Hi i haven't showed the de.danet.an.staffmgmt.jbossx.StaffMemberLoginModule, here it
is:
import java.security.acl.Group;
| import java.util.Map;
| import java.util.List;
| import java.util.ArrayList;
| import java.sql.Connection;
| import java.sql.Statement;
| import java.sql.PreparedStatement;
| import java.sql.ResultSet;
| import java.sql.SQLException;
| import javax.sql.DataSource;
| import javax.naming.InitialContext;
| import javax.naming.NamingException;
| import javax.security.auth.Subject;
| import javax.security.auth.callback.CallbackHandler;
| import javax.security.auth.login.LoginException;
| import org.jboss.security.SimpleGroup;
| import org.jboss.security.SimplePrincipal;
| import org.jboss.security.auth.spi.UsernamePasswordLoginModule;
|
| /**
| * A login module that uses methods from the staff management package
| * to authenticate the users.<P>
| *
| * The resulting LoginContext has as CallerPrincipal
| * "<code>StaffManagementMember_<i>DBId</i></code>" where
| * <code><i>DBId</i></code> is the primary key of the
| * <code>StaffManagementMember</code>.<P>
| *
| * Every authenticated user has a default role
| * "<code>StaffManagementUser</code>" assigned. Additional
| * roles are derived from the group memberships of the authenticated
| * member. Groups with primary keys less than 100 have role names
| * "<code>StaffManagementRole_<i>DBId</i></code>" where
| * <code><i>DBId</i></code> is the primary key of the
| * <code>StaffManagementGroup</code>. For other groups the group
| * name is used directly as role name.<P>
| *
| * Groups with primary keys below 100 are handled specially to simplify
| * internationalization. Those group ids are never assigned when a group
| * is created. Rather, those are predefined groups such as "administrators"
| * with permissions properly configured in the deployment descriptors.
| * By using "<code>StaffManagementRole_<i>DBId</i></code>" as role,
| * it is not necessary to modify the deployment descriptors when the
| * group name of those administrative groups is changed.
| */
| public class StaffMemberLoginModule extends UsernamePasswordLoginModule {
|
| private String dsJndiName;
| private String daemonUsername = null;
| private String daemonPassword = null;
|
| /**
| * Initialize this LoginModule.
| */
| public void initialize(Subject subject, CallbackHandler callbackHandler,
| Map sharedState, Map options) {
| super.initialize(subject, callbackHandler, sharedState, options);
|
| dsJndiName = (String) options.get("dsJndiName");
| if( dsJndiName == null ) {
| dsJndiName = "java:/DefaultDS";
| }
|
| daemonUsername = (String) options.get("daemonUsername");
| daemonPassword = (String) options.get("daemonPassword");
| }
|
| /**
| * Return <code>null</code> as the cleartext password is not available.
| * This is not a problem as we override <code>validatePassword</code>
| * as well.
| * @return null
| * @throws LoginException as defined by the interface, not really thrown.
| */
| protected String getUsersPassword() throws LoginException {
| return null;
| }
|
| /**
| * The validation of the input password against the expected password.
| * This version ignores the value of the expected password and uses
| * methods from staff management to verify the password.
| * @param inputPassword the password as given by the user.
| * @param expectedPassword the expected password, ignored.
| * @return true if the inputPassword is valid, false otherwise.
| */
| protected boolean validatePassword
| (String inputPassword, String expectedPassword) {
| if(getUsername() == null || inputPassword == null) {
| return false;
| }
| if (daemonUsername != null && getUsername().equals (daemonUsername)
| && daemonPassword != null
| && inputPassword.equals (daemonPassword)) {
| return true;
| }
| Connection con = null;
| PreparedStatement ps = null;
| ResultSet rs = null;
| try {
| InitialContext ctx = new InitialContext();
| DataSource ds = (DataSource) ctx.lookup(dsJndiName);
| con = ds.getConnection();
| // Get the password
| ps = con.prepareStatement
| ("SELECT PASSWORD FROM STAFFMEMBER WHERE MEMBERID = ?");
| ps.setString(1, getUsername());
| rs = ps.executeQuery();
| if(rs.next()) {
| return rs.getString(1).equals (inputPassword);
| }
| } catch(NamingException ex) {
| ex.printStackTrace();
| } catch(SQLException ex) {
| ex.printStackTrace();
| } finally {
| try {
| closeAll (rs, ps, con);
| } catch (SQLException ex) {
| ex.printStackTrace();
| }
| }
| return false;
| }
|
| /**
| * Overriden to return the Groups that correspond to the role sets
| * assigned to the user. Creates a Group named "Roles" that
| * contains the Role "StaffManagementUser". A second group is
| * "CallerPrincipal" that provides the
| * [EMAIL PROTECTED] de.danet.an.staffmgmt.domain.StaffMember#key
| * application identity} rather than the security domain identity.
| * @return Group[] containing the sets of roles
| * @throws LoginException as defined by the interface, not really thrown.
| */
| protected Group[] getRoleSets() throws LoginException {
| if (getUnauthenticatedIdentity() != null
| && getIdentity().equals (getUnauthenticatedIdentity())) {
| Group[] grps = new Group[0];
| return grps;
| }
| if (daemonUsername != null && getUsername().equals (daemonUsername)) {
| // Create Caller Principal
| SimpleGroup princip = new SimpleGroup("CallerPrincipal");
| princip.addMember
| (new SimplePrincipal ("StaffManagementMember_Daemon"));
| // create roles, start with default role
| Group roles = new SimpleGroup("Roles");
| SimplePrincipal p = new SimplePrincipal("StaffManagementUser");
| roles.addMember(p);
| p = new SimplePrincipal("StaffManagementRole_Daemon");
| roles.addMember(p);
| Group[] grps = new Group[] { princip, roles };
| return grps;
| }
| List groups = new ArrayList();
| // gather information
| Connection con = null;
| try {
| // prepare db connection
| InitialContext ctx = new InitialContext();
| DataSource ds = (DataSource) ctx.lookup(dsJndiName);
| con = ds.getConnection();
| // Create Caller Principal
| long memberDBId = addCallerPrincipal (con, groups);
| // create roles, start with default role
| SimpleGroup rolesGroup = new SimpleGroup("Roles");
| groups.add (rolesGroup);
| SimplePrincipal p = new SimplePrincipal("StaffManagementUser");
| rolesGroup.addMember(p);
| // add roles from db
| addGroupsAsRoles (con, rolesGroup, memberDBId, true);
| } catch(NamingException ex) {
| throw new LoginException(ex.toString(true));
| } catch(SQLException ex) {
| ex.printStackTrace();
| throw new LoginException(ex.toString());
| } finally {
| try {
| closeAll (null, null, con);
| } catch (SQLException ex) {
| ex.printStackTrace();
| throw new LoginException(ex.toString());
| }
| }
|
| Group[] roleSets = new Group[groups.size()];
| groups.toArray(roleSets);
| return roleSets;
| }
|
| /**
| * Adds the "CallerPrincipal" group with the autheticated user as
| * principal to the groups.
| *
| * @param con the connection to the database.
| * @param groups the groups.
| * @return the DBId of the authenticated user.
| */
| private long addCallerPrincipal (Connection con, List groups)
| throws SQLException, LoginException {
| PreparedStatement ps = null;
| ResultSet rs = null;
| long dbid = 0;
| try {
| ps = con.prepareStatement
| ("SELECT DBID FROM STAFFMEMBER WHERE MEMBERID = ?");
| ps.setString(1, getUsername());
| rs = ps.executeQuery();
| if(! rs.next()) {
| throw new LoginException
| ("Authenticated user vanished from table");
| }
| dbid = rs.getLong(1);
| SimpleGroup rolesGroup = new SimpleGroup("CallerPrincipal");
| groups.add(rolesGroup);
| rolesGroup.addMember
| (new SimplePrincipal
| ("StaffManagementMember_" + dbid));
| } finally {
| closeAll (rs, ps, null);
| }
| return dbid;
| }
|
| /**
| * Adds the roles derived from the groups in the database.
| *
| * @param con the connection to the database.
| * @param roles the groups.
| * @param id the dbid for which to add the groups.
| * @param isMember <code>true</code> if <code>id</code> is a
| * staff member id (not a staff group id).
| * @return the DBId of the authenticated user.
| */
| private void addGroupsAsRoles (Connection con, SimpleGroup roles,
| long id, boolean isMember)
| throws SQLException, LoginException {
| PreparedStatement ps = null;
| ResultSet rs = null;
| try {
| String type = "M";
| if (!isMember) {
| type = "G";
| }
| ps = con.prepareStatement
| ("SELECT GROUPID FROM STAFFMAP "
| + "WHERE CONTAINED = ? AND TYPE = ?");
| ps.setLong(1, id);
| ps.setString(2, type);
| rs = ps.executeQuery();
| while(rs.next()) {
| long grpId = rs.getLong(1);
| if (grpId < 100) {
| roles.addMember (new SimplePrincipal
| ("StaffManagementRole_" + grpId));
| } else {
| roles.addMember
| (new SimplePrincipal (lookupGroup (con, grpId)));
| }
| addGroupsAsRoles (con, roles, grpId, false);
| }
| } finally {
| closeAll (rs, ps, null);
| }
| }
|
| /**
| * Looks up the group name for a given group id.
| *
| * @param con the connection to the database.
| * @param id the group id
| * @return the group name.
| */
| private String lookupGroup (Connection con, long grpId)
| throws SQLException, LoginException {
| PreparedStatement ps = null;
| ResultSet rs = null;
| try {
| ps = con.prepareStatement
| ("SELECT NAME FROM STAFFGROUP WHERE DBID = ?");
| ps.setLong(1, grpId);
| rs = ps.executeQuery();
| if (!rs.next()) {
| throw new LoginException
| ("Group vanished from table");
| }
| return rs.getString(1);
| } finally {
| closeAll (rs, ps, null);
| }
| }
|
| /**
| * Close a connection, a prepared statement or a statement and a
| * result set, if allocated, i.e. if != null.
| * @param rs a result set or null.
| * @param st a prepared statement, statement or null
| * @param con a connection or null.
| * @throws SQLException if a sql error occurs.
| */
| private void closeAll (ResultSet rs, Statement st,
| Connection con) throws SQLException {
| if (rs != null) {
| rs.close ();
| }
| if (st != null) {
| st.close ();
| }
| if (con != null) {
| con.close ();
| }
| }
| }
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3852930#3852930
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3852930
-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
