[jboss-cvs] Picketlink SVN: r294 - federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/auth.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Fri Jun 11 14:50:46 EDT 2010
Author: bmozaffa at redhat.com
Date: 2010-06-11 14:50:46 -0400 (Fri, 11 Jun 2010)
New Revision: 294
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/auth/AbstractSTSLoginModule.java
Log:
Formatting change only... used the eclipse formatter to bring file in with our formatting conventions before making changes so that any actual code changes would be obvious.
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/auth/AbstractSTSLoginModule.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/auth/AbstractSTSLoginModule.java 2010-06-08 20:52:18 UTC (rev 293)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/auth/AbstractSTSLoginModule.java 2010-06-11 18:50:46 UTC (rev 294)
@@ -108,392 +108,394 @@
*/
public abstract class AbstractSTSLoginModule implements LoginModule
{
- private Logger log = Logger.getLogger(AbstractSTSLoginModule.class);
-
- /**
- * Key used in share state map when LMs are stacked.
- */
- public static final String SHARED_TOKEN = "org.picketlink.identity.federation.core.wstrust.lm.stsToken";
-
- /**
- * Options configuration name;
- */
- public static final String OPTIONS_CREDENTIALS = "useOptionsCredentials";
-
- /**
- * Options configuration name;
- */
- public static final String OPTIONS_PW_STACKING = "password-stacking";
-
- /**
- * This is the required option that should identify the configuration
- * file for WSTrustClient.
- */
- public static final String STS_CONFIG_FILE = "configFile";
+ private Logger log = Logger.getLogger(AbstractSTSLoginModule.class);
- /**
- * The subject to be populated.
- */
- private Subject subject;
+ /**
+ * Key used in share state map when LMs are stacked.
+ */
+ public static final String SHARED_TOKEN = "org.picketlink.identity.federation.core.wstrust.lm.stsToken";
- /**
- * Callback handler used to gather information from the caller.
- */
- private CallbackHandler callbackHandler;
+ /**
+ * Options configuration name;
+ */
+ public static final String OPTIONS_CREDENTIALS = "useOptionsCredentials";
- /**
- * WS-Trust SAML Assertion element.
- */
- private Element samlToken;
+ /**
+ * Options configuration name;
+ */
+ public static final String OPTIONS_PW_STACKING = "password-stacking";
- /**
- * The outcome of the authentication process.
- */
- private boolean success;
-
- /**
- * The options map passed into this login modules initalize method.
- */
- private Map<String, ?> options;
-
- /**
- * The shared state map passed into this login modules initalize method.
- */
- private Map<String, ?> sharedState;
-
- /**
- * Indicates whether password stacking option was configured.
- */
- private boolean passwordStacking;
-
- /**
- * Indicates whether the password-stacking options was specifed as 'useFirstPass'.
- */
- private boolean useFirstPass;
-
- /**
- * Indicates whether the 'useOptionsCredentials' was configured.
- */
- private boolean useOptionsCredentials;
+ /**
+ * This is the required option that should identify the configuration
+ * file for WSTrustClient.
+ */
+ public static final String STS_CONFIG_FILE = "configFile";
- /**
- * Initialized this login module. Simple stores the passed in fields and
- * also validates the options.
- *
- * @param subject
- * The subject to authenticate/populate.
- * @param callbackHandler
- * The callbackhandler that will gather information required by
- * this login module.
- * @param sharedState
- * State that is shared with other login modules. Used when
- * modules are chained/stacked.
- * @param options
- * The options that were specified for this login module.
- */
- public void initialize(final Subject subject, final CallbackHandler callbackHandler, final Map<String, ?> sharedState, final Map<String, ?> options)
- {
- this.subject = subject;
- this.callbackHandler = callbackHandler;
- this.options = options;
- this.sharedState = sharedState;
-
- final String pwStackingOption = (String) options.get(OPTIONS_PW_STACKING);
- passwordStacking = pwStackingOption != null;
- if (passwordStacking)
- useFirstPass = "useFirstPass".equals(pwStackingOption);
-
- final Boolean useOptionsCreds = Boolean.valueOf((String)options.get(OPTIONS_CREDENTIALS));
- if (useOptionsCreds != null)
- useOptionsCredentials = useOptionsCreds.booleanValue();
- }
-
- /**
- * Subclasses must implement the login to perform their specific tasks.
- *
- * The login module should call {@link #setSamlToken(Element)} with the saml token
- * element that should be added to the public credentials in {@link #commit()}.
