databaseloginmodule.java

Chinaxp 论坛源代码

package org.redsoft.forum.security;

import java.io.IOException;
import java.util.Map;
import java.util.Properties;

import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

import org.redsoft.forum.dao.Account;
import org.redsoft.forum.dao.AccountDAO;
import org.redsoft.forum.dao.DAOFactory;
import org.redsoft.forum.exception.AccountNotFoundException;
import org.redsoft.forum.exception.DAOException;

/*
 * A dependent Database login module for JAAS
 * To build a generic one,just replace the db operation with a generic way like use class loader to load the driver
 * and create the connection
 *
 * @author Charles Huang
 * @since JDK1.4
 * @version $Id: DataBaseLoginModule.java,v 1.2 2004/04/10 19:57:00 cinc Exp $
 */
public class DataBaseLoginModule implements LoginModule{


    // All the properties used to connec to DB
    private Properties options;

    //obtained from LoginContext
	private Subject subject;

    private CallbackHandler callbackHandler;

    private boolean isAuthenticated = false;

    private String username;

    /**
     * Initialize this LoginModule.
     *
     * <p> This method is called by the <code>LoginContext</code>
     * after this <code>LoginModule</code> has been instantiated.
     * The purpose of this method is to initialize this
     * <code>LoginModule</code> with the relevant information.
     * If this <code>LoginModule</code> does not understand
     * any of the data stored in <code>sharedState</code> or
     * <code>options</code> parameters, they can be ignored.
     *
     * <p>
     *
     * @param subject the <code>Subject</code> to be authenticated. <p>
     *
     * @param callbackHandler a <code>CallbackHandler</code> for communicating
     *			with the end user (prompting for usernames and
     *			passwords, for example). <p>
     *
     * @param sharedState state shared with other configured LoginModules. <p>
     *
     * @param options options specified in the login
     *			<code>Configuration</code> for this particular
     *			<code>LoginModule</code>.
     */
    public void initialize(Subject subject, CallbackHandler callbackHandler,
                           Map sharedState, Map options) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
    }

    /**
     * Method to authenticate a <code>Subject</code> (phase 1).
     *
     * <p> The implementation of this method authenticates
     * a <code>Subject</code>.  For example, it may prompt for
     * <code>Subject</code> information such
     * as a username and password and then attempt to verify the password.
     * This method saves the result of the authentication attempt
     * as private state within the LoginModule.
     *
     * <p>
     *
     * @exception LoginException if the authentication fails
     *
     * @return true if the authentication succeeded, or false if this
     *			<code>LoginModule</code> should be ignored.
     */
    public boolean login() throws LoginException {

        try{
            // Retrieve the user name and password from the screen through the callback handler
            final Callback[] calls= new Callback[2];
            calls[0]=new NameCallback("name");
            calls[1]=new PasswordCallback("Password",false);
            if(callbackHandler == null){
                throw new LoginException("callback is null");
            }
            callbackHandler.handle(calls);
            username =((NameCallback) calls[0]).getName();
            if( username.equals( null ))
                throw new LoginException("name must not be null");
            final String password = String.valueOf(((PasswordCallback)(calls[1])).getPassword());
            if( password.equals( null ) )
                throw new LoginException("password must not be null");

            // Find the user and match the password
            final AccountDAO dao = DAOFactory.getInstance().getAccountDAO();
            final Account account = dao.findByUserName( username );
            if( !password.equals( account.getPassword() ) ){
                throw new LoginException("Invalid password");
            }
        }catch ( final AccountNotFoundException ex) {
            throw new LoginException( ex.toString() + ":" + username );
        }catch ( final DAOException sqlExeption ){
            throw new LoginException( sqlExeption.getMessage() );
        }catch ( final IOException ioException ){
            throw new LoginException( ioException.getMessage() );
        }catch ( final UnsupportedCallbackException unsupported ){
            throw new LoginException( unsupported.getMessage() );
        }
        isAuthenticated = true;
        // Nothnig went wrong,authenctication succeed
        return isAuthenticated;
    }

    /**
     * Method to commit the authentication process (phase 2).
     *
     * <p> This method is called if the LoginContext's
     * overall authentication succeeded
     * (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
     * succeeded).
     *
     * <p> If this LoginModule's own authentication attempt
     * succeeded (checked by retrieving the private state saved by the
     * <code>login</code> method), then this method associates relevant
     * Principals and Credentials with the <code>Subject</code> located in the
     * <code>LoginModule</code>.  If this LoginModule's own
     * authentication attempted failed, then this method removes/destroys
     * any state that was originally saved.
     *
     * <p>
     *
     * @exception LoginException if the commit fails
     *
     * @return true if this method succeeded, or false if this
     *			<code>LoginModule</code> should be ignored.
     */
    public boolean commit() throws LoginException {
        if ( isAuthenticated ){
            subject.getPrincipals().add( new User( username ) );
            //TODO: Put in role information later
        }else{
            throw new LoginException("Authentication fails");
        }
        return isAuthenticated;
    }

    /**
     * Method to abort the authentication process (phase 2).
     *
     * <p> This method is called if the LoginContext's
     * overall authentication failed.
     * (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
     * did not succeed).
     *
     * <p> If this LoginModule's own authentication attempt
     * succeeded (checked by retrieving the private state saved by the
     * <code>login</code> method), then this method cleans up any state
     * that was originally saved.
     *
     * <p>
     *
     * @exception LoginException if the abort fails
     *
     * @return true if this method succeeded, or false if this
     *			<code>LoginModule</code> should be ignored.
     */
    public boolean abort() throws LoginException {
        return false;
    }

    /**
     * Method which logs out a <code>Subject</code>.
     *
     * <p>An implementation of this method might remove/destroy a Subject's
     * Principals and Credentials.
     *
     * <p>
     *
     * @exception LoginException if the logout fails
     *
     * @return true if this method succeeded, or false if this
     *			<code>LoginModule</code> should be ignored.
     */
    public boolean logout() throws LoginException {
        return false;
    }
}