User: starksm
Date: 01/03/28 18:28:38
Modified: src/main/org/jboss/security/plugins
AbstractServerLoginModule.java
Log:
Further generalize the notion of role mapping to allow sets of named
roles using any number of Groups
Revision Changes Path
1.4 +63 -45
jbosssx/src/main/org/jboss/security/plugins/AbstractServerLoginModule.java
Index: AbstractServerLoginModule.java
===================================================================
RCS file:
/cvsroot/jboss/jbosssx/src/main/org/jboss/security/plugins/AbstractServerLoginModule.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- AbstractServerLoginModule.java 2001/03/22 09:40:03 1.3
+++ AbstractServerLoginModule.java 2001/03/29 02:28:38 1.4
@@ -31,24 +31,19 @@
own custom LoginModule and override the getRoles() and getIdentity()
methods.
-Roles to the subject as Principals in a Group named 'Roles'
-to the
- *
- * You may also wish to override
- *
- * public void initialize(Subject subject, CallbackHandler callbackHandler, Map
sharedState, Map options)
- *
- * In which case the first line of your initialize() method should be
super.initialize(subject, callbackHandler, sharedState, options);
- *
- * You may also wish to override
- *
- * public boolean login() throws LoginException
- *
- * In which case the last line of your login() method should be return
super.login();
- *
+You may also wish to override
+ public void initialize(Subject subject, CallbackHandler callbackHandler, Map
sharedState, Map options)
+
+In which case the first line of your initialize() method should be:
+ super.initialize(subject, callbackHandler, sharedState, options);
+You may also wish to override
+ public boolean login() throws LoginException
+In which case the last line of your login() method should be
+ return super.login();
+
@author <a href="[EMAIL PROTECTED]">Edward Kenworthy</a>, 12th Dec
2000
@author [EMAIL PROTECTED]
-@version $Revision: 1.3 $
+@version $Revision: 1.4 $
*/
public abstract class AbstractServerLoginModule implements LoginModule
{
@@ -113,9 +108,9 @@
}
/** Method to commit the authentication process (phase 2).
- It adds the getIdentity() value to the subject getPrincipals() Set
- and adds the Principals returned by getRoles() to a Group named
- 'Roles' to the subject getPrincipals() Set.
+ It adds the getIdentity() value to the subject getPrincipals() Set.
+ It also adds the members of each Group returned by getRoleSets()
+ to the subject getPrincipals() Set.
@see javax.security.auth.Subject;
@see java.security.acl.Group;
@@ -126,56 +121,79 @@
Set principals = subject.getPrincipals();
Principal identity = getIdentity();
principals.add(identity);
- Principal[] roles = getRoles();
- Group subjectRoles = getRolesGroup(principals);
- if( subjectRoles instanceof NestableGroup )
+ Group[] roleSets = getRoleSets();
+ for(int g = 0; g < roleSets.length; g ++)
{
- /* A NestableGroup only allows Groups to be added to it so we
- need to add a SimpleGroup to subjectRoles that contains roles
- */
- SimpleGroup tmp = new SimpleGroup("Roles");
- subjectRoles.addMember(tmp);
- subjectRoles = tmp;
- }
- for(int r = 0; roles != null && r < roles.length; r ++)
- {
- Principal role = roles[r];
- subjectRoles.addMember(role);
+ Group group = roleSets[g];
+ String name = group.getName();
+ Group subjectGroup = createGroup(name, principals);
+ if( subjectGroup instanceof NestableGroup )
+ {
+ /* A NestableGroup only allows Groups to be added to it so we
+ need to add a SimpleGroup to subjectRoles to contain the roles
+ */
+ SimpleGroup tmp = new SimpleGroup("Roles");
+ subjectGroup.addMember(tmp);
+ subjectGroup = tmp;
+ }
+ // Copy the group members to the Subject group
+ Enumeration members = group.members();
+ while( members.hasMoreElements() )
+ {
+ Principal role = (Principal) members.nextElement();
+ subjectGroup.addMember(role);
+ }
}
return true;
}
- /**
- * Method to abort the authentication process (phase 2).
- */
+ /** Method to abort the authentication process (phase 2).
+ @return true alaways
+ */
public boolean abort() throws LoginException
{
return true;
}
+ /** Remove the user identity and roles added to the Subject during commit.
+ @return true always.
+ */
public boolean logout() throws LoginException
{
+ // Remove the user identity
Principal identity = getIdentity();
- subject.getPrincipals().remove(identity);
+ Set principals = subject.getPrincipals();
+ principals.remove(identity);
+ // Remove any added Groups...
return true;
}
//--- End LoginModule interface methods
// --- Protected methods
- /** Overriden by subclasses to return the
+ /** Overriden by subclasses to return the Principal that corresponds to
+ the user primary identity.
*/
abstract protected Principal getIdentity();
- abstract protected Principal[] getRoles();
+ /** Overriden by subclasses to return the Groups that correspond to the
+ to the role sets assigned to the user. Subclasses should create at
+ least a Group named "Roles" that contains the roles assigned to the user.
+ A second common group is "CallerPrincipal" that provides the application
+ identity of the user rather than the security domain identity.
+ @return Group[] containing the sets of roles
+ */
+ abstract protected Group[] getRoleSets() throws LoginException;
protected boolean getUseFirstPass()
{
return useFirstPass;
}
- /** Look for a Group named 'Roles'
+ /** Find or create a Group with the given name. Subclasses should use this
+ method to locate the 'Roles' group or create additional types of groups.
+ @return A named Group from the principals set.
*/
- protected Group getRolesGroup(Set principals)
+ protected Group createGroup(String name, Set principals)
{
Group roles = null;
Iterator iter = principals.iterator();
@@ -184,17 +202,17 @@
Object next = iter.next();
if( (next instanceof Group) == false )
continue;
- Group grp = (Group) iter.next();
- if( grp.getName().equals("Roles") )
+ Group grp = (Group) next;
+ if( grp.getName().equals(name) )
{
roles = grp;
break;
}
}
- // If we did not find a Roles group create one
+ // If we did not find a group create one
if( roles == null )
{
- roles = new NestableGroup("Roles");
+ roles = new NestableGroup(name);
principals.add(roles);
}
return roles;
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-development