- *
- * @return true If the login was successful otherwise false.
- * @throws LoginException If an error occurs while trying to perform the authentication.
- */
- public boolean login() throws LoginException
- {
- try
- {
- final Builder builder = new STSClientConfig.Builder(getRequiredOption(getOptions(), STS_CONFIG_FILE));
- if (useOptionsCredentials)
- {
- useCredentialsFromOptions(builder, options);
- }
- else if (isUseFirstPass())
- {
- useCredentialsFromSharedState(builder);
- }
- else
- {
- useCredentialsFromCallback(builder);
- }
-
- if (passwordStacking)
- setPasswordStackingCredentials(builder);
-
- final STSClient stsClient = createWSTrustClient(builder.build());
-
- final Element token = invokeSTS(stsClient);
+ /**
+ * The subject to be populated.
+ */
+ private Subject subject;
- if (token == null)
- {
- // Throw an exception as returing false only says that this login module should be ignored.
- throw new LoginException("Could not issue a SAML Security Token");
- }
- setSuccess(true);
- setSamlToken(token);
- setSharedToken(token);
- return true;
- }
- catch (WSTrustException e)
- {
- throw new LoginException("WSTrustException : " + e.getMessage());
- }
- }
-
- public abstract Element invokeSTS(final STSClient stsclient) throws WSTrustException, LoginException;
+ /**
+ * Callback handler used to gather information from the caller.
+ */
+ private CallbackHandler callbackHandler;
- /**
- * Commit will package the samlToken set by the login method in a new {@link SamlCredential}.
- * This new SamlCredential will be put into the Subject public credentials set.
- */
- public boolean commit() throws LoginException
- {
- if (success)
- {
- final SamlCredential samlCredential = new SamlCredential(samlToken);
- final boolean added = subject.getPublicCredentials().add(samlCredential);
- if (added && log.isDebugEnabled())
- log.debug("Added Credential :" + samlCredential);
-
- return true;
- }
- else
- {
- return false;
- }
- }
+ /**
+ * WS-Trust SAML Assertion element.
+ */
+ private Element samlToken;
- /**
- * Called if the overall authentication failed (phase 2).
- */
- public boolean abort() throws LoginException
- {
- success = false;
- clearState();
- return true;
- }
+ /**
+ * The outcome of the authentication process.
+ */
+ private boolean success;
- public boolean logout() throws LoginException
- {
- clearState();
- return true;
- }
+ /**
+ * The options map passed into this login modules initalize method.
+ */
+ private Map<String, ?> options;
- protected void useCredentialsFromCallback(final Builder builder) throws LoginException
- {
- final NameCallback nameCallback = new NameCallback("user:");
- final PasswordCallback passwordCallback = new PasswordCallback("password:", true);
- try
- {
- getCallbackHandler().handle(new Callback[] { nameCallback, passwordCallback });
- builder.username(nameCallback.getName()).password(new String(passwordCallback.getPassword()));
- }
- catch (final IOException e)
- {
- throw new LoginException(e.getMessage());
- }
- catch (final UnsupportedCallbackException e)
- {
- throw new LoginException(e.getMessage());
- }
- }
-
- @SuppressWarnings("unchecked")
- private void setPasswordStackingCredentials(final Builder builder)
- {
- final Map sharedState = (Map) this.sharedState;
- sharedState.put("javax.security.auth.login.name", builder.getUsername());
- sharedState.put("javax.security.auth.login.password", builder.getPassword());
- }
-
- protected void useCredentialsFromSharedState(final Builder builder)
- {
- builder.username(getSharedUsername()).password(new String(getSharedPassword()));
- }
-
- /**
- * This method allows subclassed to retreive configuration options map
- * and set on the builder.
- *
- * @param builder
- * @param options
- */
- protected void useCredentialsFromOptions(Builder builder, Map<String, ?> options2)
- {
- // NoOp.
- }
+ /**
+ * The shared state map passed into this login modules initalize method.
+ */
+ private Map<String, ?> sharedState;
+ /**
+ * Indicates whether password stacking option was configured.
+ */
+ private boolean passwordStacking;
- /**
- * This method gives users a chance to override how the {@link STSClientConfig} is created.
- * For example some users might perfer to not use a file containing the configuration
- * properties, which is the default, but instead have the configuration options in the
- * login modules configuration directly.
- *
- * @param options The options passed to the initialize method.
