org.argeo.security.core/src/org/argeo/security/OsAuthenticationToken.java

   1 /*
   2  * Copyright (C) 2007-2012 Argeo GmbH
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *         http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16 package org.argeo.security;
  17
  18 import java.security.AccessController;
  19 import java.security.Principal;
  20 import java.util.ArrayList;
  21 import java.util.Collection;
  22 import java.util.List;
  23 import java.util.Set;
  24
  25 import javax.security.auth.Subject;
  26
  27 import org.argeo.ArgeoException;
  28 import org.argeo.OperatingSystem;
  29 import org.springframework.security.core.Authentication;
  30 import org.springframework.security.core.GrantedAuthority;
  31 import org.springframework.security.core.authority.SimpleGrantedAuthority;
  32 import org.springframework.security.core.userdetails.UserDetails;
  33
  34 /** Abstracts principals provided by com.sun.security.auth.module login modules. */
  35 public class OsAuthenticationToken implements Authentication {
  36         private static final long serialVersionUID = -7544626794250917244L;
  37
  38         final Class<? extends Principal> osUserPrincipalClass;
  39         final Class<? extends Principal> osUserIdPrincipalClass;
  40         final Class<? extends Principal> osGroupIdPrincipalClass;
  41
  42         private List<GrantedAuthority> grantedAuthorities;
  43
  44         private UserDetails details;
  45
  46         /** Request */
  47         public OsAuthenticationToken(
  48                         Collection<? extends GrantedAuthority> authorities) {
  49                 this.grantedAuthorities = new ArrayList<GrantedAuthority>(authorities);
  50                 ClassLoader cl = getClass().getClassLoader();
  51                 switch (OperatingSystem.os) {
  52                 case OperatingSystem.WINDOWS:
  53                         osUserPrincipalClass = getPrincipalClass(cl,
  54                                         "com.sun.security.auth.NTUserPrincipal");
  55                         osUserIdPrincipalClass = getPrincipalClass(cl,
  56                                         "com.sun.security.auth.NTSidUserPrincipal");
  57                         osGroupIdPrincipalClass = getPrincipalClass(cl,
  58                                         "com.sun.security.auth.NTSidGroupPrincipal");
  59                         break;
  60                 case OperatingSystem.NIX:
  61                         osUserPrincipalClass = getPrincipalClass(cl,
  62                                         "com.sun.security.auth.UnixPrincipal");
  63                         osUserIdPrincipalClass = getPrincipalClass(cl,
  64                                         "com.sun.security.auth.UnixNumericUserPrincipal");
  65                         osGroupIdPrincipalClass = getPrincipalClass(cl,
  66                                         "com.sun.security.auth.UnixNumericGroupPrincipal");
  67                         break;
  68                 case OperatingSystem.SOLARIS:
  69                         osUserPrincipalClass = getPrincipalClass(cl,
  70                                         "com.sun.security.auth.SolarisPrincipal");
  71                         osUserIdPrincipalClass = getPrincipalClass(cl,
  72                                         "com.sun.security.auth.SolarisNumericUserPrincipal");
  73                         osGroupIdPrincipalClass = getPrincipalClass(cl,
  74                                         "com.sun.security.auth.SolarisNumericGroupPrincipal");
  75                         break;
  76
  77                 default:
  78                         throw new ArgeoException("Unsupported operating system "
  79                                         + OperatingSystem.os);
  80                 }
  81
  82         }
  83
  84         /** Authenticated */
  85         public OsAuthenticationToken() {
  86                 this(new ArrayList<GrantedAuthority>());
  87         }
  88
  89         /** @return the name, or null if not yet logged */
  90         public String getName() {
  91                 Subject subject = Subject.getSubject(AccessController.getContext());
  92                 if (subject == null)
  93                         return null;
  94                 return getUser().getName();
  95         }
  96
  97         /**
  98          * Should not be called during authentication since group IDs are not yet
  99          * available {@link Subject} has been set
 100          */
 101         public Collection<? extends GrantedAuthority> getAuthorities() {
 102                 // grantedAuthorities should not be null at this stage
 103                 List<GrantedAuthority> gas = new ArrayList<GrantedAuthority>(
 104                                 grantedAuthorities);
 105                 for (Principal groupPrincipal : getGroupsIds()) {
 106                         gas.add(new SimpleGrantedAuthority("OSGROUP_"
 107                                         + groupPrincipal.getName()));
 108                 }
 109                 return gas;
 110         }
 111
 112         public UserDetails getDetails() {
 113                 return details;
 114         }
 115
 116         public void setDetails(UserDetails details) {
 117                 this.details = details;
 118         }
 119
 120         public boolean isAuthenticated() {
 121                 return grantedAuthorities != null;
 122         }
 123
 124         public void setAuthenticated(boolean isAuthenticated)
 125                         throws IllegalArgumentException {
 126                 if (grantedAuthorities != null)
 127                         grantedAuthorities.clear();
 128                 grantedAuthorities = null;
 129         }
 130
 131         @SuppressWarnings("unchecked")
 132         protected static Class<? extends Principal> getPrincipalClass(
 133                         ClassLoader cl, String className) {
 134                 try {
 135                         return (Class<? extends Principal>) cl.loadClass(className);
 136                 } catch (ClassNotFoundException e) {
 137                         throw new ArgeoException("Cannot load principal class", e);
 138                 }
 139         }
 140
 141         public Object getPrincipal() {
 142                 return getUser();
 143         }
 144
 145         public Principal getUser() {
 146                 Subject subject = getSubject();
 147                 Set<? extends Principal> userPrincipals = subject
 148                                 .getPrincipals(osUserPrincipalClass);
 149                 if (userPrincipals == null || userPrincipals.size() == 0)
 150                         throw new ArgeoException("No OS principal");
 151                 if (userPrincipals.size() > 1)
 152                         throw new ArgeoException("More than one OS principal");
 153                 Principal user = userPrincipals.iterator().next();
 154                 return user;
 155         }
 156
 157         public Principal getUserId() {
 158                 Subject subject = getSubject();
 159                 Set<? extends Principal> userIdsPrincipals = subject
 160                                 .getPrincipals(osUserIdPrincipalClass);
 161                 if (userIdsPrincipals == null || userIdsPrincipals.size() == 0)
 162                         throw new ArgeoException("No user id principal");
 163                 if (userIdsPrincipals.size() > 1)
 164                         throw new ArgeoException("More than one user id principal");
 165                 Principal userId = userIdsPrincipals.iterator().next();
 166                 return userId;
 167         }
 168
 169         public Set<? extends Principal> getGroupsIds() {
 170                 Subject subject = getSubject();
 171                 return (Set<? extends Principal>) subject
 172                                 .getPrincipals(osGroupIdPrincipalClass);
 173         }
 174
 175         /** @return the subject always non null */
 176         protected Subject getSubject() {
 177                 Subject subject = Subject.getSubject(AccessController.getContext());
 178                 if (subject == null)
 179                         throw new ArgeoException("No subject in JAAS context");
 180                 return subject;
 181         }
 182
 183         public Object getCredentials() {
 184                 return "";
 185         }
 186
 187 }