/* * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ import java.io.IOException; import java.security.Principal; import java.util.Arrays; import java.util.Locale; import java.util.Map; import javax.security.auth.Subject; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.ChoiceCallback; import javax.security.auth.callback.ConfirmationCallback; import javax.security.auth.callback.LanguageCallback; import javax.security.auth.callback.NameCallback; import javax.security.auth.callback.PasswordCallback; import javax.security.auth.callback.TextInputCallback; import javax.security.auth.callback.TextOutputCallback; import javax.security.auth.callback.UnsupportedCallbackException; import javax.security.auth.login.FailedLoginException; import javax.security.auth.login.LoginException; import javax.security.auth.spi.LoginModule; public class CustomLoginModule implements LoginModule { static final String HELLO = "Hello"; private Subject subject; private CallbackHandler callbackHandler; private boolean loginSucceeded = false; private String username; private char[] password; /* * Initialize this LoginModule. */ @Override public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { this.subject = subject; this.callbackHandler = callbackHandler; // check if custom parameter is passed from comfiguration if (options == null) { throw new RuntimeException("options is null"); } // read username/password from configuration Object o = options.get("username"); if (o == null) { throw new RuntimeException("Custom parameter not passed"); } if (!(o instanceof String)) { throw new RuntimeException("Password is not a string"); } username = (String) o; o = options.get("password"); if (o == null) { throw new RuntimeException("Custom parameter not passed"); } if (!(o instanceof String)) { throw new RuntimeException("Password is not a string"); } password = ((String) o).toCharArray(); } /* * Authenticate the user. */ @Override public boolean login() throws LoginException { // prompt for a user name and password if (callbackHandler == null) { throw new LoginException("No CallbackHandler available"); } // standard callbacks NameCallback name = new NameCallback("username: ", "default"); PasswordCallback passwd = new PasswordCallback("password: ", false); LanguageCallback language = new LanguageCallback(); TextOutputCallback error = new TextOutputCallback( TextOutputCallback.ERROR, "This is an error"); TextOutputCallback warning = new TextOutputCallback( TextOutputCallback.WARNING, "This is a warning"); TextOutputCallback info = new TextOutputCallback( TextOutputCallback.INFORMATION, "This is a FYI"); TextInputCallback text = new TextInputCallback("Please type " + HELLO, "Bye"); ChoiceCallback choice = new ChoiceCallback("Choice: ", new String[] { "pass", "fail" }, 1, true); ConfirmationCallback confirmation = new ConfirmationCallback( "confirmation: ", ConfirmationCallback.INFORMATION, ConfirmationCallback.YES_NO_OPTION, ConfirmationCallback.NO); CustomCallback custom = new CustomCallback(); Callback[] callbacks = new Callback[] { choice, info, warning, error, name, passwd, text, language, confirmation, custom }; boolean uce = false; try { callbackHandler.handle(callbacks); } catch (UnsupportedCallbackException e) { Callback callback = e.getCallback(); if (custom.equals(callback)) { uce = true; System.out.println("CustomLoginModule: " + "custom callback not supported as expected"); } else { throw new LoginException("Unsupported callback: " + callback); } } catch (IOException ioe) { throw new LoginException(ioe.toString()); } if (!uce) { throw new RuntimeException("UnsupportedCallbackException " + "not thrown"); } if (!HELLO.equals(text.getText())) { System.out.println("Text: " + text.getText()); throw new FailedLoginException("No hello"); } if (!Locale.GERMANY.equals(language.getLocale())) { System.out.println("Selected locale: " + language.getLocale()); throw new FailedLoginException("Achtung bitte"); } String readUsername = name.getName(); char[] readPassword = passwd.getPassword(); if (readPassword == null) { // treat a NULL password as an empty password readPassword = new char[0]; } passwd.clearPassword(); // verify the username/password if (!username.equals(readUsername) || !Arrays.equals(password, readPassword)) { loginSucceeded = false; throw new FailedLoginException("Username/password is not correct"); } // check chosen option int[] selected = choice.getSelectedIndexes(); if (selected == null || selected.length == 0) { throw new FailedLoginException("Nothing selected"); } if (selected[0] != 0) { throw new FailedLoginException("Wrong choice: " + selected[0]); } // check confirmation if (confirmation.getSelectedIndex() != ConfirmationCallback.YES) { throw new FailedLoginException("Not confirmed: " + confirmation.getSelectedIndex()); } loginSucceeded = true; System.out.println("CustomLoginModule: authentication succeeded"); return true; } /* * This method is called if the LoginContext's overall authentication * succeeded. */ @Override public boolean commit() throws LoginException { if (loginSucceeded) { // add a Principal to the Subject Principal principal = new TestPrincipal(username); if (!subject.getPrincipals().contains(principal)) { subject.getPrincipals().add(principal); } return true; } return false; } /* * This method is called if the LoginContext's overall authentication * failed. */ @Override public boolean abort() throws LoginException { loginSucceeded = false; return true; } /* * Logout the user. */ @Override public boolean logout() throws LoginException { loginSucceeded = false; boolean removed = subject.getPrincipals().remove( new TestPrincipal(username)); if (!removed) { throw new LoginException("Coundn't remove a principal: " + username); } return true; } static class TestPrincipal implements Principal { private final String name; public TestPrincipal(String name) { this.name = name; } @Override public String getName() { return name; } @Override public String toString() { return("TestPrincipal [name =" + name + "]"); } @Override public int hashCode() { return name.hashCode(); } @Override public boolean equals(Object o) { if (o == null) { return false; } if (!(o instanceof TestPrincipal)) { return false; } TestPrincipal other = (TestPrincipal) o; return name != null ? name.equals(other.name) : other.name == null; } } static class CustomCallback implements Callback {} }