View Javadoc
1   /*
2    * Copyright 2005-2010 the original author or authors.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.springframework.ws.soap.security.xwss.callback.jaas;
18  
19  import javax.security.auth.Subject;
20  import javax.security.auth.callback.Callback;
21  import javax.security.auth.callback.NameCallback;
22  import javax.security.auth.callback.PasswordCallback;
23  import javax.security.auth.callback.UnsupportedCallbackException;
24  import javax.security.auth.login.LoginContext;
25  import javax.security.auth.login.LoginException;
26  
27  import com.sun.xml.wss.impl.callback.PasswordValidationCallback;
28  
29  import org.springframework.ws.soap.security.callback.AbstractCallbackHandler;
30  
31  /**
32   * Provides basic support for integrating with JAAS and plain text passwords.
33   * <p/>
34   * This class only handles <code>PasswordValidationCallback</code>s that contain a
35   * <code>PlainTextPasswordRequest</code>, and throws an <code>UnsupportedCallbackException</code> for others.
36   *
37   * @author Arjen Poutsma
38   * @see #getLoginContextName()
39   * @since 1.0.0
40   */
41  public class JaasPlainTextPasswordValidationCallbackHandler extends AbstractJaasValidationCallbackHandler {
42  
43      /**
44       * Handles <code>PasswordValidationCallback</code>s that contain a <code>PlainTextPasswordRequest</code>, and throws
45       * an <code>UnsupportedCallbackException</code> for others.
46       *
47       * @throws UnsupportedCallbackException when the callback is not supported
48       */
49      @Override
50      protected final void handleInternal(Callback callback) throws UnsupportedCallbackException {
51          if (callback instanceof PasswordValidationCallback) {
52              PasswordValidationCallback validationCallback = (PasswordValidationCallback) callback;
53              if (validationCallback.getRequest() instanceof PasswordValidationCallback.PlainTextPasswordRequest) {
54                  validationCallback.setValidator(new JaasPlainTextPasswordValidator());
55                  return;
56              }
57          }
58          throw new UnsupportedCallbackException(callback);
59      }
60  
61      private class JaasPlainTextPasswordValidator implements PasswordValidationCallback.PasswordValidator {
62  
63          public boolean validate(PasswordValidationCallback.Request request)
64                  throws PasswordValidationCallback.PasswordValidationException {
65              PasswordValidationCallback.PlainTextPasswordRequest plainTextRequest =
66                      (PasswordValidationCallback.PlainTextPasswordRequest) request;
67  
68              final String username = plainTextRequest.getUsername();
69              final String password = plainTextRequest.getPassword();
70  
71              LoginContext loginContext;
72              try {
73                  loginContext = new LoginContext(getLoginContextName(), new AbstractCallbackHandler() {
74  
75                      @Override
76                      protected void handleInternal(Callback callback) throws UnsupportedCallbackException {
77                          if (callback instanceof NameCallback) {
78                              ((NameCallback) callback).setName(username);
79                          }
80                          else if (callback instanceof PasswordCallback) {
81                              ((PasswordCallback) callback).setPassword(password.toCharArray());
82                          }
83                          else {
84                              throw new UnsupportedCallbackException(callback);
85                          }
86                      }
87                  });
88              }
89              catch (LoginException ex) {
90                  throw new PasswordValidationCallback.PasswordValidationException(ex);
91              }
92              catch (SecurityException ex) {
93                  throw new PasswordValidationCallback.PasswordValidationException(ex);
94              }
95  
96              try {
97                  loginContext.login();
98                  Subject subject = loginContext.getSubject();
99                  if (!subject.getPrincipals().isEmpty()) {
100                     if (logger.isDebugEnabled()) {
101                         logger.debug("Authentication request for user '" + username + "' successful");
102                     }
103                     return true;
104                 }
105                 else {
106                     if (logger.isDebugEnabled()) {
107                         logger.debug("Authentication request for user '" + username + "' failed");
108                     }
109                     return false;
110                 }
111             }
112             catch (LoginException ex) {
113                 if (logger.isDebugEnabled()) {
114                     logger.debug("Authentication request for user '" + username + "' failed");
115                 }
116                 return false;
117             }
118         }
119 
120 
121     }
122 }
123