📄 jbossuserrealm.java
字号:
//========================================================================//Copyright 2004-2008 Mort Bay Consulting Pty. Ltd.//------------------------------------------------------------------------//Licensed under the Apache License, Version 2.0 (the "License");//you may not use this file except in compliance with the License.//You may obtain a copy of the License at //http://www.apache.org/licenses/LICENSE-2.0//Unless required by applicable law or agreed to in writing, software//distributed under the License is distributed on an "AS IS" BASIS,//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.//See the License for the specific language governing permissions and//limitations under the License.//========================================================================//========================================================================
//$Id: $
//JBoss Jetty Integration
//------------------------------------------------------------------------
//Licensed under LGPL.
//See license terms at http://www.gnu.org/licenses/lgpl.html
//========================================================================
package org.jboss.jetty.security;
import java.io.Serializable;
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.HashMap;
import java.util.Set;
import java.util.Stack;
import javax.management.MBeanServer;
import javax.management.MBeanServerFactory;
import javax.management.ObjectName;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.security.auth.Subject;
import org.jboss.jetty.JBossWebAppContext;
import org.jboss.logging.Logger;
import org.jboss.security.AuthenticationManager;
import org.jboss.security.NobodyPrincipal;
import org.jboss.security.RealmMapping;
import org.jboss.security.RunAsIdentity;
import org.jboss.security.SecurityAssociation;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.SubjectSecurityManager;
import org.mortbay.jetty.security.HashSSORealm;
import org.mortbay.jetty.Request;
import org.mortbay.jetty.Response;
import org.mortbay.jetty.security.SSORealm;
import org.mortbay.jetty.security.UserRealm;
import org.mortbay.jetty.security.Credential;
/**
* JBossUserRealm
* An implementation of UserRealm that integrates with the JBossSX security
* manager associted with the web application.
*
* @author Scott_Stark@displayscape.com
* @author Cert Auth by pdawes@users.sf.net
* @author SSO Patch by steve.g@byu.edu
* @version $Revision: 1.9 $
*/
public class JBossUserRealm implements UserRealm, SSORealm
{
private final Logger _log;
protected final String _realmName;
protected final String _subjAttrName;
protected SubjectSecurityManager _subjSecMgr = null;
protected AuthenticationManager _authMgr = null;
private final HashMap _users = new HashMap();
protected RealmMapping _realmMapping = null;
protected JBossWebAppContext _jbossWebAppContext = null;
/*
* Since there is a seperate instance of JBossUserRealm per web-app
* regardless of whether the realm-name is the same, this creates an
* instance of HashSSORealm shared between all JBossUserRealms that have the
* same realm-name.
*/
private final static HashMap _sharedHashSSORealms = new HashMap();
private String _ssoRealmName = null;
private HashSSORealm _ssoRealm = null;
/**
* JBossUserPrincipal
*
*
*/
static class JBossUserPrincipal implements Principal, Serializable
{
protected transient Logger _logRef;
protected transient JBossUserRealm _realm;
protected Principal _principal;
private String _password;
private Stack _roleStack= new Stack();;
JBossUserPrincipal() {}
JBossUserPrincipal(String name, Logger log)
{
_principal = new SimplePrincipal(name);
this._logRef = log;
if (log.isDebugEnabled())
log.debug("created JBossUserRealm::JBossUserPrincipal: " + name);
}
void associateWithRealm(JBossUserRealm realm)
{
this._realm = realm;
}
private boolean isAuthenticated(String password)
{
boolean authenticated = false;
if (password == null) password = "";
