1. /*

  2.  * @(#)LoginContext.java	1.94 03/01/23

  3.  *

  4.  * Copyright 2003 Sun Microsystems, Inc. All rights reserved.

  5.  * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.

  6.  */

  7. 

  8. package javax.security.auth.login;

  9. 

  10. import java.lang.reflect.Constructor;

  11. import java.lang.reflect.Method;

  12. import java.lang.reflect.InvocationTargetException;

  13. import java.util.LinkedList;

  14. import java.util.Map;

  15. import java.util.HashMap;

  16. import java.text.MessageFormat;

  17. import javax.security.auth.Subject;

  18. import javax.security.auth.AuthPermission;

  19. import javax.security.auth.callback.*;

  20. import java.security.AccessController;

  21. import java.security.AccessControlContext;

  22. import sun.security.util.ResourcesMgr;

  23. 

  24. /**

  25.  * <p> The <code>LoginContext</code> class describes the basic methods used

  26.  * to authenticate Subjects and provides a way to develop an

  27.  * application independent of the underlying authentication technology.

  28.  * A <code>Configuration</code> specifies the authentication technology, or

  29.  * <code>LoginModule</code>, to be used with a particular application.

  30.  * Therefore, different LoginModules can be plugged in under an application

  31.  * without requiring any modifications to the application itself.

  32.  *

  33.  * <p> In addition to supporting <i>pluggable</i> authentication, this class

  34.  * also supports the notion of <i>stacked</i> authentication.  In other words,

  35.  * an application may be configured to use more than one

  36.  * <code>LoginModule</code>.  For example, one could

  37.  * configure both a Kerberos <code>LoginModule</code> and a smart card

  38.  * <code>LoginModule</code> under an application.

  39.  *

  40.  * <p> A typical caller instantiates this class and passes in

  41.  * a <i>name</i> and a <code>CallbackHandler</code>.

  42.  * <code>LoginContext</code> uses the <i>name</i> as the index into the

  43.  * <code>Configuration</code> to determine which LoginModules should be used,

  44.  * and which ones must succeed in order for the overall authentication to

  45.  * succeed.  The <code>CallbackHandler</code> is passed to the underlying

  46.  * LoginModules so they may communicate and interact with users

  47.  * (prompting for a username and password via a graphical user interface,

  48.  * for example).

  49.  *

  50.  * <p> Once the caller has instantiated a <code>LoginContext</code>,

  51.  * it invokes the <code>login</code> method to authenticate

  52.  * a <code>Subject</code>.  This <code>login</code> method invokes the

  53.  * <code>login</code> method from each of the LoginModules configured for

  54.  * the <i>name</i> specified by the caller.  Each <code>LoginModule</code>

  55.  * then performs its respective type of authentication (username/password,

  56.  * smart card pin verification, etc.).  Note that the LoginModules will not

  57.  * attempt authentication retries or introduce delays if the authentication

  58.  * fails.  Such tasks belong to the caller.

  59.  *

  60.  * <p> Regardless of whether or not the overall authentication succeeded,

  61.  * this <code>login</code> method completes a 2-phase authentication process

  62.  * by then calling either the <code>commit</code> method or the

  63.  * <code>abort</code> method for each of the configured LoginModules.

  64.  * The <code>commit</code> method for each <code>LoginModule</code>

  65.  * gets invoked if the overall authentication succeeded,

  66.  * whereas the <code>abort</code> method for each <code>LoginModule</code>

  67.  * gets invoked if the overall authentication failed.

  68.  * Each successful LoginModule's <code>commit</code>

  69.  * method associates the relevant Principals (authenticated identities)

  70.  * and Credentials (authentication data such as cryptographic keys)

  71.  * with the <code>Subject</code>.  Each LoginModule's <code>abort</code>

  72.  * method cleans up or removes/destroys any previously stored authentication

  73.  * state.

  74.  *

  75.  * <p> If the <code>login</code> method returns without

  76.  * throwing an exception, then the overall authentication succeeded.

  77.  * The caller can then retrieve

  78.  * the newly authenticated <code>Subject</code> by invoking the

  79.  * <code>getSubject</code> method.  Principals and Credentials associated

  80.  * with the <code>Subject</code> may be retrieved by invoking the Subject's

  81.  * respective <code>getPrincipals</code>, <code>getPublicCredentials</code>,

  82.  * and <code>getPrivateCredentials</code> methods.

  83.  *

  84.  * <p> To logout the <code>Subject</code>, the caller simply needs to

  85.  * invoke the <code>logout</code> method.  As with the <code>login</code>

  86.  * method, this <code>logout</code> method invokes the <code>logout</code>

  87.  * method for each <code>LoginModule</code> configured for this

  88.  * <code>LoginContext</code>.  Each LoginModule's <code>logout</code>

  89.  * method cleans up state and removes/destroys Principals and Credentials

  90.  * from the <code>Subject</code> as appropriate.

  91.  * 

  92.  * <p> Each of the configured LoginModules invoked by the

  93.  * <code>LoginContext</code> is initialized with a

  94.  * <code>Subject</code> to be authenticated, a <code>CallbackHandler</code>

  95.  * used to communicate with users, shared <code>LoginModule</code> state,

  96.  * and LoginModule-specific options.  If the <code>LoginContext</code>

  97.  * was not provided a <code>Subject</code> then it instantiates one itself.

  98.  *

  99.  * <p> Each <code>LoginModule</code>

  100.  * which successfully authenticates a user updates the <code>Subject</code>

  101.  * with the relevant user information (Principals and Credentials).

  102.  * This <code>Subject</code> can then be returned via the

  103.  * <code>getSubject</code> method from the <code>LoginContext</code> class

  104.  * if the overall authentication succeeds.  Note that LoginModules are always

  105.  * invoked from within an <code>AccessController.doPrivileged</code> call.

  106.  * Therefore, although LoginModules that perform security-sensitive tasks

  107.  * (such as connecting to remote hosts) need to be granted the relevant

  108.  * Permissions in the security <code>Policy</code>, the callers of the

  109.  * LoginModules do not require those Permissions.

  110.  * 

  111.  * <p> A <code>LoginContext</code> supports authentication retries 

  112.  * by the calling application.  For example, a LoginContext's

  113.  * <code>login</code> method may be invoked multiple times

  114.  * if the user incorrectly types in a password.  However, a

  115.  * <code>LoginContext</code> should not be used to authenticate

  116.  * more than one <code>Subject</code>.  A separate <code>LoginContext</code>

  117.  * should be used to authenticate each different <code>Subject</code>.

  118.  * 

  119.  * <p> Multiple calls into the same <code>LoginContext</code> 

  120.  * do not affect the <code>LoginModule</code> state, or the

  121.  * LoginModule-specific options.

  122.  * 

  123.  * @version 1.94, 01/23/03

  124.  * @see javax.security.auth.Subject

  125.  * @see javax.security.auth.callback.CallbackHandler

  126.  * @see javax.security.auth.login.Configuration

  127.  * @see javax.security.auth.spi.LoginModule

  128.  */

  129. public class LoginContext {

  130. 

  131.     private static final String INIT_METHOD		= "initialize";

  132.     private static final String LOGIN_METHOD		= "login";

  133.     private static final String COMMIT_METHOD		= "commit";

  134.     private static final String ABORT_METHOD		= "abort";

  135.     private static final String LOGOUT_METHOD		= "logout";

  136.     private static final String OTHER			= "other";

  137.     private static final String DEFAULT_HANDLER		=

  138. 				"auth.login.defaultCallbackHandler";

  139.     private Subject subject = null;

  140.     private boolean subjectProvided = false;

  141.     private boolean loginSucceeded = false;

  142.     private CallbackHandler callbackHandler;

  143.     private Map state = new HashMap();

  144. 

  145.     private Configuration config;

  146.     private ModuleInfo[] moduleStack;

  147.     private ClassLoader contextClassLoader = null;

  148.     private static final Class[] PARAMS = { };

  149. 

  150.     private static final sun.security.util.Debug debug =

  151. 	sun.security.util.Debug.getInstance("logincontext", "\t[LoginContext]");

  152. 

  153.     private void init(String name) throws LoginException {

  154. 

  155. 	java.lang.SecurityManager sm = System.getSecurityManager();

  156. 	if (sm != null) {

  157. 	    sm.checkPermission(new AuthPermission

  158. 				("createLoginContext." + name));

  159. 	}

  160. 

  161. 	if (name == null)

  162. 	    throw new LoginException

  163. 		(ResourcesMgr.getString("Invalid null input: name"));

  164. 

  165. 	// get the Configuration

  166. 	if (config == null) {

  167. 	    config = (Configuration)java.security.AccessController.doPrivileged

  168. 		(new java.security.PrivilegedAction() {

  169. 		public Object run() {	

  170. 		    return Configuration.getConfiguration();

  171. 		}

  172. 	    });

  173. 	}

  174. 

  175. 	// get the LoginModules configured for this application

  176. 	AppConfigurationEntry[] entries = config.getAppConfigurationEntry(name);

  177. 	if (entries == null) {

  178. 

  179. 	    if (sm != null) {

  180. 		sm.checkPermission(new AuthPermission

  181. 				("createLoginContext." + OTHER));

  182. 	    }

  183. 

  184. 	    entries = config.getAppConfigurationEntry(OTHER);

  185. 	    if (entries == null) {

  186. 		MessageFormat form = new MessageFormat(ResourcesMgr.getString

  187. 			("No LoginModules configured for name"));

  188. 		Object[] source = {name};

  189. 		throw new LoginException(form.format(source));

  190. 	    }

  191. 	}

  192. 	moduleStack = new ModuleInfo[entries.length];

  193. 	for (int i = 0; i < entries.length; i++) {

  194. 	    // clone returned array

  195. 	    moduleStack[i] = new ModuleInfo

  196. 				(new AppConfigurationEntry

  197. 					(entries[i].getLoginModuleName(),

  198. 					entries[i].getControlFlag(),

  199. 					entries[i].getOptions()),

  200. 				null);

  201. 	}

  202. 

  203. 

  204. 	contextClassLoader =

  205. 		(ClassLoader)java.security.AccessController.doPrivileged

  206. 		(new java.security.PrivilegedAction() {

  207. 		public Object run() {	

  208. 		    return Thread.currentThread().getContextClassLoader();

  209. 		}

  210. 	});

  211.     }

  212. 

  213.     private void loadDefaultCallbackHandler() throws LoginException {

  214. 

  215. 	// get the default handler class

  216. 	try {

  217. 

  218. 	    final ClassLoader finalLoader = contextClassLoader;

  219. 

  220. 	    this.callbackHandler = (CallbackHandler)

  221. 		java.security.AccessController.doPrivileged

  222. 		(new java.security.PrivilegedExceptionAction() {

  223. 		public Object run() throws Exception {

  224. 		    String defaultHandler = java.security.Security.getProperty

  225. 			("auth.login.defaultCallbackHandler");

  226. 		    if (defaultHandler == null || defaultHandler.length() == 0)

  227. 			return null;

  228. 		    Class c = Class.forName(defaultHandler,

  229. 					true,

  230. 					finalLoader);

  231. 		    return c.newInstance();

  232. 		}

  233. 	    });

  234. 	} catch (java.security.PrivilegedActionException pae) {

  235. 	    throw new LoginException(pae.getException().toString());

  236. 	}

  237. 

  238. 	// secure it with the caller's ACC

  239. 	if (this.callbackHandler != null) {

  240. 	    this.callbackHandler = new SecureCallbackHandler

  241. 				(java.security.AccessController.getContext(),

  242. 				this.callbackHandler);

  243. 	}

  244.     }

  245. 

  246.     /**

  247.      * Constructor for the <code>LoginContext</code> class.

  248.      *

  249.      * <p> Initialize the new <code>LoginContext</code> object with a name.

  250.      * <code>LoginContext</code> uses the specified name as the index

  251.      * into the <code>Configuration</code> to determine which LoginModules

  252.      * should be used.  If the provided name does not match any in the

  253.      * <code>Configuration</code>, then the <code>LoginContext</code>

  254.      * uses the default <code>Configuration</code> entry, "<i>other</i>".

  255.      * If there is no <code>Configuration</code> entry for "<i>other</i>",

  256.      * then a <code>LoginException</code> is thrown.

  257.      *

  258.      * <p> This constructor does not allow for a <code>CallbackHandler</code>.

  259.      * If the <i>auth.login.defaultCallbackHandler</i> security property

  260.      * is set to the fully qualified name of a default

  261.      * <code>CallbackHandler</code> implementation class,

  262.      * then that <code>CallbackHandler</code> will be loaded and

  263.      * passed to the underlying LoginModules.  If the security property

  264.      * is not set, then the underlying LoginModules

  265.      * will not have a <code>CallbackHandler</code> for use in communicating

  266.      * with users.  The caller thus assumes that the configured

  267.      * LoginModules have alternative means for authenticating the user.

  268.      *

  269.      * <p> The <i>auth.login.defaultCallbackHandler</i> security property

  270.      * can be set in the Java security properties file located in the

  271.      * file named <JAVA_HOME>/lib/security/java.security,

  272.      * where <JAVA_HOME> refers to the directory where the SDK

  273.      * was installed.

  274.      *

  275.      * <p> Since no <code>Subject</code> can be specified to this constructor,

  276.      * it instantiates a <code>Subject</code> itself.

  277.      *

  278.      * <p>

  279.      *

  280.      * @param name the name used as the index into the

  281.      *		<code>Configuration</code>.

  282.      *

  283.      * @exception LoginException if the specified <code>name</code>

  284.      *		does not appear in the <code>Configuration</code>

  285.      *		and there is no <code>Configuration</code> entry

  286.      *		for "<i>other</i>", or if the

  287.      *		<i>auth.login.defaultCallbackHandler</i>

  288.      *		security property was set, but the implementation

  289.      *		class could not be loaded.

  290.      */

  291.     public LoginContext(String name) throws LoginException {

  292. 	init(name);

  293. 	loadDefaultCallbackHandler();

  294.     }

  295. 

  296.     /**

  297.      * Constructor for the <code>LoginContext</code> class.

  298.      *

  299.      * <p> Initialize the new <code>LoginContext</code> object with a name

  300.      * and a <code>Subject</code> object.

  301.      *

  302.      * <p> <code>LoginContext</code> uses the name as the index

  303.      * into the <code>Configuration</code> to determine which LoginModules

  304.      * should be used.  If the provided name does not match any in the

  305.      * <code>Configuration</code>, then the <code>LoginContext</code>

  306.      * uses the default <code>Configuration</code> entry, "<i>other</i>".

  307.      * If there is no <code>Configuration</code> entry for "<i>other</i>",

  308.      * then a <code>LoginException</code> is thrown.

  309.      *

  310.      * <p> This constructor does not allow for a <code>CallbackHandler</code>.

  311.      * If the <i>auth.login.defaultCallbackHandler</i> security property

  312.      * is set to the fully qualified name of a default

  313.      * <code>CallbackHandler</code> implementation class,

  314.      * then that <code>CallbackHandler</code> will be loaded and

  315.      * passed to the underlying LoginModules.  If the security property

  316.      * is not set, then the underlying LoginModules

  317.      * will not have a <code>CallbackHandler</code> for use in communicating

  318.      * with users.  The caller thus assumes that the configured

  319.      * LoginModules have alternative means for authenticating the user.

  320.      *

  321.      * <p> The <i>auth.login.defaultCallbackHandler</i> security property

  322.      * can be set in the Java security properties file located in the

  323.      * file named %lt;JAVA_HOME%gt;/lib/security/java.security,

  324.      * where %lt;JAVA_HOME%gt; refers to the directory where the SDK

  325.      * was installed.

  326.      *

  327.      * <p> <code>LoginContext</code> passes the <code>Subject</code>

  328.      * object to configured LoginModules so they may perform additional

  329.      * authentication and update the <code>Subject</code> with new

  330.      * Principals and Credentials.

  331.      *

  332.      * <p>

  333.      *

  334.      * @param name the name used as the index into the

  335.      *		<code>Configuration</code>. <p>

  336.      *

  337.      * @param subject the <code>Subject</code> to authenticate.

  338.      *

  339.      * @exception LoginException if the specified <code>name</code>

  340.      *		does not appear in the <code>Configuration</code>

  341.      *          and there is no <code>Configuration</code> entry

  342.      *          for "<i>other</i>", if the specified <code>subject</code>

  343.      *		is <code>null</code>, or if the

  344.      *		<i>auth.login.defaultCallbackHandler</i>

  345.      *		security property was set, but the implementation

  346.      *		class could not be loaded.

  347.      */

  348.     public LoginContext(String name, Subject subject)

  349.     throws LoginException {

  350. 	init(name);

  351. 	if (subject == null)

  352. 	    throw new LoginException

  353. 		(ResourcesMgr.getString("invalid null Subject provided"));

  354. 	this.subject = subject;

  355. 	subjectProvided = true;

  356. 	loadDefaultCallbackHandler();

  357.     }

  358. 

  359.     /**

  360.      * Constructor for the <code>LoginContext</code> class.

  361.      *

  362.      * <p> Initialize the new <code>LoginContext</code> object with a name

  363.      * and a <code>CallbackHandler</code> object.

  364.      *

  365.      * <p> <code>LoginContext</code> uses the name as the index

  366.      * into the <code>Configuration</code> to determine which LoginModules

  367.      * should be used.  If the provided name does not match any in the

  368.      * <code>Configuration</code>, then the <code>LoginContext</code>

  369.      * uses the default <code>Configuration</code> entry, "<i>other</i>".

  370.      * If there is no <code>Configuration</code> entry for "<i>other</i>",

  371.      * then a <code>LoginException</code> is thrown.

  372.      *

  373.      * <p> <code>LoginContext</code> passes the <code>CallbackHandler</code>

  374.      * object to configured LoginModules so they may communicate with the user.

  375.      * The <code>CallbackHandler</code> object therefore allows LoginModules to

  376.      * remain independent of the different ways applications interact with

  377.      * users.  This <code>LoginContext</code> must wrap the

  378.      * application-provided <code>CallbackHandler</code> in a new

  379.      * <code>CallbackHandler</code> implementation, whose <code>handle</code>

  380.      * method implementation invokes the application-provided

  381.      * CallbackHandler's <code>handle</code> method in a

  382.      * <code>java.security.AccessController.doPrivileged</code> call

  383.      * constrained by the caller's current <code>AccessControlContext</code>.

  384.      *

  385.      * <p> Since no <code>Subject</code> can be specified to this constructor,

  386.      * it instantiates a <code>Subject</code> itself.

