/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: AuthContext.java,v 1.10 2009/01/28 05:34:52 ww203982 Exp $
*
* Portions Copyrighted 2011-2015 ForgeRock AS.
*/
/**
* The AuthContext provides the implementation for authenticating users using
* the JAAS technology. It complements <code>LoginContext
* </code> provided by
* JAAS by supporting organization environments that cannot handle sessions, for
* <p>
* A typical caller instantiates this class and starts the login process. The
* caller then obtains an array of <code>Callback</code> objects, which
* contains the information required by the authentication plug-in module. The
* caller requests information from the user. On receiving the information from
* the user, the caller submits the same to this class. If more information is
* required, the above process continues until all the information required by
* the plug-ins has been supplied. The caller then checks if the user has
* successfully been authenticated. If successfully authenticated, the caller
* can then get the <code>
* Subject</code> for the user; if not successfully
* authenticated, the caller obtains the LoginException.
*
* @supported.api
*/
/**
* This login status indicates that the login process
* has not started yet. Basically, it means that the method
* <code>startLogin</code> has not been called.
*
* @supported.api
*/
/**
* This login status indicates that the login process
* is in progress. Basically, it means that the <code>startLogin</code>
* method has been called and that this object is waiting for the user to
* send authentication information.
*
* @supported.api
*/
/**
* This login status indicates that the login process
* has succeeded.
*
* @supported.api
*/
/**
* This login status indicates that the login process
* has failed.
*
* @supported.api
*/
/**
* This login status indicates that the user has been
* successfully logged out.
*
* @supported.api
*/
/*
* Protected variables used locally
*/
// Debug class
protected int loginStatus;
//
// overall, AuthContext is a "conduit" between the application and the
// login module. the Principal implementation must be agreed upon at
// those two endpoints; AuthContext just passes the Subject that contains
// the Principal(s).
//
/**
* Constructor to get an instance of
* <code>AuthContext</code>. Caller would then use
* <code>getRequirements()</code> and <code>submitRequirements()</code>
* to pass the credentials needed for authentication by the plugin modules.
*
* @throws LoginException
*
* @supported.api
*/
// initialize
this("");
}
/**
* Constructor to get an authenticated instance
* of this class given the <code>java.security.Principal</code> the user
* would like to be authenticated as, and the <code>password</code> for
* the user.
*
* @param principal
* name of the user to be authenticated
* @param password
* password for the user
* @throws LoginException
*
* @supported.api
*/
throws LoginException {
}
/*
* Constructor for DPro to provide hostname and port for LDAP
* authentication.
*/
int port) throws LoginException {
password);
}
/**
* Constructor to get an instance of this class
* given the organization name <code>orgName</code> the user would like to
* access, the <code>java.security.Principal
* </code>the user would like to
* be authenticated as, and the <code>password</code> for the user.
*
* @param orgName
* name of the user's organization
* @param principal
* name of the user to be authenticated
* @param password
* password for the user
* @throws LoginException
*
* @supported.api
*/
throws LoginException {
// Make sure principal and password are not null
throw (new LoginException(myAuthI18n
.getString("com.iplanet.auth.invalid-username")));
throw (new LoginException(myAuthI18n
.getString("com.iplanet.auth.invalid-password")));
// Set the username and password in LoginContext's sharedState
boolean gotName = false;
boolean gotPassword = false;
if (authDebug.messageEnabled()) {
+ "organization name: "
+ "; "
: "principal: ")
+ "; "
: "password present\n"));
}
this.startLogin();
//
// assume that there are requirements, and they are NameCallback and
// PasswordCallback. then submit those.
//
while (this.hasMoreRequirements()) {
callbacks = this.getRequirements();
if (callbacks[i] instanceof NameCallback) {
gotName = true;
}
} else if (callbacks[i] instanceof PasswordCallback) {
gotPassword = true;
} else if (callbacks[i] instanceof TextOutputCallback) {
"AuthContext::init() Got TextOutputCallback");
} else if (callbacks[i] instanceof TextInputCallback) {
"AuthContext::init() Got TextInputCallback");
} else if (callbacks[i] instanceof ChoiceCallback) {
} else {
"AuthContext::init() Got Unknown Callback");
}
}
}
// Debug messages
"AuthContext::init() Got name and password callbacks");
}
if (authDebug.messageEnabled()) {
+ this.getLoginStatus());
}
// Check login status
if (getLoginStatus() == AUTH_FAILED) {
throw (getLoginException());
}
}
/**
* Constructor to get an instance of this class given the organization name
* <code>orgName</code> the user would like to access, and the principal's
* <code>subject</code> the user would like to be authenticated as.
