Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Initial commit.

Browse Source
This commit is contained in:
Ben Alex
2004-03-16 23:57:17 +00:00
commit 35fe1e7b73
267 changed files with 17812 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
adapters/catalina/src/main/java/org/acegisecurity/adapters/catalina/CatalinaAcegiUserRealm.java
+216
View File
@@ -0,0 +1,216 @@
/*
* The Acegi Security System for Spring is published under the terms
* of the Apache Software License.
*
* Visit http://acegisecurity.sourceforge.net for further details.
*/
package net.sf.acegisecurity.adapters.catalina;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.AuthenticationException;
import net.sf.acegisecurity.AuthenticationManager;
import net.sf.acegisecurity.adapters.PrincipalAcegiUserToken;
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.apache.catalina.Container;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.realm.RealmBase;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.context.support.FileSystemXmlApplicationContext;
import java.io.File;
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.Map;
/**
* Adapter to enable Catalina (Tomcat) to authenticate via the Acegi Security
* System for Spring.
*
* <p>
* Returns a {@link PrincipalAcegiUserToken} to Catalina's authentication
* system, which is subsequently available via
* <code>HttpServletRequest.getUserPrincipal()</code>.
* </p>
*
* @author Ben Alex
* @version $Id$
*/
public class CatalinaAcegiUserRealm extends RealmBase {
//~ Static fields/initializers =============================================
private static final Log logger = LogFactory.getLog(CatalinaAcegiUserRealm.class);
//~ Instance fields ========================================================
protected final String name = "CatalinaSpringUserRealm / $Id$";
private AuthenticationManager authenticationManager;
private Container container;
private String appContextLocation;
private String key;
//~ Methods ================================================================
public void setAppContextLocation(String appContextLocation) {
this.appContextLocation = appContextLocation;
}
public String getAppContextLocation() {
return appContextLocation;
}
public void setKey(String key) {
this.key = key;
}
public String getKey() {
return key;
}
public Principal authenticate(String username, String credentials) {
if (username == null) {
return null;
}
if (credentials == null) {
credentials = "";
}
Authentication request = new UsernamePasswordAuthenticationToken(username,
credentials);
Authentication response = null;
try {
response = authenticationManager.authenticate(request);
} catch (AuthenticationException failed) {
if (logger.isDebugEnabled()) {
logger.debug("Authentication request for user: " + username
+ " failed: " + failed.toString());
}
return null;
}
return new PrincipalAcegiUserToken(this.key,
response.getPrincipal().toString(),
response.getCredentials().toString(), response.getAuthorities());
}
public Principal authenticate(String username, byte[] credentials) {
return authenticate(username, new String(credentials));
}
/**
* Not supported, returns null
*
* @param username DOCUMENT ME!
* @param digest DOCUMENT ME!
* @param nonce DOCUMENT ME!
* @param nc DOCUMENT ME!
* @param cnonce DOCUMENT ME!
* @param qop DOCUMENT ME!
* @param realm DOCUMENT ME!
* @param md5a2 DOCUMENT ME!
*
* @return DOCUMENT ME!
*/
public java.security.Principal authenticate(java.lang.String username,
java.lang.String digest, java.lang.String nonce, java.lang.String nc,
java.lang.String cnonce, java.lang.String qop, java.lang.String realm,
java.lang.String md5a2) {
return null;
}
/**
* Not supported, returns null
*
* @param x509Certificates DOCUMENT ME!
*
* @return DOCUMENT ME!
*/
public Principal authenticate(X509Certificate[] x509Certificates) {
return null;
}
public boolean hasRole(Principal principal, String role) {
if (!(principal instanceof PrincipalAcegiUserToken)) {
if (logger.isWarnEnabled()) {
logger.warn(
"Expected passed principal to be of type PrincipalSpringUserToken but was "
+ principal.getClass().getName());
}
return false;
}
PrincipalAcegiUserToken test = (PrincipalAcegiUserToken) principal;
return test.isUserInRole(role);
}
public void start() throws LifecycleException {
super.start();
if (appContextLocation == null) {
throw new LifecycleException("appContextLocation must be defined");
}
if (key == null) {
throw new LifecycleException("key must be defined");
}
File xml = new File(System.getProperty("catalina.base"),
appContextLocation);
if (!xml.exists()) {
throw new LifecycleException(
"appContextLocation does not seem to exist - try specifying conf/springsecurity.xml");
}
FileSystemXmlApplicationContext ctx = new FileSystemXmlApplicationContext(xml
.getAbsolutePath());
Map beans = ctx.getBeansOfType(AuthenticationManager.class, true, true);
if (beans.size() == 0) {
throw new IllegalArgumentException(
"Bean context must contain at least one bean of type AuthenticationManager");
}
String beanName = (String) beans.keySet().iterator().next();
authenticationManager = (AuthenticationManager) beans.get(beanName);
logger.info("CatalinaSpringUserRealm Started");
}
protected String getName() {
return this.name;
}
/**
* Always returns null (we override authenticate methods)
*
* @param arg0 DOCUMENT ME!
