* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
-
package org.collectionspace.authentication;
-import org.collectionspace.authentication.spring.SpringSecurityContextUtils;
+import org.collectionspace.authentication.spi.AuthNContext;
+import org.collectionspace.authentication.spring.SpringAuthNContext;
/**
* AuthN is a singleton to access various authentication related utilities
* @author
*/
public class AuthN {
+
/**
* volatile is used here to assume about ordering (post JDK 1.5)
*/
- private static volatile AuthN self = new AuthN();
- private SecurityContextUtils securityContextUtils;
-
+ private static volatile AuthN self = new AuthN();
+ private AuthNContext authnContext;
+
private AuthN() {
//hardcoded initialization of a provider
//FIXME initialize with the help of configuration meta data
- securityContextUtils = new SpringSecurityContextUtils();
+ authnContext = new SpringAuthNContext();
}
public final static AuthN get() {
* getAuthn returns authentication utilities
* @return
*/
- public SecurityContextUtils getSecurityContextUtils() {
- return securityContextUtils;
+ public AuthNContext getAuthNContext() {
+ return authnContext;
}
/**
* @return
*/
public String getUserId() {
- return securityContextUtils.getUserId();
+ return authnContext.getUserId();
}
+
/**
* getTenantIds returns a list of tenant ids the user is associated with
* @return
*/
public String[] getTenantIds() {
- return securityContextUtils.getTenantIds();
+ return authnContext.getTenantIds();
}
+ /**
+ * getTenants returns tenants associated with user
+ * @see CSpaceTenant
+ * @return
+ */
+ public CSpaceTenant[] getTenants() {
+ return authnContext.getTenants();
+ }
}
import javax.security.auth.Subject;\r
import javax.security.auth.callback.CallbackHandler;\r
import javax.security.auth.login.LoginException;\r
-import org.collectionspace.authentication.realm.CSpaceDbRealm;\r
+import org.collectionspace.authentication.realm.db.CSpaceDbRealm;\r
import org.jboss.security.auth.spi.UsernamePasswordLoginModule;\r
\r
/**\r
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
-package org.collectionspace.authentication.realm;
+package org.collectionspace.authentication.realm.db;
import java.lang.reflect.Constructor;
import java.security.Principal;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.collectionspace.authentication.CSpaceTenant;
+import org.collectionspace.authentication.realm.CSpaceRealm;
/**
* CSpaceDbRealm provides access to user, password, role, tenant database
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
- *//**
- * This document is a part of the source code and related artifacts
- * for CollectionSpace, an open source collections management system
- * for museums and related institutions:
-
- * http://www.collectionspace.org
- * http://wiki.collectionspace.org
-
- * Copyright 2009 University of California at Berkeley
-
- * Licensed under the Educational Community License (ECL), Version 2.0.
- * You may not use this file except in compliance with this License.
-
- * You may obtain a copy of the ECL 2.0 License at
-
- * https://source.collectionspace.org/collection-space/LICENSE.txt
-
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * To change this template, choose Tools | Templates
- * and open the template in the editor.
+.
