[jboss-cvs] JBossAS SVN: r62460 - projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Sat Apr 21 02:35:03 EDT 2007
Author: anil.saldhana at jboss.com
Date: 2007-04-21 02:35:03 -0400 (Sat, 21 Apr 2007)
New Revision: 62460
Removed:
projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins/JASPISecurityManager.java
Log:
remove jaspi prototype as these will be present in the authentication managers
Deleted: projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins/JASPISecurityManager.java
===================================================================
--- projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins/JASPISecurityManager.java 2007-04-21 06:34:53 UTC (rev 62459)
+++ projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/plugins/JASPISecurityManager.java 2007-04-21 06:35:03 UTC (rev 62460)
@@ -1,480 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.security.plugins;
-
-import java.lang.reflect.Constructor;
-import java.lang.reflect.Method;
-import java.lang.reflect.UndeclaredThrowableException;
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.login.Configuration;
-import javax.security.auth.message.AuthException;
-import javax.security.auth.message.AuthParam;
-import javax.security.auth.message.AuthStatus;
-import javax.security.auth.message.config.ServerAuthContext;
-import javax.security.auth.message.module.ServerAuthModule;
-
-import org.jboss.logging.Logger;
-import org.jboss.security.AuthenticationManager;
-import org.jboss.security.GeneralizedAuthenticationManager;
-import org.jboss.security.SecurityAssociation;
-import org.jboss.security.SecurityConstants;
-import org.jboss.security.auth.callback.SecurityAssociationHandler;
-import org.jboss.security.auth.container.config.AuthModuleEntry;
-import org.jboss.security.auth.login.AuthenticationInfo;
-import org.jboss.security.auth.login.BaseAuthenticationInfo;
-import org.jboss.security.auth.login.JASPIAuthenticationInfo;
-import org.jboss.security.auth.login.LoginModuleStackHolder;
-import org.jboss.security.auth.login.XMLLoginConfigImpl;
-import org.jboss.security.auth.message.GenericAuthParam;
-
-//$Id$
-
-/**
- * Security Manager that is based on the new GeneralizedAuthenticationManager
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- * @since Dec 29, 2005
- * @version $Revision$
- */
-public class JASPISecurityManager
-implements GeneralizedAuthenticationManager
-{
- /** The name of the domain this instance is securing. It is used as
- the appName into the SecurityPolicy.
- */
- protected String securityDomain;
- /** The JAAS callback handler */
- protected CallbackHandler handler;
- /** The setSecurityInfo(Principal, Object) method of the handler obj */
- private Method setSecurityInfo;
-
- private ThreadLocal sharedStateLocal = new ThreadLocal();
-
- private List serverAuthModules = new ArrayList();
-
- /** The log4j category for the security manager domain
- */
- protected Logger log;
- protected boolean trace;
-
- /**
- * Creates a default JaasSecurityManager for with a
- * securityDomain name of 'other'.
- */
- public JASPISecurityManager()
- {
- this("other", new SecurityAssociationHandler());
- }
-
-
- /** Creates a JaasSecurityManager for with a securityDomain
- * name of that given by the 'securityDomain' argument.
