001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */
017: package org.apache.jetspeed.appservers.security.jboss;
018:
019: import java.util.Map;
020:
021: import javax.management.InstanceNotFoundException;
022: import javax.management.MBeanException;
023: import javax.management.MBeanServer;
024: import javax.management.MBeanServerFactory;
025: import javax.management.MalformedObjectNameException;
026: import javax.management.ObjectName;
027: import javax.management.ReflectionException;
028: import javax.security.auth.Subject;
029: import javax.security.auth.callback.CallbackHandler;
030: import javax.security.auth.login.LoginException;
031:
032: import org.apache.jetspeed.security.UserManager;
033: import org.apache.jetspeed.security.impl.ext.JBossLoginModule;
034:
035: /**
036: * A login module that uses the JetspeedSecurityService MBean for authentication and role assignment.
037: */
038: public class LoginModule implements javax.security.auth.spi.LoginModule {
039:
040: private String securityService = null;
041:
042: private JBossLoginModule delegee = null;
043:
044: /**
045: * Helper for delaying the creation of the JBossLoginModule. We cannot access the security service MBean before
046: * <code>initialize</code> has been called, but need the user manager in the constructor of JBossLoginModule. The
047: * constructor that takes the user manager as argument is protected (and right so), so we need this helper.
048: */
049: private class LoginModuleDelegee extends JBossLoginModule {
050: public LoginModuleDelegee(UserManager userManager) {
051: super (userManager);
052: }
053: }
054:
055: /**
056: * Create a new login module. The module looks up the JetspeedSecurityService MBean and uses it to actually perform
057: * authentication and role lookup.
058: * <P>
059: * Note that the MBean must be available when this login module is instantiated. Therefore, if the MBean (the SAR)
060: * is deployed after JBoss has been started, this login module must be created lazily by using the JBoss login
061: * module proxy in login-config.xml.
062: *
063: * <pre>
064: * <application-policy name = "sample">
065: * <authentication>
066: * <login-module code = "org.jboss.security.auth.spi.ProxyLoginModule"
067: * flag = "required">
068: * <module-option name = "moduleName">
069: * org.apache.jetspeed.appservers.security.jboss.LoginModule
070: * </module-option>
071: * <!-- The name of the security service MBean. Must match
072: * the name in jboss-service.xml -->
073: * <module-option name = "securityService">
074: * org.apache.jetspeed:service=JetspeedSecurityService
075: * </module-option>
076: * </login-module>
077: * </authentication>
078: * </application-policy>
079: * </pre>
080: */
081: public LoginModule() {
082: }
083:
084: private UserManager getUserManager() {
085: try {
086: MBeanServer server = (MBeanServer) MBeanServerFactory
087: .findMBeanServer(null).get(0);
088: ObjectName serviceName = new ObjectName(securityService);
089: return (UserManager) server.invoke(serviceName,
090: "getUserManager", null, null);
091: } catch (MalformedObjectNameException e) {
092: throw (IllegalStateException) ((new IllegalStateException(e
093: .getMessage())).initCause(e));
094: } catch (InstanceNotFoundException e) {
095: throw (IllegalStateException) ((new IllegalStateException(e
096: .getMessage())).initCause(e));
097: } catch (ReflectionException e) {
098: throw (IllegalStateException) ((new IllegalStateException(e
099: .getMessage())).initCause(e));
100: } catch (MBeanException e) {
101: throw (IllegalStateException) ((new IllegalStateException(e
102: .getMessage())).initCause(e));
103: }
104: }
105:
106: /**
107: * @see javax.security.auth.spi.LoginModule#initialize()
108: */
109: public void initialize(Subject subject,
110: CallbackHandler callbackHandler, Map sharedState,
111: Map options) {
112: securityService = (String) options.get("securityService");
113: delegee = new LoginModuleDelegee(getUserManager());
114: delegee.initialize(subject, callbackHandler, sharedState,
115: options);
116:
117: }
118:
119: /**
120: * @see javax.security.auth.spi.LoginModule#abort()
121: */
122: public boolean abort() throws LoginException {
123: return delegee.abort();
124: }
125:
126: /**
127: * @see javax.security.auth.spi.LoginModule#commit()
128: */
129: public boolean commit() throws LoginException {
130: return delegee.commit();
131: }
132:
133: /**
134: * @see javax.security.auth.spi.LoginModule#login()
135: */
136: public boolean login() throws LoginException {
137: return delegee.login();
138: }
139:
140: /**
141: * @see javax.security.auth.spi.LoginModule#logout()
142: */
143: public boolean logout() throws LoginException {
144: return delegee.logout();
145: }
146: }
|