JbossLoginModule.java example

Explorer
etk-component-master
/*
 * Copyright (C) 2003-2007 eXo Platform SAS.
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Affero General Public License
 * as published by the Free Software Foundation; either version 3
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, see<http://www.gnu.org/licenses/>.
 */

package org.etk.core.security.j2ee;

import java.security.Principal;
import java.security.acl.Group;
import java.util.Set;
import java.util.List;
import java.util.Iterator;
import java.util.ArrayList;

import javax.security.auth.login.LoginException;
import javax.management.MBeanServer;
import javax.management.ObjectName;
import javax.management.InstanceNotFoundException;
import javax.management.MBeanException;
import javax.management.ReflectionException;
import javax.management.MalformedObjectNameException;

import org.etk.common.logging.Logger;
import org.etk.core.security.jaas.DefaultLoginModule;
import org.etk.core.security.jaas.JAASGroup;
import org.etk.core.security.jaas.RolePrincipal;
import org.etk.core.security.jaas.UserPrincipal;
import org.etk.kernel.container.monitor.jvm.J2EEServerInfo;



/**
 * Created by The eXo Platform SAS .
 * 
 * @author Gennady Azarenkov
 * @version $Id: JbossLoginModule.java 33190 2009-06-30 10:28:21Z dkatayev $
 */

public class JbossLoginModule extends DefaultLoginModule {
  /** . */
  private static Logger log = Logger.getLogger(JbossLoginModule.class);

  /**
   * {@inheritDoc}
   */
  @Override
  public boolean commit() throws LoginException {

    if (super.commit()) {

      Set<Principal> principals = subject.getPrincipals();

      Group roleGroup = new JAASGroup(JAASGroup.ROLES);
      for (String role : identity.getRoles())
        roleGroup.addMember(new RolePrincipal(role));

      // group principal
      principals.add(roleGroup);

      // username principal
      principals.add(new UserPrincipal(identity.getUserId()));

      return true;
    } else {
      return false;
    }

  }

  /**
   * Attempts eviction of the subject in the JBoss security manager cache.
   *
   * @return a boolean
   * @throws LoginException any login exception
   */
  @Override
  public boolean logout() throws LoginException {
    J2EEServerInfo info = new J2EEServerInfo();
    MBeanServer jbossServer = info.getMBeanServer();

    //
    if (jbossServer != null) {
      try {

        log.debug("Performing JBoss security manager cache eviction");

        ObjectName securityManagerName = new ObjectName("jboss.security:service=JaasSecurityManager");

        // Obtain user name
        String userName = null;
        Set<UserPrincipal> userPrincipals = subject.getPrincipals(UserPrincipal.class);
        if (!userPrincipals.isEmpty()) {
          // There should be one
          userName = userPrincipals.iterator().next().getName();
        }

        //
        if (userName != null) {
          log.debug("Going to perform JBoss security manager cache eviction for user " + userName);

          //
          List allPrincipals = (List)
            jbossServer.invoke(
              securityManagerName,
              "getAuthenticationCachePrincipals",
              new Object[]{"exo-domain"},
              new String[]{String.class.getName()});

          // Make a copy to avoid some concurrent mods
          allPrincipals = new ArrayList(allPrincipals);

          // Lookup for invalidation key, it must be the same principal!
          Principal key = null;
          for (Iterator i = allPrincipals.iterator();i.hasNext();) {
            Principal principal = (Principal)i.next();
            if (principal.getName().equals(userName)) {
              key = principal;
              break;
            }
          }

          // Perform invalidation
          if (key != null) {
            jbossServer.invoke(
              securityManagerName,
              "flushAuthenticationCache",
              new Object[]{"exo-domain",key},
              new String[]{String.class.getName(),Principal.class.getName()});
            log.debug("Performed JBoss security manager cache eviction for user " + userName + " with principal " + key);
          } else {
            log.warn("No principal found when performing JBoss security manager cache eviction for user " + userName);
          }
        } else {
          log.warn("No user name found when performing JBoss security manager cache eviction");
        }
      }
      catch (Exception e) {
        log.error("Could not perform JBoss security manager cache eviction", e);
      }
    } else {
      log.debug("Could not find mbean server for performing JBoss security manager cache eviction");
    }

    //
    return true;
  }
}