+++ /dev/null
-/*
- * Copyright (C) 2007-2012 Argeo GmbH
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.argeo.security;
-
-import java.security.AccessController;
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.List;
-import java.util.Set;
-
-import javax.security.auth.Subject;
-
-import org.argeo.ArgeoException;
-import org.argeo.OperatingSystem;
-import org.springframework.security.Authentication;
-import org.springframework.security.GrantedAuthority;
-import org.springframework.security.GrantedAuthorityImpl;
-import org.springframework.security.userdetails.UserDetails;
-
-/** Abstracts principals provided by com.sun.security.auth.module login modules. */
-public class OsAuthenticationToken implements Authentication {
- private static final long serialVersionUID = -7544626794250917244L;
-
- final Class<? extends Principal> osUserPrincipalClass;
- final Class<? extends Principal> osUserIdPrincipalClass;
- final Class<? extends Principal> osGroupIdPrincipalClass;
-
- private List<GrantedAuthority> grantedAuthorities;
-
- private UserDetails details;
-
- /** Request */
- public OsAuthenticationToken(GrantedAuthority[] grantedAuthorities) {
- this.grantedAuthorities = grantedAuthorities != null ? Arrays
- .asList(grantedAuthorities) : null;
- ClassLoader cl = getClass().getClassLoader();
- switch (OperatingSystem.os) {
- case OperatingSystem.WINDOWS:
- osUserPrincipalClass = getPrincipalClass(cl,
- "com.sun.security.auth.NTUserPrincipal");
- osUserIdPrincipalClass = getPrincipalClass(cl,
- "com.sun.security.auth.NTSidUserPrincipal");
- osGroupIdPrincipalClass = getPrincipalClass(cl,
- "com.sun.security.auth.NTSidGroupPrincipal");
- break;
- case OperatingSystem.NIX:
- osUserPrincipalClass = getPrincipalClass(cl,
- "com.sun.security.auth.UnixPrincipal");
- osUserIdPrincipalClass = getPrincipalClass(cl,
- "com.sun.security.auth.UnixNumericUserPrincipal");
- osGroupIdPrincipalClass = getPrincipalClass(cl,
- "com.sun.security.auth.UnixNumericGroupPrincipal");
- break;
- case OperatingSystem.SOLARIS:
- osUserPrincipalClass = getPrincipalClass(cl,
- "com.sun.security.auth.SolarisPrincipal");
- osUserIdPrincipalClass = getPrincipalClass(cl,
- "com.sun.security.auth.SolarisNumericUserPrincipal");
- osGroupIdPrincipalClass = getPrincipalClass(cl,
- "com.sun.security.auth.SolarisNumericGroupPrincipal");
- break;
-
- default:
- throw new ArgeoException("Unsupported operating system "
- + OperatingSystem.os);
- }
-
- }
-
- /** Authenticated */
- public OsAuthenticationToken() {
- this(null);
- }
-
- /** @return the name, or null if not yet logged */
- public String getName() {
- Subject subject = Subject.getSubject(AccessController.getContext());
- if (subject == null)
- return null;
- return getUser().getName();
- }
-
- /**
- * Should not be called during authentication since group IDs are not yet
- * available {@link Subject} has been set
- */
- public GrantedAuthority[] getAuthorities() {
- // grantedAuthorities should not be null at this stage
- List<GrantedAuthority> gas = new ArrayList<GrantedAuthority>(
- grantedAuthorities);
- for (Principal groupPrincipal : getGroupsIds()) {
- gas.add(new GrantedAuthorityImpl("OSGROUP_"
- + groupPrincipal.getName()));
- }
- return gas.toArray(new GrantedAuthority[gas.size()]);
- }
-
- public UserDetails getDetails() {
- return details;
- }
-
- public void setDetails(UserDetails details) {
- this.details = details;
- }
-
- public boolean isAuthenticated() {
- return grantedAuthorities != null;
- }
-
- public void setAuthenticated(boolean isAuthenticated)
- throws IllegalArgumentException {
- if (grantedAuthorities != null)
- grantedAuthorities.clear();
- grantedAuthorities = null;
- }
-
- @SuppressWarnings("unchecked")
- protected static Class<? extends Principal> getPrincipalClass(
- ClassLoader cl, String className) {
- try {
- return (Class<? extends Principal>) cl.loadClass(className);
- } catch (ClassNotFoundException e) {
- throw new ArgeoException("Cannot load principal class", e);
- }
- }
-
- public Object getPrincipal() {
- return getUser();
- }
-
- public Principal getUser() {
- Subject subject = getSubject();
- Set<? extends Principal> userPrincipals = subject
- .getPrincipals(osUserPrincipalClass);
- if (userPrincipals == null || userPrincipals.size() == 0)
- throw new ArgeoException("No OS principal");
- if (userPrincipals.size() > 1)
- throw new ArgeoException("More than one OS principal");
- Principal user = userPrincipals.iterator().next();
- return user;
- }
-
- public Principal getUserId() {
- Subject subject = getSubject();
- Set<? extends Principal> userIdsPrincipals = subject
- .getPrincipals(osUserIdPrincipalClass);
- if (userIdsPrincipals == null || userIdsPrincipals.size() == 0)
- throw new ArgeoException("No user id principal");
- if (userIdsPrincipals.size() > 1)
- throw new ArgeoException("More than one user id principal");
- Principal userId = userIdsPrincipals.iterator().next();
- return userId;
- }
-
- public Set<? extends Principal> getGroupsIds() {
- Subject subject = getSubject();
- return (Set<? extends Principal>) subject
- .getPrincipals(osGroupIdPrincipalClass);
- }
-
- /** @return the subject always non null */
- protected Subject getSubject() {
- Subject subject = Subject.getSubject(AccessController.getContext());
- if (subject == null)
- throw new ArgeoException("No subject in JAAS context");
- return subject;
- }
-
- public Object getCredentials() {
- return "";
- }
-
-}