- * @param securityDomain the name of the security domain
- * @param handler the JAAS callback handler instance to use
- * @exception UndeclaredThrowableException thrown if handler does not
- * implement a setSecurityInfo(Princpal, Object) method
- */
- public JASPISecurityManager(String securityDomain, CallbackHandler handler)
- {
- this.securityDomain = securityDomain;
- this.handler = handler;
- String categoryName = getClass().getName()+'.'+securityDomain;
- this.log = Logger.getLogger(categoryName);
- this.trace = log.isTraceEnabled();
-
- // Get the setSecurityInfo(Principal principal, Object credential) method
- Class[] sig = {Principal.class, Object.class};
- try
- {
- setSecurityInfo = handler.getClass().getMethod("setSecurityInfo", sig);
- }
- catch (Exception e)
- {
- String msg = "Failed to find setSecurityInfo(Princpal, Object) method in handler";
- throw new UndeclaredThrowableException(e, msg);
- }
- log.debug("CallbackHandler: "+handler);
- this.configureServerAuthModules(handler);
- }
-
-
- //********************************************************
- // AuthenticationManager Interface Methods
- //********************************************************
- /**
- * @see AuthenticationManager#getSecurityDomain()
- */
- public String getSecurityDomain()
- {
- return securityDomain;
- }
-
- /**
- * @see AuthenticationManager#isValid(Principal, Object)
- */
- public boolean isValid(Principal principal, Object credential)
- {
- return isValid(principal, credential, null);
- }
-
- /**
- * @see AuthenticationManager#isValid(Principal, Object, Subject)
- */
- public boolean isValid(Principal principal, Object credential, Subject activeSubject)
- {
- boolean isValid = authenticate(principal, credential, activeSubject);
- if( trace )
- log.trace("End isValid, "+isValid);
- return isValid;
- }
-
- /**
- * @see AuthenticationManager#getActiveSubject()
- */
- public Subject getActiveSubject()
- {
- /* This does not use SubjectActions.getActiveSubject since the caller
- must have the correct permissions to access the
- SecurityAssociation.getSubject method.
- */
- return SecurityAssociation.getSubject();
- }
-
- //********************************************************
- // ServerAuthContext Interface Methods
- //********************************************************
- /**
- * @see ServerAuthContext#cleanSubject(Subject, Map)
- */
- public void cleanSubject(Subject subject, Map sharedState) throws AuthException
- {
- updateSharedState(sharedState);
- int len = this.serverAuthModules.size();
- for(int i = 0 ; i < len ; i++)
- {
- ServerAuthModule sam = (ServerAuthModule)this.serverAuthModules.get(i);
- sam.cleanSubject(subject, (Map)this.sharedStateLocal.get() );
- }
- }
-
- /**
- * @see ServerAuthContext#secureResponse(AuthParam, Subject, Map)
- */
- public AuthStatus secureResponse(AuthParam authParam, Subject source,
- Map sharedState) throws AuthException
- {
- throw new IllegalStateException("NotImplemented Yet");
- }
-
- /**
- * @see ServerAuthContext#validateRequest(AuthParam, Subject, Subject, Map)
- */
- public AuthStatus validateRequest(AuthParam authParam, Subject source,
- Subject recipient, Map sharedState)
- throws AuthException
- {
- //TODO: Implement an authentication cache
- AuthStatus status = AuthStatus.FAIL;
- AuthException authException = null;
-
- if(authParam == null)
- throw new IllegalArgumentException("Illegal Null Argument:authParam");
-
- if(source == null)
- source = new Subject();
-
- CallbackHandler theHandler = populateCallbackHandler(sharedState);
- updateSharedState(sharedState);
- this.serverAuthModules.clear();
- this.configureServerAuthModules(theHandler);
- int len = this.serverAuthModules.size();
- try
- {
- for(int i = 0 ; i < len; i++)
- {
- ServerAuthModule sam = (ServerAuthModule)this.serverAuthModules.get(i);
- do
- {
- status = sam.validateRequest(authParam, source, recipient,
- (HashMap)this.sharedStateLocal.get());
- }while(status.equals(AuthStatus.RETRY));
- if(status.equals(AuthStatus.FAIL))
- break;
- }
- }
- catch(AuthException e)
- {
- authException = e;
- //Set the security association thread context info exception
- SubjectActions.setContextInfo("org.jboss.security.exception", authException);
- throw e;
- }
-
- if(status.equals(AuthStatus.PROCEED))
- {
- //Reset any old AuthExceptions
- SubjectActions.setContextInfo("org.jboss.security.exception", authException);
- //Push the subject onto the SecurityAssociation
- SubjectActions.pushSubjectContext(null,null,source);
- }
- return status;
- }
-
- /**
- * @see AuthenticationManager#getTargetPrincipal(Principal,Map)
- */
- public Principal getTargetPrincipal(Principal anotherDomainPrincipal, Map contextMap)
- {
- throw new RuntimeException("Not implemented yet");
- }
-
- // ********************************************************
- // Custom Methods
- //********************************************************
- /** flush the cache policy for the indicated security domain if one exists.
