]>
git.argeo.org Git - lgpl/argeo-commons.git/blob - org.argeo.security.core/src/org/argeo/security/OsAuthenticationToken.java
2 * Copyright (C) 2007-2012 Argeo GmbH
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
16 package org
.argeo
.security
;
18 import java
.security
.AccessController
;
19 import java
.security
.Principal
;
20 import java
.util
.ArrayList
;
21 import java
.util
.Collection
;
22 import java
.util
.List
;
25 import javax
.security
.auth
.Subject
;
27 import org
.argeo
.ArgeoException
;
28 import org
.argeo
.OperatingSystem
;
29 import org
.springframework
.security
.core
.Authentication
;
30 import org
.springframework
.security
.core
.GrantedAuthority
;
31 import org
.springframework
.security
.core
.authority
.SimpleGrantedAuthority
;
32 import org
.springframework
.security
.core
.userdetails
.UserDetails
;
34 /** Abstracts principals provided by com.sun.security.auth.module login modules. */
35 public class OsAuthenticationToken
implements Authentication
{
36 private static final long serialVersionUID
= -7544626794250917244L;
38 final Class
<?
extends Principal
> osUserPrincipalClass
;
39 final Class
<?
extends Principal
> osUserIdPrincipalClass
;
40 final Class
<?
extends Principal
> osGroupIdPrincipalClass
;
42 private List
<GrantedAuthority
> grantedAuthorities
;
44 private UserDetails details
;
47 public OsAuthenticationToken(
48 Collection
<?
extends GrantedAuthority
> authorities
) {
49 this.grantedAuthorities
= new ArrayList
<GrantedAuthority
>(authorities
);
50 ClassLoader cl
= getClass().getClassLoader();
51 switch (OperatingSystem
.os
) {
52 case OperatingSystem
.WINDOWS
:
53 osUserPrincipalClass
= getPrincipalClass(cl
,
54 "com.sun.security.auth.NTUserPrincipal");
55 osUserIdPrincipalClass
= getPrincipalClass(cl
,
56 "com.sun.security.auth.NTSidUserPrincipal");
57 osGroupIdPrincipalClass
= getPrincipalClass(cl
,
58 "com.sun.security.auth.NTSidGroupPrincipal");
60 case OperatingSystem
.NIX
:
61 osUserPrincipalClass
= getPrincipalClass(cl
,
62 "com.sun.security.auth.UnixPrincipal");
63 osUserIdPrincipalClass
= getPrincipalClass(cl
,
64 "com.sun.security.auth.UnixNumericUserPrincipal");
65 osGroupIdPrincipalClass
= getPrincipalClass(cl
,
66 "com.sun.security.auth.UnixNumericGroupPrincipal");
68 case OperatingSystem
.SOLARIS
:
69 osUserPrincipalClass
= getPrincipalClass(cl
,
70 "com.sun.security.auth.SolarisPrincipal");
71 osUserIdPrincipalClass
= getPrincipalClass(cl
,
72 "com.sun.security.auth.SolarisNumericUserPrincipal");
73 osGroupIdPrincipalClass
= getPrincipalClass(cl
,
74 "com.sun.security.auth.SolarisNumericGroupPrincipal");
78 throw new ArgeoException("Unsupported operating system "
79 + OperatingSystem
.os
);
85 public OsAuthenticationToken() {
86 this(new ArrayList
<GrantedAuthority
>());
89 /** @return the name, or null if not yet logged */
90 public String
getName() {
91 Subject subject
= Subject
.getSubject(AccessController
.getContext());
94 return getUser().getName();
98 * Should not be called during authentication since group IDs are not yet
99 * available {@link Subject} has been set
101 public Collection
<?
extends GrantedAuthority
> getAuthorities() {
102 // grantedAuthorities should not be null at this stage
103 List
<GrantedAuthority
> gas
= new ArrayList
<GrantedAuthority
>(
105 for (Principal groupPrincipal
: getGroupsIds()) {
106 gas
.add(new SimpleGrantedAuthority("OSGROUP_"
107 + groupPrincipal
.getName()));
112 public UserDetails
getDetails() {
116 public void setDetails(UserDetails details
) {
117 this.details
= details
;
120 public boolean isAuthenticated() {
121 return grantedAuthorities
!= null;
124 public void setAuthenticated(boolean isAuthenticated
)
125 throws IllegalArgumentException
{
126 if (grantedAuthorities
!= null)
127 grantedAuthorities
.clear();
128 grantedAuthorities
= null;
131 @SuppressWarnings("unchecked")
132 protected static Class
<?
extends Principal
> getPrincipalClass(
133 ClassLoader cl
, String className
) {
135 return (Class
<?
extends Principal
>) cl
.loadClass(className
);
136 } catch (ClassNotFoundException e
) {
137 throw new ArgeoException("Cannot load principal class", e
);
141 public Object
getPrincipal() {
145 public Principal
getUser() {
146 Subject subject
= getSubject();
147 Set
<?
extends Principal
> userPrincipals
= subject
148 .getPrincipals(osUserPrincipalClass
);
149 if (userPrincipals
== null || userPrincipals
.size() == 0)
150 throw new ArgeoException("No OS principal");
151 if (userPrincipals
.size() > 1)
152 throw new ArgeoException("More than one OS principal");
153 Principal user
= userPrincipals
.iterator().next();
157 public Principal
getUserId() {
158 Subject subject
= getSubject();
159 Set
<?
extends Principal
> userIdsPrincipals
= subject
160 .getPrincipals(osUserIdPrincipalClass
);
161 if (userIdsPrincipals
== null || userIdsPrincipals
.size() == 0)
162 throw new ArgeoException("No user id principal");
163 if (userIdsPrincipals
.size() > 1)
164 throw new ArgeoException("More than one user id principal");
165 Principal userId
= userIdsPrincipals
.iterator().next();
169 public Set
<?
extends Principal
> getGroupsIds() {
170 Subject subject
= getSubject();
171 return (Set
<?
extends Principal
>) subject
172 .getPrincipals(osGroupIdPrincipalClass
);
175 /** @return the subject always non null */
176 protected Subject
getSubject() {
177 Subject subject
= Subject
.getSubject(AccessController
.getContext());
179 throw new ArgeoException("No subject in JAAS context");
183 public Object
getCredentials() {