*
* @return DOCUMENT ME!
*/
protected String getPassword(String arg0) {
return null;
}
/**
* Always returns null (we override authenticate methods)
*
* @param arg0 DOCUMENT ME!
*
* @return DOCUMENT ME!
*/
protected Principal getPrincipal(String arg0) {
return null;
}
}
adapters/catalina/src/main/java/org/acegisecurity/adapters/catalina/package.html
+7
View File
@@ -0,0 +1,7 @@
<html>
<body>
Adapter to Catalina web container (Tomcat).
<p>
</body>
</html>
adapters/jboss/src/main/java/org/acegisecurity/adapters/jboss/JbossAcegiLoginModule.java
+188
View File
@@ -0,0 +1,188 @@
/*
* The Acegi Security System for Spring is published under the terms
* of the Apache Software License.
*
* Visit http://acegisecurity.sourceforge.net for further details.
*/
package net.sf.acegisecurity.adapters.jboss;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.AuthenticationException;
import net.sf.acegisecurity.AuthenticationManager;
import net.sf.acegisecurity.adapters.PrincipalAcegiUserToken;
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.auth.spi.AbstractServerLoginModule;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import java.security.Principal;
import java.security.acl.Group;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
/**
* Adapter to enable JBoss to authenticate via the Acegi Security System for
* Spring.
*
* <p>
* Returns a {@link PrincipalAcegiUserToken} to JBoss' authentication system,
* which is subsequently available from
* <code>java:comp/env/security/subject</code>.
* </p>
*
* @author Ben Alex
* @version $Id$
*/
public class JbossAcegiLoginModule extends AbstractServerLoginModule {
//~ Instance fields ========================================================
private AuthenticationManager authenticationManager;
private Principal identity;
private String key;
private char[] credential;
//~ Methods ================================================================
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map sharedState, Map options) {
super.initialize(subject, callbackHandler, sharedState, options);
this.key = (String) options.get("key");
ClassPathXmlApplicationContext ctx = new ClassPathXmlApplicationContext((String) options
.get("appContextLocation"));
Map beans = ctx.getBeansOfType(AuthenticationManager.class, true, true);
if (beans.size() == 0) {
throw new IllegalArgumentException(
"Bean context must contain at least one bean of type AuthenticationManager");
}
String beanName = (String) beans.keySet().iterator().next();
authenticationManager = (AuthenticationManager) beans.get(beanName);
super.log.info("Successfully started JbossSpringLoginModule");
}
public boolean login() throws LoginException {
super.loginOk = false;
String[] info = getUsernameAndPassword();
String username = info[0];
String password = info[1];
if ((username == null) && (password == null)) {
identity = null;
super.log.trace("Authenticating as unauthenticatedIdentity="
+ identity);
}
if (identity == null) {
Authentication request = new UsernamePasswordAuthenticationToken(username,
password);
Authentication response = null;
try {
response = authenticationManager.authenticate(request);
} catch (AuthenticationException failed) {
if (super.log.isDebugEnabled()) {
super.log.debug("Bad password for username=" + username);
}
throw new FailedLoginException(
"Password Incorrect/Password Required");
}
identity = new PrincipalAcegiUserToken(this.key,
response.getPrincipal().toString(),
response.getCredentials().toString(),
response.getAuthorities());
}
if (getUseFirstPass() == true) {
// Add the username and password to the shared state map
sharedState.put("javax.security.auth.login.name", username);
sharedState.put("javax.security.auth.login.password", credential);
}
super.loginOk = true;
super.log.trace("User '" + identity + "' authenticated, loginOk="
+ loginOk);
return true;
}
protected Principal getIdentity() {
return this.identity;
}
protected Group[] getRoleSets() throws LoginException {
SimpleGroup roles = new SimpleGroup("Roles");
Group[] roleSets = {roles};
if (this.identity instanceof Authentication) {
Authentication user = (Authentication) this.identity;
for (int i = 0; i < user.getAuthorities().length; i++) {
roles.addMember(new SimplePrincipal(
user.getAuthorities()[i].getAuthority()));
}
}
return roleSets;
}
protected String[] getUsernameAndPassword() throws LoginException {
String[] info = {null, null};
// prompt for a username and password
if (callbackHandler == null) {
throw new LoginException("Error: no CallbackHandler available "
+ "to collect authentication information");
}
NameCallback nc = new NameCallback("User name: ", "guest");
PasswordCallback pc = new PasswordCallback("Password: ", false);
Callback[] callbacks = {nc, pc};
String username = null;
String password = null;
try {
callbackHandler.handle(callbacks);
username = nc.getName();
char[] tmpPassword = pc.getPassword();
if (tmpPassword != null) {
credential = new char[tmpPassword.length];
System.arraycopy(tmpPassword, 0, credential, 0,
tmpPassword.length);
pc.clearPassword();
password = new String(credential);
}
} catch (java.io.IOException ioe) {
throw new LoginException(ioe.toString());
} catch (UnsupportedCallbackException uce) {
throw new LoginException("CallbackHandler does not support: "
+ uce.getCallback());
}
info[0] = username;
info[1] = password;
return info;
}
}
adapters/jboss/src/main/java/org/acegisecurity/adapters/jboss/JbossIntegrationFilter.java
+72
View File
@@ -0,0 +1,72 @@
/*
* The Acegi Security System for Spring is published under the terms
* of the Apache Software License.
*
* Visit http://acegisecurity.sourceforge.net for further details.
*/
package net.sf.acegisecurity.adapters.jboss;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.adapters.AbstractIntegrationFilter;
import java.security.Principal;
import java.util.Iterator;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.security.auth.Subject;
import javax.servlet.ServletRequest;
/**
* Populates a {@link net.sf.acegisecurity.context.SecureContext} from JBoss'
* <code>java:comp/env/security/subject</code>.
*
* <p>
* See {@link AbstractIntegrationFilter} for further information.
* </p>
*
* @author Ben Alex
* @version $Id$
*/
public class JbossIntegrationFilter extends AbstractIntegrationFilter {
//~ Methods ================================================================
public Object extractFromContainer(ServletRequest request) {
Subject subject = null;
try {
InitialContext ic = new InitialContext();
subject = (Subject) ic.lookup("java:comp/env/security/subject");
} catch (NamingException ne) {
if (super.logger.isDebugEnabled()) {
super.logger.warn("Lookup on Subject failed "
+ ne.getLocalizedMessage());
}
}
if ((subject != null) && (subject.getPrincipals() != null)) {
Iterator principals = subject.getPrincipals().iterator();
while (principals.hasNext()) {
Principal p = (Principal) principals.next();
if (super.logger.isDebugEnabled()) {
super.logger.debug("Found Principal in container ("
+ p.getClass().getName() + ") : "
+ p.getName());
}
if (p instanceof Authentication) {
return p;
}
}
}
return null;
}
}
adapters/jboss/src/main/java/org/acegisecurity/adapters/jboss/package.html
+7
View File
@@ -0,0 +1,7 @@
<html>
<body>
Adapter to JBoss.
<p>
</body>
</html>
adapters/jetty/src/main/java/org/acegisecurity/adapters/jetty/JettyAcegiUserRealm.java
+147
View File
@@ -0,0 +1,147 @@
/*
* The Acegi Security System for Spring is published under the terms
* of the Apache Software License.
*
* Visit http://acegisecurity.sourceforge.net for further details.
*/
package net.sf.acegisecurity.adapters.jetty;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.AuthenticationException;
import net.sf.acegisecurity.AuthenticationManager;
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.mortbay.http.HttpRequest;
import org.mortbay.http.UserPrincipal;
import org.mortbay.http.UserRealm;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import java.util.Map;
/**
* Adapter to enable Jetty to authenticate via the Acegi Security System for
* Spring.
*
* <p>
* Returns a {@link JettyAcegiUserToken} to Jetty's authentication system,
* which is subsequently available via
* <code>HttpServletRequest.getUserPrincipal()</code>.
* </p>
*
* @author Ben Alex
* @version $Id$
*/
public final class JettyAcegiUserRealm implements UserRealm {
//~ Static fields/initializers =============================================
private static final Log logger = LogFactory.getLog(JettyAcegiUserRealm.class);
//~ Instance fields ========================================================
private AuthenticationManager authenticationManager;
private String key;
private String realm;
//~ Constructors ===========================================================
/**
* Construct a <code>SpringUserRealm</code>.
*
* @param realm the name of the authentication realm (within Jetty)
* @param providerKey a password to sign all authentication objects
* @param appContextLocation the classpath location of the bean context XML
* file
*
* @throws IllegalArgumentException DOCUMENT ME!
*/
public JettyAcegiUserRealm(String realm, String providerKey,
String appContextLocation) {
this.realm = realm;
this.key = providerKey;
ClassPathXmlApplicationContext ctx = new ClassPathXmlApplicationContext(appContextLocation);
Map beans = ctx.getBeansOfType(AuthenticationManager.class, true, true);
if (beans.size() == 0) {
throw new IllegalArgumentException(
"Bean context must contain at least one bean of type AuthenticationManager");
}
String beanName = (String) beans.keySet().iterator().next();
authenticationManager = (AuthenticationManager) beans.get(beanName);
}
private JettyAcegiUserRealm() {
super();
}
//~ Methods ================================================================
public AuthenticationManager getAuthenticationManager() {
return authenticationManager;
}
/**
* DOCUMENT ME!
*
* @return the name of the realm as defined when
* <code>SpringUserRealm</code> was created
*/
public String getName() {
return this.realm;
}
public UserPrincipal authenticate(String username, Object password,
HttpRequest httpRequest) {
if (username == null) {
return null;
}
if (password == null) {
password = "";
}
Authentication request = new UsernamePasswordAuthenticationToken(username
.toString(), password.toString());
Authentication response = null;
try {
response = authenticationManager.authenticate(request);
} catch (AuthenticationException failed) {
if (logger.isDebugEnabled()) {
logger.debug("Authentication request for user: " + username
+ " failed: " + failed.toString());
}
return null;
}
return new JettyAcegiUserToken(this.key,
response.getPrincipal().toString(),
response.getCredentials().toString(), response.getAuthorities());
}
public void disassociate(UserPrincipal userPrincipal) {
// No action required
}
public void logout(UserPrincipal arg0) {
// Not supported
}
public UserPrincipal popRole(UserPrincipal userPrincipal) {
// Not supported
return userPrincipal;
}
public UserPrincipal pushRole(UserPrincipal userPrincipal, String role) {
// Not supported
return userPrincipal;
}
}
adapters/jetty/src/main/java/org/acegisecurity/adapters/jetty/JettyAcegiUserToken.java
+55
View File
@@ -0,0 +1,55 @@
/*
* The Acegi Security System for Spring is published under the terms
* of the Apache Software License.
*
* Visit http://acegisecurity.sourceforge.net for further details.
*/
package net.sf.acegisecurity.adapters.jetty;
import net.sf.acegisecurity.GrantedAuthority;
import net.sf.acegisecurity.adapters.AbstractAdapterAuthenticationToken;
import org.mortbay.http.UserPrincipal;
/**
* A Jetty compatible {@link net.sf.acegisecurity.Authentication} object.
*
* @author Ben Alex
* @version $Id$
*/
public class JettyAcegiUserToken extends AbstractAdapterAuthenticationToken
implements UserPrincipal {
//~ Instance fields ========================================================
private String password;
private String username;
//~ Constructors ===========================================================
public JettyAcegiUserToken(String key, String username, String password,
GrantedAuthority[] authorities) {
super(key, authorities);
this.username = username;
this.password = password;
}
private JettyAcegiUserToken() {
super();
}
//~ Methods ================================================================
public Object getCredentials() {
return this.password;
}
public String getName() {
return this.username;
}
public Object getPrincipal() {
return this.username;
}
}
adapters/jetty/src/main/java/org/acegisecurity/adapters/jetty/package.html
+7
View File
@@ -0,0 +1,7 @@
<html>
<body>
Adapter to Jetty web container.
<p>
</body>
</html>
adapters/resin/src/main/java/org/acegisecurity/adapters/resin/ResinAcegiAuthenticator.java
+163
View File
@@ -0,0 +1,163 @@
/*
* The Acegi Security System for Spring is published under the terms
* of the Apache Software License.
*
* Visit http://acegisecurity.sourceforge.net for further details.
*/
package net.sf.acegisecurity.adapters.resin;
import com.caucho.http.security.AbstractAuthenticator;
import com.caucho.vfs.Path;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.AuthenticationException;
import net.sf.acegisecurity.AuthenticationManager;
import net.sf.acegisecurity.adapters.PrincipalAcegiUserToken;
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.context.support.FileSystemXmlApplicationContext;
import java.io.File;
import java.security.Principal;
import java.util.Map;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Adapter to enable Resin to authenticate via the Acegi Security System for
* Spring.
*
* <p>
* Returns a {@link PrincipalAcegiUserToken} to Resin's authentication system,
* which is subsequently available via
* <code>HttpServletRequest.getUserPrincipal()</code>.
* </p>
*
* @author Ben Alex
* @version $Id$
*/
public class ResinAcegiAuthenticator extends AbstractAuthenticator {
//~ Static fields/initializers =============================================
private static final Log logger = LogFactory.getLog(ResinAcegiAuthenticator.class);
//~ Instance fields ========================================================
private AuthenticationManager authenticationManager;
private Path appContextLocation;
private String key;
//~ Methods ================================================================
public void setAppContextLocation(Path appContextLocation) {
this.appContextLocation = appContextLocation;
}
public Path getAppContextLocation() {
return appContextLocation;
}
public void setKey(String key) {
this.key = key;
}
public String getKey() {
return key;
}
public boolean isUserInRole(HttpServletRequest request,
HttpServletResponse response, ServletContext application,
Principal principal, String role) {
if (!(principal instanceof PrincipalAcegiUserToken)) {
if (logger.isWarnEnabled()) {
logger.warn(
"Expected passed principal to be of type PrincipalSpringUserToken but was "
+ principal.getClass().getName());
}
return false;
}
PrincipalAcegiUserToken test = (PrincipalAcegiUserToken) principal;
return test.isUserInRole(role);
}
public void init() throws ServletException {
super.init();
if (appContextLocation == null) {
throw new ServletException("appContextLocation must be defined");
}
if (key == null) {
throw new ServletException("key must be defined");
}
File xml = new File(appContextLocation.getPath());
if (!xml.exists()) {
throw new ServletException(
"appContextLocation does not seem to exist - try specifying WEB-INF/resin-springsecurity.xml");
}
FileSystemXmlApplicationContext ctx = new FileSystemXmlApplicationContext(xml
.getAbsolutePath());
Map beans = ctx.getBeansOfType(AuthenticationManager.class, true, true);
if (beans.size() == 0) {
throw new ServletException(
"Bean context must contain at least one bean of type AuthenticationManager");
}
String beanName = (String) beans.keySet().iterator().next();
authenticationManager = (AuthenticationManager) beans.get(beanName);
logger.info("ResinSpringAuthenticator Started");
}
protected Principal loginImpl(String username, String credentials) {
if (username == null) {
return null;
}
if (credentials == null) {
credentials = "";
}
Authentication request = new UsernamePasswordAuthenticationToken(username,
credentials);
Authentication response = null;
try {
response = authenticationManager.authenticate(request);
} catch (AuthenticationException failed) {
if (logger.isDebugEnabled()) {
logger.debug("Authentication request for user: " + username
+ " failed: " + failed.toString());
}
return null;
}
return new PrincipalAcegiUserToken(this.key,
response.getPrincipal().toString(),
response.getCredentials().toString(), response.getAuthorities());
}
protected Principal loginImpl(HttpServletRequest request,
HttpServletResponse response, ServletContext application,
String userName, String password) throws ServletException {
return loginImpl(userName, password);
}
}
adapters/resin/src/main/java/org/acegisecurity/adapters/resin/package.html
+7
View File
@@ -0,0 +1,7 @@
<html>
<body>
Adapter to Resin web container.
<p>
</body>
</html>