- * @param securityDomain the name of the security domain cache
- */
- public void flushAuthenticationCache()
- {
- }
-
- /** Flush a principal's authentication cache entry associated with the
- * given securityDomain.
- *
- * @param securityDomain the name of the security domain cache
- * @param user the principal of the user to flush
- */
- public void flushAuthenticationCache(Principal user)
- {
- }
-
-
- /** Currently this delegates to the
- * @see #validateRequest(AuthParam, Subject, Subject, Map)
- * method with a GenericAuthParam and the principal/credential
- * passed via the shared map
-
- * @param principal - the user id to authenticate
- * @param credential - an opaque credential.
- * @return false on failure, true on success.
- */
- protected boolean authenticate(Principal principal, Object credential,
- Subject theSubject)
- {
- boolean isValid = false;
-
- Map sharedState = (Map)this.sharedStateLocal.get();
- if(sharedState == null)
- sharedState = new HashMap();
- sharedState.put("javax.security.auth.login.name", principal);
- sharedState.put("javax.security.auth.login.password", credential);
- try
- {
- AuthStatus status = this.validateRequest(new GenericAuthParam(),
- theSubject, null,sharedState);
- if(status.equals(AuthStatus.PROCEED))
- isValid = true;
- }
- catch(AuthException e)
- {
- }
- return isValid;
- }
-
-
- private JASPIAuthenticationInfo getAuthenticationInfo()
- {
- BaseAuthenticationInfo authInfo = getBaseAuthenticationInfo();
- if(authInfo == null)
- throw new IllegalStateException("authInfo is null");
- if(authInfo instanceof AuthenticationInfo)
- {
- return convertJaasConfigToJASPI(authInfo);
- }
- else if(authInfo instanceof JASPIAuthenticationInfo)
- return (JASPIAuthenticationInfo)authInfo;
-
- throw new IllegalStateException("AuthenticationInfo for securityDomain=" + securityDomain
- + " not found");
- }
-
- private BaseAuthenticationInfo getBaseAuthenticationInfo()
- {
- /**
- * We need to move away from the XMLLoginConfigImpl (extension of Configuration)
- * to provide a better configuration capabilities for JASPI
- */
- Configuration config = Configuration.getConfiguration();
- if(config instanceof XMLLoginConfigImpl == false)
- throw new IllegalStateException("Configuration not an instanceof XMLLoginConfigImpl");
-
- XMLLoginConfigImpl xmlConfig = (XMLLoginConfigImpl)config;
- BaseAuthenticationInfo bai = xmlConfig.getAuthenticationInfo(this.securityDomain);
- if(bai == null )
- {
- String defaultDomain = SecurityConstants.DEFAULT_APPLICATION_POLICY;
- if( trace)
- log.trace("App Config for securityDomain=" + securityDomain +
- "not found. Defaulting to securityDomain=" + defaultDomain);
- bai = xmlConfig.getAuthenticationInfo(defaultDomain);
- }
-
- return bai;
- }
-
- private JASPIAuthenticationInfo convertJaasConfigToJASPI(BaseAuthenticationInfo authInfo)
- {
- if(authInfo instanceof AuthenticationInfo == false)
- throw new IllegalArgumentException("authInfo not an instance of Jaas AuthenticationInfo");
- AuthenticationInfo aInfo = (AuthenticationInfo)authInfo;
- LoginModuleStackHolder lmsh = new LoginModuleStackHolder(this.securityDomain,
- Arrays.asList(aInfo.getAppConfigurationEntry()));
- AuthModuleEntry authEntry = new AuthModuleEntry(SecurityConstants.JASPI_DELEGATING_MODULE,
- null, null);
- authEntry.setLoginModuleStackHolder(lmsh);
-
- JASPIAuthenticationInfo jaspi = new JASPIAuthenticationInfo(this.securityDomain);
- jaspi.add(authEntry);
- return jaspi;
- }
-
- /**
- * Method where a ServerAuthModule gets configured
- *
- * @param entry
- * @return
- */
- private ServerAuthModule getServerAuthModule(AuthModuleEntry entry,
- CallbackHandler theHandler) throws AuthException
- {
- String errorMsg = "Cannot instantiate " + entry.getAuthModuleName() + "::";
- ServerAuthModule sam = null;
- Class authClass = null;
- try
- {
- authClass = SubjectActions.getContextClassLoader().loadClass(entry.getAuthModuleName());
- if(entry.getAuthModuleName().equals(SecurityConstants.JASPI_DELEGATING_MODULE))
- {
- Constructor ctr = authClass.getConstructor(new Class[] {LoginModuleStackHolder.class});
- sam = (ServerAuthModule)ctr.newInstance(new Object[]{entry.getLoginModuleStackHolder()});
- }
- else
- {
- sam = (ServerAuthModule)authClass.newInstance();
- }
- }
- catch (SecurityException e)
- {
- throw new IllegalStateException(errorMsg + e.getLocalizedMessage());
- }
- catch (Exception e)
- {
- throw new IllegalStateException(errorMsg + e.getLocalizedMessage());
- }
-
- //Initialize the sam
- Map options = entry.getOptions();
- sam.initialize(null, null, theHandler, options);
- return sam;
- }
-
- /**
- * Configure the ServerAuthModules from the configuration
- *
- */
- private void configureServerAuthModules(CallbackHandler theHandler)
- {
- //Here we go through the stack of ServerAuthModules and call validateRequest
- JASPIAuthenticationInfo jAuthInfo = getAuthenticationInfo();
- AuthModuleEntry[] entries = jAuthInfo.getAuthModuleEntry();
- int lenOfEntries = entries != null ? entries.length : 0;
-
- for(int i=0; i < lenOfEntries; i++)
- {
- AuthModuleEntry entry = entries[i];
- try
- {
- this.serverAuthModules.add( getServerAuthModule(entry, theHandler));
- }catch(AuthException ae)
- {
- log.error("Configuration of server auth modules failed::" + ae.getLocalizedMessage());
- }
- }
- }
-
- /**
- * This method updates the threadlocal storage of a common shared state map
- *
- * @param sharedState
- */
- private void updateSharedState(Map sharedState)
- {
- HashMap _sharedStateMap = (HashMap)this.sharedStateLocal.get();
- if(sharedState != null)
- {
- if(_sharedStateMap == null)
- _sharedStateMap = new HashMap(sharedState);
- else
- _sharedStateMap.putAll(sharedState);
- this.sharedStateLocal.set(_sharedStateMap);
- }
- }
-
- /**
- * Update the CBH with principal/credential passed in the sharedState
- * @param sharedState Map
- * @return Preconfigured CBH
- */
- private CallbackHandler populateCallbackHandler(Map sharedState)
- {
- CallbackHandler theHandler = handler;
- /* We use our internal CallbackHandler to provide the security info. A
- copy must be made to ensure there is a unique handler per active
- login since there can be multiple active logins.
- */
- if(sharedState != null)
- {
- Principal principal = (Principal) sharedState.get("javax.security.auth.login.name");
- Object credential = sharedState.get("javax.security.auth.login.password");
- Object[] securityInfo = {principal, credential};
- try
- {
- theHandler = (CallbackHandler) handler.getClass().newInstance();
- setSecurityInfo.invoke(theHandler, securityInfo);
- }
- catch (Throwable e)
- {
- if( trace )
- log.trace("Failed to create/setSecurityInfo on handler", e);
- throw new IllegalStateException("Failed to setSecurityInfo on handler");
- }
- }
- return theHandler;
- }
-}
More information about the jboss-cvs-commits
mailing list