/*
* Copyright (C) 2003-2007 eXo Platform SAS.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU Affero General Public License
* as published by the Free Software Foundation; either version 3
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see<http://www.gnu.org/licenses/>.
*/
package org.etk.core.security.j2ee.websphere;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.Set;
import javax.security.auth.login.LoginException;
import org.etk.common.logging.Logger;
import org.etk.core.security.jaas.DefaultLoginModule;
import org.etk.core.security.jaas.RolePrincipal;
import org.etk.core.security.jaas.UserPrincipal;
/**
* Created by The eXo Platform SAS.
*
* WebSphere JAAS login module for provide security credential.
*
*/
public class WebsphereJAASLoginModule extends DefaultLoginModule {
private Logger log = Logger.getLogger(WebsphereJAASLoginModule.class);
/**
* Default constructor.
*/
public WebsphereJAASLoginModule() {
}
/**
* {@inheritDoc}
*/
@Override
public boolean login() throws LoginException {
if (log.isDebugEnabled())
log.debug("In login of WebsphereJAASLoginModule");
if (super.login()) {
ArrayList<String> roleGroupList = new ArrayList<String>();
for (String role : identity.getRoles()) {
roleGroupList.add(role);
}
// username principal
// Principal usernamePrincipal = new UserPrincipal(identity_.getUserId());
websphereLogin(identity.getUserId(), roleGroupList);
return true;
} else {
return false;
}
}
/**
* {@inheritDoc}
*/
@Override
public boolean commit() throws LoginException {
if (super.commit()) {
Set<Principal> principals = subject.getPrincipals();
for (String role : identity.getRoles())
principals.add(new RolePrincipal(role));
// username principal
principals.add(new UserPrincipal(identity.getUserId()));
return true;
} else {
return false;
}
}
/**
* {@inheritDoc}
*/
@Override
public boolean abort() throws LoginException {
if (log.isDebugEnabled())
log.debug("In abort of WebsphereJAASLoginModule");
return super.abort();
}
/**
* {@inheritDoc}
*/
@Override
public boolean logout() throws LoginException {
if (log.isDebugEnabled())
log.debug("In logout of WebsphereJAASLoginModule");
// getSubject().getPrincipals().remove(usernamePrincipal);
return super.logout();
}
/**
* WebSphere security credential constant name for propertiesObject.
*/
final public static String WSCREDENTIAL_PROPERTIES_KEY = "com.ibm.wsspi.security.cred.propertiesObject";
/**
* WebSphere security credential constant name for uniqueId.
*/
final public static String WSCREDENTIAL_UNIQUEID = "com.ibm.wsspi.security.cred.uniqueId";
/**
* WebSphere security credential constant name for securityName.
*/
final public static String WSCREDENTIAL_SECURITYNAME = "com.ibm.wsspi.security.cred.securityName";
/**
* WebSphere security credential constant name for groups.
*/
final public static String WSCREDENTIAL_GROUPS = "com.ibm.wsspi.security.cred.groups";
/**
* WebSphere security credential constant name for cacheKey.
*/
final public static String WSCREDENTIAL_CACHE_KEY = "com.ibm.wsspi.security.cred.cacheKey";
/**
* Create and set map of public credentials into subject.
*
* @param user String user name
* @param roleGroupList ArrayList<String> list of role groups
*/
@SuppressWarnings("unchecked")
private void websphereLogin(String user, ArrayList<String> roleGroupList) {
Hashtable hashtable = new Hashtable();
String uniqueid = user;
hashtable.put(WSCREDENTIAL_UNIQUEID, uniqueid);
hashtable.put(WSCREDENTIAL_SECURITYNAME, user);
hashtable.put(WSCREDENTIAL_GROUPS, roleGroupList);
hashtable.put(WSCREDENTIAL_CACHE_KEY, uniqueid + "WebsphereJAASLoginModule");
// sharedState.put(WSCREDENTIAL_PROPERTIES_KEY, hashtable);
subject.getPublicCredentials().add(hashtable);
}
}