| /* |
| * Licensed to the Apache Software Foundation (ASF) under one or more |
| * contributor license agreements. See the NOTICE file distributed with |
| * this work for additional information regarding copyright ownership. |
| * The ASF licenses this file to You under the Apache License, Version 2.0 |
| * (the "License"); you may not use this file except in compliance with |
| * the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| package org.apache.openejb.core.security; |
| |
| import org.apache.openejb.core.security.jaas.UsernamePasswordCallbackHandler; |
| import org.apache.openejb.loader.SystemInstance; |
| import org.apache.openejb.util.ConfUtils; |
| import org.apache.xbean.finder.archive.FileArchive; |
| |
| import javax.security.auth.Subject; |
| import javax.security.auth.login.LoginContext; |
| import javax.security.auth.login.LoginException; |
| import java.net.URL; |
| import java.util.Map; |
| import java.util.UUID; |
| import java.util.concurrent.ConcurrentHashMap; |
| |
| /** |
| * @version $Rev$ $Date$ |
| */ |
| public class SecurityServiceImpl extends AbstractSecurityService { |
| |
| private static final Map<Object, LoginContext> contexts = new ConcurrentHashMap<Object, LoginContext>(); |
| |
| public SecurityServiceImpl() { |
| this(autoJaccProvider()); |
| } |
| |
| public SecurityServiceImpl(final String jaccProviderClass) { |
| super(jaccProviderClass); |
| installJaas(); |
| |
| try { |
| // Perform a login attempt (which should fail) |
| // simply to excercise the initialize code of any |
| // LoginModules that are configured. |
| // They should have a chance to perform any special |
| // boot-time code that they may need. |
| login("", ""); |
| } catch (final Throwable e) { |
| //Ignore |
| } |
| } |
| |
| @SuppressWarnings("deprecation") |
| protected static void installJaas() { |
| final String path = SystemInstance.get().getOptions().get("java.security.auth.login.config", (String) null); |
| |
| if (path != null) { |
| return; |
| } |
| |
| final URL loginConfig = ConfUtils.getConfResource("login.config"); |
| System.setProperty("java.security.auth.login.config", FileArchive.decode(loginConfig.toExternalForm())); |
| } |
| |
| @Override |
| public UUID login(String realmName, final String username, final String password) throws LoginException { |
| if (realmName == null) { |
| realmName = getRealmName(); |
| } |
| final LoginContext context = new LoginContext(realmName, new UsernamePasswordCallbackHandler(username, password)); |
| context.login(); |
| |
| final Subject subject = context.getSubject(); |
| |
| final UUID token = registerSubject(subject); |
| contexts.put(token, context); |
| |
| return token; |
| } |
| |
| /* (non-Javadoc) |
| * @see org.apache.openejb.core.security.AbstractSecurityService#logout(java.util.UUID) |
| */ |
| @Override |
| public void logout(final UUID securityIdentity) throws LoginException { |
| final LoginContext context = contexts.remove(securityIdentity); |
| if (null == context) { |
| throw new IllegalStateException("Unable to logout. Can not recover LoginContext."); |
| } |
| context.logout(); |
| super.logout(securityIdentity); |
| } |
| |
| } |