001 /*
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements. See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License. You may obtain a copy of the License at
008 *
009 * http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017 package org.apache.servicemix.jbi.security.auth.impl;
018
019 import java.io.IOException;
020 import java.security.GeneralSecurityException;
021 import java.security.cert.X509Certificate;
022
023 import javax.security.auth.Subject;
024 import javax.security.auth.callback.Callback;
025 import javax.security.auth.callback.CallbackHandler;
026 import javax.security.auth.callback.NameCallback;
027 import javax.security.auth.callback.PasswordCallback;
028 import javax.security.auth.callback.UnsupportedCallbackException;
029 import javax.security.auth.login.LoginContext;
030
031 import org.apache.commons.logging.Log;
032 import org.apache.commons.logging.LogFactory;
033 import org.apache.servicemix.jbi.security.auth.AuthenticationService;
034 import org.apache.servicemix.jbi.security.login.CertificateCallback;
035
036 /**
037 * Implementation of the authentication service using JAAS.
038 *
039 * @org.apache.xbean.XBean element="authenticationService"
040 */
041 public class JAASAuthenticationService implements AuthenticationService {
042
043 private static final Log LOG = LogFactory.getLog(JAASAuthenticationService.class);
044
045 public void authenticate(Subject subject,
046 String domain,
047 final String user,
048 final Object credentials) throws GeneralSecurityException {
049 if (LOG.isDebugEnabled()) {
050 LOG.debug("Authenticating '" + user);
051 }
052 LoginContext loginContext = new LoginContext(domain, subject, new CallbackHandler() {
053 public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
054 for (int i = 0; i < callbacks.length; i++) {
055 if (callbacks[i] instanceof NameCallback) {
056 ((NameCallback) callbacks[i]).setName(user);
057 } else if (callbacks[i] instanceof PasswordCallback && credentials instanceof String) {
058 ((PasswordCallback) callbacks[i]).setPassword(((String) credentials).toCharArray());
059 } else if (callbacks[i] instanceof CertificateCallback && credentials instanceof X509Certificate) {
060 ((CertificateCallback) callbacks[i]).setCertificate((X509Certificate) credentials);
061 } else {
062 throw new UnsupportedCallbackException(callbacks[i]);
063 }
064 }
065 }
066 });
067 try {
068 loginContext.login();
069 if (LOG.isDebugEnabled()) {
070 LOG.debug("Authenticating " + user + " successfully");
071 }
072 } catch (GeneralSecurityException e) {
073 if (LOG.isDebugEnabled()) {
074 LOG.debug("Error authenticating " + user, e);
075 }
076 throw e;
077 }
078 }
079
080 }