]> git.argeo.org Git - lgpl/argeo-commons.git/blob - OsAuthenticationToken.java
projects / lgpl / argeo-commons.git / blob


61ec539c610f08290ae093b423f8eb000ad735c6
[lgpl/argeo-commons.git] / OsAuthenticationToken.java
1 package org.argeo.security;
2
3 import java.security.AccessController;
4 import java.security.Principal;
5 import java.util.ArrayList;
6 import java.util.Arrays;
7 import java.util.List;
8 import java.util.Set;
9
10 import javax.security.auth.Subject;
11
12 import org.argeo.ArgeoException;
13 import org.argeo.OperatingSystem;
14 import org.springframework.security.Authentication;
15 import org.springframework.security.GrantedAuthority;
16 import org.springframework.security.GrantedAuthorityImpl;
17 import org.springframework.security.userdetails.UserDetails;
18
19 /** Abstracts principals provided by com.sun.security.auth.module login modules. */
20 public class OsAuthenticationToken implements Authentication {
21 private static final long serialVersionUID = -7544626794250917244L;
22
23 final Class<? extends Principal> osUserPrincipalClass;
24 final Class<? extends Principal> osUserIdPrincipalClass;
25 final Class<? extends Principal> osGroupIdPrincipalClass;
26
27 private List<GrantedAuthority> grantedAuthorities;
28
29 private UserDetails details;
30
31 /** Request */
32 public OsAuthenticationToken(GrantedAuthority[] grantedAuthorities) {
33 this.grantedAuthorities = grantedAuthorities != null ? Arrays
34 .asList(grantedAuthorities) : null;
35 ClassLoader cl = getClass().getClassLoader();
36 switch (OperatingSystem.os) {
37 case OperatingSystem.WINDOWS:
38 osUserPrincipalClass = getPrincipalClass(cl,
39 "com.sun.security.auth.NTUserPrincipal");
40 osUserIdPrincipalClass = getPrincipalClass(cl,
41 "com.sun.security.auth.NTSidUserPrincipal");
42 osGroupIdPrincipalClass = getPrincipalClass(cl,
43 "com.sun.security.auth.NTSidGroupPrincipal");
44 break;
45 case OperatingSystem.NIX:
46 osUserPrincipalClass = getPrincipalClass(cl,
47 "com.sun.security.auth.UnixPrincipal");
48 osUserIdPrincipalClass = getPrincipalClass(cl,
49 "com.sun.security.auth.UnixNumericUserPrincipal");
50 osGroupIdPrincipalClass = getPrincipalClass(cl,
51 "com.sun.security.auth.UnixNumericGroupPrincipal");
52 break;
53 case OperatingSystem.SOLARIS:
54 osUserPrincipalClass = getPrincipalClass(cl,
55 "com.sun.security.auth.SolarisPrincipal");
56 osUserIdPrincipalClass = getPrincipalClass(cl,
57 "com.sun.security.auth.SolarisNumericUserPrincipal");
58 osGroupIdPrincipalClass = getPrincipalClass(cl,
59 "com.sun.security.auth.SolarisNumericGroupPrincipal");
60 break;
61
62 default:
63 throw new ArgeoException("Unsupported operating system "
64 + OperatingSystem.os);
65 }
66
67 }
68
69 /** Authenticated */
70 public OsAuthenticationToken() {
71 this(null);
72 }
73
74 public String getName() {
75 return getUser().getName();
76 }
77
78 /**
79 * Should not be called during authentication since group IDs are not yet
80 * available {@link Subject} has been set
81 */
82 public GrantedAuthority[] getAuthorities() {
83 // grantedAuthorities should not be null at this stage
84 List<GrantedAuthority> gas = new ArrayList<GrantedAuthority>(
85 grantedAuthorities);
86 for (Principal groupPrincipal : getGroupsIds()) {
87 gas.add(new GrantedAuthorityImpl("OSGROUP_"
88 + groupPrincipal.getName()));
89 }
90 return gas.toArray(new GrantedAuthority[gas.size()]);
91 }
92
93 public UserDetails getDetails() {
94 return details;
95 }
96
97 public void setDetails(UserDetails details) {
98 this.details = details;
99 }
100
101 public boolean isAuthenticated() {
102 return grantedAuthorities != null;
103 }
104
105 public void setAuthenticated(boolean isAuthenticated)
106 throws IllegalArgumentException {
107 if (grantedAuthorities != null)
108 grantedAuthorities.clear();
109 grantedAuthorities = null;
110 }
111
112 @SuppressWarnings("unchecked")
113 protected static Class<? extends Principal> getPrincipalClass(
114 ClassLoader cl, String className) {
115 try {
116 return (Class<? extends Principal>) cl.loadClass(className);
117 } catch (ClassNotFoundException e) {
118 throw new ArgeoException("Cannot load principal class", e);
119 }
120 }
121
122 public Object getPrincipal() {
123 return getUser();
124 }
125
126 public Principal getUser() {
127 Subject subject = getSubject();
128 Set<? extends Principal> userPrincipals = subject
129 .getPrincipals(osUserPrincipalClass);
130 if (userPrincipals == null || userPrincipals.size() == 0)
131 throw new ArgeoException("No OS principal");
132 if (userPrincipals.size() > 1)
133 throw new ArgeoException("More than one OS principal");
134 Principal user = userPrincipals.iterator().next();
135 return user;
136 }
137
138 public Principal getUserId() {
139 Subject subject = getSubject();
140 Set<? extends Principal> userIdsPrincipals = subject
141 .getPrincipals(osUserIdPrincipalClass);
142 if (userIdsPrincipals == null || userIdsPrincipals.size() == 0)
143 throw new ArgeoException("No user id principal");
144 if (userIdsPrincipals.size() > 1)
145 throw new ArgeoException("More than one user id principal");
146 Principal userId = userIdsPrincipals.iterator().next();
147 return userId;
148 }
149
150 public Set<? extends Principal> getGroupsIds() {
151 Subject subject = getSubject();
152 return (Set<? extends Principal>) subject
153 .getPrincipals(osGroupIdPrincipalClass);
154 }
155
156 /** @return the subject always non null */
157 protected Subject getSubject() {
158 Subject subject = Subject.getSubject(AccessController.getContext());
159 if (subject == null)
160 throw new ArgeoException("No subject in JAAS context");
161 return subject;
162 }
163
164 public Object getCredentials() {
165 return "";
166 }
167
168 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi