Author: iocanel
Date: Fri Sep 3 13:06:39 2010
New Revision: 992286
URL: http://svn.apache.org/viewvc?rev=992286&view=rev
Log:
Added KarafAbstractLoginModule which handles RolePolicies. Added 2
RolePolicies(prefixed and grouped).
Added:
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/AbstractKarafLoginModule.java
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/GroupPrincipal.java
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/RolePolicy.java
Modified:
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/osgi/OsgiConfigLoginModule.java
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesLoginModule.java
Added:
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/AbstractKarafLoginModule.java
URL:
http://svn.apache.org/viewvc/karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/AbstractKarafLoginModule.java?rev=992286&view=auto
==============================================================================
---
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/AbstractKarafLoginModule.java
(added)
+++
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/AbstractKarafLoginModule.java
Fri Sep 3 13:06:39 2010
@@ -0,0 +1,62 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * under the License.
+ */
+package org.apache.karaf.jaas.modules;
+
+import java.security.Principal;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
+
+
+/**
+ *
+ * @author iocanel
+ */
+public abstract class AbstractKarafLoginModule implements LoginModule {
+
+ protected Set<Principal> principals = new HashSet<Principal>();
+ protected Subject subject;
+ protected String user;
+ protected CallbackHandler callbackHandler;
+ protected boolean debug;
+ protected Map<String, ?> options;
+
+ protected String rolePolicy;
+ protected String roleDiscriminator;
+
+ public boolean commit() throws LoginException {
+ RolePolicy policy = RolePolicy.getPolicy(rolePolicy);
+ if(policy != null && roleDiscriminator != null) {
+ policy.handleRoles(subject, principals, roleDiscriminator);
+ } else subject.getPrincipals().addAll(principals);
+ return true;
+ }
+
+ protected void clear() {
+ user = null;
+ }
+
+ public void initialize(Subject sub, CallbackHandler handler, Map options) {
+ this.subject = sub;
+ this.callbackHandler = handler;
+ rolePolicy = (String) options.get("rolePolicy");
+ roleDiscriminator = (String) options.get("roleDisciriminator");
+ debug = "true".equalsIgnoreCase((String) options.get("debug"));
+ }
+}
Added:
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/GroupPrincipal.java
URL:
http://svn.apache.org/viewvc/karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/GroupPrincipal.java?rev=992286&view=auto
==============================================================================
---
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/GroupPrincipal.java
(added)
+++
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/GroupPrincipal.java
Fri Sep 3 13:06:39 2010
@@ -0,0 +1,57 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * under the License.
+ */
+
+package org.apache.karaf.jaas.modules;
+
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.Enumeration;
+import java.util.Hashtable;
+
+/**
+ *
+ * @author iocanel
+ */
+public class GroupPrincipal implements Group {
+
+ private String name;
+ private Hashtable<String,Principal> members = new Hashtable<String,
Principal>();
+
+ public GroupPrincipal(String name) {
+ this.name = name;
+ }
+
+ public boolean addMember(Principal user) {
+ members.put(user.getName(), user);
+ return true;
+ }
+
+ public boolean removeMember(Principal user) {
+ members.remove(user.getName());
+ return true;
+ }
+
+ public boolean isMember(Principal member) {
+ return members.contains(member.getName());
+ }
+
+ public Enumeration<? extends Principal> members() {
+ return members.elements();
+ }
+
+ public String getName() {
+ return name;
+ }
+}
Added:
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/RolePolicy.java
URL:
http://svn.apache.org/viewvc/karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/RolePolicy.java?rev=992286&view=auto
==============================================================================
---
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/RolePolicy.java
(added)
+++
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/RolePolicy.java
Fri Sep 3 13:06:39 2010
@@ -0,0 +1,80 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * under the License.
+ */
+
+package org.apache.karaf.jaas.modules;
+
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.EnumSet;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+import javax.security.auth.Subject;
+
+/**
+ *
+ * @author iocanel
+ */
+public enum RolePolicy {
+
+ PREFIXED_ROLES("prefix") {
+ public void handleRoles(Subject subject,Set<Principal>
principals,String discriminator) {
+ for(Principal p:principals) {
+ if(p instanceof RolePrincipal){
+ RolePrincipal rolePrincipal = new
RolePrincipal(discriminator+p.getName());
+ subject.getPrincipals().add(rolePrincipal);
+ } else {
+ subject.getPrincipals().add(p);
+ }
+ }
+ }
+ },
+ GROUP_ROLES("group") {
+ public void handleRoles(Subject subject,Set<Principal>
principals,String discriminator) {
+ Group group = new GroupPrincipal(discriminator);
+ for(Principal p:principals) {
+ if(p instanceof RolePrincipal) {
+ group.addMember(p);
+ } else {
+ subject.getPrincipals().add(p);
+ }
+ }
+ subject.getPrincipals().add(group);
+ }
+ };
+
+ private String value;
+
+ private static final Map<String, RolePolicy> policies = new
HashMap<String, RolePolicy>();
+
+ static {
+ for (RolePolicy s : EnumSet.allOf(RolePolicy.class)) {
+ policies.put(s.getValue(), s);
+ }
+ }
+
+ private RolePolicy(String value) {
+ this.value = value;
+ }
+
+ public String getValue() {
+ return value;
+ }
+ public static RolePolicy getPolicy(String code) {
+ return policies.get(code);
+ }
+
+ public abstract void handleRoles(Subject subject,Set<Principal>
principals,String discriminator);
+}
Modified:
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/osgi/OsgiConfigLoginModule.java
URL:
http://svn.apache.org/viewvc/karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/osgi/OsgiConfigLoginModule.java?rev=992286&r1=992285&r2=992286&view=diff
==============================================================================
---
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/osgi/OsgiConfigLoginModule.java
(original)
+++
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/osgi/OsgiConfigLoginModule.java
Fri Sep 3 13:06:39 2010
@@ -31,27 +31,19 @@ import javax.security.auth.callback.Pass
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
-import javax.security.auth.spi.LoginModule;
+import org.apache.karaf.jaas.modules.AbstractKarafLoginModule;
import org.apache.karaf.jaas.modules.RolePrincipal;
import org.apache.karaf.jaas.modules.UserPrincipal;
import org.osgi.service.cm.Configuration;
-public class OsgiConfigLoginModule implements LoginModule {
+public class OsgiConfigLoginModule extends AbstractKarafLoginModule {
public static final String PID = "pid";
public static final String USER_PREFIX = "user.";
- private Subject subject;
- private CallbackHandler callbackHandler;
- private Map<String, ?> options;
-
- private Set<Principal> principals;
-
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map<String, ?> sharedState, Map<String, ?> options) {
- this.subject = subject;
- this.callbackHandler = callbackHandler;
- this.options = options;
+ super.initialize(subject, callbackHandler, options);
}
public boolean login() throws LoginException {
@@ -103,10 +95,6 @@ public class OsgiConfigLoginModule imple
}
}
- public boolean commit() throws LoginException {
- subject.getPrincipals().addAll(principals);
- return true;
- }
public boolean abort() throws LoginException {
subject = null;
Modified:
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesLoginModule.java
URL:
http://svn.apache.org/viewvc/karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesLoginModule.java?rev=992286&r1=992285&r2=992286&view=diff
==============================================================================
---
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesLoginModule.java
(original)
+++
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesLoginModule.java
Fri Sep 3 13:06:39 2010
@@ -22,7 +22,6 @@ import java.security.Principal;
import java.util.HashSet;
import java.util.Map;
import java.util.Properties;
-import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
@@ -32,10 +31,10 @@ import javax.security.auth.callback.Pass
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
-import javax.security.auth.spi.LoginModule;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.karaf.jaas.modules.AbstractKarafLoginModule;
import org.apache.karaf.jaas.modules.RolePrincipal;
import org.apache.karaf.jaas.modules.UserPrincipal;
@@ -43,23 +42,17 @@ import org.apache.karaf.jaas.modules.Use
* JAAS Login module for user / password, based on two properties files.
*
*/
-public class PropertiesLoginModule implements LoginModule {
+public class PropertiesLoginModule extends AbstractKarafLoginModule {
private static final String USER_FILE = "users";
private static final Log LOG =
LogFactory.getLog(PropertiesLoginModule.class);
- private Subject subject;
- private CallbackHandler callbackHandler;
- private boolean debug;
+
private String usersFile;
- private String user;
- private Set principals = new HashSet();
+ @Override
public void initialize(Subject sub, CallbackHandler handler, Map
sharedState, Map options) {
- this.subject = sub;
- this.callbackHandler = handler;
-
- debug = "true".equalsIgnoreCase((String) options.get("debug"));
+ super.initialize(sub,handler,options);
usersFile = (String) options.get(USER_FILE) + "";
if (debug) {
@@ -122,15 +115,6 @@ public class PropertiesLoginModule imple
return true;
}
- public boolean commit() throws LoginException {
- subject.getPrincipals().addAll(principals);
- clear();
- if (debug) {
- LOG.debug("commit");
- }
- return true;
- }
-
public boolean abort() throws LoginException {
clear();
if (debug) {
@@ -147,8 +131,4 @@ public class PropertiesLoginModule imple
}
return true;
}
-
- private void clear() {
- user = null;
- }
}
