001    /*
002     * Licensed to the Apache Software Foundation (ASF) under one or more
003     * contributor license agreements.  See the NOTICE file distributed with
004     * this work for additional information regarding copyright ownership.
005     * The ASF licenses this file to You under the Apache License, Version 2.0
006     * (the "License"); you may not use this file except in compliance with
007     * the License.  You may obtain a copy of the License at
008     *
009     *      http://www.apache.org/licenses/LICENSE-2.0
010     *
011     * Unless required by applicable law or agreed to in writing, software
012     * distributed under the License is distributed on an "AS IS" BASIS,
013     * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014     * See the License for the specific language governing permissions and
015     * limitations under the License.
016     */
017    package org.apache.servicemix.jbi.jmx;
018    
019    import javax.management.remote.JMXAuthenticator;
020    import javax.security.auth.Subject;
021    import javax.security.auth.login.LoginException;
022    
023    import org.apache.servicemix.jbi.security.auth.AuthenticationService;
024    import org.apache.servicemix.jbi.security.auth.impl.JAASAuthenticationService;
025    
026    /**
027     * 
028     * @author gnodet
029     * @org.apache.xbean.XBean element="jmxJaasAuthenticator"
030     */
031    public class JaasAuthenticator implements JMXAuthenticator {
032    
033        private String domain = "servicemix-domain";
034        private AuthenticationService authenticationService = new JAASAuthenticationService();
035    
036        /**
037         * The authentication service can be used to customize the authentication
038         * mechanism used by this authenticator.  It defaults to a 
039         * JAASAuthenticationService which delegates calls to the JAAS layer.
040         * 
041         * @return the authenticationService
042         */
043        public AuthenticationService getAuthenticationService() {
044            return authenticationService;
045        }
046    
047        /**
048         * @param authenticationService the authenticationService to set
049         */
050        public void setAuthenticationService(AuthenticationService authenticationService) {
051            this.authenticationService = authenticationService;
052        }
053    
054        /**
055         * @return the JAAS domain to use for authentication
056         */
057        public String getDomain() {
058            return domain;
059        }
060    
061        /**
062         * @param domain the JAAS domain to use for authentication
063         */
064        public void setDomain(String domain) {
065            this.domain = domain;
066        }
067    
068        /* (non-Javadoc)
069         * @see javax.management.remote.JMXAuthenticator#authenticate(java.lang.Object)
070         */
071        public Subject authenticate(Object credentials) throws SecurityException {
072            if (!(credentials instanceof String[])) {
073                throw new IllegalArgumentException("Expected String[2], got " 
074                                + (credentials != null ? credentials.getClass().getName() : null));
075            }
076            String[] params = (String[]) credentials;
077            if (params.length != 2) {
078                throw new IllegalArgumentException("Expected String[2] but length was " + params.length);
079            }
080            Subject subject = new Subject();
081            try {
082                authenticationService.authenticate(subject, domain, params[0], params[1]);
083            } catch (LoginException e) {
084                throw new SecurityException("Authentication failed", e);
085            } catch (Exception e) {
086                throw new SecurityException("Error occured while authenticating", e);
087            }
088            return subject;
089        }
090    
091    }