001/** 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017package org.apache.activemq.jaas; 018 019import java.io.IOException; 020import java.security.Principal; 021import java.util.HashSet; 022import java.util.Map; 023import java.util.Properties; 024import java.util.Set; 025 026import javax.security.auth.Subject; 027import javax.security.auth.callback.Callback; 028import javax.security.auth.callback.CallbackHandler; 029import javax.security.auth.callback.NameCallback; 030import javax.security.auth.callback.PasswordCallback; 031import javax.security.auth.callback.UnsupportedCallbackException; 032import javax.security.auth.login.FailedLoginException; 033import javax.security.auth.login.LoginException; 034import javax.security.auth.spi.LoginModule; 035 036import org.slf4j.Logger; 037import org.slf4j.LoggerFactory; 038 039public class PropertiesLoginModule extends PropertiesLoader implements LoginModule { 040 041 private static final String USER_FILE_PROP_NAME = "org.apache.activemq.jaas.properties.user"; 042 private static final String GROUP_FILE_PROP_NAME = "org.apache.activemq.jaas.properties.group"; 043 044 private static final Logger LOG = LoggerFactory.getLogger(PropertiesLoginModule.class); 045 046 private Subject subject; 047 private CallbackHandler callbackHandler; 048 049 private Properties users; 050 private Map<String,Set<String>> groups; 051 private String user; 052 private final Set<Principal> principals = new HashSet<Principal>(); 053 private boolean loginSucceeded; 054 055 @Override 056 public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { 057 this.subject = subject; 058 this.callbackHandler = callbackHandler; 059 loginSucceeded = false; 060 init(options); 061 users = load(USER_FILE_PROP_NAME, "user", options).getProps(); 062 groups = load(GROUP_FILE_PROP_NAME, "group", options).invertedPropertiesValuesMap(); 063 } 064 065 @Override 066 public boolean login() throws LoginException { 067 Callback[] callbacks = new Callback[2]; 068 069 callbacks[0] = new NameCallback("Username: "); 070 callbacks[1] = new PasswordCallback("Password: ", false); 071 try { 072 callbackHandler.handle(callbacks); 073 } catch (IOException ioe) { 074 throw new LoginException(ioe.getMessage()); 075 } catch (UnsupportedCallbackException uce) { 076 throw new LoginException(uce.getMessage() + " not available to obtain information from user"); 077 } 078 user = ((NameCallback) callbacks[0]).getName(); 079 char[] tmpPassword = ((PasswordCallback) callbacks[1]).getPassword(); 080 if (tmpPassword == null) { 081 tmpPassword = new char[0]; 082 } 083 if (user == null) { 084 throw new FailedLoginException("user name is null"); 085 } 086 String password = users.getProperty(user); 087 088 if (password == null) { 089 throw new FailedLoginException("User does exist"); 090 } 091 if (!password.equals(new String(tmpPassword))) { 092 throw new FailedLoginException("Password does not match"); 093 } 094 loginSucceeded = true; 095 096 if (debug) { 097 LOG.debug("login " + user); 098 } 099 return loginSucceeded; 100 } 101 102 @Override 103 public boolean commit() throws LoginException { 104 boolean result = loginSucceeded; 105 if (result) { 106 principals.add(new UserPrincipal(user)); 107 108 Set<String> matchedGroups = groups.get(user); 109 if (matchedGroups != null) { 110 for (String entry : matchedGroups) { 111 principals.add(new GroupPrincipal(entry)); 112 } 113 } 114 115 subject.getPrincipals().addAll(principals); 116 } 117 118 // will whack loginSucceeded 119 clear(); 120 121 if (debug) { 122 LOG.debug("commit, result: " + result); 123 } 124 return result; 125 } 126 127 @Override 128 public boolean abort() throws LoginException { 129 clear(); 130 131 if (debug) { 132 LOG.debug("abort"); 133 } 134 return true; 135 } 136 137 @Override 138 public boolean logout() throws LoginException { 139 subject.getPrincipals().removeAll(principals); 140 principals.clear(); 141 clear(); 142 if (debug) { 143 LOG.debug("logout"); 144 } 145 return true; 146 } 147 148 private void clear() { 149 user = null; 150 loginSucceeded = false; 151 } 152 153}