[tmp/jakarta-migration.git] /

/**\r
 *  This document is a part of the source code and related artifacts\r
 *  for CollectionSpace, an open source collections management system\r
 *  for museums and related institutions:\r
\r
 *  http://www.collectionspace.org\r
 *  http://wiki.collectionspace.org\r
\r
 *  Copyright 2009 University of California at Berkeley\r
\r
 *  Licensed under the Educational Community License (ECL), Version 2.0.\r
 *  You may not use this file except in compliance with this License.\r
\r
 *  You may obtain a copy of the ECL 2.0 License at\r
\r
 *  https://source.collectionspace.org/collection-space/LICENSE.txt\r
\r
 *  Unless required by applicable law or agreed to in writing, software\r
 *  distributed under the License is distributed on an "AS IS" BASIS,\r
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
 *  See the License for the specific language governing permissions and\r
 *  limitations under the License.\r
 */\r
package org.collectionspace.authentication.jaas;\r
\r
import java.util.ArrayList;\r
import java.util.Collection;\r
import java.util.List;\r
import java.util.Map;\r
import java.security.acl.Group;\r
\r
import javax.security.auth.Subject;\r
import javax.security.auth.callback.CallbackHandler;\r
import javax.security.auth.login.LoginException;\r
\r
import org.collectionspace.authentication.realm.db.CSpaceDbRealm;\r
import org.jboss.security.auth.spi.UsernamePasswordLoginModule;\r
import org.slf4j.Logger;\r
import org.slf4j.LoggerFactory;\r
\r
/**\r
 * CollectionSpace default identity provider supporting multi-tenancy\r
 * @author\r
 */\r
public class CSpaceJBossDBLoginModule extends UsernamePasswordLoginModule {\r
\r
    private Logger logger = LoggerFactory.getLogger(CSpaceJBossDBLoginModule.class);\r
\r
    private CSpaceDbRealm realm;\r
\r
    /**\r
     * Initialize CSpaceDBLoginModule\r
     *\r
     * @param options -\r
     * dsJndiName: The name of the DataSource of the database containing the\r
     *    Principals, Roles tables\r
     * principalsQuery: The prepared statement query, equivalent to:\r
     *    "select Password from Principals where PrincipalID=?"\r
     * rolesQuery: The prepared statement query, equivalent to:\r
     *    "select Role, RoleGroup from Roles where PrincipalID=?"\r
     * tenantsQuery:\r
     * "select TenantId, TenantName, TenantGroup from Tenants where PrincipalID=?"\r
     */\r
    public void initialize(Subject subject, CallbackHandler callbackHandler,\r
            Map sharedState, Map options) {\r
        super.initialize(subject, callbackHandler, sharedState, options);\r
        realm = new CSpaceDbRealm(options);\r
    }\r
\r
    @Override\r
    protected String createPasswordHash(String username, String password,\r
             String digestOption)\r
             throws LoginException {\r
        String result = super.createPasswordHash(username, password, digestOption);\r
        \r
        if (result == null) {\r
                String message = "Could not create a password hash for the supplied password.  Check your login.conf configuration's hash algorithm setting.";\r
                log.error(message);\r
                throw new LoginException(message);\r
        }\r
        \r
        return result;\r
    }\r
    \r
    protected String getUsersPassword() throws LoginException {\r
\r
        String username = getUsername();\r
        String password = null;\r
        \r
        try {\r
            password = realm.getUsersPassword(username);\r
            password = convertRawPassword(password);\r
            if (logger.isDebugEnabled()) {\r
                logger.debug("Obtained user password for: " + username);\r
            }\r
        } catch (LoginException lex) {\r
                log.error("Could not retrieve user password for: " + username, lex);\r
            throw lex;\r
        } catch (Exception ex) {\r
                log.error("Could not retrieve user password for: " + username, ex);\r
            LoginException le = new LoginException("Unknown Exception");\r
            le.initCause(ex);\r
            throw le;\r
        }\r
        \r
        return password;\r
    }\r
    \r
    @Override\r
    public boolean commit() throws LoginException {\r
        boolean result;\r
        result = super.commit();\r
        return result;\r
    }\r
    \r
    @Override\r
    public boolean abort() throws LoginException {\r
        boolean result;\r
        result = super.abort();\r
        return result;\r
    }\r
\r
    /** Execute the rolesQuery against the dsJndiName to obtain the roles for\r
    the authenticated user.\r
\r
    @return Group[] containing the sets of roles\r
     */\r
    protected Group[] getRoleSets() throws LoginException {\r
        String username = getUsername();\r
\r
        Collection<Group> roles = realm.getRoles(username,\r
                "org.collectionspace.authentication.CSpacePrincipal",\r
                "org.jboss.security.SimpleGroup");\r
\r
        Collection<Group> tenants = realm.getTenants(username,\r
                "org.jboss.security.SimpleGroup");\r
\r
        List<Group> all = new ArrayList<Group>();\r
        all.addAll(roles);\r
        all.addAll(tenants);\r
        Group[] roleSets = new Group[all.size()];\r
        all.toArray(roleSets);\r
        return roleSets;\r
    }\r
\r
    /** A hook to allow subclasses to convert a password from the database\r
    into a plain text string or whatever form is used for matching against\r
    the user input. It is called from within the getUsersPassword() method.\r
    @param rawPassword - the password as obtained from the database\r
    @return the argument rawPassword\r
     */\r
    protected String convertRawPassword(String rawPassword) {\r
        return rawPassword;\r
    }\r
}\r