*/
-package org.collectionspace.authentication;
+package org.collectionspace.authentication.spi;
+
+import javax.security.auth.Subject;
+import org.collectionspace.authentication.CSpaceTenant;
/**
* Utilities to be used by Services runtime to interface with authentication service
* @author
*/
-public abstract class SecurityContextUtils {
+public abstract class AuthNContext {
/**
* getUserId returns authenticated user id
public abstract String getUserId();
/**
- * get tenant ids associated with the security context
+ * getTenantIds get tenant ids from the tenant context associated with the
+ * security context
* @return
*/
public abstract String[] getTenantIds();
+
+
+ /**
+ * getTenants get tenant context associated with the security context
+ * @see CSpaceTenant
+ * @return
+ */
+ public abstract CSpaceTenant[] getTenants();
+
+
+ /**
+ * getSubject retrieves security context as Subject
+ * @see javax.security.auth.Subject
+ */
+ public abstract Subject getSubject();
}
import java.security.acl.Group;
import java.util.ArrayList;
import java.util.Enumeration;
+import java.util.List;
import java.util.Set;
import javax.security.auth.Subject;
-import org.collectionspace.authentication.SecurityContextUtils;
import org.collectionspace.authentication.CSpaceTenant;
+import org.collectionspace.authentication.spi.AuthNContext;
import org.springframework.security.authentication.jaas.JaasAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
/**
- * SpringSecurityContextUtils provides utilities to CSpace services runtime
+ * SpringAuthNContext provides utilities to CSpace services runtime
* @author
*/
-final public class SpringSecurityContextUtils extends SecurityContextUtils {
+final public class SpringAuthNContext extends AuthNContext {
//private static final String SUBJECT_CONTEXT_KEY = "javax.security.auth.Subject.container";
public String getUserId() {
@Override
public String[] getTenantIds() {
- ArrayList<String> tenants = new ArrayList<String>();
- Subject caller = null;
- Authentication authToken = SecurityContextHolder.getContext().getAuthentication();
- JaasAuthenticationToken jaasToken = null;
- if (authToken instanceof JaasAuthenticationToken) {
- jaasToken = (JaasAuthenticationToken) authToken;
- caller = (Subject) jaasToken.getLoginContext().getSubject();
+ ArrayList<String> tenantList = new ArrayList<String>();
+ CSpaceTenant[] tenants = getTenants();
+ for(CSpaceTenant tenant : tenants) {
+ tenantList.add(tenant.getId());
}
- //caller = (Subject) PolicyContext.getContext(SUBJECT_CONTEXT_KEY);
+ return tenantList.toArray(new String[0]);
+ }
+
+ public CSpaceTenant[] getTenants() {
+ List<CSpaceTenant> tenants = new ArrayList<CSpaceTenant>();
+ Subject caller = getSubject();
if (caller == null) {
- String msg = "security not enabled!";
+ String msg = "Could not find Subject!";
//TODO: find out why subject is not null
//FIXME: if logger is loaded when authn comes up, use it
//logger.warn(msg);
System.err.println(msg);
- return tenants.toArray(new String[0]);
+ return tenants.toArray(new CSpaceTenant[0]);
}
Set<Group> groups = null;
groups = caller.getPrincipals(Group.class);
//FIXME: if logger is loaded when authn comes up, use it
//logger.warn(msg);
System.err.println(msg);
- return tenants.toArray(new String[0]);
+ return tenants.toArray(new CSpaceTenant[0]);
}
for (Group g : groups) {
if ("Tenants".equals(g.getName())) {
Enumeration members = g.members();
while (members.hasMoreElements()) {
CSpaceTenant tenant = (CSpaceTenant) members.nextElement();
- tenants.add(tenant.getId());
+ tenants.add(tenant);
//FIXME: if logger is loaded when authn comes up, use it
// if (logger.isDebugEnabled()) {
// logger.debug("found tenant id=" + tenant.getId()
}
}
}
- return tenants.toArray(new String[0]);
+ return tenants.toArray(new CSpaceTenant[0]);
+ }
+
+ public Subject getSubject() {
+ Subject caller = null;
+ //if Spring was not used....
+ //caller = (Subject) PolicyContext.getContext(SUBJECT_CONTEXT_KEY);
+
+ //FIXME the follow call should be protected with a privileged action
+ //and must only be available to users with super privileges
+ //Spring does not offer any easy mechanism
+ //It is a bad idea to ship with a kernel user...kernel user should be
+ //created at startup time perhaps and used it here
+ Authentication authToken = SecurityContextHolder.getContext().getAuthentication();
+ JaasAuthenticationToken jaasToken = null;
+ if (authToken instanceof JaasAuthenticationToken) {
+ jaasToken = (JaasAuthenticationToken) authToken;
+ caller = (Subject) jaasToken.getLoginContext().getSubject();
+ }
+ return caller;
}
}
projects / tmp / jakarta-migration.git / commitdiff