import java.security.acl.Group;
import java.util.Map;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.auth.spi.UsernamePasswordLoginModule;
/**
*
* An example custom login module that obtains passwords and roles
*
* for a user from a JNDI lookup.
*
*
*
* @author Scott.Stark@jboss.org
*
* @version $Revision: 1.4 $
*/
public class FoLoginModule extends UsernamePasswordLoginModule {
/** The JNDI name to the context that handles the password/username lookup */
private String userPathPrefix;
/** The JNDI name to the context that handles the roles/ username lookup */
private String rolesPathPrefix;
private String defaultUser;
private String defaultPassword;
private String[] defaultRoles;
private String[] roles;
/**
*
* Override to obtain the userPathPrefix and rolesPathPrefix options.
*/
@SuppressWarnings({ "rawtypes", "unchecked" })
@Override
public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
super.initialize(subject, callbackHandler, sharedState, options);
userPathPrefix = (String) options.get("userPathPrefix");
rolesPathPrefix = (String) options.get("rolesPathPrefix");
try {
defaultUser = (String) options.get("defaultUser");
defaultPassword = (String) options.get("defaultPassword");
String defaultRoles = (String) options.get("defaultRoles");
this.defaultRoles = defaultRoles != null ? defaultRoles.split(",") : new String[0];
String roles = (String) options.get("roles");
this.roles = roles != null ? roles.split(",") : new String[0];
} catch (Throwable th) {
}
log.info("default user: " + defaultUser + ", default pass: " + defaultPassword);
if (defaultUser != null && defaultPassword != null && defaultRoles != null) {
try {
InitialContext ctx = new InitialContext();
String userPath = userPathPrefix + '/' + defaultUser;
Object result = null;
try {
result = ctx.lookup(userPath);
} catch (NamingException ex) {
}
if (result == null) {
ctx.bind(userPath, defaultPassword);
}
String rolesPath = rolesPathPrefix + '/' + defaultUser;
result = null;
try {
result = ctx.lookup(rolesPath);
} catch (NamingException ex) {
}
if (result == null) {
ctx.bind(rolesPath, defaultRoles);
}
ctx.close();
} catch (Exception e) {
log.error("Failed to create roles and default user", e);
}
}
}
/**
*
* Get the roles the current user belongs to by querying the
*
* rolesPathPrefix + '/' + super.getUsername() JNDI location.
*/
protected Group[] getRoleSets() throws LoginException {
try {
InitialContext ctx = new InitialContext();
String rolesPath = rolesPathPrefix + '/' + super.getUsername();
String[] roles = (String[]) ctx.lookup(rolesPath);
for (String role : roles) {
boolean isSupported = false;
for (String r : this.roles) {
if (r.equals(role)) {
isSupported = true;
}
}
if (isSupported == false) {
throw new NamingException("role '" + role + "' is not supported");
}
}
Group[] groups = { new SimpleGroup("Roles") };
log.info("Getting roles for user=" + super.getUsername());
for (int r = 0; r < roles.length; r++) {
SimplePrincipal role = new SimplePrincipal(roles[r]);
log.info("Found role=" + roles[r]);
groups[0].addMember(role);
}
return groups;
} catch (NamingException e) {
log.error("Failed to obtain role groups for user=" + super.getUsername(), e);
throw new LoginException(e.toString(true));
}
}
/**
*
* Get the password of the current user by querying the
*
* userPathPrefix + '/' + super.getUsername() JNDI location.
*/
@Override
protected String getUsersPassword() {
try {
InitialContext ctx = new InitialContext();
String userPath = userPathPrefix + '/' + super.getUsername();
log.info("Getting password for user=" + super.getUsername());
String passwd = (String) ctx.lookup(userPath);
log.info("Found password=" + passwd);
return passwd;
} catch (Exception e) {
log.error("Failed to obtain password for user=" + super.getUsername(), e);
// throw new LoginException("!!!!" + e.getLocalizedMessage());
}
return null;
}