[seam-commits] Seam SVN: r13401 - in modules/security/trunk: impl/src/main/java/org/jboss/seam/security and 1 other directories.
seam-commits at lists.jboss.org
seam-commits at lists.jboss.org
Thu Jul 15 00:14:41 EDT 2010
Author: shane.bryzak at jboss.com
Date: 2010-07-15 00:14:40 -0400 (Thu, 15 Jul 2010)
New Revision: 13401
Added:
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/UserImpl.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/jaas/JaasAuthenticator.java
Removed:
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/JaasConfiguration.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/callbacks/
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/jaas/SeamLoginModule.java
Modified:
modules/security/trunk/api/src/main/java/org/jboss/seam/security/events/LoginFailedEvent.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/IdentityImpl.java
Log:
refactor jaas stuff out of identity
Modified: modules/security/trunk/api/src/main/java/org/jboss/seam/security/events/LoginFailedEvent.java
===================================================================
--- modules/security/trunk/api/src/main/java/org/jboss/seam/security/events/LoginFailedEvent.java 2010-07-15 03:21:39 UTC (rev 13400)
+++ modules/security/trunk/api/src/main/java/org/jboss/seam/security/events/LoginFailedEvent.java 2010-07-15 04:14:40 UTC (rev 13401)
@@ -1,7 +1,5 @@
package org.jboss.seam.security.events;
-import javax.security.auth.login.LoginException;
-
/**
* This event is fired when an authentication attempt fails
*
@@ -9,14 +7,14 @@
*/
public class LoginFailedEvent
{
- private LoginException loginException;
+ private Exception loginException;
- public LoginFailedEvent(LoginException loginException)
+ public LoginFailedEvent(Exception loginException)
{
this.loginException = loginException;
}
- public LoginException getLoginException()
+ public Exception getLoginException()
{
return loginException;
}
Modified: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/IdentityImpl.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/IdentityImpl.java 2010-07-15 03:21:39 UTC (rev 13400)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/IdentityImpl.java 2010-07-15 04:14:40 UTC (rev 13401)
@@ -1,9 +1,6 @@
package org.jboss.seam.security;
-import java.io.IOException;
import java.io.Serializable;
-import java.security.Principal;
-import java.security.acl.Group;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
@@ -17,19 +14,7 @@
import javax.enterprise.inject.spi.BeanManager;
import javax.inject.Inject;
import javax.inject.Named;
-import javax.security.auth.Subject;
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
-import javax.security.auth.callback.UnsupportedCallbackException;
-import javax.security.auth.login.Configuration;
-import javax.security.auth.login.LoginContext;
-import javax.security.auth.login.LoginException;
-import org.jboss.seam.security.callbacks.AuthenticatorCallback;
-import org.jboss.seam.security.callbacks.IdentityCallback;
-import org.jboss.seam.security.callbacks.IdentityManagerCallback;
import org.jboss.seam.security.events.AlreadyLoggedInEvent;
import org.jboss.seam.security.events.LoggedInEvent;
import org.jboss.seam.security.events.LoginFailedEvent;
@@ -43,7 +28,6 @@
import org.jboss.seam.security.management.IdentityManager;
import org.jboss.seam.security.permission.PermissionMapper;
import org.picketlink.idm.api.User;
-import org.picketlink.idm.impl.api.PasswordCredential;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -56,6 +40,10 @@
{
private static final long serialVersionUID = 3751659008033189259L;
+ private static final String RESPONSE_LOGIN_SUCCESS = "success";
+ private static final String RESPONSE_LOGIN_FAILED = "failed";
