Esempio n. 1
0
  /**
   * Get the username and password. This method does not return any value. Instead, it sets global
   * name and password variables.
   *
   * <p>Also note that this method will set the username and password values in the shared state in
   * case subsequent LoginModules want to use them via use/tryFirstPass.
   *
   * @param getPasswdFromSharedState boolean that tells this method whether to retrieve the password
   *     from the sharedState.
   * @exception LoginException if the username/password cannot be acquired.
   */
  private void getUsernamePassword(boolean getPasswdFromSharedState) throws LoginException {

    if (getPasswdFromSharedState) {
      // use the password saved by the first module in the stack
      username = (String) sharedState.get(USERNAME_KEY);
      password = (char[]) sharedState.get(PASSWORD_KEY);
      return;
    }

    // prompt for a username and password
    if (callbackHandler == null)
      throw new LoginException(
          "No CallbackHandler available " + "to acquire authentication information from the user");

    Callback[] callbacks = new Callback[2];
    callbacks[0] = new NameCallback(rb.getString("username: "******"password: "******"Error: "
              + uce.getCallback().toString()
              + " not available to acquire authentication information"
              + " from the user");
    }
  }
  /**
   * Authenticate the user by prompting for the SSO Session Identifier assigned by the SSO Gateway
   * on logon.
   *
   * <p>This method obtains from the gateway, using the provided session identifier, the user
   * associated with such session identifier. Only the NameCallBack is used, since its not a
   * user/password pair but only one value containing the session identifier. Any other callback
   * type is ignored.
   *
   * @return true in all cases since this LoginModule should not be ignored.
   * @exception javax.security.auth.login.FailedLoginException if the authentication fails.
   * @exception javax.security.auth.login.LoginException if this LoginModule is unable to perform
   *     the authentication.
   */
  public boolean login() throws LoginException {

    if (_callbackHandler == null)
      throw new LoginException(
          "Error: no CallbackHandler available "
              + "to garner authentication information from the user");

    Callback[] callbacks = new Callback[4];

    // Just ask for the session identifier
    callbacks[0] = new NameCallback("ssoSessionId");
    callbacks[1] = new PasswordCallback("password", false);
    callbacks[2] = new NameCallback("appID");
    callbacks[3] = new NameCallback("nodeID");

    String ssoSessionId;
    String ssoSessionId2 = null;
    try {
      _callbackHandler.handle(callbacks);
      ssoSessionId = ((NameCallback) callbacks[0]).getName();
      if (((PasswordCallback) callbacks[1]).getPassword() != null)
        ssoSessionId2 = String.valueOf(((PasswordCallback) callbacks[1]).getPassword());

      _requester = ((NameCallback) callbacks[2]).getName();
      _nodeId = ((NameCallback) callbacks[3]).getName();

    } catch (java.io.IOException ioe) {
      throw new LoginException(ioe.toString());
    } catch (UnsupportedCallbackException uce) {
      throw new LoginException(
          "Error: "
              + uce.getCallback().toString()
              + " not available to garner authentication information "
              + "from the user");
    }

    logger.debug(
        "Requested authentication to gateway by "
            + _requester
            + " using sso session "
            + ssoSessionId
            + "/"
            + ssoSessionId2);

    try {

      if (ssoSessionId2 != null && !ssoSessionId2.equals(ssoSessionId))
        ssoSessionId = ssoSessionId2;

      // If no session is found, ignore this module.
      if (ssoSessionId == null) {
        logger.debug("Session authentication failed : " + ssoSessionId);
        _succeeded = false;
        return false;
      }

      _currentSSOSessionId = ssoSessionId;

      SSOUser ssoUser = null;
      SSOAgent agent = Lookup.getInstance().lookupSSOAgent();
      SSOIdentityManagerService im = agent.getSSOIdentityManager();

      if (_nodeId != null && !"".equals(_nodeId)) {
        im = agent.getSSOIdentityManager(_nodeId);
      }

      ssoUser = im.findUserInSession(_requester, ssoSessionId);

      logger.debug("Session authentication succeeded : " + ssoSessionId);
      _ssoUserPrincipal = ssoUser;
      _succeeded = true;

    } catch (SSOIdentityException e) {
      // Ignore this ... (user does not exist for this session)
      if (logger.isDebugEnabled()) logger.debug(e.getMessage());
      _succeeded = false;
      return false;

    } catch (Exception e) {
      logger.error("Session authentication failed : " + ssoSessionId, e);
      _succeeded = false;
      clearCredentials();
      throw new FailedLoginException("Fatal error authenticating session : " + e);
    }

    return true;
  }