SecurityAdminImpl.java

/*
 *  Copyright 2012 The Solmix Project
 *
 * This is free software; you can redistribute it and/or modify it
 * under the terms of the GNU Lesser General Public License as
 * published by the Free Software Foundation; either version 2.1 of
 * the License, or (at your option) any later version.
 *
 * This software is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Lesser General Public License for more details.
 *
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * http://www.gnu.org/licenses/ 
 * or see the FSF site: http://www.fsf.org. 
 */

package org.solmix.fmk.security;

import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;

import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.solmix.api.security.GroupManager;
import org.solmix.api.security.Realm;
import org.solmix.api.security.RoleManager;
import org.solmix.api.security.SecurityAdmin;
import org.solmix.api.security.UserManager;
import org.solmix.api.security.auth.callback.CredentialsCallbackHandler;
import org.solmix.api.security.auth.login.LoginResult;

/**
 * 
 * @version 110035 2012-9-29
 * @since 0.1
 */

public class SecurityAdminImpl implements SecurityAdmin
{

    private static final Logger log = LoggerFactory.getLogger(SecurityAdminImpl.class);

    private UserManager userManager;

    private RoleManager roleManager;

    private GroupManager groupManager;

    /**
     * @param userManager the userManager to set
     */
    public void setUserManager(UserManager userManager) {
        this.userManager = userManager;
    }

    /**
     * @param roleManager the roleManager to set
     */
    public void setRoleManager(RoleManager roleManager) {
        this.roleManager = roleManager;
    }

    /**
     * @param groupManager the groupManager to set
     */
    public void setGroupManager(GroupManager groupManager) {
        this.groupManager = groupManager;
    }

    /**
     * {@inheritDoc}
     * 
     * @see org.solmix.api.security.SecurityAdmin#getUserManager()
     */
    @Override
    public UserManager getUserManager() {
        if (userManager == null) {
            userManager = UserManagerImpl.getInstance();
        }
        return userManager;
    }

    /**
     * {@inheritDoc}
     * 
     * @see org.solmix.api.security.SecurityAdmin#getRoleManager()
     */
    @Override
    public RoleManager getRoleManager() {
        if (roleManager == null)

            roleManager = RoleManagerImpl.getInstance();
        return roleManager;
    }

    /**
     * {@inheritDoc}
     * 
     * @see org.solmix.api.security.SecurityAdmin#getGroupManager()
     */
    @Override
    public GroupManager getGroupManager() {
        if (groupManager == null)
            GroupManagerImpl.getInstance();
        return groupManager;
    }

    /**
     * {@inheritDoc}
     * 
     * @see org.solmix.api.security.SecurityAdmin#getUserManager(java.lang.String)
     */
    @Override
    public UserManager getUserManager(String realmName) {
        if (Realm.REALM_ALL.getName().equals(realmName)) {
            return getUserManager();
        }
        return userManager.get(realmName);
    }

    /**
     * login using {@link org.solmix.fmk.SlxContext#login login}
     * 
     * @see org.solmix.api.security.SecurityAdmin#authenticate(org.solmix.api.security.auth.callback.CredentialsCallbackHandler,
     *      java.lang.String)
     */
    @Override
    public LoginResult authenticate(CredentialsCallbackHandler callbackHandler, String jaasModuleName) {
        Subject subject;
        try {
            LoginContext loginContext = createLoginContext(callbackHandler, jaasModuleName);
            loginContext.login();
            subject = loginContext.getSubject();

            return new LoginResult(LoginResult.STATUS_SUCCEEDED, subject);
        } catch (LoginException e) {
            logLoginException(e);
            return new LoginResult(LoginResult.STATUS_FAILED, e);
        }
    }

    /**
     * Logs plain LoginException in error level, but subclasses in debug, since they are specifically thrown when a
     * known error occurs (wrong password, blocked account, etc.).
     */
    private void logLoginException(LoginException e) {
        if (e.getClass().equals(LoginException.class)) {
            log.error("Can't login due to: ", e);
        } else {
            // specific subclasses were added in Java5 to identify what the login failure was
            log.debug("Can't login due to: ", e);
        }
    }

    /**
     * @param callbackHandler
     * @param customLoginModule Used <code>customLoginModule</code> login module from JAAS configuration file.If not set
     *        used default.
     * @return
     * @throws LoginException
     */
    protected static LoginContext createLoginContext(CredentialsCallbackHandler callbackHandler, String customLoginModule) throws LoginException {
        final String loginContextName = StringUtils.defaultString(customLoginModule, DEFAULT_JAAS_LOGIN_CHAIN);
        return new LoginContext(loginContextName, callbackHandler);
    }
}