001 /*
002 * Copyright (C) 2012 eXo Platform SAS.
003 *
004 * This is free software; you can redistribute it and/or modify it
005 * under the terms of the GNU Lesser General Public License as
006 * published by the Free Software Foundation; either version 2.1 of
007 * the License, or (at your option) any later version.
008 *
009 * This software is distributed in the hope that it will be useful,
010 * but WITHOUT ANY WARRANTY; without even the implied warranty of
011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
012 * Lesser General Public License for more details.
013 *
014 * You should have received a copy of the GNU Lesser General Public
015 * License along with this software; if not, write to the Free
016 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
017 * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
018 */
019
020 package org.crsh.auth;
021
022 import org.crsh.plugin.CRaSHPlugin;
023 import org.crsh.plugin.PropertyDescriptor;
024
025 import javax.security.auth.Subject;
026 import javax.security.auth.callback.Callback;
027 import javax.security.auth.callback.CallbackHandler;
028 import javax.security.auth.callback.NameCallback;
029 import javax.security.auth.callback.PasswordCallback;
030 import javax.security.auth.callback.UnsupportedCallbackException;
031 import javax.security.auth.login.LoginContext;
032 import java.io.IOException;
033 import java.util.Collections;
034 import java.util.logging.Level;
035
036 public class JaasAuthenticationPlugin extends CRaSHPlugin<AuthenticationPlugin> implements AuthenticationPlugin<String> {
037
038 /** . */
039 static final PropertyDescriptor<String> JAAS_DOMAIN = PropertyDescriptor.create("auth.jaas.domain", (String)null, "The JAAS domain name used for authentication");
040
041 public String getName() {
042 return "jaas";
043 }
044
045 @Override
046 protected Iterable<PropertyDescriptor<?>> createConfigurationCapabilities() {
047 return Collections.<PropertyDescriptor<?>>singletonList(JAAS_DOMAIN);
048 }
049
050 public Class<String> getCredentialType() {
051 return String.class;
052 }
053
054 public boolean authenticate(final String username, final String password) throws Exception {
055 String domain = getContext().getProperty(JAAS_DOMAIN);
056 if (domain != null) {
057 log.log(Level.FINE, "Will use the JAAS domain '" + domain + "' for authenticating user " + username);
058 LoginContext loginContext = new LoginContext(domain, new Subject(), new CallbackHandler() {
059 public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
060 for (Callback c : callbacks) {
061 if (c instanceof NameCallback) {
062 ((NameCallback)c).setName(username);
063 }
064 else if (c instanceof PasswordCallback) {
065 ((PasswordCallback)c).setPassword(password.toCharArray());
066 }
067 else {
068 throw new UnsupportedCallbackException(c);
069 }
070 }
071 }
072 });
073
074 //
075 try {
076 loginContext.login();
077 loginContext.logout();
078 log.log(Level.FINE, "Authenticated user " + username + " against the JAAS domain '" + domain + "'");
079 return true;
080 }
081 catch (Exception e) {
082 if (log.isLoggable(Level.FINE)) {
083 log.log(Level.SEVERE, "Exception when authenticating user " + username + " to JAAS domain '" + domain + "'", e);
084 }
085 return false;
086 }
087 }
088 else {
089 log.log(Level.WARNING, "The JAAS domain property '" + JAAS_DOMAIN.name + "' was not found");
090 return false;
091 }
092 }
093
094 @Override
095 public AuthenticationPlugin getImplementation() {
096 return this;
097 }
098 }