1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.jboss.as.quickstarts.ejb_security_interceptors;
18
19 import java.io.IOException;
20 import java.io.InputStream;
21 import java.net.URL;
22 import java.security.Principal;
23 import java.security.acl.Group;
24 import java.util.Map;
25 import java.util.Properties;
26
27 import javax.security.auth.Subject;
28 import javax.security.auth.callback.Callback;
29 import javax.security.auth.callback.CallbackHandler;
30 import javax.security.auth.callback.NameCallback;
31 import javax.security.auth.login.LoginException;
32
33 import org.jboss.security.SimpleGroup;
34 import org.jboss.security.SimplePrincipal;
35 import org.jboss.security.auth.callback.ObjectCallback;
36 import org.jboss.security.auth.spi.AbstractServerLoginModule;
37
38
39
40
41
42
43
44 public class DelegationLoginModule extends AbstractServerLoginModule {
45
46 private static final String DELEGATION_PROPERTIES = "delegationProperties";
47
48 private static final String DEFAULT_DELEGATION_PROPERTIES = "delegation-mapping.properties";
49
50 private Properties delegationMappings;
51
52 private Principal identity;
53
54 @Override
55 public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) {
56 addValidOptions(new String[] { DELEGATION_PROPERTIES });
57 super.initialize(subject, callbackHandler, sharedState, options);
58
59 String propertiesName;
60 if (options.containsKey(DELEGATION_PROPERTIES)) {
61 propertiesName = (String) options.get(DELEGATION_PROPERTIES);
62 } else {
63 propertiesName = DEFAULT_DELEGATION_PROPERTIES;
64 }
65 try {
66 delegationMappings = loadProperties(propertiesName);
67 } catch (IOException e) {
68 throw new IllegalArgumentException(String.format("Unable to load properties '%s'", propertiesName), e);
69 }
70 }
71
72 @SuppressWarnings("unchecked")
73 @Override
74 public boolean login() throws LoginException {
75 if (super.login() == true) {
76 log.debug("super.login()==true");
77 return true;
78 }
79
80
81 NameCallback ncb = new NameCallback("Username:");
82 ObjectCallback ocb = new ObjectCallback("Password:");
83
84 try {
85 callbackHandler.handle(new Callback[] { ncb, ocb });
86 } catch (Exception e) {
87 if (e instanceof RuntimeException) {
88 throw (RuntimeException) e;
89 }
90 return false;
91 }
92
93 String name = ncb.getName();
94 Object credential = ocb.getCredential();
95
96 if (credential instanceof OuterUserCredential) {
97
98
99 if (delegationAcceptable(name, (OuterUserCredential) credential)) {
100
101 identity = new SimplePrincipal(name);
102 if (getUseFirstPass()) {
103 String userName = identity.getName();
104 if (log.isDebugEnabled())
105 log.debug("Storing username '" + userName + "' and empty password");
106
107 sharedState.put("javax.security.auth.login.name", identity);
108 sharedState.put("javax.security.auth.login.password", "");
109 }
110 loginOk = true;
111 return true;
112 }
113 }
114
115 return false;
116 }
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137 protected boolean delegationAcceptable(String requestedUser, OuterUserCredential connectionUser) {
138 if (delegationMappings == null) {
139 return false;
140 }
141
142 String[] allowedMappings = loadPropertyValue(connectionUser.getName(), connectionUser.getRealm());
143 if (allowedMappings.length == 1 && "*".equals(allowedMappings[1])) {
144
145 return true;
146 }
147 for (String current : allowedMappings) {
148 if (requestedUser.equals(current)) {
149 return true;
150 }
151 }
152
153 return false;
154 }
155
156 private String[] loadPropertyValue(final String userName, final String realm) {
157 String value = null;
158
159 value = delegationMappings.getProperty(userName + "@" + realm);
160 if (value == null) {
161 value = delegationMappings.getProperty(userName + "@*");
162 }
163 if (value == null) {
164 value = delegationMappings.getProperty("*@" + realm);
165 }
166 if (value == null) {
167 value = delegationMappings.getProperty("*");
168 }
169
170 if (value == null) {
171 return new String[0];
172 } else {
173 return value.split(",");
174 }
175 }
176
177 @Override
178 protected Principal getIdentity() {
179 return identity;
180 }
181
182 @Override
183 protected Group[] getRoleSets() throws LoginException {
184 Group roles = new SimpleGroup("Roles");
185 Group callerPrincipal = new SimpleGroup("CallerPrincipal");
186 Group[] groups = { roles, callerPrincipal };
187 callerPrincipal.addMember(getIdentity());
188 return groups;
189 }
190
191 private Properties loadProperties(final String name) throws IOException {
192 ClassLoader classLoader = SecurityActions.getContextClassLoader();
193 URL url = classLoader.getResource(name);
194 InputStream is = url.openStream();
195 try {
196 Properties props = new Properties();
197 props.load(is);
198 return props;
199
200 } finally {
201 is.close();
202 }
203 }
204
205 }