FileDocCategorySizeDatePackage
BasicPasswordAuthenticationService.javaAPI DocGlassfish v2 API9582Fri May 04 22:34:24 BST 2007com.sun.enterprise.connectors.authentication

BasicPasswordAuthenticationService

public class BasicPasswordAuthenticationService extends Object implements AuthenticationService
This class does the functionality of security mapping of the principal and userGroup to the backendPrincipal.
author
Srikanth P

Fields Summary
private String
rarName_
private String
poolName_
ConnectorRegistry
connectorRegistry_
static Logger
_logger
private Object
containerContext
Constructors Summary
public BasicPasswordAuthenticationService(String rarName, String poolName)
Constructor

param
rarName Name of the rar
param
poolName Name of the pool.

    
                        

        
        rarName_  = rarName;
	poolName_ = poolName;
        _logger.log(Level.FINE,"Contructor:BasicPasswordAuthenticationService");
    
Methods Summary
private java.security.PrincipaldoMap(java.lang.String principalName, java.util.List groupNames, java.lang.String roleName, RuntimeSecurityMap runtimeSecurityMap)
Performs the actual mapping of the principal/userGroup to the backendPrincipal by checking at the connector registry for all the existing mapping. If a map is found the backendPrincipal is returned else null is returned .


        // Policy: 
        // user_1, user_2, ... user_n
    	// group_1/role_1, group_2/role_2, ... group_n/role_n
        // user contains * 
    	// role/group contains *
        
        HashMap userNameSecurityMap = (HashMap)runtimeSecurityMap.getUserMap();
        HashMap groupNameSecurityMap = (HashMap)runtimeSecurityMap.getGroupMap();
              
       	// Check if caller's user-name is preset in the User Map
        if (userNameSecurityMap.containsKey(principalName)){
        	return (Principal)userNameSecurityMap.get(principalName);
        }
        
        // Check if caller's role is present in the Group Map
        if (isContainerContextAWebModuleObject() && roleName != null ){
        	if (groupNameSecurityMap.containsKey(roleName)){
        		return (Principal)groupNameSecurityMap.get(roleName);
        	}
        }
        
        // If ejb, use isCallerInRole  
        if (isContainerContextAContainerObject() && roleName == null){
        	ComponentInvocation componentInvocation = 
                Switch.getSwitch().getInvocationManager().getCurrentInvocation();
        	EJBContext ejbcontext = (EJBContext)componentInvocation.context;
        	Set s = groupNameSecurityMap.keySet();
        	Iterator i = s.iterator();
        	while (i.hasNext()){
        		String entry = (String)i.next();
          		boolean isInRole = false; 
          		try{
          			isInRole = ejbcontext.isCallerInRole(entry);
          		} catch (Exception ex){
          			_logger.log(Level.FINE,"asciPasswordAuthentication::caller not in role "+entry);
          		}
          		if (isInRole){
          			return (Principal)groupNameSecurityMap.get(entry);
          		}
        	}
        }	
        
        // Check if caller's group(s) is/are present in the Group Map
        for (int j=0; j<groupNames.size(); j++){
      		String groupName = (String)groupNames.get(j);
      		if (groupNameSecurityMap.containsKey(groupName)){
      			return (Principal)groupNameSecurityMap.get(groupName);
      		}
        }

        // Check if user name is * in Security Map
        if (userNameSecurityMap.containsKey(ConnectorConstants.SECURITYMAPMETACHAR)){
        	return (Principal)userNameSecurityMap.get(ConnectorConstants.SECURITYMAPMETACHAR);
        }

        // Check if role/group name is * in Security Map
        if (groupNameSecurityMap.containsKey(ConnectorConstants.SECURITYMAPMETACHAR)){
        	return (Principal)groupNameSecurityMap.get(ConnectorConstants.SECURITYMAPMETACHAR);
        }

        return null;
    
private java.lang.ObjectgetContainerContext()

    	if (this.containerContext == null){
    		ComponentInvocation componentInvocation = 
                Switch.getSwitch().getInvocationManager().getCurrentInvocation();
        	this.containerContext = componentInvocation.getContainerContext();
    	}
    	return this.containerContext;
    
private java.lang.StringgetRoleName(java.security.Principal callerPrincipal)

    
    	String roleName = null;
        WebModule _webmodule = (WebModule)getContainerContext();        	
        
        SecurityRoleMapperFactory securityRoleMapperFactory = 
                                 SecurityRoleMapperFactoryMgr.getFactory();
        SecurityRoleMapper securityRoleMapper= 
            securityRoleMapperFactory.getRoleMapper(_webmodule.getID());
               
        Map<String, Subject> map = securityRoleMapper.getRoleToSubjectMapping();
        Set<String> roleSet = map.keySet();
        Iterator iter = roleSet.iterator();
        while (iter.hasNext()){
        	roleName = (String)iter.next();
        	Subject subject = (Subject)map.get(roleName);
        	Set principalSet = subject.getPrincipals();
        	if (principalSet.contains(callerPrincipal)){
        		return roleName;
        	}        
        }
        return "";
    
private booleanisContainerContextAContainerObject()

    	if (getContainerContext() instanceof Container){
    		return true;
    	}
    	return false;
    
private booleanisContainerContextAWebModuleObject()

    	if (getContainerContext() instanceof WebModule){
    		return true;
    	}
    	return false;
    	
    
public java.security.PrincipalmapPrincipal(java.security.Principal callerPrincipal, java.util.Set principalSet)
Maps the principal to the backendPrincipal

param
principalName Name of the principal to be mapped.
return
Mapped Backendprincipal

    	
    	// If no security maps are associated with this pool, return empty
        RuntimeSecurityMap runtimeSecurityMap = 
            connectorRegistry_.getRuntimeSecurityMap(poolName_);
        if(runtimeSecurityMap == null) {
            return null;
        }
        
    	String principalName = callerPrincipal.getName();
      	
    	// Create a list of Group Names from group Set
      	List<String> groupNames = new ArrayList();
      	Iterator iter = principalSet.iterator();
      	while (iter.hasNext()){
      		Principal p = (Principal)iter.next();
      		// remove the caller principal (calling user) from the Set. 
      		if (p.equals(callerPrincipal)){
      			continue;
      		}
      		String groupName = p.getName();
     		groupNames.add(groupName);      		
      	}     	
      	
        // if webmodule get roles from WebBundle Descriptor
    	if (isContainerContextAWebModuleObject()){
    	    String roleName = getRoleName(callerPrincipal);
    	    return doMap(principalName, groupNames, roleName, runtimeSecurityMap);   
    	} else {
    	    return doMap(principalName, groupNames, null, runtimeSecurityMap);
    	}