001 package org.crsh.auth; 002 003 import org.crsh.plugin.CRaSHPlugin; 004 import org.crsh.plugin.PropertyDescriptor; 005 006 import javax.security.auth.Subject; 007 import javax.security.auth.callback.Callback; 008 import javax.security.auth.callback.CallbackHandler; 009 import javax.security.auth.callback.NameCallback; 010 import javax.security.auth.callback.PasswordCallback; 011 import javax.security.auth.callback.UnsupportedCallbackException; 012 import javax.security.auth.login.LoginContext; 013 import java.io.IOException; 014 import java.util.Collections; 015 016 /** 017 * A jaas plugin for authentication purpose 018 * 019 * @author <a href="mailto:nscavell@redhat.com">Nick Scavelli</a> 020 */ 021 public class JaasAuthenticationPlugin extends CRaSHPlugin<AuthenticationPlugin> implements AuthenticationPlugin { 022 023 /** . */ 024 static final PropertyDescriptor<String> JAAS_DOMAIN = PropertyDescriptor.create("auth.jaas.domain", (String)null, "The JAAS domain name used for authentication"); 025 026 public String getName() { 027 return "jaas"; 028 } 029 030 @Override 031 protected Iterable<PropertyDescriptor<?>> createConfigurationCapabilities() { 032 return Collections.<PropertyDescriptor<?>>singletonList(JAAS_DOMAIN); 033 } 034 035 public boolean authenticate(final String username, final String password) throws Exception { 036 String domain = getContext().getProperty(JAAS_DOMAIN); 037 if (domain != null) { 038 log.debug("Will use the JAAS domain '" + domain + "' for authenticating user " + username); 039 LoginContext loginContext = new LoginContext(domain, new Subject(), new CallbackHandler() { 040 public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { 041 for (Callback c : callbacks) { 042 if (c instanceof NameCallback) { 043 ((NameCallback)c).setName(username); 044 } 045 else if (c instanceof PasswordCallback) { 046 ((PasswordCallback)c).setPassword(password.toCharArray()); 047 } 048 else { 049 throw new UnsupportedCallbackException(c); 050 } 051 } 052 } 053 }); 054 055 // 056 try { 057 loginContext.login(); 058 loginContext.logout(); 059 log.debug("Authenticated user " + username + " against the JAAS domain '" + domain + "'"); 060 return true; 061 } 062 catch (Exception e) { 063 if (log.isDebugEnabled()) log.error("Exception when authenticating user " + username + " to JAAS domain '" + domain + "'", e); 064 return false; 065 } 066 } 067 else { 068 log.warn("The JAAS domain property '" + JAAS_DOMAIN.name + "' was not found"); 069 return false; 070 } 071 } 072 073 @Override 074 public AuthenticationPlugin getImplementation() { 075 return this; 076 } 077 }