| /* |
| * Licensed to the Apache Software Foundation (ASF) under one or more |
| * contributor license agreements. See the NOTICE file distributed with |
| * this work for additional information regarding copyright ownership. |
| * The ASF licenses this file to You under the Apache License, Version 2.0 |
| * (the "License"); you may not use this file except in compliance with |
| * the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| package org.apache.jackrabbit.oak.security.authentication; |
| |
| import org.apache.jackrabbit.oak.api.ContentRepository; |
| import org.apache.jackrabbit.oak.security.authentication.monitor.LoginModuleMonitorImpl; |
| import org.apache.jackrabbit.oak.spi.security.ConfigurationBase; |
| import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; |
| import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration; |
| import org.apache.jackrabbit.oak.spi.security.SecurityProvider; |
| import org.apache.jackrabbit.oak.spi.security.authentication.AuthenticationConfiguration; |
| import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider; |
| import org.apache.jackrabbit.oak.spi.security.authentication.LoginModuleMonitor; |
| import org.apache.jackrabbit.oak.spi.whiteboard.Whiteboard; |
| import org.apache.jackrabbit.oak.spi.whiteboard.WhiteboardAware; |
| import org.apache.jackrabbit.oak.stats.Monitor; |
| import org.apache.jackrabbit.oak.stats.StatisticsProvider; |
| import org.jetbrains.annotations.NotNull; |
| import org.osgi.service.component.annotations.Activate; |
| import org.osgi.service.component.annotations.Component; |
| import org.osgi.service.metatype.annotations.AttributeDefinition; |
| import org.osgi.service.metatype.annotations.Designate; |
| import org.osgi.service.metatype.annotations.ObjectClassDefinition; |
| import org.slf4j.Logger; |
| import org.slf4j.LoggerFactory; |
| |
| import java.util.Collections; |
| import java.util.Map; |
| |
| /** |
| * Default implementation of the {@code AuthenticationConfiguration} with the |
| * following characteristics: |
| * |
| * <ul> |
| * <li> |
| * {@link LoginContextProvider}: Returns the default implementation of |
| * {@code LoginContextProvider} that handles standard JAAS based logins and |
| * deals with pre-authenticated subjects.</li> |
| * </ul> |
| * |
| */ |
| @Component(service = {AuthenticationConfiguration.class, SecurityConfiguration.class}) |
| @Designate(ocd = AuthenticationConfigurationImpl.Configuration.class) |
| public class AuthenticationConfigurationImpl extends ConfigurationBase implements AuthenticationConfiguration { |
| |
| @ObjectClassDefinition(name = "Apache Jackrabbit Oak AuthenticationConfiguration") |
| @interface Configuration { |
| |
| @AttributeDefinition( |
| name = "Application Name", |
| description = "Application named used for JAAS authentication", |
| defaultValue = AuthenticationConfiguration.DEFAULT_APP_NAME |
| ) |
| String org_apache_jackrabbit_oak_authentication_appName() default AuthenticationConfiguration.DEFAULT_APP_NAME; |
| |
| @AttributeDefinition( |
| name = "JAAS Config SPI Name", |
| description = "Name of JAAS Configuration Spi. This needs to be set to JAAS config provider " + |
| "name if JAAS authentication is managed by Felix JAAS Support with its Global " + |
| "Configuration Policy set to 'default'.") |
| String org_apache_jackrabbit_oak_authentication_configSpiName(); |
| } |
| |
| private static final Logger log = LoggerFactory.getLogger(AuthenticationConfigurationImpl.class); |
| |
| // stats |
| private LoginModuleMonitor lmMonitor = LoginModuleMonitor.NOOP; |
| |
| /** |
| * Constructor for OSGi |
| */ |
| @SuppressWarnings("UnusedDeclaration") |
| public AuthenticationConfigurationImpl() { |
| super(); |
| } |
| |
| @SuppressWarnings("UnusedDeclaration") |
| @Activate |
| // reference to @Configuration class needed for correct DS xml generation |
| private void activate(Configuration configuration, Map<String, Object> properties) { |
| setParameters(ConfigurationParameters.of(properties)); |
| } |
| |
| /** |
| * Constructor for non-OSGi |
| * @param securityProvider The {@code SecurityProvider} this configuration belongs to. |
| */ |
| public AuthenticationConfigurationImpl(@NotNull SecurityProvider securityProvider) { |
| super(securityProvider, securityProvider.getParameters(NAME)); |
| } |
| |
| //----------------------------------------------< SecurityConfiguration >--- |
| @NotNull |
| @Override |
| public String getName() { |
| return NAME; |
| } |
| |
| @NotNull |
| @Override |
| public Iterable<Monitor<?>> getMonitors(@NotNull StatisticsProvider statisticsProvider) { |
| lmMonitor = new LoginModuleMonitorImpl(statisticsProvider); |
| return Collections.singleton(lmMonitor); |
| } |
| |
| //----------------------------------------< AuthenticationConfiguration >--- |
| /** |
| * Create a {@code LoginContextProvider} using standard |
| * {@link javax.security.auth.login.Configuration#getConfiguration() JAAS} |
| * functionality. In case no login configuration for the specified app name |
| * can be retrieve this implementation uses the default as defined by |
| * {@link org.apache.jackrabbit.oak.spi.security.authentication.ConfigurationUtil#getDefaultConfiguration(org.apache.jackrabbit.oak.spi.security.ConfigurationParameters)}. |
| * <p> |
| * The {@link LoginContextProvider} implementation is intended to be used with |
| * <ul> |
| * <li>Regular login using JAAS {@link javax.security.auth.spi.LoginModule} or</li> |
| * <li>Pre-authenticated subjects in which case any authentication |
| * related validation is omitted</li> |
| * </ul> |
| * |
| * <h3>Configuration Options</h3> |
| * <ul> |
| * <li>{@link #PARAM_APP_NAME}: The appName passed to |
| * {@code Configuration#getAppConfigurationEntry(String)}. The default |
| * value is {@link #DEFAULT_APP_NAME}.</li> |
| * </ul> |
| * |
| * @param contentRepository The content repository. |
| * @return An new instance of {@link LoginContextProvider}. |
| */ |
| @NotNull |
| @Override |
| public LoginContextProvider getLoginContextProvider(@NotNull ContentRepository contentRepository) { |
| String appName = getParameters().getConfigValue(PARAM_APP_NAME, DEFAULT_APP_NAME); |
| SecurityProvider provider = getSecurityProvider(); |
| Whiteboard whiteboard = null; |
| if (provider instanceof WhiteboardAware) { |
| whiteboard = ((WhiteboardAware) provider).getWhiteboard(); |
| } else { |
| log.warn("Unable to obtain whiteboard from SecurityProvider"); |
| } |
| return new LoginContextProviderImpl(appName, getParameters(), contentRepository, provider, whiteboard, lmMonitor); |
| } |
| } |