Source Code of org.exoplatform.services.security.j2ee.JbossLoginModule

/*
 * Copyright (C) 2009 eXo Platform SAS.
 *
 * This is free software; you can redistribute it and/or modify it
 * under the terms of the GNU Lesser General Public License as
 * published by the Free Software Foundation; either version 2.1 of
 * the License, or (at your option) any later version.
 *
 * This software is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this software; if not, write to the Free
 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
 * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
 */
package org.exoplatform.services.security.j2ee;

import org.exoplatform.container.monitor.jvm.J2EEServerInfo;
import org.exoplatform.services.log.ExoLogger;
import org.exoplatform.services.log.Log;
import org.exoplatform.services.security.jaas.DefaultLoginModule;
import org.exoplatform.services.security.jaas.JAASGroup;
import org.exoplatform.services.security.jaas.RolePrincipal;
import org.exoplatform.services.security.jaas.UserPrincipal;

import java.security.Principal;
import java.security.acl.Group;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Set;

import javax.management.MBeanServer;
import javax.management.ObjectName;
import javax.security.auth.login.LoginException;

/**
 * Created by The eXo Platform SAS .
 *
 * @author Gennady Azarenkov
 * @version $Id: JbossLoginModule.java 34415 2009-07-23 14:33:34Z dkatayev $
 */

public class JbossLoginModule extends DefaultLoginModule
{
   /** . */
   private static Log log = ExoLogger.getLogger("exo.core.component.security.core.JbossLoginModule.class");

   /**
    * {@inheritDoc}
    */
   @Override
   public boolean commit() throws LoginException
   {

      if (super.commit())
      {

         Set<Principal> principals = subject.getPrincipals();

         Group roleGroup = new JAASGroup(JAASGroup.ROLES);
         for (String role : identity.getRoles())
            roleGroup.addMember(new RolePrincipal(role));

         // group principal
         principals.add(roleGroup);

         // username principal
         principals.add(new UserPrincipal(identity.getUserId()));

         return true;
      }
      else
      {
         return false;
      }

   }

   /**
    * Attempts eviction of the subject in the JBoss security manager cache.
    *
    * @return a boolean
    * @throws LoginException any login exception
    */
   @Override
   public boolean logout() throws LoginException
   {
      org.exoplatform.container.monitor.jvm.J2EEServerInfo info = new J2EEServerInfo();
      MBeanServer jbossServer = info.getMBeanServer();

      //
      if (jbossServer != null)
      {
         try
         {

            log.debug("Performing JBoss security manager cache eviction");

            ObjectName securityManagerName = new ObjectName("jboss.security:service=JaasSecurityManager");

            // Obtain user name
            String userName = null;
            Set<UserPrincipal> userPrincipals = subject.getPrincipals(UserPrincipal.class);
            if (!userPrincipals.isEmpty())
            {
               // There should be one
               userName = userPrincipals.iterator().next().getName();
            }

            //
            if (userName != null)
            {
               log.debug("Going to perform JBoss security manager cache eviction for user " + userName);

               //
               List allPrincipals =
                  (List)jbossServer.invoke(securityManagerName, "getAuthenticationCachePrincipals",
                     new Object[]{realmName}, new String[]{String.class.getName()});

               // Make a copy to avoid some concurrent mods
               allPrincipals = new ArrayList(allPrincipals);

               // Lookup for invalidation key, it must be the same principal!
               Principal key = null;
               for (Iterator i = allPrincipals.iterator(); i.hasNext();)
               {
                  Principal principal = (Principal)i.next();
                  if (principal.getName().equals(userName))
                  {
                     key = principal;
                     break;
                  }
               }

               // Perform invalidation
               if (key != null)
               {
                  jbossServer.invoke(securityManagerName, "flushAuthenticationCache", new Object[]{realmName, key},
                     new String[]{String.class.getName(), Principal.class.getName()});
                  log.debug("Performed JBoss security manager cache eviction for user " + userName + " with principal "
                     + key);
               }
               else
               {
                  log.warn("No principal found when performing JBoss security manager cache eviction for user "
                     + userName);
               }
            }
            else
            {
               log.warn("No user name found when performing JBoss security manager cache eviction");
            }
         }
         catch (Exception e)
         {
            log.error("Could not perform JBoss security manager cache eviction", e);
         }
      }
      else
      {
         log.debug("Could not find mbean server for performing JBoss security manager cache eviction");
      }

      //
      return true;
   }
}