/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.sling.auth.form.impl.jaas;
import java.util.Dictionary;
import javax.security.auth.spi.LoginModule;
import org.apache.felix.jaas.LoginModuleFactory;
import org.apache.sling.auth.form.impl.FormAuthenticationHandler;
import org.osgi.framework.BundleContext;
import org.osgi.framework.Constants;
import org.osgi.framework.ServiceRegistration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class JaasHelper {
private static final Logger log = LoggerFactory.getLogger(JaasHelper.class);
private final FormAuthenticationHandler authHandler;
/**
* login module service registration
*/
private final ServiceRegistration factoryRegistration;
/**
* Opens/Initializes the helper and registers the login module factory (LMF) service if possible.
*
* @param ctx the bundle context
* @param properties properties that contain the jaas related LMF service properties.
*/
public JaasHelper(FormAuthenticationHandler authHandler, BundleContext ctx, Dictionary properties) {
this.authHandler = authHandler;
// we dynamically register the LoginModuleFactory for the case we detect a login module.
if (hasSSOLoginModule(ctx)) {
factoryRegistration = registerLoginModuleFactory(ctx, properties);
} else {
factoryRegistration = null;
}
}
/**
* Checks if JAAS support is enabled and the SSO login module is present.
*
* @return {@code true} if JAAS support is enabled.
*/
public boolean enabled() {
return factoryRegistration != null;
}
/**
* Closes this helper and unregisters the login module factory if needed.
*/
public void close() {
if (factoryRegistration != null) {
factoryRegistration.unregister();
}
}
private ServiceRegistration registerLoginModuleFactory(BundleContext ctx, Dictionary properties) {
ServiceRegistration reg = null;
try {
java.util.Properties props = new java.util.Properties();
final String desc = "LoginModule Support for FormAuthenticationHandler";
props.put(Constants.SERVICE_DESCRIPTION, desc);
props.put(Constants.SERVICE_VENDOR, ctx.getBundle().getHeaders().get(Constants.BUNDLE_VENDOR));
props.put(LoginModuleFactory.JAAS_RANKING, properties.get(LoginModuleFactory.JAAS_RANKING));
props.put(LoginModuleFactory.JAAS_CONTROL_FLAG, properties.get(LoginModuleFactory.JAAS_CONTROL_FLAG));
props.put(LoginModuleFactory.JAAS_REALM_NAME, properties.get(LoginModuleFactory.JAAS_REALM_NAME));
reg = ctx.registerService(LoginModuleFactory.class.getName(),
new LoginModuleFactory() {
public LoginModule createLoginModule() {
return new FormLoginModule(authHandler);
}
@Override
public String toString() {
return desc + " (" +FormLoginModule.class.getName()+")";
}
},
props
);
log.info("Registered FormLoginModuleFactory");
} catch (Throwable e) {
log.error("unable to create an register the SSO login module factory", e);
}
return reg;
}
/**
* Checks if the {@link org.apache.sling.auth.form.impl.jaas.FormLoginModule} is available. This would not be the case
* in an non-oak setup. Note this only checks if the login module can be loaded, not if it is actually enabled
* in the jaas config.
*
* @return {@code true} if the SSOLoginModule is available.
*/
private static boolean hasSSOLoginModule(BundleContext ctx) {
try {
ctx.getBundle().loadClass("org.apache.sling.auth.form.impl.jaas.FormLoginModule");
log.debug("FormLoginModule available.");
return true;
} catch (Throwable e) {
log.debug("no FormLoginModule available.", e);
}
return false;
}
}