org.jboss.security.auth.callback.JASPICallbackHandler Maven / Gradle / Ivy
/*
* JBoss, Home of Professional Open Source.
* Copyright 2008, Red Hat Middleware LLC, and individual contributors
* as indicated by the @author tags. See the copyright.txt file in the
* distribution for a full listing of individual contributors.
*
* This is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this software; if not, write to the Free
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
package org.jboss.security.auth.callback;
import java.security.Principal;
import java.util.ArrayList;
import java.util.List;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.message.callback.CallerPrincipalCallback;
import javax.security.auth.message.callback.GroupPrincipalCallback;
import javax.security.auth.message.callback.PasswordValidationCallback;
import org.jboss.security.PicketBoxMessages;
import org.jboss.security.SecurityConstants;
import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityContextUtil;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.identity.Identity;
import org.jboss.security.identity.IdentityFactory;
import org.jboss.security.identity.Role;
import org.jboss.security.identity.RoleGroup;
import org.jboss.security.identity.plugins.SimpleRole;
import org.jboss.security.identity.plugins.SimpleRoleGroup;
/**
* {@code CallbackHandler} with the JASPI callbacks
* @author [email protected]
* @since May 12, 2010
*/
public class JASPICallbackHandler extends JBossCallbackHandler
{
private static final long serialVersionUID = 1L;
public JASPICallbackHandler()
{
super();
}
public JASPICallbackHandler(Principal principal, Object credential)
{
super(principal, credential);
}
@Override
protected void handleCallBack(Callback callback) throws UnsupportedCallbackException
{
if( callback instanceof GroupPrincipalCallback )
{
GroupPrincipalCallback groupPrincipalCallback = (GroupPrincipalCallback) callback;
SecurityContext currentSC = SecurityActions.getCurrentSecurityContext();
if( currentSC == null )
throw PicketBoxMessages.MESSAGES.invalidNullSecurityContext();
String[] rolesArray = groupPrincipalCallback.getGroups();
int sizeOfRoles = rolesArray != null ? rolesArray.length : 0;
if( sizeOfRoles > 0 )
{
List rolesList = new ArrayList();
for( int i = 0; i < sizeOfRoles ; i++ )
{
Role role = new SimpleRole( rolesArray[ i ] );
rolesList.add( role );
}
RoleGroup roles = new SimpleRoleGroup( SecurityConstants.ROLES_IDENTIFIER, rolesList );
// if the current security context already has roles, we merge them with the incoming roles.
RoleGroup currentRoles = currentSC.getUtil().getRoles();
if (currentRoles != null) {
currentRoles.addAll(roles.getRoles());
}
else {
currentSC.getUtil().setRoles( roles );
}
}
Subject subject = groupPrincipalCallback.getSubject();
if( subject != null )
{
// if the current security context already has an associated subject, we merge it with the incoming subject.
Subject currentSubject = currentSC.getSubjectInfo().getAuthenticatedSubject();
if (currentSubject != null) {
subject.getPrincipals().addAll(currentSubject.getPrincipals());
subject.getPublicCredentials().addAll(currentSubject.getPublicCredentials());
subject.getPrivateCredentials().addAll(currentSubject.getPrivateCredentials());
}
currentSC.getSubjectInfo().setAuthenticatedSubject(subject);
}
}
else if( callback instanceof CallerPrincipalCallback )
{
CallerPrincipalCallback callerPrincipalCallback = (CallerPrincipalCallback) callback;
SecurityContext currentSC = SecurityActions.getCurrentSecurityContext();
Subject subject = callerPrincipalCallback.getSubject();
if( currentSC == null )
throw PicketBoxMessages.MESSAGES.invalidNullSecurityContext();
if( subject != null )
{
// if the current security context already has an associated subject, we merge it with the incoming subject.
Subject currentSubject = currentSC.getSubjectInfo().getAuthenticatedSubject();
if (currentSubject != null) {
subject.getPrincipals().addAll(currentSubject.getPrincipals());
subject.getPublicCredentials().addAll(currentSubject.getPublicCredentials());
subject.getPrivateCredentials().addAll(currentSubject.getPrivateCredentials());
}
currentSC.getSubjectInfo().setAuthenticatedSubject(subject);
}
Principal callerPrincipal = callerPrincipalCallback.getPrincipal();
if (callerPrincipal == null && callerPrincipalCallback.getName() != null)
callerPrincipal = new SimplePrincipal(callerPrincipalCallback.getName());
if( callerPrincipal != null )
{
Subject currentSubject = currentSC.getSubjectInfo().getAuthenticatedSubject();
if (currentSubject != null)
currentSubject.getPrincipals().add(callerPrincipal);
Identity principalBasedIdentity = IdentityFactory.getIdentity( callerPrincipal, null );
currentSC.getSubjectInfo().addIdentity( principalBasedIdentity );
}
}
else if( callback instanceof PasswordValidationCallback )
{
PasswordValidationCallback passwordValidationCallback = ( PasswordValidationCallback ) callback;
SecurityContext currentSC = SecurityActions.getCurrentSecurityContext();
if( currentSC == null )
throw PicketBoxMessages.MESSAGES.invalidNullSecurityContext();
String userName = passwordValidationCallback.getUsername();
char[] password = passwordValidationCallback.getPassword();
Subject subject = passwordValidationCallback.getSubject();
// SecurityContextUtil util = currentSC.getUtil();
if( subject != null )
{
// if the current security context already has an associated subject, we merge it with the incoming subject.
Subject currentSubject = currentSC.getSubjectInfo().getAuthenticatedSubject();
if (currentSubject != null) {
subject.getPrincipals().addAll(currentSubject.getPrincipals());
subject.getPublicCredentials().addAll(currentSubject.getPublicCredentials());
subject.getPrivateCredentials().addAll(currentSubject.getPrivateCredentials());
}
currentSC.getSubjectInfo().setAuthenticatedSubject(subject);
// add the identity formed by username/pw to the security context.
Identity identity = IdentityFactory.getIdentity(new SimplePrincipal(userName), password);
currentSC.getSubjectInfo().addIdentity(identity);
// util.createSubjectInfo( new SimplePrincipal( userName ), password, subject);
}
}
else super.handleCallBack(callback);
}
}