+ private static final String RESPONSE_LOGIN_EXCEPTION = "exception";
+
protected static boolean securityEnabled = true;
public static final String ROLES_GROUP = "Roles";
@@ -71,10 +59,7 @@
@Inject Instance<RequestSecurityState> requestSecurityState;
private User user;
- private Subject subject;
- private String jaasConfigName = null;
-
/**
* Contains a group name to group type:role list mapping of roles assigned
* during the authentication process
@@ -206,41 +191,39 @@
if (requestSecurityState.get().isSilentLogin())
{
manager.fireEvent(new LoggedInEvent(user));
- return "loggedIn";
+ return RESPONSE_LOGIN_SUCCESS;
}
manager.fireEvent(new AlreadyLoggedInEvent());
- return "loggedIn";
+ return RESPONSE_LOGIN_SUCCESS;
}
- authenticate();
-
- if (!isLoggedIn())
+ boolean success = authenticate();
+
+ if (success)
{
- throw new LoginException();
+ if (log.isDebugEnabled())
+ {
+ log.debug("Login successful for: " + credentials);
+ }
+ manager.fireEvent(new LoggedInEvent(user));
+ return RESPONSE_LOGIN_SUCCESS;
}
- if ( log.isDebugEnabled() )
- {
- log.debug("Login successful for: " + credentials);
- }
-
- manager.fireEvent(new LoggedInEvent(user));
- return "loggedIn";
+ credentials.invalidate();
+ return RESPONSE_LOGIN_FAILED;
}
- catch (LoginException ex)
+ catch (Exception ex)
{
- credentials.invalidate();
-
if ( log.isDebugEnabled() )
{
log.debug("Login failed for: " + credentials, ex);
}
manager.fireEvent(new LoginFailedEvent(ex));
+
+ return RESPONSE_LOGIN_EXCEPTION;
}
-
- return null;
}
public void quietLogin()
@@ -263,38 +246,74 @@
}
}
}
- catch (LoginException ex)
+ catch (Exception ex)
{
credentials.invalidate();
}
}
-
- /**
- *
- * @throws LoginException
- */
- public synchronized void authenticate()
- throws LoginException
- {
- // If we're already authenticated, then don't authenticate again
- if (!isLoggedIn() && !credentials.isInvalid())
- {
- user = null;
- subject = new Subject();
- authenticate( getLoginContext() );
- }
- }
-
- protected void authenticate(LoginContext loginContext)
- throws LoginException
+ protected boolean authenticate()
{
try
{
authenticating = true;
+
+ user = null;
+
preAuthenticate();
- loginContext.login();
- postAuthenticate();
+
+ Authenticator authenticator;
+
+ Set<Bean<?>> authenticators = manager.getBeans(Authenticator.class);
+ if (authenticators.size() == 1)
+ {
+ @SuppressWarnings("unchecked")
+ Bean<Authenticator> authenticatorBean = (Bean<Authenticator>) authenticators.iterator().next();
+ authenticator = (Authenticator) manager.getReference(authenticatorBean, Authenticator.class, manager.createCreationalContext(authenticatorBean));
+ }
+ else if (authenticators.size() > 1)
+ {
+ throw new IllegalStateException("More than one Authenticator bean found - please ensure " +
+ "only one Authenticator implementation is provided");
+ }
+ else
+ {
+ authenticator = null;
+ }
+
+ boolean success = false;
+
+ if (authenticator != null)
+ {
+ success = authenticator.authenticate();
+ }
+ else
+ {
+ // Otherwise if identity management is enabled, use it.
+ if (identityManager != null)
+ {
+ success = identityManager.authenticate(credentials.getUsername(),
+ credentials.getCredential());
+
+ if (success)
+ {
+ // TODO implement role population
+ //for (Role role : identityManager.getImpliedRoles(username))
+ //{
+ // idCallback.getIdentity().addRole(role.getRoleType().getName(),
+ // role.getGroup().getName(), role.getGroup().getGroupType());
+ //}
+ }
+ }
+ }
+
+ if (success)
+ {
+ user = new UserImpl(credentials.getUsername());
+ postAuthenticate();
+ }
+
+ return success;
}
finally
{
@@ -321,20 +340,7 @@
* different post-authentication logic should occur.
*/
protected void postAuthenticate()
- {
- // Populate the working memory with the user's principals
- for ( Principal p : subject.getPrincipals() )
- {
- if ( !(p instanceof Group))
- {
- if (user == null)
- {
- user = new UserImpl(p.getName());
- break;
- }
- }
- }
-
+ {
if (isLoggedIn())
{
if (!preAuthenticationRoles.isEmpty())
@@ -362,8 +368,6 @@
preAuthenticationGroups.clear();
}
}
-
- credentials.setCredential(null);
manager.fireEvent(new PostAuthenticateEvent());
}
@@ -373,95 +377,10 @@
*/
public void unAuthenticate()
{
- user = null;
-
+ user = null;
credentials.clear();
}
-
- protected LoginContext getLoginContext() throws LoginException
- {
- if (getJaasConfigName() != null)
- {
- return new LoginContext(getJaasConfigName(), subject,
- createCallbackHandler());
- }
-
- @SuppressWarnings("unchecked")
- Bean<Configuration> configBean = (Bean<Configuration>) manager.getBeans(Configuration.class).iterator().next();
- Configuration config = (Configuration) manager.getReference(configBean, Configuration.class, manager.createCreationalContext(configBean));
-
- return new LoginContext(JaasConfiguration.DEFAULT_JAAS_CONFIG_NAME, subject,
- createCallbackHandler(), config);
- }
-
- /**
- * Creates a callback handler that can handle a standard username/password
- * callback, using the credentials username and password properties
- */
- public CallbackHandler createCallbackHandler()
- {
- final Identity identity = this;
- final Authenticator authenticator;
-
- Set<Bean<?>> authenticators = manager.getBeans(Authenticator.class);
- if (authenticators.size() == 1)
- {
- @SuppressWarnings("unchecked")
- Bean<Authenticator> authenticatorBean = (Bean<Authenticator>) authenticators.iterator().next();
- authenticator = (Authenticator) manager.getReference(authenticatorBean, Authenticator.class, manager.createCreationalContext(authenticatorBean));
- }
- else if (authenticators.size() > 1)
- {
- throw new IllegalStateException("More than one Authenticator bean found - please ensure " +
- "only one Authenticator implementation is provided");
- }
- else
- {
- authenticator = null;
- }
-
- return new CallbackHandler()
- {
- public void handle(Callback[] callbacks)
- throws IOException, UnsupportedCallbackException
- {
- for (int i=0; i < callbacks.length; i++)
- {
- if (callbacks[i] instanceof NameCallback)
- {
- ( (NameCallback) callbacks[i] ).setName(credentials.getUsername());
- }
- else if (callbacks[i] instanceof PasswordCallback)
- {
- if (credentials.getCredential() instanceof PasswordCredential)
- {
- PasswordCredential credential = (PasswordCredential) credentials.getCredential();
- ( (PasswordCallback) callbacks[i] ).setPassword( credential.getValue() != null ?
- credential.getValue().toCharArray() : null );
- }
- }
- else if (callbacks[i] instanceof IdentityCallback)
- {
- ((IdentityCallback ) callbacks[i]).setIdentity(identity);
- }
- else if (callbacks[i] instanceof AuthenticatorCallback)
- {
- ((AuthenticatorCallback) callbacks[i]).setAuthenticator(authenticator);
- }
- else if (callbacks[i] instanceof IdentityManagerCallback)
- {
- ((IdentityManagerCallback) callbacks[i]).setIdentityManager(identityManager);
- }
- else
- {
- log.warn("Unsupported callback " + callbacks[i]);
- }
- }
- }
- };
- }
-
public void logout()
{
if (isLoggedIn())
@@ -629,17 +548,7 @@
return permissionMapper.resolvePermission(target, action);
}
-
- public String getJaasConfigName()
- {
- return jaasConfigName;
- }
- public void setJaasConfigName(String jaasConfigName)
- {
- this.jaasConfigName = jaasConfigName;
- }
-
public synchronized void runAs(RunAsOperation operation)
{
User savedUser = getUser();
Deleted: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/JaasConfiguration.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/JaasConfiguration.java 2010-07-15 03:21:39 UTC (rev 13400)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/JaasConfiguration.java 2010-07-15 04:14:40 UTC (rev 13401)
@@ -1,53 +0,0 @@
-package org.jboss.seam.security;
-
-import java.util.HashMap;
-
-import javax.enterprise.context.ApplicationScoped;
-import javax.enterprise.inject.Produces;
-import javax.security.auth.login.AppConfigurationEntry;
-import javax.security.auth.login.Configuration;
-import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;
-
-import org.jboss.seam.security.jaas.SeamLoginModule;
-
-/**
- * Producer for the JAAS Configuration used by Seam Security.
