/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.geronimo.security.jaspi.impl;
import java.io.IOException;
import java.security.Principal;
import java.util.Set;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.message.callback.CallerPrincipalCallback;
import javax.security.auth.message.callback.GroupPrincipalCallback;
import javax.security.auth.message.callback.PasswordValidationCallback;
import javax.security.auth.message.callback.CertStoreCallback;
import javax.security.auth.message.callback.PrivateKeyCallback;
import javax.security.auth.message.callback.SecretKeyCallback;
import javax.security.auth.message.callback.TrustStoreCallback;
import javax.security.auth.Subject;
import org.apache.geronimo.security.jaspi.LoginService;
import org.apache.geronimo.security.jaspi.UserIdentity;
import org.apache.geronimo.security.realm.providers.GeronimoCallerPrincipal;
import org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal;
import org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal;
/**
* @version $Rev: 1331047 $ $Date: 2012-04-27 03:40:50 +0800 (Fri, 27 Apr 2012) $
*/
public class JaspicCallbackHandler implements CallbackHandler {
private final LoginService loginService;
public JaspicCallbackHandler(LoginService loginService) {
this.loginService = loginService;
}
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (Callback callback : callbacks) {
// jaspi to server communication
if (callback instanceof CallerPrincipalCallback) {
CallerPrincipalCallback callerPrincipalCallback = (CallerPrincipalCallback) callback;
if (callerPrincipalCallback.getPrincipal() != null) {
Principal callerPrincipal = callerPrincipalCallback.getPrincipal();
callerPrincipalCallback.getSubject().getPrincipals().add(callerPrincipal);
callerPrincipalCallback.getSubject().getPrincipals().add(new WrappingCallerPrincipal(callerPrincipal));
} else if (callerPrincipalCallback.getName() != null) {
Principal callerPrincipal = new GeronimoUserPrincipal(callerPrincipalCallback.getName());
callerPrincipalCallback.getSubject().getPrincipals().add(callerPrincipal);
callerPrincipalCallback.getSubject().getPrincipals().add(new WrappingCallerPrincipal(callerPrincipal));
}
} else if (callback instanceof GroupPrincipalCallback) {
GroupPrincipalCallback groupPrincipalCallback = ( GroupPrincipalCallback ) callback;
if (groupPrincipalCallback.getGroups() != null) {
Set<Principal> principalSet = groupPrincipalCallback.getSubject().getPrincipals();
for (String groupName : groupPrincipalCallback.getGroups()) {
principalSet.add(new GeronimoGroupPrincipal(groupName));
}
}
} else if (callback instanceof PasswordValidationCallback) {
PasswordValidationCallback passwordValidationCallback = (PasswordValidationCallback) callback;
Subject subject = passwordValidationCallback.getSubject();
UserIdentity user = loginService.login(passwordValidationCallback.getUsername(), new String(passwordValidationCallback.getPassword()));
if (user != null) {
passwordValidationCallback.setResult(true);
subject.getPrincipals().addAll(user.getSubject().getPrincipals());
subject.getPrivateCredentials().add(user);
}
}
// server to jaspi communication
// TODO implement these
else if (callback instanceof CertStoreCallback) {
} else if (callback instanceof PrivateKeyCallback) {
} else if (callback instanceof SecretKeyCallback) {
} else if (callback instanceof TrustStoreCallback) {
} else {
throw new UnsupportedCallbackException(callback);
}
}
}
}