  387.      *

  388.      * <p>

  389.      *

  390.      * @param name the name used as the index into the

  391.      *		<code>Configuration</code>. <p>

  392.      *

  393.      * @param callbackHandler the <code>CallbackHandler</code> object used by

  394.      *		LoginModules to communicate with the user.

  395.      *

  396.      * @exception LoginException if the specified <code>name</code>

  397.      *          does not appear in the <code>Configuration</code>

  398.      *          and there is no <code>Configuration</code> entry

  399.      *          for "<i>other</i>", or if the specified

  400.      *		<code>callbackHandler</code> is <code>null</code>.

  401.      */

  402.     public LoginContext(String name, CallbackHandler callbackHandler)

  403.     throws LoginException {

  404. 	init(name);

  405. 	if (callbackHandler == null)

  406. 	    throw new LoginException(ResourcesMgr.getString

  407. 				("invalid null CallbackHandler provided"));

  408. 	this.callbackHandler = new SecureCallbackHandler

  409. 				(java.security.AccessController.getContext(),

  410. 				callbackHandler);

  411.     }

  412. 

  413.     /**

  414.      * Constructor for the <code>LoginContext</code> class.

  415.      *

  416.      * <p> Initialize the new <code>LoginContext</code> object with a name,

  417.      * a <code>Subject</code> to be authenticated, and a

  418.      * <code>CallbackHandler</code> object.

  419.      *

  420.      * <p> <code>LoginContext</code> uses the name as the index

  421.      * into the <code>Configuration</code> to determine which LoginModules

  422.      * should be used.  If the provided name does not match any in the

  423.      * <code>Configuration</code>, then the <code>LoginContext</code>

  424.      * uses the default <code>Configuration</code> entry, "<i>other</i>".

  425.      * If there is no <code>Configuration</code> entry for "<i>other</i>",

  426.      * then a <code>LoginException</code> is thrown.

  427.      *

  428.      * <p> <code>LoginContext</code> passes the <code>Subject</code>

  429.      * object to configured LoginModules so they may perform additional

  430.      * authentication and update the <code>Subject</code> with new

  431.      * Principals and Credentials.

  432.      *

  433.      * <p> <code>LoginContext</code> passes the <code>CallbackHandler</code>

  434.      * object to configured LoginModules so they may communicate with the user.

  435.      * The <code>CallbackHandler</code> object therefore allows LoginModules to

  436.      * remain independent of the different ways applications interact with

  437.      * users.  This <code>LoginContext</code> must wrap the

  438.      * application-provided <code>CallbackHandler</code> in a new

  439.      * <code>CallbackHandler</code> implementation, whose <code>handle</code>

  440.      * method implementation invokes the application-provided

  441.      * CallbackHandler's <code>handle</code> method in a

  442.      * <code>java.security.AccessController.doPrivileged</code> call

  443.      * constrained by the caller's current <code>AccessControlContext</code>.

  444.      *

  445.      *

  446.      * <p>

  447.      *

  448.      * @param name the name used as the index into the

  449.      *		<code>Configuration</code>. <p>

  450.      *

  451.      * @param subject the <code>Subject</code> to authenticate. <p>

  452.      *

  453.      * @param callbackHandler the <code>CallbackHandler</code> object used by

  454.      *		LoginModules to communicate with the user.

  455.      *

  456.      * @exception LoginException if the specified <code>name</code>

  457.      *          does not appear in the <code>Configuration</code>

  458.      *          and there is no <code>Configuration</code> entry

  459.      *          for "<i>other</i>", or if the specified <code>subject</code>

  460.      *          is <code>null</code>, or if the specified

  461.      *		<code>callbackHandler</code> is <code>null</code>.

  462.      */

  463.     public LoginContext(String name, Subject subject,

  464. 			CallbackHandler callbackHandler) throws LoginException {

  465. 	this(name, subject);

  466. 	if (callbackHandler == null)

  467. 	    throw new LoginException(ResourcesMgr.getString

  468. 				("invalid null CallbackHandler provided"));

  469. 	this.callbackHandler = new SecureCallbackHandler

  470. 				(java.security.AccessController.getContext(),

  471. 				callbackHandler);

  472.     }

  473. 

  474.     /**

  475.      * Perform the authentication and, if successful,

  476.      * associate Principals and Credentials with the authenticated

  477.      * <code>Subject</code>.

  478.      *

  479.      * <p> This method invokes the <code>login</code> method for each

  480.      * LoginModule configured for the <i>name</i> provided to the

  481.      * <code>LoginContext</code> constructor, as determined by the login

  482.      * <code>Configuration</code>.  Each <code>LoginModule</code>

  483.      * then performs its respective type of authentication

  484.      * (username/password, smart card pin verification, etc.).

  485.      *

  486.      * <p> This method completes a 2-phase authentication process by

  487.      * calling each configured LoginModule's <code>commit</code> method

  488.      * if the overall authentication succeeded (the relevant REQUIRED,

  489.      * REQUISITE, SUFFICIENT, and OPTIONAL LoginModules succeeded),

  490.      * or by calling each configured LoginModule's <code>abort</code> method

  491.      * if the overall authentication failed.  If authentication succeeded,

  492.      * each successful LoginModule's <code>commit</code> method associates

  493.      * the relevant Principals and Credentials with the <code>Subject</code>.

  494.      * If authentication failed, each LoginModule's <code>abort</code> method

  495.      * removes/destroys any previously stored state.

  496.      *

  497.      * <p> If the <code>commit</code> phase of the authentication process

  498.      * fails, then the overall authentication fails and this method

  499.      * invokes the <code>abort</code> method for each configured

  500.      * <code>LoginModule</code>.

  501.      *

  502.      * <p> If the <code>abort</code> phase

  503.      * fails for any reason, then this method propagates the

  504.      * original exception thrown either during the <code>login</code> phase

  505.      * or the <code>commit</code> phase.  In either case, the overall

  506.      * authentication fails.

  507.      *

  508.      * <p> In the case where multiple LoginModules fail,

  509.      * this method propagates the exception raised by the first

  510.      * <code>LoginModule</code> which failed.

  511.      *

  512.      * <p> Note that if this method enters the <code>abort</code> phase

  513.      * (either the <code>login</code> or <code>commit</code> phase failed),

  514.      * this method invokes all LoginModules configured for the specified

  515.      * application regardless of their respective <code>Configuration</code>

  516.      * flag parameters.  Essentially this means that <code>Requisite</code>

  517.      * and <code>Sufficient</code> semantics are ignored during the

  518.      * <code>abort</code> phase.  This guarantees that proper cleanup

  519.      * and state restoration can take place.

  520.      * 

  521.      * <p>

  522.      *

  523.      * @exception LoginException if the authentication fails.

  524.      */

  525.     public void login() throws LoginException {

  526. 

  527. 	loginSucceeded = false;

  528. 

  529. 	if (subject == null) {

  530. 	    subject = new Subject();

  531. 	}

  532. 

  533. 	try {

  534. 	    invokeModule(LOGIN_METHOD);

  535. 	    invokeModule(COMMIT_METHOD);

  536. 	    loginSucceeded = true;

  537. 	} catch (LoginException le) {

  538. 

  539. 	    try {

  540. 		invokeModule(ABORT_METHOD);

  541. 	    } catch (LoginException le2) {

  542. 		throw le;

  543. 	    }

  544. 	    throw le;

  545. 	}

  546.     }

  547. 

  548.     /**

  549.      * Logout the <code>Subject</code>.

  550.      *

  551.      * <p> This method invokes the <code>logout</code> method for each

  552.      * <code>LoginModule</code> configured for this <code>LoginContext</code>.

  553.      * Each <code>LoginModule</code> performs its respective logout procedure

  554.      * which may include removing/destroying

  555.      * <code>Principal</code> and <code>Credential</code> information

  556.      * from the <code>Subject</code> and state cleanup.

  557.      *

  558.      * <p> Note that this method invokes all LoginModules configured for the

  559.      * specified application regardless of their respective

  560.      * <code>Configuration</code> flag parameters.  Essentially this means

  561.      * that <code>Requisite</code> and <code>Sufficient</code> semantics are

  562.      * ignored for this method.  This guarantees that proper cleanup

  563.      * and state restoration can take place.

  564.      * 

  565.      * <p>

  566.      *

  567.      * @exception LoginException if the logout fails.

  568.      */

  569.     public void logout() throws LoginException {

  570. 	if (subject == null) {

  571. 	    throw new LoginException(ResourcesMgr.getString

  572. 		("null subject - logout called before login"));

  573. 	}

  574. 

  575. 	invokeModule(LOGOUT_METHOD);

  576.     }

  577. 

  578.     /**

  579.      * Return the authenticated Subject.

  580.      *

  581.      * <p>

  582.      *

  583.      * @return the authenticated Subject.  If authentication fails

  584.      *		and a Subject was not provided to this LoginContext's

  585.      *		constructor, this method returns <code>null</code>.

  586.      *		Otherwise, this method returns the provided Subject.

  587.      */

  588.     public Subject getSubject() {

  589. 	if (!loginSucceeded && !subjectProvided)

  590. 	    return null;

  591. 	return subject;

  592.     }

  593. 

  594.     private void throwException(LoginException originalError, LoginException le)

  595.     throws LoginException {

  596. 	LoginException error = (originalError != null) ? originalError : le;

  597. 	throw error;

  598.     }

  599. 

  600.     /**

  601.      * Invokes the login, commit, and logout methods

  602.      * from a LoginModule inside a doPrivileged block.

  603.      */

  604.     private void invokeModule(String methodName) throws LoginException {

  605. 	try {

  606. 	    final String finalName = methodName;

  607. 	    java.security.AccessController.doPrivileged

  608. 		(new java.security.PrivilegedExceptionAction() {

  609. 		public Object run() throws LoginException {

  610. 		    invoke(finalName);

  611. 		    return null;

  612. 		}

  613. 	    });

  614. 	} catch (java.security.PrivilegedActionException pae) {

  615. 	    throw (LoginException)pae.getException();

  616. 	}

  617.     }

  618. 

  619.     private void invoke(String methodName) throws LoginException {

  620. 

  621. 	LoginException firstError = null;

  622. 	LoginException firstRequiredError = null;

  623. 	boolean success = false;

  624. 

  625. 	for (int i = 0; i < moduleStack.length; i++) {

  626. 

  627. 	    try {

  628. 

  629. 		int mIndex = 0;

  630. 		Method[] methods = null;

  631. 

  632. 		if (moduleStack[i].module != null) {

  633. 		    methods = moduleStack[i].module.getClass().getMethods();

  634. 		} else {

  635. 

  636. 		    // instantiate the LoginModule

  637. 		    Class c = Class.forName

  638. 				(moduleStack[i].entry.getLoginModuleName(),

  639. 				true,

  640. 				contextClassLoader);

  641. 

  642. 		    Constructor constructor = c.getConstructor(PARAMS);

  643. 		    Object[] args = { };

  644. 

  645. 		    // allow any object to be a LoginModule

  646. 		    // as long as it conforms to the interface

  647. 		    moduleStack[i].module = constructor.newInstance(args);

  648. 

  649. 		    methods = moduleStack[i].module.getClass().getMethods();

  650. 

  651. 		    // call the LoginModule's initialize method

  652. 		    for (mIndex = 0; mIndex < methods.length; mIndex++) {

  653. 			if (methods[mIndex].getName().equals(INIT_METHOD))

  654. 			    break;

  655. 		    }

  656. 

  657. 		    Object[] initArgs = {subject,

  658. 					callbackHandler,

  659. 					state,

  660. 					moduleStack[i].entry.getOptions() };

  661. 		    // invoke the LoginModule initialize method

  662. 		    methods[mIndex].invoke(moduleStack[i].module, initArgs);

  663. 		}

  664. 

  665. 		// find the requested method in the LoginModule

  666. 		for (mIndex = 0; mIndex < methods.length; mIndex++) {

  667. 		    if (methods[mIndex].getName().equals(methodName))

  668. 			break;

  669. 		}

  670. 

  671. 		// set up the arguments to be passed to the LoginModule method

  672. 		Object[] args = { };

  673. 

  674. 		// invoke the LoginModule method

  675. 		boolean status = ((Boolean)methods[mIndex].invoke

  676. 				(moduleStack[i].module, args)).booleanValue();

  677. 

  678. 		if (status == true) {

  679. 

  680. 		    // if SUFFICIENT, return if no prior REQUIRED errors

  681. 		    if (!methodName.equals(ABORT_METHOD) &&

  682. 		        !methodName.equals(LOGOUT_METHOD) &&

  683. 			moduleStack[i].entry.getControlFlag() ==

  684. 		    AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT &&

  685. 			firstRequiredError == null) {

  686. 

  687. 			if (debug != null)

  688. 			    debug.println(methodName + " SUFFICIENT success");

  689. 			return;

  690. 		    }

  691. 

  692. 		    if (debug != null)

  693. 			debug.println(methodName + " success");

  694. 		    success = true;

  695. 		} else {

  696. 		    if (debug != null)

  697. 			debug.println(methodName + " ignored");

  698. 		}

  699. 

  700. 	    } catch (NoSuchMethodException nsme) {

  701. 		MessageFormat form = new MessageFormat(ResourcesMgr.getString

  702. 			("unable to instantiate LoginModule, module, because " +

  703. 			"it does not provide a no-argument constructor"));

  704. 		Object[] source = {moduleStack[i].entry.getLoginModuleName()};

  705. 		throw new LoginException(form.format(source));

  706. 	    } catch (InstantiationException ie) {

  707. 		throw new LoginException(ResourcesMgr.getString

  708. 			("unable to instantiate LoginModule: ") +

  709. 			ie.getMessage());

  710. 	    } catch (ClassNotFoundException cnfe) {

  711. 		throw new LoginException(ResourcesMgr.getString

  712. 			("unable to find LoginModule class: ") +

  713. 			cnfe.getMessage());

  714. 	    } catch (IllegalAccessException iae) {

  715. 		throw new LoginException(ResourcesMgr.getString

  716. 			("unable to access LoginModule: ") +

  717. 			iae.getMessage());

  718. 	    } catch (InvocationTargetException ite) {

  719. 

  720. 		// failure cases

  721. 		LoginException le;

  722. 		if (ite.getTargetException() instanceof LoginException) {

  723. 		    le = (LoginException)ite.getCause();

  724. 		} else {

  725. 		    // capture an unexpected LoginModule exception

  726. 		    java.io.StringWriter sw = new java.io.StringWriter();

  727. 		    ite.getCause().printStackTrace

  728. 						(new java.io.PrintWriter(sw));

  729. 		    sw.flush();

  730. 		    le = new LoginException(sw.toString());

  731. 		}

  732. 

  733. 		if (moduleStack[i].entry.getControlFlag() ==

  734. 		    AppConfigurationEntry.LoginModuleControlFlag.REQUISITE) {

  735. 

  736. 		    if (debug != null)

  737. 			debug.println(methodName + " REQUISITE failure");

  738. 

  739. 		    // if REQUISITE, then immediately throw an exception

  740. 		    if (methodName.equals(ABORT_METHOD) ||

  741. 		        methodName.equals(LOGOUT_METHOD)) {

  742. 			if (firstRequiredError == null)

  743. 			    firstRequiredError = le;

  744. 		    } else {

  745. 			throwException(firstRequiredError, le);

  746. 		    }

  747. 

  748. 		} else if (moduleStack[i].entry.getControlFlag() ==

  749. 		    AppConfigurationEntry.LoginModuleControlFlag.REQUIRED) {

  750. 

  751. 		    if (debug != null)

  752. 			debug.println(methodName + " REQUIRED failure");

  753. 

  754. 		    // mark down that a REQUIRED module failed

  755. 		    if (firstRequiredError == null)

  756. 			firstRequiredError = le;

  757. 

  758. 		} else {

  759. 

  760. 		    if (debug != null)

  761. 			debug.println(methodName + " OPTIONAL failure");

  762. 

  763. 		    // mark down that an OPTIONAL module failed

  764. 		    if (firstError == null)

  765. 			firstError = le;

  766. 		}

  767. 	    }

  768. 	}

  769. 

  770. 	// we went thru all the LoginModules.

  771. 	if (firstRequiredError != null) {

  772. 	    // a REQUIRED module failed -- return the error

  773. 	    throwException(firstRequiredError, null);

  774. 	} else if (success == false && firstError != null) {

  775. 	    // no module succeeded -- return the first error

  776. 	    throwException(firstError, null);

  777. 	} else if (success == false) {

  778. 	    // no module succeeded -- all modules were IGNORED

  779. 	    throwException(new LoginException

  780. 		(ResourcesMgr.getString("Login Failure: all modules ignored")),

  781. 		null);

  782. 	} else {

  783. 	    // success

  784. 	    return;

  785. 	}

  786.     }

  787. 

  788.     /**

  789.      * Wrap the application-provided CallbackHandler in our own

  790.      * and invoke it within a privileged block, constrained by

  791.      * the caller's AccessControlContext.

  792.      */

  793.     private static class SecureCallbackHandler implements CallbackHandler {

  794. 

  795. 	private final java.security.AccessControlContext acc;

  796. 	private final CallbackHandler ch;

  797. 

  798. 	SecureCallbackHandler(java.security.AccessControlContext acc,

  799. 			CallbackHandler ch) {

  800. 	    this.acc = acc;

  801. 	    this.ch = ch;

  802. 	}

  803. 

  804. 	public void handle(Callback[] callbacks) throws java.io.IOException,

  805. 						UnsupportedCallbackException {

  806. 	    try {

  807. 		final Callback[] finalCallbacks = callbacks;

  808. 		java.security.AccessController.doPrivileged

  809. 		    (new java.security.PrivilegedExceptionAction() {

  810. 		    public Object run() throws java.io.IOException,

  811. 					UnsupportedCallbackException {	

  812. 			ch.handle(finalCallbacks);

  813. 			return null;

  814. 		    }

  815. 		}, acc);

  816. 	    } catch (java.security.PrivilegedActionException pae) {

  817. 		if (pae.getException() instanceof java.io.IOException) {

  818. 		    throw (java.io.IOException)pae.getException();

  819. 		} else {

  820. 		    throw (UnsupportedCallbackException)pae.getException();

  821. 		}

  822. 	    }

  823. 	}

  824.     }

  825. 

  826.     /**

  827.      * LoginModule information -

  828.      *		incapsulates Configuration info and actual module instances

  829.      */

  830.     private static class ModuleInfo {

  831. 	AppConfigurationEntry entry;

  832. 	Object module;

  833. 

  834. 	ModuleInfo(AppConfigurationEntry newEntry, Object newModule) {

  835. 	    this.entry = newEntry;

  836. 	    this.module = newModule;

  837. 	}

  838.     }

  839. }