sharedState.get("javax.security.auth.login.name");
if(username == null)
throw new IllegalStateException("Expected to find the username in the shared state");
if (username instanceof Principal)
return (Principal)username;
return new SimplePrincipal((String)username);
}
/**
* Create the 'Roles' group and populate it with the
* principals security roles from the SecurityRolesAssociation
* @return Group[] containing the sets of roles
*/
protected Group[] getRoleSets() throws LoginException
{
Group group = new SimpleGroup("Roles");
Iterator itRoleNames = getSecurityRoleNames().iterator();
while (itRoleNames.hasNext())
{
String roleName = (String) itRoleNames.next();
group.addMember(new SimplePrincipal(roleName));
}
return new Group[]{group};
}
/**
* Get the securtiy role names for the current principal from the
* SecurityRolesAssociation.
*/
private Set getSecurityRoleNames()
{
HashSet roleNames = new HashSet();
String userName = getIdentity().getName();
Map securityRoles = SecurityRolesAssociation.getSecurityRoles();
if (securityRoles != null)
{
Iterator it = securityRoles.values().iterator();
while (it.hasNext())
{
SecurityRoleMetaData srMetaData = (SecurityRoleMetaData) it.next();
if (srMetaData.getPrincipals().contains(userName))
roleNames.add(srMetaData.getRoleName());
}
}
return roleNames;
}
}
1.1 jbosssx/src/main/org/jboss/security/auth/spi/UsersLoginModule.java
Index: UsersLoginModule.java
===================================================================
/*
* JBoss, the OpenSource WebOS
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
package org.jboss.security.auth.spi;
// $Id: UsersLoginModule.java,v 1.1 2004/03/30 21:21:11 tdiesler Exp $
import org.jboss.security.SimpleGroup;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.acl.Group;
import java.util.Map;
import java.util.Properties;
/**
* A simple properties file based login module that consults a Java Properties
* formatted text files for username to password("users.properties") mapping.
* The name of the properties file may be overriden by the usersProperties option.
* The properties file are loaded during initialization using the thread context
* class loader. This means that these files can be placed into the J2EE
* deployment jar or the JBoss config directory.
*
* The users.properties file uses a format:
* username1=password1
* username2=password2
* ...
*
* to define all valid usernames and their corresponding passwords.
*
* @author Tho...@jb...
* @version $Revision: 1.1 $
*/
public class UsersLoginModule extends UsernamePasswordLoginModule
{
/** The name of the properties resource containing user/passwords */
private String usersRsrcName = "users.properties";
/** The users.properties values */
private Properties users;
/**
* Initialize this LoginModule.
* @param options the login module option map. Supported options include:
* usersProperties: The name of the properties resource containing
* user/passwords. The default is "users.properties"
*/
public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
{
super.initialize(subject, callbackHandler, sharedState, options);
try
{
// Check for usersProperties & rolesProperties
String option = (String) options.get("usersProperties");
if (option != null)
usersRsrcName = option;
// Load the properties file that contains the list of users and passwords
loadUsers();
}
catch (Exception e)
{
// Note that although this exception isn't passed on, users or roles will be null
// so that any call to login will throw a LoginException.
super.log.error("Failed to load users/passwords/role files", e);
}
}
/**
* Method to authenticate a Subject (phase 1). This validates that the
* users properties file were loaded and then calls
* super.login to perform the validation of the password.
*
* @exception javax.security.auth.login.LoginException thrown if the users or roles properties files
* were not found or the super.login method fails.
*/
public boolean login() throws LoginException
{
if (users == null)
throw new LoginException("Missing users.properties file.");
return super.login();
}
/**
* Return a group Roles with no members
*
* @return Group[] containing the sets of roles
*/
protected Group[] getRoleSets() throws LoginException
{
return new Group[0];
}
protected String getUsersPassword()
{
String username = getUsername();
String password = null;
if (username != null)
password = users.getProperty(username, null);
return password;
}
private void loadUsers() throws IOException
{
users = loadProperties(usersRsrcName);
}
/**
* Loads the given properties file and returns a Properties object containing the
* key,value pairs in that file.
* The properties files should be in the class path.
*/
private Properties loadProperties(String propertiesName) throws IOException
{
Properties bundle = null;
ClassLoader loader = Thread.currentThread().getContextClassLoader();
URL url = loader.getResource(propertiesName);
if (url == null)
throw new IOException("Properties file " + propertiesName + " not found");
super.log.trace("Properties file=" + url);
InputStream is = url.openStream();
if (is != null)
{
bundle = new Properties();
bundle.load(is);
}
else
{
throw new IOException("Properties file " + propertiesName + " not avilable");
}
return bundle;
}
}
|