001 /* 002 * Copyright (C) 2012 eXo Platform SAS. 003 * 004 * This is free software; you can redistribute it and/or modify it 005 * under the terms of the GNU Lesser General Public License as 006 * published by the Free Software Foundation; either version 2.1 of 007 * the License, or (at your option) any later version. 008 * 009 * This software is distributed in the hope that it will be useful, 010 * but WITHOUT ANY WARRANTY; without even the implied warranty of 011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 012 * Lesser General Public License for more details. 013 * 014 * You should have received a copy of the GNU Lesser General Public 015 * License along with this software; if not, write to the Free 016 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 017 * 02110-1301 USA, or see the FSF site: http://www.fsf.org. 018 */ 019 020 package org.crsh.auth; 021 022 import org.crsh.plugin.CRaSHPlugin; 023 import org.crsh.plugin.PropertyDescriptor; 024 025 import javax.security.auth.Subject; 026 import javax.security.auth.callback.Callback; 027 import javax.security.auth.callback.CallbackHandler; 028 import javax.security.auth.callback.NameCallback; 029 import javax.security.auth.callback.PasswordCallback; 030 import javax.security.auth.callback.UnsupportedCallbackException; 031 import javax.security.auth.login.LoginContext; 032 import java.io.IOException; 033 import java.util.Collections; 034 import java.util.logging.Level; 035 036 public class JaasAuthenticationPlugin extends CRaSHPlugin<AuthenticationPlugin> implements AuthenticationPlugin<String> { 037 038 /** . */ 039 static final PropertyDescriptor<String> JAAS_DOMAIN = PropertyDescriptor.create("auth.jaas.domain", (String)null, "The JAAS domain name used for authentication"); 040 041 public String getName() { 042 return "jaas"; 043 } 044 045 @Override 046 protected Iterable<PropertyDescriptor<?>> createConfigurationCapabilities() { 047 return Collections.<PropertyDescriptor<?>>singletonList(JAAS_DOMAIN); 048 } 049 050 public Class<String> getCredentialType() { 051 return String.class; 052 } 053 054 public boolean authenticate(final String username, final String password) throws Exception { 055 String domain = getContext().getProperty(JAAS_DOMAIN); 056 if (domain != null) { 057 log.log(Level.FINE, "Will use the JAAS domain '" + domain + "' for authenticating user " + username); 058 LoginContext loginContext = new LoginContext(domain, new Subject(), new CallbackHandler() { 059 public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { 060 for (Callback c : callbacks) { 061 if (c instanceof NameCallback) { 062 ((NameCallback)c).setName(username); 063 } 064 else if (c instanceof PasswordCallback) { 065 ((PasswordCallback)c).setPassword(password.toCharArray()); 066 } 067 else { 068 throw new UnsupportedCallbackException(c); 069 } 070 } 071 } 072 }); 073 074 // 075 try { 076 loginContext.login(); 077 loginContext.logout(); 078 log.log(Level.FINE, "Authenticated user " + username + " against the JAAS domain '" + domain + "'"); 079 return true; 080 } 081 catch (Exception e) { 082 if (log.isLoggable(Level.FINE)) { 083 log.log(Level.SEVERE, "Exception when authenticating user " + username + " to JAAS domain '" + domain + "'", e); 084 } 085 return false; 086 } 087 } 088 else { 089 log.log(Level.WARNING, "The JAAS domain property '" + JAAS_DOMAIN.name + "' was not found"); 090 return false; 091 } 092 } 093 094 @Override 095 public AuthenticationPlugin getImplementation() { 096 return this; 097 } 098 }