001    /*
002     * Copyright (C) 2012 eXo Platform SAS.
003     *
004     * This is free software; you can redistribute it and/or modify it
005     * under the terms of the GNU Lesser General Public License as
006     * published by the Free Software Foundation; either version 2.1 of
007     * the License, or (at your option) any later version.
008     *
009     * This software is distributed in the hope that it will be useful,
010     * but WITHOUT ANY WARRANTY; without even the implied warranty of
011     * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
012     * Lesser General Public License for more details.
013     *
014     * You should have received a copy of the GNU Lesser General Public
015     * License along with this software; if not, write to the Free
016     * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
017     * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
018     */
019    
020    package org.crsh.auth;
021    
022    import org.crsh.plugin.CRaSHPlugin;
023    import org.crsh.plugin.PropertyDescriptor;
024    
025    import javax.security.auth.Subject;
026    import javax.security.auth.callback.Callback;
027    import javax.security.auth.callback.CallbackHandler;
028    import javax.security.auth.callback.NameCallback;
029    import javax.security.auth.callback.PasswordCallback;
030    import javax.security.auth.callback.UnsupportedCallbackException;
031    import javax.security.auth.login.LoginContext;
032    import java.io.IOException;
033    import java.util.Collections;
034    import java.util.logging.Level;
035    
036    public class JaasAuthenticationPlugin extends CRaSHPlugin<AuthenticationPlugin> implements AuthenticationPlugin {
037    
038      /** . */
039      static final PropertyDescriptor<String> JAAS_DOMAIN = PropertyDescriptor.create("auth.jaas.domain", (String)null, "The JAAS domain name used for authentication");
040    
041      public String getName() {
042        return "jaas";
043      }
044    
045      @Override
046      protected Iterable<PropertyDescriptor<?>> createConfigurationCapabilities() {
047        return Collections.<PropertyDescriptor<?>>singletonList(JAAS_DOMAIN);
048      }
049    
050      public boolean authenticate(final String username, final String password) throws Exception {
051        String domain = getContext().getProperty(JAAS_DOMAIN);
052        if (domain != null) {
053          log.log(Level.FINE, "Will use the JAAS domain '" + domain + "' for authenticating user " + username);
054          LoginContext loginContext = new LoginContext(domain, new Subject(), new CallbackHandler() {
055            public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
056              for (Callback c : callbacks) {
057                if (c instanceof NameCallback) {
058                  ((NameCallback)c).setName(username);
059                }
060                else if (c instanceof PasswordCallback) {
061                  ((PasswordCallback)c).setPassword(password.toCharArray());
062                }
063                else {
064                  throw new UnsupportedCallbackException(c);
065                }
066              }
067            }
068          });
069    
070          //
071          try {
072            loginContext.login();
073            loginContext.logout();
074            log.log(Level.FINE, "Authenticated user " + username + " against the JAAS domain '" + domain + "'");
075            return true;
076          }
077          catch (Exception e) {
078            if (log.isLoggable(Level.FINE)) {
079              log.log(Level.SEVERE, "Exception when authenticating user " + username + " to JAAS domain '" + domain + "'", e);
080            }
081            return false;
082          }
083        }
084        else {
085          log.log(Level.WARNING, "The JAAS domain property '" + JAAS_DOMAIN.name + "' was not found");
086          return false;
087        }
088      }
089    
090      @Override
091      public AuthenticationPlugin getImplementation() {
092        return this;
093      }
094    }