All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.jboss.security.javaee.EJBAuthenticationHelper Maven / Gradle / Ivy

The newest version!
/*
  * JBoss, Home of Professional Open Source
  * Copyright 2007, JBoss Inc., and individual contributors as indicated
  * by the @authors tag. See the copyright.txt in the distribution for a
  * full listing of individual contributors.
  *
  * This is free software; you can redistribute it and/or modify it
  * under the terms of the GNU Lesser General Public License as
  * published by the Free Software Foundation; either version 2.1 of
  * the License, or (at your option) any later version.
  *
  * This software is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  * Lesser General Public License for more details.
  *
  * You should have received a copy of the GNU Lesser General Public
  * License along with this software; if not, write to the Free
  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
  */
package org.jboss.security.javaee;

import java.security.Principal;
import java.util.Map;

import javax.security.auth.Subject;

import org.jboss.security.PicketBoxMessages;
import org.jboss.security.SecurityContext;
import org.jboss.security.audit.AuditLevel;
import org.jboss.security.identitytrust.IdentityTrustException;
import org.jboss.security.identitytrust.IdentityTrustManager;
import org.jboss.security.identitytrust.IdentityTrustManager.TrustDecision;
 
/**
 *  Helper Class for EJB Authentication
 *  @author [email protected]
 *  @since  Apr 18, 2008 
 *  @version $Revision$
 */
public class EJBAuthenticationHelper extends AbstractJavaEEHelper
{
   public EJBAuthenticationHelper(SecurityContext sc)
   { 
      if(sc == null)
         throw PicketBoxMessages.MESSAGES.invalidNullArgument("security context");
      this.securityContext = sc;
   }
   
   /**
    * Whether the current caller can be trusted?
    * @return true - trust the caller, false - otherwise
    * @throws IdentityTrustException
    */
   public boolean isTrusted() throws IdentityTrustException
   {
      TrustDecision td = TrustDecision.NotApplicable;
      IdentityTrustManager itm = securityContext.getIdentityTrustManager();
      if(itm != null)
      {
         td = itm.isTrusted(securityContext);
         if(td == TrustDecision.Deny)
            throw new IdentityTrustException(PicketBoxMessages.MESSAGES.deniedByIdentityTrustMessage());
      }
      return td == TrustDecision.Permit;
   }   
   
   /**
    * Authenticate the caller
    * @param subject
    * @param methodName
    * @return
    * @throws IllegalArgumentException subject or methodName is null
    */
   public boolean isValid(Subject subject, String methodName)
   {
      if(subject == null)
         throw PicketBoxMessages.MESSAGES.invalidNullArgument("subject");
      if(methodName == null)
         throw PicketBoxMessages.MESSAGES.invalidNullArgument("method");

      Principal p = securityContext.getUtil().getUserPrincipal();
      Object cred = securityContext.getUtil().getCredential(); 
      
      Map cMap = getContextMap(p, methodName);
      
      boolean auth = securityContext.getAuthenticationManager().isValid(p, cred, subject);
      if(auth == false)
      { 
         // Check for the security association exception
         String EX_KEY = "org.jboss.security.exception"; 
         Exception ex = (Exception) securityContext.getData().get(EX_KEY); 
         if(ex == null)
         { 
            authenticationAudit(AuditLevel.FAILURE,cMap,null);  
         }
         else
         {
            authenticationAudit(AuditLevel.ERROR, cMap ,ex);  
         }
      } 
      else
      {
         authenticationAudit(AuditLevel.SUCCESS,cMap,null);          
      }
      return auth;
   }
   
   /**
    * Push the authenticated subject onto the security context
    * IMPORTANT - this needs to be done after the isValid call
    */
   public void pushSubjectContext(Subject subject)
   { 
      securityContext.getSubjectInfo().setAuthenticatedSubject(subject); 
   }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy