1
package com.eucalyptus.auth.api;
5
import javax.security.auth.Subject;
6
import javax.security.auth.callback.CallbackHandler;
7
import javax.security.auth.login.LoginException;
8
import javax.security.auth.spi.LoginModule;
9
import org.apache.log4j.Logger;
10
import com.eucalyptus.auth.Users;
11
import com.eucalyptus.auth.login.WrappedCredentials;
12
import com.eucalyptus.auth.principal.Group;
13
import com.eucalyptus.auth.principal.User;
14
import com.eucalyptus.context.Contexts;
15
import com.eucalyptus.context.NoSuchContextException;
16
import com.google.common.collect.Lists;
18
public abstract class BaseLoginModule<CB extends WrappedCredentials> implements LoginModule {
19
private static Logger LOG = Logger.getLogger( BaseLoginModule.class );
20
private boolean authenticated = false;
21
private CallbackHandler callbackHandler;
22
private Object credential;
23
private List<Group> groups = Lists.newArrayList( );
24
private User principal;
25
private Subject subject;
26
private CB wrappedCredentials;
29
public boolean abort( ) throws LoginException {
30
LOG.debug( "Login aborted." );
36
public final boolean commit( ) throws LoginException {
37
if ( !this.isAuthenticated( ) ) {
40
this.getSubject( ).getPrincipals( ).add( this.getPrincipal( ) );
41
this.getSubject( ).getPrincipals( ).addAll( this.getGroups( ) );
42
this.getSubject( ).getPublicCredentials( ).add( this.getCredential( ) );
44
Contexts.lookup( this.getWrappedCredentials( ).getCorrelationId( ) ).setUser( this.getPrincipal( ) );
45
Contexts.lookup( this.getWrappedCredentials( ).getCorrelationId( ) ).setSubject( this.getSubject( ) );
46
} catch ( final NoSuchContextException e ) {
47
BaseLoginModule.LOG.debug( e, e );
48
this.authenticated = false;
50
return this.authenticated;
53
public CallbackHandler getCallbackHandler( ) {
54
return this.callbackHandler;
57
public Object getCredential( ) {
58
return this.credential;
61
public List<Group> getGroups( ) {
65
public User getPrincipal( ) {
66
return this.principal;
69
public Subject getSubject( ) {
73
public CB getWrappedCredentials( ) {
74
return this.wrappedCredentials;
77
public abstract boolean accepts( );
80
public void initialize( final Subject subject, final CallbackHandler callbackHandler, final Map<String, ?> sharedState, final Map<String, ?> options ) {
81
this.subject = subject;
82
this.callbackHandler = callbackHandler;
83
if ( this.accepts( ) ) {
84
this.wrappedCredentials = ( CB ) callbackHandler;
86
this.wrappedCredentials = null;
90
private boolean isAuthenticated( ) {
91
return this.authenticated;
95
public boolean login( ) throws LoginException {
96
if ( this.wrappedCredentials == null ) {
100
this.setAuthenticated( this.authenticate( this.wrappedCredentials ) );
101
} catch ( final Exception e ) {
103
this.setAuthenticated( false );
104
throw new LoginException( e.getMessage( ) );
106
return this.isAuthenticated( );
109
public abstract boolean authenticate( CB credentials ) throws Exception;
112
public boolean logout( ) throws LoginException {
118
public void reset( ) {}
120
private void setAuthenticated( final boolean authenticated ) {
121
this.authenticated = authenticated;
124
public void setCredential( final Object credential ) {
125
this.credential = credential;
128
public void setPrincipal( final User principal ) {
129
this.principal = principal;
132
public void setWrappedCredentials( final CB wrappedCredentials ) {
133
this.wrappedCredentials = wrappedCredentials;
136
private void baseReset( ) {
137
if ( this.principal != null ) {
138
this.subject.getPrincipals( ).remove( this.principal );
139
this.principal = null;
141
if ( this.getCredential( ) != null ) {
142
this.getSubject( ).getPublicCredentials( ).remove( this.getCredential( ) );
143
this.credential = null;
145
this.wrappedCredentials = null;
146
this.authenticated = false;
147
this.callbackHandler = null;
148
this.groups = Lists.newArrayList( );