Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  /*
  * JBoss, Home of Professional Open Source
  * Copyright 2005, JBoss Inc., and individual contributors as indicated
  * by the @authors tag. See the copyright.txt in the distribution for a
  * full listing of individual contributors.
  *
  * This is free software; you can redistribute it and/or modify it
  * under the terms of the GNU Lesser General Public License as
  * published by the Free Software Foundation; either version 2.1 of
 * the License, or (at your option) any later version.
 *
 * This software is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this software; if not, write to the Free
 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
 * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
 */
 package org.jboss.security;
 
 import java.util.Map;
 import java.util.Set;
 
 
 import  org.jboss.logging.Logger;

A simple implementation of LoginModule for use by JBoss clients for the establishment of the caller identity and credentials. This simply sets the SecurityContext principal to the value of the NameCallback filled in by the CallbackHandler, and the SecurityContext credential to the value of the PasswordCallback filled in by the CallbackHandler. It has the following options:
  • multi-threaded=[true|false] When the multi-threaded option is set to true each login thread has its own principal and credential storage.
  • restore-login-identity=[true|false] When restore-login-identity is true, the SecurityContext principal and credential seen on entry to the login() method are saved and restored on either abort or logout. When false (the default), the abort and logout simply clears the SecurityContext. A restore-login-identity of true is needed if one need to change identities and then restore the original caller identity.
  • password-stacking=tryFirstPass|useFirstPass When password-stacking option is set, this module first looks for a shared username and password using "javax.security.auth.login.name" and "javax.security.auth.login.password" respectively. This allows a module configured prior to this one to establish a valid username and password that should be passed to JBoss.

Author(s):
Oleg Nitz
Scott.Stark@jboss.org
Anil.Saldhana@redhat.com
 
 public class ClientLoginModule implements LoginModule
 {
    private Subject subject;
    private CallbackHandler callbackHandler;
   
The principal set during login()
 
    private Principal loginPrincipal;
   
The credential set during login()
 
    private Object loginCredential;
   
Shared state between login modules
 
    private Map<String,?> sharedState;
   
Flag indicating if the shared password should be used
 
    private boolean useFirstPass;
   
Flag indicating if the SecurityAssociation existing at login should be restored on logout.
 
    private boolean restoreLoginIdentity;

   
To restore prelogin identity
 
    private SecurityContext cachedSecurityContext;

   
Initialize this LoginModule. This checks for the options: multi-threaded restore-login-identity password-stacking
 
    public void initialize(Subject subjectCallbackHandler callbackHandler,
                           Map<String,?> sharedStateMap<String,?> options)
    {
       this. = subject;
       this. = callbackHandler;
       this. = sharedState;
      //log securityDomain, if set.
      PicketBoxLogger.LOGGER.debugModuleOption(SecurityConstants.SECURITY_DOMAIN_OPTION,
              options.get(SecurityConstants.SECURITY_DOMAIN_OPTION));
      // Check for multi-threaded option
      String flag = (Stringoptions.get("multi-threaded");
      if (Boolean.valueOf(flag).booleanValue() == true)
      {
         /* Turn on the server mode which uses thread local storage for
            the principal information.
         */
         PicketBoxLogger.LOGGER.debugModuleOption("multi-threaded"flag);
      }
      
      
SECURITY-415: when the multi-threaded value is explictly set at false, then get into the client mode.
      if(flag != null && flag.length() > 0 && "false".equalsIgnoreCase(flag))
      {
         SecurityAssociationActions.setClient();
      }
      flag = (Stringoptions.get("restore-login-identity");
       = Boolean.valueOf(flag).booleanValue();
      PicketBoxLogger.LOGGER.debugModuleOption("restory-login-identity"flag);
      /* Check for password sharing options. Any non-null value for
          password_stacking sets useFirstPass as this module has no way to
          validate any shared password.
       */
      String passwordStacking = (Stringoptions.get("password-stacking");
       = passwordStacking != null;
      PicketBoxLogger.LOGGER.debugModuleOption("password-stacking"passwordStacking);
      //Cache the existing security context
      this. = SecurityAssociationActions.getSecurityContext();
   }

   
Method to authenticate a Subject (phase 1).
   public boolean login() throws LoginException
   {
      PicketBoxLogger.LOGGER.traceBeginLogin();
      // If useFirstPass is true, look for the shared password
      if ( == true)
      {
         try
         {
            Object name = .get("javax.security.auth.login.name");
            if ((name instanceof Principal) == false)
            {
               String username = name != null ? name.toString() : "";
                = new SimplePrincipal(username);
            } else
            {
                = (Principalname;
            }
             = .get("javax.security.auth.login.password");
            return true;
         }
         catch (Exception e)
         {   // Dump the exception and continue
            PicketBoxLogger.LOGGER.debugIgnoredException(e);
         }
      }
      /* There is no password sharing or we are the first login module. Get
          the username and password from the callback hander.
       */
      if ( == null)
         throw PicketBoxMessages.MESSAGES.noCallbackHandlerAvailable();
      PasswordCallback pc = new PasswordCallback(PicketBoxMessages.MESSAGES.enterPasswordMessage(), false);
      NameCallback nc = new NameCallback(PicketBoxMessages.MESSAGES.enterUsernameMessage(), "guest");
      Callback[] callbacks = {ncpc};
      try
      {
         String username;
         char[] password = null;
         char[] tmpPassword;
         .handle(callbacks);
         username = nc.getName();
          = new SimplePrincipal(username);
         tmpPassword = pc.getPassword();
         if (tmpPassword != null)
         {
            password = new char[tmpPassword.length];
            System.arraycopy(tmpPassword, 0, password, 0, tmpPassword.length);
            pc.clearPassword();
         }
          = password;
         PicketBoxLogger.LOGGER.traceObtainedAuthInfoFromHandler(,
                  != null ? .getClass() : null);
      }
      catch (IOException ioe)
      {
         LoginException ex = new LoginException(ioe.getLocalizedMessage());
         ex.initCause(ioe);
         throw ex;
      }
      catch (UnsupportedCallbackException uce)
      {
         LoginException ex = new LoginException(uce.getLocalizedMessage());
         ex.initCause(uce);
         throw ex;
      }
      PicketBoxLogger.LOGGER.traceEndLogin(true);
      return true;
   }

   
Method to commit the authentication process (phase 2).
   public boolean commit() throws LoginException
   {
      PicketBoxLogger.LOGGER.traceBeginCommit(true);
      SecurityAssociationActions.setPrincipalInfo();
      // Add the login principal to the subject if is not there
      Set<Principalprincipals = .getPrincipals();
      if (principals.contains() == false)
         principals.add();
      return true;
   }

   
Method to abort the authentication process (phase 2).
   public boolean abort() throws LoginException
   {
      PicketBoxLogger.LOGGER.traceBeginAbort();
      if == true )
      {
         SecurityAssociationActions.setSecurityContext(this.);
      }
      else
      {
         // Clear the entire security association stack
         SecurityAssociationActions.clear();
      }
      return true;
   }
   public boolean logout() throws LoginException
   {
      PicketBoxLogger.LOGGER.traceBeginLogout();
      if == true )
      {
         SecurityAssociationActions.setSecurityContext(this.);
      }
      else
      {
         // Clear the entire security association stack
         SecurityAssociationActions.clear();  
      }
      Set<Principalprincipals = .getPrincipals();
      principals.remove();
      return true;
   }
New to GrepCode? Check out our FAQ X