diff options
Diffstat (limited to '')
-rw-r--r-- | branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationInterceptor.java | 127 |
1 files changed, 127 insertions, 0 deletions
diff --git a/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationInterceptor.java b/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationInterceptor.java new file mode 100644 index 0000000000..07ccd78123 --- /dev/null +++ b/branches/sca-java-1.5.1/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationInterceptor.java @@ -0,0 +1,127 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.policy.security.http; + +import java.util.List; + +import javax.security.auth.Subject; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.login.LoginContext; + +import org.apache.tuscany.sca.invocation.Interceptor; +import org.apache.tuscany.sca.invocation.Invoker; +import org.apache.tuscany.sca.invocation.Message; +import org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy; +import org.apache.tuscany.sca.policy.security.http.util.HttpSecurityUtil; +import org.osoa.sca.ServiceRuntimeException; + +/** + * @version $Rev$ $Date$ + */ +public class LDAPRealmAuthenticationInterceptor implements Interceptor { + private List<LDAPRealmAuthenticationPolicy> authenticationPolicies; + private List<AuthorizationPolicy> authorizationPolicies; + private Invoker next; + + public LDAPRealmAuthenticationInterceptor(List<LDAPRealmAuthenticationPolicy> authenticationPolicies, + List<AuthorizationPolicy> authorizationPolicies) { + super(); + this.authenticationPolicies = authenticationPolicies; + this.authorizationPolicies = authorizationPolicies; + } + + public Invoker getNext() { + return next; + } + + public void setNext(Invoker next) { + this.next = next; + } + + public Message invoke(Message msg) { + Subject subject = null; + Subject authenticatedSubject = null; + + try { + // Perform user authentication + LDAPRealmAuthenticationPolicy authenticationPolicy = authenticationPolicies.get(0); + if( authenticationPolicy != null) { + subject = HttpSecurityUtil.getSubject(msg); + CallbackHandler callbackHandler = new LDAPRealmAuthenticationCallbackHandler(subject); + + /* This bypass Java EE */ + LoginContext lc = new LoginContext(authenticationPolicy.getRealmConfigurationName(), callbackHandler); + lc.login(); + + + /* Uses Geronimo to login */ + /* + LoginContext geronimoLoginContext = ContextManager.login(authenticationPolicy.getRealmConfigurationName(), callbackHandler); + + authenticatedSubject = geronimoLoginContext.getSubject(); + if (authenticatedSubject != null) { + //TODO: add authenticated subject to the msg header ? + } + */ + } + + AuthorizationPolicy authorizationPolicy = authorizationPolicies.get(0); + if(authorizationPolicy != null) { + if(authorizationPolicy.getAccessControl() == AuthorizationPolicy.AcessControl.allow) { + /* Geronimo Specific code */ + /* + boolean isAllowed = false; + for (String requiredRole : authorizationPolicy.getRoleNames()) { + isAllowed = isUserInRole(authenticatedSubject, requiredRole); + } + + if(! isAllowed ) { + throw new javax.security.auth.login.LoginException("Insufficient access rights !"); + } + */ + } + + } + + } catch (Exception e) { + throw new ServiceRuntimeException(e); + } + return getNext().invoke(msg); + } + + public boolean isUserInRole(Subject subject, String role) { + /* Geronimo Specific code */ + /* + AccessControlContext acc = ContextManager.getCurrentContext(); + + try { + acc.checkPermission(new WebRoleRefPermission("", role)); + } catch (Exception e) { + return false; + } + + return true; + */ + + return false; + } + + +} |