[jboss-cvs] JBossAS SVN: r98866 - in projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security: auth/spi and 1 other directory.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Dec 22 15:39:21 EST 2009
Author: acoliver at jboss.org
Date: 2009-12-22 15:39:21 -0500 (Tue, 22 Dec 2009)
New Revision: 98866
Added:
projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/HostThreadLocal.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/spi/RemoteHostTrustLoginModule.java
Log:
https://jira.jboss.org/jira/browse/JBAS-7542 - RemoteHostTrustLoginModule
Added: projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/HostThreadLocal.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/HostThreadLocal.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/HostThreadLocal.java 2009-12-22 20:39:21 UTC (rev 98866)
@@ -0,0 +1,49 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security;
+
+import org.jboss.logging.Logger;
+
+/**
+ * Supports the RemoteHostTrustLoginModule and RemoteHostValve, holds the remote host in a thread local.
+ * @author Andrew C. Oliver
+ * @version $Revision: 0 $
+ */
+public class HostThreadLocal {
+ private static Logger log = Logger.getLogger(HostThreadLocal.class);
+ private static ThreadLocal host = new ThreadLocal();
+
+ public static String get() {
+ if (log.isTraceEnabled()) {
+ log.trace("returning "+host.get()+" for tid "+Thread.currentThread().getId());
+ }
+ return (String)host.get();
+ }
+
+ public static void set(String hostVal) {
+ if (log.isTraceEnabled()) {
+ log.trace("setting "+hostVal+" for tid "+Thread.currentThread().getId());
+ }
+ host.set(hostVal);
+ }
+
+}
Added: projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/spi/RemoteHostTrustLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/spi/RemoteHostTrustLoginModule.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/spi/RemoteHostTrustLoginModule.java 2009-12-22 20:39:21 UTC (rev 98866)
@@ -0,0 +1,140 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.auth.spi;
+
+import java.security.acl.Group;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Map;
+import javax.naming.InitialContext;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.login.FailedLoginException;
+import javax.transaction.Transaction;
+
+import org.jboss.security.HostThreadLocal;
+import org.jboss.security.SimpleGroup;
+import org.jboss.security.SimplePrincipal;
+
+
+/**
+ * Trust specific hosts so that when usernames are passed in and the host that
+ * passes them in is "trusted" it returns true regardless of any password or
+ * credentials. Must be used in conjunction with the RemoteHostValve.
+ *
+ * trustedHosts - comma del list of hosts (ips) that are trusted to have
+ * already authenticated the user
+ * roles - list of roles (comma del) that the user is given as a result of
+ * this login module
+ *
+ * @author Andrew C. Oliver acoliver at gmail.com
+ * @version $Revision: 0 $
+ */
+public class RemoteHostTrustLoginModule extends UsernamePasswordLoginModule
+{
+ private final static String OPTION_TRUSTED_HOSTS = "trustedHosts";
+ private final static String OPTION_ROLES = "roles";
+
+ List<String> trustedHosts;
+ private String roleNames;
+
+ /**
+ * Initialize this LoginModule.
+ *
+ * @param options -
+ * trustedHosts: a comma delimited list of trusted hosts allowed to pass principals without credentials and be "trusted"
+ * roles: automatically granted to any users authenticated
+ */
+ public void initialize(Subject subject, CallbackHandler callbackHandler,
+ Map sharedState, Map options)
+ {
+ super.initialize(subject, callbackHandler, sharedState, options);
+ boolean trace = log.isTraceEnabled();
+ String tmp = (String)options.get(OPTION_TRUSTED_HOSTS);
+ trustedHosts = Arrays.asList(parseHosts(tmp));
+ roleNames = (String) options.get(OPTION_ROLES);
+ if(trace)
+ {
+ String msg = "roleNames: "+roleNames+"\ntrusted hosts {";
+ for(String host:trustedHosts) {
+ msg += "\n"+host;
+ }
+ msg += "\n}";
+ log.trace(msg);
+ }
+ }
+
+ private String[] parseHosts(String commaDel) {
+ return commaDel.split("\\,");
+ }
+
+ protected boolean validatePassword(String inputPassword, String expectedPassword)
+ {
+ String host = getRealHost();
+ if (log.isTraceEnabled()) {
+ log.trace("real host for trust is "+host);
+ }
+ if (trustedHosts.contains(host)) {
+ return true;
+ } else {
+ if (log.isTraceEnabled()) {
+ log.trace("real host for trust is "+host);
+ }
+ }
+ return false;
+ }
+
+
+ /**
+ * bogus password
+ * @return the valid password String
+ */
+ protected String getUsersPassword() throws LoginException
+ {
+ return "trustme";
+ }
+
+ /**
+ * @return the hostname of the client
+ */
+ protected String getRealHost() {
+ return HostThreadLocal.get();
+ }
+
+ protected Group[] getRoleSets() throws LoginException
+ {
+ SimpleGroup roles = new SimpleGroup("Roles");
+ Group[] roleSets = {roles};
+ if( roleNames != null )
+ {
+ String[] tokens = roleNames.split(",");
+ for ( String token:tokens )
+ {
+ String roleName = token != null ? token.trim() : token;
+ roles.addMember(new SimplePrincipal(roleName));
+ }
+ }
+ return roleSets;
+ }
+
+}
More information about the jboss-cvs-commits
mailing list