📄 jbossuserrealm.java
字号:
}
else
{
_logRef.warn("authentication failure: " + _principal);
}
return authenticated;
}
}
public JBossUserRealm(String realmName, String subjAttrName)
{
_realmName = realmName;
_log = Logger.getLogger(JBossUserRealm.class.getName() + "#"+ _realmName);
_subjAttrName = subjAttrName;
//always add a default user?
JBossUserPrincipal nobody = new JBossNobodyUserPrincipal(_log);
nobody.associateWithRealm(this);
_users.put("nobody", nobody);
}
public void init()
{
_log.debug("initialising realm "+_realmName);
try
{
InitialContext iniCtx = new InitialContext();
Context securityCtx = (Context) iniCtx.lookup("java:comp/env/security");
_authMgr = (AuthenticationManager) securityCtx.lookup("securityMgr");
_realmMapping = (RealmMapping) securityCtx.lookup("realmMapping");
iniCtx = null;
if (_authMgr instanceof SubjectSecurityManager)
_subjSecMgr = (SubjectSecurityManager) _authMgr;
}
catch (NamingException e)
{
_log.error("java:comp/env/security does not appear to be correctly set up", e);
}
_log.debug("...initialised");
}
// this is going to cause contention - TODO
private synchronized JBossUserPrincipal ensureUser(String userName)
{
JBossUserPrincipal user = (JBossUserPrincipal) _users.get(userName);
if (user == null)
{
user = new JBossUserPrincipal(userName, _log);
user.associateWithRealm(this);
_users.put(userName, user);
}
return user;
}
public Principal getPrincipal(String username)
{
return (Principal) _users.get(username);
}
/**
* @deprecated
*/
public Principal getUserPrincipal(String username)
{
return (Principal) _users.get(username);
}
public Principal authenticate(String userName, Object credential,
Request request)
{
if (_log.isDebugEnabled())
_log.debug("JBossUserPrincipal: " + userName);
// until we get DigestAuthentication sorted JBoss side...
JBossUserPrincipal user = null;
if (credential instanceof java.lang.String) // password
{
user = ensureUser(userName);
if (!user.authenticate((String) credential, request))
{
user = null;
}
}
else if (credential instanceof X509Certificate[]) // certificate
{
X509Certificate[] certs = (X509Certificate[]) credential;
user = this.authenticateFromCertificates(certs);
}
if (user != null)
{
request.setAuthType(javax.servlet.http.HttpServletRequest.CLIENT_CERT_AUTH);
request.setUserPrincipal(user);
}
return user;
}
public boolean reauthenticate(Principal user)
{
return ((JBossUserPrincipal) user).isAuthenticated();
}
/**
* @deprecated Use reauthenticate
*/
public boolean isAuthenticated(Principal user)
{
return ((JBossUserPrincipal) user).isAuthenticated();
}
public boolean isUserInRole(Principal user, String role)
{
return ((JBossUserPrincipal) user).isUserInRole(role);
}
public JBossUserPrincipal authenticateFromCertificates(
X509Certificate[] certs)
{
JBossCertificatePrincipal user = (JBossCertificatePrincipal) _users
.get(certs[0]);
if (user == null)
{
user = new JBossCertificatePrincipal(getFilterFromCertificate(certs[0]), _log, certs);
user.associateWithRealm(this);
_users.put(certs[0], user);
}
if (user.authenticate())
{
_log.debug("authenticateFromCertificates - authenticated");
return user;
}
_log.debug("authenticateFromCertificates - returning NULL");
return null;
}
/**
* Takes an X509Certificate object and extracts the certificate's serial
* number and issuer in order to construct a unique string representing that
* certificate.
*
* @param cert the user's certificate.
* @return an LDAP filter for retrieving the user's entry.