- * @return {@link STSClientConfig} The configuration for STSClient.
- */
- protected STSClientConfig getConfiguration(final Map<String, ?> options)
- {
- final String configFile = getRequiredOption(options, STS_CONFIG_FILE);
- return new STSClientConfig.Builder(configFile).build();
- }
-
- protected STSClient createWSTrustClient(final STSClientConfig config)
- {
- try
- {
- return STSClientFactory.getInstance().create(config);
- }
- catch (final ParsingException e)
- {
- throw new IllegalStateException("Could not create WSTrustClient:", e);
- }
- }
+ /**
+ * Indicates whether the password-stacking options was specifed as 'useFirstPass'.
+ */
+ private boolean useFirstPass;
- protected String getRequiredOption(final Map<String, ?> options, final String optionName)
- {
- final String option = (String) options.get(optionName);
- if (option == null)
- throw new IllegalArgumentException("Required option '" + optionName + "' was missing from the login modules configuration");
+ /**
+ * Indicates whether the 'useOptionsCredentials' was configured.
+ */
+ private boolean useOptionsCredentials;
- return option;
- }
+ /**
+ * Initialized this login module. Simple stores the passed in fields and
+ * also validates the options.
+ *
+ * @param subject
+ * The subject to authenticate/populate.
+ * @param callbackHandler
+ * The callbackhandler that will gather information required by
+ * this login module.
+ * @param sharedState
+ * State that is shared with other login modules. Used when
+ * modules are chained/stacked.
+ * @param options
+ * The options that were specified for this login module.
+ */
+ public void initialize(final Subject subject, final CallbackHandler callbackHandler,
+ final Map<String, ?> sharedState, final Map<String, ?> options)
+ {
+ this.subject = subject;
+ this.callbackHandler = callbackHandler;
+ this.options = options;
+ this.sharedState = sharedState;
- protected boolean isSuccess()
- {
- return success;
- }
+ final String pwStackingOption = (String) options.get(OPTIONS_PW_STACKING);
+ passwordStacking = pwStackingOption != null;
+ if (passwordStacking)
+ useFirstPass = "useFirstPass".equals(pwStackingOption);
- protected void setSuccess(boolean success)
- {
- this.success = success;
- }
+ final Boolean useOptionsCreds = Boolean.valueOf((String) options.get(OPTIONS_CREDENTIALS));
+ if (useOptionsCreds != null)
+ useOptionsCredentials = useOptionsCreds.booleanValue();
+ }
- protected Subject getSubject()
- {
- return subject;
- }
+ /**
+ * Subclasses must implement the login to perform their specific tasks.
+ *
+ * The login module should call {@link #setSamlToken(Element)} with the saml token
+ * element that should be added to the public credentials in {@link #commit()}.
+ *
+ * @return true If the login was successful otherwise false.
+ * @throws LoginException If an error occurs while trying to perform the authentication.
+ */
+ public boolean login() throws LoginException
+ {
+ try
+ {
+ final Builder builder = new STSClientConfig.Builder(getRequiredOption(getOptions(), STS_CONFIG_FILE));
+ if (useOptionsCredentials)
+ {
+ useCredentialsFromOptions(builder, options);
+ }
+ else if (isUseFirstPass())
+ {
+ useCredentialsFromSharedState(builder);
+ }
+ else
+ {
+ useCredentialsFromCallback(builder);
+ }
- protected CallbackHandler getCallbackHandler()
- {
- return callbackHandler;
- }
+ if (passwordStacking)
+ setPasswordStackingCredentials(builder);
- protected void setSamlToken(final Element samlToken)
- {
- this.samlToken = samlToken;
- }
-
- @SuppressWarnings ("unchecked")
- protected void setSharedToken(final Object token)
- {
- if (sharedState == null)
- return;
- /*
- * This is hidious but must be done since the signature of initialize in LoginModule is:
- * public void initialize(final Subject subject, final CallbackHandler callbackHandler, final Map<String, ?> sharedState, final Map<String, ?> options)
- * Notice how sharedState is defined. This means that it will not be possible to put anything into that map
- * without bypassing generics.
- */
- // Cast the shartState to a raw map
- final Map state = (Map) sharedState;
- // Put the Token into the shared state map
- state.put(SHARED_TOKEN, token);
- }
-
- /**
- * Gets Security Token from the share state map if one was made available by
- * a previous LM in the stack.
- *
- * @return Object A security token if one was stored in the shared state map. Or null if one does not exist.