char[] passwordChars = password.toCharArray();
if (_logRef.isDebugEnabled())
_logRef.debug("authenticating: Name:" + _principal + " Password:****"/* +password */);
Subject subjectCopy = new Subject();
if (_realm._subjSecMgr != null && _realm._subjSecMgr.isValid(this._principal, passwordChars, subjectCopy))
{
if (_logRef.isDebugEnabled())
_logRef.debug("authenticated: " + _principal);
SecurityAssociation.setPrincipal(_principal);
SecurityAssociation.setCredential(passwordChars);
SecurityAssociation.setSubject(subjectCopy);
authenticated = true;
}
else
{
_logRef.warn("authentication failure: " + _principal);
}
return authenticated;
}
public boolean equals(Object o)
{
if (o == this) return true;
if (o == null) return false;
if (getClass() != o.getClass()) return false;
String myName = this.getName();
String yourName = ((JBossUserPrincipal) o).getName();
if (myName == null && yourName == null) return true;
if (myName != null && myName.equals(yourName)) return true;
return false;
}
public String getName()
{
return _realm._realmMapping.getPrincipal(_principal).getName();
}
public boolean authenticate(String password, Request request)
{
_password = password;
boolean authenticated = false;
authenticated = isAuthenticated(_password);
if (authenticated && _realm._subjSecMgr != null)
{
Subject subject = _realm._subjSecMgr.getActiveSubject();
request.setAttribute(_realm._subjAttrName, subject);
}
return authenticated;
}
public boolean isAuthenticated()
{
return isAuthenticated(_password);
}
public boolean isUserInRole(String role)
{
boolean isUserInRole = false;
if (!_roleStack.isEmpty() && _roleStack.peek().equals(role))
return true;
Set requiredRoles = Collections.singleton(new SimplePrincipal(role));
if (_realm._realmMapping != null
&& _realm._realmMapping.doesUserHaveRole(this._principal,requiredRoles))
{
if (_logRef.isDebugEnabled())
_logRef.debug("JBossUserPrincipal: " + _principal + " is in Role: " + role);
isUserInRole = true;
}
else
{
if (_logRef.isDebugEnabled())
_logRef.debug("JBossUserPrincipal: " + _principal + " is NOT in Role: " + role);
}
return isUserInRole;
}
public String toString()
{
return getName();
}
public void push (String roleName)
{
_roleStack.push(roleName);
}
public void pop ()
{
_roleStack.pop();
}
}
/**
* JBossNobodyUserPrincipal
* Represents the default user.
*/
static class JBossNobodyUserPrincipal extends JBossUserPrincipal
{
public JBossNobodyUserPrincipal(Logger log)
{
_principal = new NobodyPrincipal();
this._logRef = log;
if (log.isDebugEnabled())
log.debug("created JBossUserRealm::JBossNobodyUserPrincipal");
}
public boolean isAuthenticated()
{
return true;
}
public boolean authenticate(String password, Request request)
{
return true;
}
}
/**
* JBossCertificatePrincipal
* Represents a user which has been authenticated elsewhere
* (e.g. at the fronting server), and thus doesnt have credentials
*
*/
static class JBossCertificatePrincipal extends JBossUserPrincipal
{
private X509Certificate[] _certs;
JBossCertificatePrincipal(String name, Logger log, X509Certificate[] certs)
{
super(name, log);
_certs = certs;
if (_logRef.isDebugEnabled())
_logRef.debug("created JBossUserRealm::JBossCertificatePrincipal: "+ name);
}
public boolean isAuthenticated()
{
// TODO I'm dubious if this is correct???
_logRef.debug("JBossUserRealm::isAuthenticated called");
return true;
}
public boolean authenticate()
{
boolean authenticated = false;
if (_logRef.isDebugEnabled())
_logRef.debug("authenticating: Name:" + _principal);
// Authenticate using the cert as the credential
Subject subjectCopy = new Subject();
if (_realm._subjSecMgr != null && _realm._subjSecMgr.isValid(_principal, _certs, subjectCopy))
{
if (_logRef.isDebugEnabled())
_logRef.debug("authenticated: " + _principal);
SecurityAssociation.setPrincipal(_principal);
SecurityAssociation.setCredential(_certs);
SecurityAssociation.setSubject(subjectCopy);
authenticated = true;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -