[jboss-cvs] JBossAS SVN: r66444 - branches/JBoss_4_0_3_SP1_JBAS-4771/security/src/main/org/jboss/security/auth/spi.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Oct 25 12:27:04 EDT 2007
Author: darran.lofthouse at jboss.com
Date: 2007-10-25 12:27:04 -0400 (Thu, 25 Oct 2007)
New Revision: 66444
Added:
branches/JBoss_4_0_3_SP1_JBAS-4771/security/src/main/org/jboss/security/auth/spi/RoleMappingLoginModule.java
Log:
JBAS-4471 - Backport to patch.
Copied: branches/JBoss_4_0_3_SP1_JBAS-4771/security/src/main/org/jboss/security/auth/spi/RoleMappingLoginModule.java (from rev 66443, tags/JBoss_4_0_5_GA/security/src/main/org/jboss/security/auth/spi/RoleMappingLoginModule.java)
===================================================================
--- branches/JBoss_4_0_3_SP1_JBAS-4771/security/src/main/org/jboss/security/auth/spi/RoleMappingLoginModule.java (rev 0)
+++ branches/JBoss_4_0_3_SP1_JBAS-4771/security/src/main/org/jboss/security/auth/spi/RoleMappingLoginModule.java 2007-10-25 16:27:04 UTC (rev 66444)
@@ -0,0 +1,187 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.auth.spi;
+
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.Enumeration;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Properties;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginException;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.SimpleGroup;
+import org.jboss.util.StringPropertyReplacer;
+
+//$Id$
+
+/**
+ * JBAS-3323: Role Mapping Login Module that maps application role to
+ * declarative role
+ * - You will need to provide a properties file name with the option "rolesProperties"
+ * which has the role to be replaced as the key and a comma-separated role names
+ * as replacements.
+ * - This module should be used with the "optional" mode, as it just adds
+ * onto the authenticated subject
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since Jun 22, 2006
+ * @version $Revision$
+ */
+public class RoleMappingLoginModule extends AbstractServerLoginModule
+{
+ private static Logger log = Logger.getLogger(RoleMappingLoginModule.class);
+ private boolean trace = log.isTraceEnabled();
+
+ /**
+ * Should the matching role be replaced
+ */
+ protected boolean REPLACE_ROLE = false;
+
+ /**
+ * @see LoginModule#initialize(javax.security.auth.Subject,
+ * javax.security.auth.callback.CallbackHandler, java.util.Map, java.util.Map)
+ */
+ public void initialize(Subject subject, CallbackHandler handler,
+ Map sharedState, Map options)
+ {
+ super.initialize(subject, handler, sharedState, options);
+ }
+
+ /**
+ * @see LoginModule#login()
+ */
+ public boolean login() throws LoginException
+ {
+ if( super.login() == true )
+ return true;
+
+ super.loginOk = true;
+ return true;
+ }
+
+ /**
+ * @see AbstractServerLoginModule#getIdentity()
+ */
+ protected Principal getIdentity()
+ {
+ //We have an authenticated subject
+ Iterator iter = subject.getPrincipals().iterator();
+ while(iter.hasNext())
+ {
+ Principal p = (Principal)iter.next();
+ if(p instanceof Group == false)
+ return p;
+ }
+ return null;
+ }
+
+ /**
+ * @see AbstractServerLoginModule#getRoleSets()
+ */
+ protected Group[] getRoleSets() throws LoginException
+ {
+ String rep = (String)options.get("replaceRole");
+ if("true".equalsIgnoreCase(rep))
+ this.REPLACE_ROLE = true;
+
+ //Get the properties file name from the options
+ String propFileName = (String)options.get("rolesProperties");
+ if(propFileName == null)
+ throw new IllegalStateException("rolesProperties option needs to be provided");
+ // Replace any system property references like ${x}
+ propFileName = StringPropertyReplacer.replaceProperties(propFileName);
+ Group group = getExistingRolesFromSubject();
+ if(propFileName != null)
+ {
+ Properties props = new Properties();
+ try
+ {
+ props = Util.loadProperties(propFileName,log);
+ }
+ catch( Exception e)
+ {
+ if(trace)
+ log.trace("Could not load properties file:" + propFileName, e);
+ }
+ if(props != null)
+ {
+ try
+ {
+ processRoles(group, props);
+ }
+ catch (Exception e)
+ {
+ if(trace)
+ log.trace("Could not process roles:", e);
+ }
+ }
+ }
+
+ return new Group[] {group};
+ }
+
+ /**
+ * Get the Group called as "Roles" from the authenticated subject
+ *
+ * @return Group representing Roles
+ */
+ private Group getExistingRolesFromSubject()
+ {
+ Iterator iter = subject.getPrincipals().iterator();
+ while(iter.hasNext())
+ {
+ Principal p = (Principal)iter.next();
+ if(p instanceof SimpleGroup)
+ {
+ SimpleGroup sg = (SimpleGroup)p;
+ if("Roles".equals(sg.getName()))
+ return sg;
+ }
+ }
+ return null;
+ }
+
+ /**
+ * Process the group with the roles that are mapped in the
+ * properies file
+ * @param group Group that needs to be processed
+ * @param props Properties file
+ */
+ private void processRoles(Group group,Properties props) throws Exception
+ {
+ Enumeration enumer = props.propertyNames();
+ while(enumer.hasMoreElements())
+ {
+ String roleKey = (String)enumer.nextElement();
+ String comma_separated_roles = props.getProperty(roleKey);
+ Principal pIdentity = createIdentity(roleKey);
+ if(group.isMember(pIdentity))
+ Util.parseGroupMembers(group,comma_separated_roles,this);
+ if(REPLACE_ROLE)
+ group.removeMember(pIdentity);
+ }
+ }
+}
More information about the jboss-cvs-commits
mailing list