- */
- protected Object getSharedToken()
- {
- if (sharedState == null)
- return null;
-
- return sharedState.get(SHARED_TOKEN);
- }
-
- /**
- * Gets the options provided to this LM in it's {@link #initialize(Subject, CallbackHandler, Map, Map)}.
- *
- * @return Map<String, ?> The options map.
- */
- protected Map<String, ?> getOptions()
- {
- return options;
- }
-
- protected String getSharedUsername()
- {
- if (sharedState == null)
- return null;
-
- return (String) sharedState.get("javax.security.auth.login.name");
- }
-
- protected char[] getSharedPassword()
- {
- if (sharedState == null)
- return null;
-
- final Object object = sharedState.get("javax.security.auth.login.password");
- if (object instanceof char[])
- return (char[]) object;
- else if (object instanceof String)
- return ((String) object).toCharArray();
-
- return null;
- }
-
- protected boolean isUseFirstPass()
- {
- return useFirstPass;
- }
-
- protected boolean isUsePasswordStacking()
- {
- return passwordStacking;
- }
-
- protected boolean isUseOptionsConfig()
- {
- return useOptionsCredentials;
- }
+ final STSClient stsClient = createWSTrustClient(builder.build());
- private void clearState()
- {
- removeAllSamlCredentials(subject);
- samlToken = null;
- }
-
- private void removeAllSamlCredentials(final Subject subject)
- {
- final Set<SamlCredential> samlCredentials = subject.getPublicCredentials(SamlCredential.class);
- if (!samlCredentials.isEmpty())
- {
- subject.getPublicCredentials().removeAll(samlCredentials);
- }
- }
+ final Element token = invokeSTS(stsClient);
+ if (token == null)
+ {
+ // Throw an exception as returing false only says that this login module should be ignored.
+ throw new LoginException("Could not issue a SAML Security Token");
+ }
+ setSuccess(true);
+ setSamlToken(token);
+ setSharedToken(token);
+ return true;
+ }
+ catch (WSTrustException e)
+ {
+ throw new LoginException("WSTrustException : " + e.getMessage());
+ }
+ }
+
+ public abstract Element invokeSTS(final STSClient stsclient) throws WSTrustException, LoginException;
+
+ /**
+ * Commit will package the samlToken set by the login method in a new {@link SamlCredential}.
+ * This new SamlCredential will be put into the Subject public credentials set.
+ */
+ public boolean commit() throws LoginException
+ {
+ if (success)
+ {
+ final SamlCredential samlCredential = new SamlCredential(samlToken);
+ final boolean added = subject.getPublicCredentials().add(samlCredential);
+ if (added && log.isDebugEnabled())
+ log.debug("Added Credential :" + samlCredential);
+
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+ }
+
+ /**
+ * Called if the overall authentication failed (phase 2).
+ */
+ public boolean abort() throws LoginException
+ {
+ success = false;
+ clearState();
+ return true;
+ }
+
+ public boolean logout() throws LoginException
+ {
+ clearState();
+ return true;
+ }
+
+ protected void useCredentialsFromCallback(final Builder builder) throws LoginException
+ {
+ final NameCallback nameCallback = new NameCallback("user:");
+ final PasswordCallback passwordCallback = new PasswordCallback("password:", true);
+ try
+ {
+ getCallbackHandler().handle(new Callback[]
+ {nameCallback, passwordCallback});
+ builder.username(nameCallback.getName()).password(new String(passwordCallback.getPassword()));
+ }
+ catch (final IOException e)
+ {
+ throw new LoginException(e.getMessage());
+ }
+ catch (final UnsupportedCallbackException e)
+ {
+ throw new LoginException(e.getMessage());
+ }
+ }
+
+ @SuppressWarnings("unchecked")
+ private void setPasswordStackingCredentials(final Builder builder)
+ {
+ final Map sharedState = (Map) this.sharedState;
+ sharedState.put("javax.security.auth.login.name", builder.getUsername());
+ sharedState.put("javax.security.auth.login.password", builder.getPassword());
+ }
+
+ protected void useCredentialsFromSharedState(final Builder builder)
+ {
+ builder.username(getSharedUsername()).password(new String(getSharedPassword()));
+ }
+
+ /**
+ * This method allows subclassed to retreive configuration options map
+ * and set on the builder.
+ *
+ * @param builder
+ * @param options
+ */
+ protected void useCredentialsFromOptions(Builder builder, Map<String, ?> options2)
+ {
+ // NoOp.
+ }
+
+ /**
+ * This method gives users a chance to override how the {@link STSClientConfig} is created.
+ * For example some users might perfer to not use a file containing the configuration
+ * properties, which is the default, but instead have the configuration options in the
+ * login modules configuration directly.
+ *
+ * @param options The options passed to the initialize method.
+ * @return {@link STSClientConfig} The configuration for STSClient.
+ */
+ protected STSClientConfig getConfiguration(final Map<String, ?> options)
+ {
+ final String configFile = getRequiredOption(options, STS_CONFIG_FILE);
+ return new STSClientConfig.Builder(configFile).build();
+ }
+
+ protected STSClient createWSTrustClient(final STSClientConfig config)
+ {
+ try
+ {
+ return STSClientFactory.getInstance().create(config);
+ }
+ catch (final ParsingException e)
+ {
+ throw new IllegalStateException("Could not create WSTrustClient:", e);
+ }
+ }
+
+ protected String getRequiredOption(final Map<String, ?> options, final String optionName)
+ {
+ final String option = (String) options.get(optionName);
+ if (option == null)
+ throw new IllegalArgumentException("Required option '" + optionName
+ + "' was missing from the login modules configuration");
+
+ return option;
+ }
+
+ protected boolean isSuccess()
+ {
+ return success;
+ }
+
+ protected void setSuccess(boolean success)
+ {
+ this.success = success;
+ }
+
+ protected Subject getSubject()
+ {
+ return subject;
+ }
+
+ protected CallbackHandler getCallbackHandler()
+ {
+ return callbackHandler;
+ }
+
+ protected void setSamlToken(final Element samlToken)
+ {
+ this.samlToken = samlToken;
+ }
+
+ @SuppressWarnings("unchecked")
+ protected void setSharedToken(final Object token)
+ {
+ if (sharedState == null)
+ return;
+ /*
+ * This is hidious but must be done since the signature of initialize in LoginModule is:
+ * public void initialize(final Subject subject, final CallbackHandler callbackHandler, final Map<String, ?> sharedState, final Map<String, ?> options)
+ * Notice how sharedState is defined. This means that it will not be possible to put anything into that map
+ * without bypassing generics.
+ */
+ // Cast the shartState to a raw map
+ final Map state = (Map) sharedState;
+ // Put the Token into the shared state map
+ state.put(SHARED_TOKEN, token);
+ }
+
+ /**
+ * Gets Security Token from the share state map if one was made available by
+ * a previous LM in the stack.
+ *
+ * @return Object A security token if one was stored in the shared state map. Or null if one does not exist.
+ */
+ protected Object getSharedToken()
+ {
+ if (sharedState == null)
+ return null;
+
+ return sharedState.get(SHARED_TOKEN);
+ }
+
+ /**
+ * Gets the options provided to this LM in it's {@link #initialize(Subject, CallbackHandler, Map, Map)}.
+ *
+ * @return Map<String, ?> The options map.
+ */
+ protected Map<String, ?> getOptions()
+ {
+ return options;
+ }
+
+ protected String getSharedUsername()
+ {
+ if (sharedState == null)
+ return null;
+
+ return (String) sharedState.get("javax.security.auth.login.name");
+ }
+
+ protected char[] getSharedPassword()
+ {
+ if (sharedState == null)
+ return null;
+
+ final Object object = sharedState.get("javax.security.auth.login.password");
+ if (object instanceof char[])
+ return (char[]) object;
+ else if (object instanceof String)
+ return ((String) object).toCharArray();
+
+ return null;
+ }
+
+ protected boolean isUseFirstPass()
+ {
+ return useFirstPass;
+ }
+
+ protected boolean isUsePasswordStacking()
+ {
+ return passwordStacking;
+ }
+
+ protected boolean isUseOptionsConfig()
+ {
+ return useOptionsCredentials;
+ }
+
+ private void clearState()
+ {
+ removeAllSamlCredentials(subject);
+ samlToken = null;
+ }
+
+ private void removeAllSamlCredentials(final Subject subject)
+ {
+ final Set<SamlCredential> samlCredentials = subject.getPublicCredentials(SamlCredential.class);
+ if (!samlCredentials.isEmpty())
+ {
+ subject.getPublicCredentials().removeAll(samlCredentials);
+ }
+ }
+
}
More information about the jboss-cvs-commits
mailing list