/**
* Get the username and password. This method does not return any value. Instead, it sets global
* name and password variables.
*
* <p>Also note that this method will set the username and password values in the shared state in
* case subsequent LoginModules want to use them via use/tryFirstPass.
*
* @param getPasswdFromSharedState boolean that tells this method whether to retrieve the password
* from the sharedState.
* @exception LoginException if the username/password cannot be acquired.
*/
private void getUsernamePassword(boolean getPasswdFromSharedState) throws LoginException {
if (getPasswdFromSharedState) {
// use the password saved by the first module in the stack
username = (String) sharedState.get(USERNAME_KEY);
password = (char[]) sharedState.get(PASSWORD_KEY);
return;
}
// prompt for a username and password
if (callbackHandler == null)
throw new LoginException(
"No CallbackHandler available " + "to acquire authentication information from the user");
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback(rb.getString("username: "******"password: "******"Error: "
+ uce.getCallback().toString()
+ " not available to acquire authentication information"
+ " from the user");
}
}
/**
* Authenticate the user by prompting for the SSO Session Identifier assigned by the SSO Gateway
* on logon.
*
* <p>This method obtains from the gateway, using the provided session identifier, the user
* associated with such session identifier. Only the NameCallBack is used, since its not a
* user/password pair but only one value containing the session identifier. Any other callback
* type is ignored.
*
* @return true in all cases since this LoginModule should not be ignored.
* @exception javax.security.auth.login.FailedLoginException if the authentication fails.
* @exception javax.security.auth.login.LoginException if this LoginModule is unable to perform
* the authentication.
*/
public boolean login() throws LoginException {
if (_callbackHandler == null)
throw new LoginException(
"Error: no CallbackHandler available "
+ "to garner authentication information from the user");
Callback[] callbacks = new Callback[4];
// Just ask for the session identifier
callbacks[0] = new NameCallback("ssoSessionId");
callbacks[1] = new PasswordCallback("password", false);
callbacks[2] = new NameCallback("appID");
callbacks[3] = new NameCallback("nodeID");
String ssoSessionId;
String ssoSessionId2 = null;
try {
_callbackHandler.handle(callbacks);
ssoSessionId = ((NameCallback) callbacks[0]).getName();
if (((PasswordCallback) callbacks[1]).getPassword() != null)
ssoSessionId2 = String.valueOf(((PasswordCallback) callbacks[1]).getPassword());
_requester = ((NameCallback) callbacks[2]).getName();
_nodeId = ((NameCallback) callbacks[3]).getName();
} catch (java.io.IOException ioe) {
throw new LoginException(ioe.toString());
} catch (UnsupportedCallbackException uce) {
throw new LoginException(
"Error: "
+ uce.getCallback().toString()
+ " not available to garner authentication information "
+ "from the user");
}
logger.debug(
"Requested authentication to gateway by "
+ _requester
+ " using sso session "
+ ssoSessionId
+ "/"
+ ssoSessionId2);
try {
if (ssoSessionId2 != null && !ssoSessionId2.equals(ssoSessionId))
ssoSessionId = ssoSessionId2;
// If no session is found, ignore this module.
if (ssoSessionId == null) {
logger.debug("Session authentication failed : " + ssoSessionId);
_succeeded = false;
return false;
}
_currentSSOSessionId = ssoSessionId;
SSOUser ssoUser = null;
SSOAgent agent = Lookup.getInstance().lookupSSOAgent();
SSOIdentityManagerService im = agent.getSSOIdentityManager();
if (_nodeId != null && !"".equals(_nodeId)) {
im = agent.getSSOIdentityManager(_nodeId);
}
ssoUser = im.findUserInSession(_requester, ssoSessionId);
logger.debug("Session authentication succeeded : " + ssoSessionId);
_ssoUserPrincipal = ssoUser;
_succeeded = true;
} catch (SSOIdentityException e) {
// Ignore this ... (user does not exist for this session)
if (logger.isDebugEnabled()) logger.debug(e.getMessage());
_succeeded = false;
return false;
} catch (Exception e) {
logger.error("Session authentication failed : " + ssoSessionId, e);
_succeeded = false;
clearCredentials();
throw new FailedLoginException("Fatal error authenticating session : " + e);
}
return true;
}