diff options
Diffstat (limited to 'branches/sca-java-2.0-M4/itest/implementation-spring/src/main/java/calculator/security')
3 files changed, 294 insertions, 0 deletions
diff --git a/branches/sca-java-2.0-M4/itest/implementation-spring/src/main/java/calculator/security/CalculatorCallbackHandler.java b/branches/sca-java-2.0-M4/itest/implementation-spring/src/main/java/calculator/security/CalculatorCallbackHandler.java new file mode 100644 index 0000000000..4f063993a3 --- /dev/null +++ b/branches/sca-java-2.0-M4/itest/implementation-spring/src/main/java/calculator/security/CalculatorCallbackHandler.java @@ -0,0 +1,50 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package calculator.security; + +import java.io.IOException; + +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.NameCallback; +import javax.security.auth.callback.PasswordCallback; +import javax.security.auth.callback.UnsupportedCallbackException; + +/** + * @version $Rev$ $Date$ + */ +public class CalculatorCallbackHandler implements CallbackHandler { + + public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { + for (int i = 0; i < callbacks.length; i++) { + if (callbacks[i] instanceof NameCallback) { + NameCallback nc = (NameCallback)callbacks[i]; + nc.setName("CalculatorUser"); + } else if (callbacks[i] instanceof PasswordCallback) { + PasswordCallback pc = (PasswordCallback)callbacks[i]; + pc.setPassword("CalculatorUserPasswd".toCharArray()); + } else { + throw new UnsupportedCallbackException + (callbacks[i], "Unsupported Callback!"); + } + } + } + +} diff --git a/branches/sca-java-2.0-M4/itest/implementation-spring/src/main/java/calculator/security/JaasLoginModule.java b/branches/sca-java-2.0-M4/itest/implementation-spring/src/main/java/calculator/security/JaasLoginModule.java new file mode 100644 index 0000000000..b3ef6e7312 --- /dev/null +++ b/branches/sca-java-2.0-M4/itest/implementation-spring/src/main/java/calculator/security/JaasLoginModule.java @@ -0,0 +1,178 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package calculator.security; + +import java.security.Principal; +import java.util.Map; + +import javax.security.auth.Subject; +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.NameCallback; +import javax.security.auth.callback.PasswordCallback; +import javax.security.auth.login.LoginException; +import javax.security.auth.spi.LoginModule; + +/** + * @version $Rev$ $Date$ + */ +public class JaasLoginModule implements LoginModule { + + private CallbackHandler callbackHandler; + private Subject subject; + private Principal userPrincipal; + private String userId; + private String password; + private boolean succeeded; + private boolean commitSucceeded; + + public void initialize(Subject subject, + CallbackHandler callbackHandler, + Map<String, ?> sharedState, + Map<String, ?> options) { + this.callbackHandler = callbackHandler; + this.subject = subject; + } + + public boolean login() throws LoginException { + Callback[] callbacks = new Callback[2]; + callbacks[0] = new NameCallback("UserId:"); + callbacks[1] = new PasswordCallback("Password:", false); + + try { + callbackHandler.handle(callbacks); + userId = ((NameCallback)callbacks[0]).getName(); + password = new String(((PasswordCallback)callbacks[1]).getPassword()); + + if (userId.equals("CalculatorUser") && password.equals("CalculatorUserPasswd")) { + System.out.println("Successfully AUTHENTICATED!!"); + succeeded = true; + return true; + } else { + System.out.println("Incorrect userId / password! AUTHENTICATION FAILED!!"); + return false; + } + } catch (Exception e) { + e.printStackTrace(); + return false; + } + } + + /** + * <p> This method is called if the LoginContext's + * overall authentication succeeded + * (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules + * succeeded). + * + * <p> If this LoginModule's own authentication attempt + * succeeded (checked by retrieving the private state saved by the + * <code>login</code> method), then this method associates a + * <code>UserPrincipal</code> + * with the <code>Subject</code> located in the + * <code>LoginModule</code>. If this LoginModule's own + * authentication attempted failed, then this method removes + * any state that was originally saved. + * + * <p> + * + * @exception LoginException if the commit fails. + * + * @return true if this LoginModule's own login and commit + * attempts succeeded, or false otherwise. + */ + public boolean commit() throws LoginException { + if (succeeded == false) { + return false; + } else { + // add a Principal (authenticated identity) to the Subject + + // assume the user we authenticated is the UserPrincipal + userPrincipal = new UserPrincipal(userId); + if (!subject.getPrincipals().contains(userPrincipal)) + subject.getPrincipals().add(userPrincipal); + + // in any case, clean out state + userId = null; + password = null; + commitSucceeded = true; + return true; + } + } + + /** + * <p> This method is called if the LoginContext's + * overall authentication failed. + * (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules + * did not succeed). + * + * <p> If this LoginModule's own authentication attempt + * succeeded (checked by retrieving the private state saved by the + * <code>login</code> and <code>commit</code> methods), + * then this method cleans up any state that was originally saved. + * + * <p> + * + * @exception LoginException if the abort fails. + * + * @return false if this LoginModule's own login and/or commit attempts + * failed, and true otherwise. + */ + public boolean abort() throws LoginException { + if (succeeded == false) { + return false; + } else if (succeeded == true && commitSucceeded == false) { + // login succeeded but overall authentication failed + succeeded = false; + userId = null; + password = null; + userPrincipal = null; + } else { + // overall authentication succeeded and commit succeeded, + // but someone else's commit failed + logout(); + } + return true; + } + + /** + * Logout the user. + * + * <p> This method removes the <code>SimplePrincipal</code> + * that was added by the <code>commit</code> method. + * + * <p> + * + * @exception LoginException if the logout fails. + * + * @return true in all cases since this <code>LoginModule</code> + * should not be ignored. + */ + public boolean logout() throws LoginException { + subject.getPrincipals().remove(userPrincipal); + succeeded = false; + succeeded = commitSucceeded; + userId = null; + if (password != null) + password = null; + userPrincipal = null; + return true; + } + +} diff --git a/branches/sca-java-2.0-M4/itest/implementation-spring/src/main/java/calculator/security/UserPrincipal.java b/branches/sca-java-2.0-M4/itest/implementation-spring/src/main/java/calculator/security/UserPrincipal.java new file mode 100644 index 0000000000..595626e672 --- /dev/null +++ b/branches/sca-java-2.0-M4/itest/implementation-spring/src/main/java/calculator/security/UserPrincipal.java @@ -0,0 +1,66 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package calculator.security; + +import java.security.Principal; + +/** + * @version $Rev$ $Date$ + */ +public class UserPrincipal implements Principal { + + private final String name; + + public UserPrincipal(String name) { + if (name == null) + throw new IllegalArgumentException("name cannot be null"); + this.name = name; + } + + public String getName() { + return name; + } + + public String toString() { + return name; + } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + ((name == null) ? 0 : name.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + final UserPrincipal other = (UserPrincipal)obj; + if (name == null) { + if (other.name != null) + return false; + } else if (!name.equals(other.name)) + return false; + return true; + } +} |