• Home
• org.teiid.wildfly
• teiid-wildfly-integration
• 12.1.1
• source code
• AssosiateCallerIdentityLoginModule.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.teiid.jboss.AssosiateCallerIdentityLoginModule Maven / Gradle / Ivy

/*
 * Copyright Red Hat, Inc. and/or its affiliates
 * and other contributors as indicated by the @author tags and
 * the COPYRIGHT.txt file distributed with this work.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.teiid.jboss;

import java.security.Principal;
import java.security.acl.Group;
import java.util.Map;
import java.util.Set;

import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;

import org.jboss.security.SecurityContext;
import org.jboss.security.SubjectInfo;
import org.jboss.security.auth.spi.AbstractServerLoginModule;
import org.teiid.logging.LogConstants;
import org.teiid.logging.LogManager;

/**
 * This login modules simply takes the subject in the current context and adds
 * its principle to shared state. This is same as CallerIdentityLoginModule,
 * just it does not extend the AbstractPasswordCredentialLoginModule
 */
public class AssosiateCallerIdentityLoginModule extends AbstractServerLoginModule {

	private Principal principal;
	
	public void initialize(Subject subject, CallbackHandler handler,
			Map sharedState, Map options) {
		super.initialize(subject, handler, sharedState, options);
	}

	/**
	 * Performs the login association between the caller and the resource for a
	 * 1 to 1 mapping. This acts as a login propagation strategy and is useful
	 * for single-sign on requirements
	 * 
	 * @return True if authentication succeeds
	 * @throws LoginException
	 */
	public boolean login() throws LoginException {

		SecurityContext sc = SecurityActions.getSecurityContext();
		SubjectInfo si = sc.getSubjectInfo();
		Subject subject = si.getAuthenticatedSubject();
		
		Set principals = subject.getPrincipals();
		this.principal = principals.iterator().next();

		if (super.login() == true) {
			return true;
		}

		LogManager.logDetail(LogConstants.CTX_SECURITY, "Adding Passthrough principal="+principal.getName()); //$NON-NLS-1$
		
		// Put the principal name into the sharedState map
		sharedState.put("javax.security.auth.login.name", principal.getName()); //$NON-NLS-1$
		sharedState.put("javax.security.auth.login.password", ""); //$NON-NLS-1$ //$NON-NLS-2$
		super.loginOk = true;

		return true;
	}
	
	protected Principal getIdentity() {
		return principal;
	}

	protected Group[] getRoleSets() throws LoginException {
		return new Group[] {};
	}
}