- *
- * @author Shane Bryzak
- *
- */
-public class JaasConfiguration
-{
- static final String DEFAULT_JAAS_CONFIG_NAME = "default";
-
- protected Configuration createConfiguration()
- {
- return new Configuration()
- {
- private AppConfigurationEntry[] aces = { createAppConfigurationEntry() };
-
- @Override
- public AppConfigurationEntry[] getAppConfigurationEntry(String name)
- {
- return DEFAULT_JAAS_CONFIG_NAME.equals(name) ? aces : null;
- }
-
- @Override
- public void refresh() {}
- };
- }
-
- protected AppConfigurationEntry createAppConfigurationEntry()
- {
- return new AppConfigurationEntry(
- SeamLoginModule.class.getName(),
- LoginModuleControlFlag.REQUIRED,
- new HashMap<String,String>()
- );
- }
-
- @Produces @ApplicationScoped Configuration getConfiguration()
- {
- return createConfiguration();
- }
-}
Added: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/UserImpl.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/UserImpl.java (rev 0)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/UserImpl.java 2010-07-15 04:14:40 UTC (rev 13401)
@@ -0,0 +1,29 @@
+package org.jboss.seam.security;
+
+import org.picketlink.idm.api.User;
+
+/**
+ * Simple implementation of user
+ *
+ * @author Shane Bryzak
+ *
+ */
+public class UserImpl implements User
+{
+ private String id;
+
+ public UserImpl(String id)
+ {
+ this.id = id;
+ }
+
+ public String getId()
+ {
+ return id;
+ }
+
+ public String getKey()
+ {
+ return id;
+ }
+}
Added: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/jaas/JaasAuthenticator.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/jaas/JaasAuthenticator.java (rev 0)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/jaas/JaasAuthenticator.java 2010-07-15 04:14:40 UTC (rev 13401)
@@ -0,0 +1,118 @@
+package org.jboss.seam.security.jaas;
+
+import java.io.IOException;
+
+import javax.enterprise.context.RequestScoped;
+import javax.enterprise.inject.Alternative;
+import javax.enterprise.inject.spi.BeanManager;
+import javax.inject.Inject;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+
+import org.jboss.seam.security.Authenticator;
+import org.jboss.seam.security.Credentials;
+import org.jboss.seam.security.Identity;
+import org.picketlink.idm.impl.api.PasswordCredential;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * An authenticator for authenticating with JAAS
+ *
+ * @author Shane Bryzak
+ *
+ */
+ at Alternative @RequestScoped
+public class JaasAuthenticator implements Authenticator
+{
+ Logger log = LoggerFactory.getLogger(JaasAuthenticator.class);
+
+ @Inject Identity identity;
+ @Inject Credentials credentials;
+ @Inject BeanManager manager;
+
+ private Subject subject;
+
+ private String jaasConfigName = null;
+
+ public JaasAuthenticator()
+ {
+ subject = new Subject();
+ }
+
+ public boolean authenticate()
+ {
+ if (getJaasConfigName() == null)
+ {
+ throw new IllegalStateException("jaasConfigName cannot be null. Please set it to a valid JAAS configuration name.");
+ }
+
+ try
+ {
+ getLoginContext().login();
+ return true;
+ }
+ catch (LoginException e)
+ {
+ log.error("JAAS authentication failed", e);
+ return false;
+ }
+ }
+
+ protected LoginContext getLoginContext() throws LoginException
+ {
+ return new LoginContext(getJaasConfigName(), subject,
+ createCallbackHandler());
+ }
+
+ /**
+ * Creates a callback handler that can handle a standard username/password
+ * callback, using the credentials username and password properties
+ */
+ public CallbackHandler createCallbackHandler()
+ {
+ return new CallbackHandler()
+ {
+ public void handle(Callback[] callbacks)
+ throws IOException, UnsupportedCallbackException
+ {
+ for (int i=0; i < callbacks.length; i++)
+ {
+ if (callbacks[i] instanceof NameCallback)
+ {
+ ( (NameCallback) callbacks[i] ).setName(credentials.getUsername());
+ }
+ else if (callbacks[i] instanceof PasswordCallback)
+ {
+ if (credentials.getCredential() instanceof PasswordCredential)
+ {
+ PasswordCredential credential = (PasswordCredential) credentials.getCredential();
+ ( (PasswordCallback) callbacks[i] ).setPassword( credential.getValue() != null ?
+ credential.getValue().toCharArray() : null );
+ }
+ }
+ else
+ {
+ log.warn("Unsupported callback " + callbacks[i]);
+ }
+ }
+ }
+ };
+ }
+
+ public String getJaasConfigName()
+ {
+ return jaasConfigName;
+ }
+
+ public void setJaasConfigName(String jaasConfigName)
+ {
+ this.jaasConfigName = jaasConfigName;
+ }
+}
Deleted: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/jaas/SeamLoginModule.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/jaas/SeamLoginModule.java 2010-07-15 03:21:39 UTC (rev 13400)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/jaas/SeamLoginModule.java 2010-07-15 04:14:40 UTC (rev 13401)
@@ -1,141 +0,0 @@
-package org.jboss.seam.security.jaas;
-
-import java.security.Principal;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-
-import javax.security.auth.Subject;
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
-import javax.security.auth.login.LoginException;
-import javax.security.auth.spi.LoginModule;
-
-import org.jboss.seam.security.callbacks.AuthenticatorCallback;
-import org.jboss.seam.security.callbacks.IdentityCallback;
-import org.jboss.seam.security.callbacks.IdentityManagerCallback;
-import org.jboss.seam.security.management.IdentityManager;
-import org.picketlink.idm.impl.api.PasswordCredential;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * Performs authentication using a Seam component or Identity Management
- *
- * @author Shane Bryzak
- */
-public class SeamLoginModule implements LoginModule
-{
- private Logger log = LoggerFactory.getLogger(SeamLoginModule.class);
-
- protected Set<String> roles = new HashSet<String>();
-
- protected Subject subject;
- protected Map<String,?> options;
- protected CallbackHandler callbackHandler;
-
- protected String username;
-
- public class SimplePrincipal implements Principal
- {
- private String name;
-
- public SimplePrincipal(String name)
- {
- this.name = name;
- }
-
- public String getName()
- {
- return name;
- }
- }
-
- public boolean abort() throws LoginException
- {
- return true;
- }
-
- public boolean commit() throws LoginException
- {
- subject.getPrincipals().add(new SimplePrincipal(username));
- return true;
- }
-
- public void initialize(Subject subject, CallbackHandler callbackHandler,
- Map<String, ?> sharedState, Map<String, ?> options)
- {
- this.subject = subject;
- this.options = options;
- this.callbackHandler = callbackHandler;
- }
-
- public boolean login()
- throws LoginException
- {
- PasswordCallback cbPassword = null;
- try
- {
- NameCallback cbName = new NameCallback("Enter username");
- cbPassword = new PasswordCallback("Enter password", false);
-
- IdentityCallback idCallback = new IdentityCallback();
- AuthenticatorCallback authCallback = new AuthenticatorCallback();
- IdentityManagerCallback idmCallback = new IdentityManagerCallback();
-
- // Get the username, password and identity from the callback handler
- callbackHandler.handle(new Callback[] { cbName, cbPassword, idCallback, authCallback, idmCallback });
-
- username = cbName.getName();
-
- // If an authenticator method has been specified, use that to authenticate
- if (authCallback.getAuthenticator() != null)
- {
- return authCallback.getAuthenticator().authenticate();
- }
-
- // Otherwise if identity management is enabled, use it.
- IdentityManager identityManager = idmCallback.getIdentityManager();
- if (identityManager != null)
- {
- boolean success = identityManager.authenticate(username,
- new PasswordCredential(new String(cbPassword.getPassword())));
-
- if (success)
- {
- // TODO implement role population
- //for (Role role : identityManager.getImpliedRoles(username))
- //{
- // idCallback.getIdentity().addRole(role.getRoleType().getName(),
- // role.getGroup().getName(), role.getGroup().getGroupType());
- //}
- }
-
- return success;
- }
- else
- {
- log.error("No Authenticator bean found.");
- throw new LoginException("No Authenticator bean found");
- }
- }
- catch (Exception ex)
- {
- log.error("Error logging in", ex);
- LoginException le = new LoginException(ex.getMessage());
- le.initCause(ex);
- throw le;
- }
- finally
- {
- cbPassword.clearPassword();
- }
- }
-
- public boolean logout() throws LoginException
- {
- return true;
- }
-}
More information about the seam-commits
mailing list