Package org.jboss.security.auth.spi

Source Code of org.jboss.security.auth.spi.DeploymentRolesLoginModule

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
/*
* JBoss, Home of Professional Open Source.
* Copyright 2006, Red Hat Middleware LLC, and individual contributors
* as indicated by the @author tags. See the copyright.txt file in the
* distribution for a full listing of individual contributors.
*
* This is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this software; if not, write to the Free
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
package org.jboss.security.auth.spi;

// $Id: DeploymentRolesLoginModule.java 57203 2006-09-26 12:19:06Z dimitris@jboss.org $

import org.jboss.security.SecurityRoleMetaData;
import org.jboss.security.SecurityRolesAssociation;
import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal;

import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import java.security.Principal;
import java.security.acl.Group;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;

/**
* The DeploymentRolesLoginModule adds the roles to the subject that were declared in the
* assembly-descriptor element in jboss.xml.
*
* <assembly-descriptor>
*   <security-role>
*     <role-name>
*     <principal-name>
*   </security-role>
* </assembly-descriptor>
*
* This allows dynamic role assignment to a given principal per EJB jar deployment.
* Used by EJB jar deployments in the CTS.
*
* @author Thomas.Diesler@jboss.org
* @version $Revision: 57203 $
*/
public class DeploymentRolesLoginModule extends AbstractServerLoginModule
{
   /**
    * Initialize the login module.
    *
    * @param subject         the Subject to update after a successful login.
    * @param callbackHandler the CallbackHandler that will be used to obtain the
    *                        the user identity and credentials.
    * @param sharedState     a Map shared between all configured login module instances
    * @param options         the parameters passed to the login module.
    */
   public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
   {
      super.initialize(subject, callbackHandler, sharedState, options);

      // Relies on another LoginModule having done the authentication
      useFirstPass = true;
   }

   /**
    * Overriden by subclasses to return the Principal that corresponds to
    * the user primary identity.
    */
   protected Principal getIdentity()
   {
      // Setup our view of the user
      Object username = sharedState.get("javax.security.auth.login.name");
      if(username == null)
         throw new IllegalStateException("Expected to find the username in the shared state");

      if (username instanceof Principal)
         return (Principal)username;

      return new SimplePrincipal((String)username);
   }

   /**
    * Create the 'Roles' group and populate it with the
    * principals security roles from the SecurityRolesAssociation
    * @return Group[] containing the sets of roles
    */
   protected Group[] getRoleSets() throws LoginException
   {
      Group group = new SimpleGroup("Roles");
      Iterator itRoleNames = getSecurityRoleNames().iterator();
      while (itRoleNames.hasNext())
      {
         String roleName = (String) itRoleNames.next();
         group.addMember(new SimplePrincipal(roleName));
      }

      return new Group[]{group};
   }

   /**
    * Get the securtiy role names for the current principal from the
    * SecurityRolesAssociation.
    */
   private Set getSecurityRoleNames()
   {
      HashSet roleNames = new HashSet();
      String userName = getIdentity().getName();

      Map securityRoles = SecurityRolesAssociation.getSecurityRoles();
      if (securityRoles != null)
      {
         Iterator it = securityRoles.values().iterator();
         while (it.hasNext())
         {
            SecurityRoleMetaData srMetaData = (SecurityRoleMetaData) it.next();
            if (srMetaData.getPrincipals().contains(userName))
               roleNames.add(srMetaData.getRoleName());
         }
      }
      return roleNames;
   }
}
TOP

Related Classes of org.jboss.security.auth.spi.DeploymentRolesLoginModule

  • org.jboss.security.SecurityRoleMetaData
  • org.jboss.security.SimpleGroup
  • org.jboss.security.SimplePrincipal
  • java.util.Map
  • java.security.acl.Group
  • java.util.HashSet
  • java.util.Iterator
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.