*/
private String getFilterFromCertificate(X509Certificate cert)
{
StringBuffer buff = new StringBuffer();
String serialNumber = cert.getSerialNumber().toString(16).toUpperCase();
if (serialNumber.length() % 2 != 0) buff.append("0");
buff.append(serialNumber);
buff.append(" ");
buff.append(cert.getIssuerDN().toString());
String filter = buff.toString();
return filter;
}
public void disassociate(Principal user)
{
SecurityAssociation.clear();
}
public Principal pushRole(Principal user, String role)
{
RunAsIdentity runAs = new RunAsIdentity(role, (user==null?null:user.getName()));
if (user==null)
user = (JBossUserPrincipal)_users.get("nobody");
//set up security for Jetty
((JBossUserPrincipal)user).push(role);
//set up security for calls to jboss ejbs
SecurityAssociation.pushRunAsIdentity(runAs);
return user;
}
public Principal popRole(Principal user)
{
((JBossUserPrincipal)user).pop();
//clear a run-as role set for jboss ejb calls
SecurityAssociation.popRunAsIdentity();
return user;
}
public void logout(Principal user)
{
// yukky hack to try and force JBoss to actually
// flush the user from the jaas security manager's cache therefore
// forcing logincontext.logout() to be called
try
{
Principal pUser = user;
if (user instanceof JBossUserPrincipal)
pUser = ((JBossUserPrincipal) user)._principal;
java.util.ArrayList servers = MBeanServerFactory.findMBeanServer(null);
if (servers.size() != 1)
_log.warn("More than one MBeanServer found, choosing first");
MBeanServer server = (MBeanServer) servers.get(0);
server.invoke(new ObjectName("jboss.security:service=JaasSecurityManager"),
"flushAuthenticationCache",
new Object[] { getName(), pUser },
new String[] {"java.lang.String", "java.security.Principal" });
}
catch (Exception e)
{
_log.error(e);
}
catch (Error err)
{
_log.error(err);
}
}
/**
* @param name The name of a Single Sign On realm. Realms that share a sso
* realm will share authentication for users. Null if no SSO
* realm.
*/
public void setSSORealmName(String name)
{
_ssoRealmName = name;
_ssoRealm = null;
}
/**
* @return The name of a Single Sign On realm. Realms that share a sso realm
* will share authentication for users. Null if no SSO realm.
*/
public String getSSORealmName()
{
return _ssoRealmName;
}
public Credential getSingleSignOn(Request request, Response response)
{
if (!isSSORealm()) return null;
Credential singleSignOnCredential = _ssoRealm.getSingleSignOn(request,
response);
if (_log.isDebugEnabled())
_log.debug("getSingleSignOn principal="
+ request.getUserPrincipal() + " credential="
+ singleSignOnCredential);
return singleSignOnCredential;
}
public void setSingleSignOn(Request request, Response response,
Principal principal, Credential credential)
{
if (!isSSORealm()) return;
if (_log.isDebugEnabled())
_log.debug("setSingleSignOn called. principal=" + principal
+ " credential=" + credential);
_ssoRealm.setSingleSignOn(request, response, principal, credential);
}
public void clearSingleSignOn(String username)
{
if (!isSSORealm()) return;
if (_log.isDebugEnabled())
_log.debug("clearSingleSignOn called. username=" + username);
_ssoRealm.clearSingleSignOn(username);
SecurityAssociation.setPrincipal(null);
SecurityAssociation.setCredential(null);
}
private boolean isSSORealm()
{
if (_ssoRealm == null && _ssoRealmName != null)
{
synchronized (_sharedHashSSORealms)
{
_ssoRealm = (HashSSORealm) _sharedHashSSORealms
.get(_ssoRealmName);
if (_ssoRealm == null)
{
_log.debug("created SSORealm for " + _ssoRealmName);
_ssoRealm = new HashSSORealm();
_sharedHashSSORealms.put(_ssoRealmName, _ssoRealm);
}
}
}
return _ssoRealm != null;
}
public String getName()
{
return _realmName;
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -