Java tutorial
/* * JOSSO: Java Open Single Sign-On * * Copyright 2004-2009, Atricore, Inc. * * This is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * This software is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this software; if not, write to the Free * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * 02110-1301 USA, or see the FSF site: http://www.fsf.org. * */ package org.josso.tc50.agent.jaas; import org.apache.catalina.realm.JAASRealm; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import javax.security.auth.Subject; import java.security.Principal; import java.security.acl.Group; import java.util.*; import java.lang.reflect.Field; /** * Catalina JAASRealm replacement that instantiates CatalinaSSOUser Principal instead of * GenericPrincipal. * * @author <a href="mailto:gbrigand@josso.org">Gianluca Brigandi</a> * @version CVS $Id: CatalinaJAASRealm.java 974 2009-01-14 00:39:45Z sgonzalez $ */ public class CatalinaJAASRealm extends JAASRealm { private static Log log = LogFactory.getLog(CatalinaJAASRealm.class); private boolean requiresRoleMap = false; @Override public void init() { super.init(); try { if (getRoleMapField() != null) { requiresRoleMap = true; log.debug("Realm requires role mapping (Tomcat 5.0.30 ? )"); } else { log.debug("Realm does note requires role mapping (Tomcat 5.0.28 ? )"); requiresRoleMap = false; } } catch (Exception e) { log.warn("Initializing CatalinaJAASRealm : " + e.getMessage(), e); } } /** * Construct and return a java.security.Principal instance * representing the authenticated user for the specified Subject. If no * such Principal can be constructed, return null. * * The Principal constructed is *not* GenericPrincipal as in Catalina JAASRealm class, * but CatalinaSSOUser which is a SSOUser. * The Partner Application can access SSOUser-specific properties that are not available * in GenericPrincipal. * The JAASRealm superclass invokes this factory method to build the Catalina-specific * Principal from the Subject filled by the configured JAASLoginModule. * * @param subject The Subject representing the logged in user */ protected Principal createPrincipal(String username, Subject subject) { // We also populate roles map ... CatalinaSSOUser p = CatalinaSSOUser.newInstance(this, subject); if (requiresRoleMap) { // This is a Tomcat 5.0.30 ... ! try { List<Principal> roles = new ArrayList<Principal>(); Iterator principals = subject.getPrincipals().iterator(); while (principals.hasNext()) { Principal principal = (Principal) principals.next(); String principalClass = principal.getClass().getName(); if (getRoleClassNames().contains(principalClass)) { log.debug("Adding role : " + principal.getName()); roles.add(principal); } // Same as Jboss - that's a pretty clean solution if ((principal instanceof Group) && "Roles".equals(principal.getName())) { Group grp = (Group) principal; Enumeration en = grp.members(); while (en.hasMoreElements()) { Principal roleP = (Principal) en.nextElement(); log.debug("Adding role : " + roleP.getName()); roles.add(roleP); } } } // Only in Catalina 5.0.30! log.debug("Storing roles in parent roleMap"); Map m = (Map) getRoleMapField().get(this); m.put(p, roles); } catch (Exception e) { log.warn(e.getMessage(), e); return p; } } return p; } protected Field getRoleMapField() { // Check the field in our super class! Field[] fields = getClass().getSuperclass().getDeclaredFields(); for (Field field : fields) { log.debug("Field:" + field.getName()); if (field.getName().equals("roleMap")) return field; } return null; } }