*/
throws LoginException {
if (authDebug.messageEnabled()) {
+ "organization name: "
+ orgName
+ "; "
+ subject));
}
// the org + appname, supposedly
if (i2 != -1) {
//
// from offset to i2 should be the orgName
//
+ "form, orgname = " + orgname);
//
// get past the "/" after the orgName; look for appName
//
//
// the next check could be for a "?", this is for
// possible
// future use where parameters such as
// "?userid=<userid>&password=<pswd>" could be passed
//
if (i2 != -1) {
//
// parameters specified; pick off appName first
//
//
// the rest assumes the userid and password
// parameters as
// described above. To be implmented
//
// subsample = subsample.substring(i2+1);
} else {
//
// Only appName was provided, no user name and
// password
//
}
} else {
//
// no appName, just OrgName and "/" at the end
//
}
} else {
//
// means just the orgName was specified
//
}
}
+ orgName);
// hopefully
}
}
this.organizationName = orgname;
}
// An alternate form of the <code>orgName</code> is
// "auth://<orgName>/<appName>"
//
// note that a private form of orgName is
// "local://...". this is for administrative-type
// configuration information for install commands,
// for example.
//
/**
* Constructor to get an instance of this class
* given the organization name <code>orgName</code>. The plug-in modules
* would then query for the user name and related information.
*
* @param orgName organization name.
* @throws LoginException
*
* @supported.api
*/
+ orgName);
}
/**
* Method to reset this instance of <code>AuthContext</code> object, so
* that a new login process can be initiated. Authenticates the user to the
* same organization or resource this object was instantiated with. If this
* object was instantiated with a <code>
* Subject</code>, it will be
* ignored.
*/
}
/**
* Method to reset this instance of <code>AuthContext</code> object, so
* that a new login process can be initiated for the given
* <code>Subject</code>. Authenticates the user to the same organization
* or resource this object was instantiated with.
*/
if (authDebug.messageEnabled()) {
}
loginThread = new AuthLoginThread(this);
if (applicationName == null) {
} else {
}
} else {
}
if (authDebug.messageEnabled()) {
.message("Successfully reset AuthContext for organization: "
: " with subjects: " + subject));
}
}
/**
* Returns the set of Principals the user has been authenticated as. This
* can be invoked only after successful authentication. If the
* authentication fails, this will return <code>null</code>.
*/
return (loginContext.getSubject());
}
/**
* Method to start the login process. This method will
* read the plug-ins configured for the application and initialize them.
*
* @throws LoginException
*
* @supported.api
*/
// Make sure we are the current state
if (getLoginStatus() != AUTH_NOT_STARTED) {
+ "when the current login state is" + getLoginStatus());
throw (new LoginException(myAuthI18n
}
// Change the login status
// Initiate the login
+ "starting a new thread to run the login process");
try {
loginThread.start();
}
}
/**
* Returns true if the login process requires more
* information from the user to complete the authentication.
*
* @return true if the login process requires more information from the user
* to complete the authentication.
*
* @supported.api
*/
public boolean hasMoreRequirements() {
if (getRequirements() == null)
return (false);
else
return (true);
}
/**
* Returns an array of <code>Callback</code> objects
* that must be populated by the user and returned back. These objects are
* requested by the authentication plug-ins, and these are usually displayed
* to the user. The user then provides the requested information for it to
* be authenticated.
*
* @return an array of <code>Callback</code> objects that must be
* populated by the user and returned back.
*
* @supported.api
*/
// Check the status of LOGIN
if (getLoginStatus() != AUTH_IN_PROGRESS) {
+ "called when the current login state is: "
+ getLoginStatus());
// Login has completed, could be either success or failure
return (null);
}
// Check if information required is present
while ((informationRequired == null)
&& (getLoginStatus() == AUTH_IN_PROGRESS)) {
// wait for required information to be available
try {
+ "() waiting for Callback array");
synchronized (loginThread) {
if ((informationRequired == null)
&& (getLoginStatus() == AUTH_IN_PROGRESS)) {
loginThread.wait();
}
}
+ "() returned from waiting for Callback array");
} catch (InterruptedException ie) {
// do nothing
}
}
return (informationRequired);
}
/**
* Submits the populated <code>Callback</code>
* objects to the authentication plug-in modules. Called after
* <code>getInformationRequired</code> method and obtaining user's
* response to these requests.
*
* @param info
* array of <code>Callback</code> objects.
*
* @supported.api
*/
// Set the submitted info & wake up the callback hander thread
synchronized (loginThread) {
}
+ "() sending notify to sleeping threads");
}
/**
* Logs the user out.
*
* @throws LoginException
*
* @supported.api
*/
}
/**
* Returns login exception, if any, during the
* authentication process. Typically set when the login fails.
*
* @return login exception.
*
* @supported.api
*/
return (loginException);
}
/**
* Returns the current state of the login process.
* Possible states are listed above.
*
* @return the current state of the login process.
*
* @supported.api
*/
public int getLoginStatus() {
return (loginStatus);
}
/**
* Method to set the login status. Used internally and not visible outside
* this package.
*/
}
/**
* Returns the (first) <code>AuthPrincipal</code> in
* the <code>Subject</code>. Returns the first <code>Principal</code>,
* if more than one exists.
*
* @return the (first) <code>AuthPrincipal</code> in the
* <code>Subject</code>.
*
* @supported.api
*/
if (authDebug.messageEnabled()) {
}
} else {
return null;
}
}
/**
* Method to get the (first) <code>AuthPrincipal</code> in the
* <code>Subject</code>. Returns the first <code>Principal</code>, if
* more than one exists.
*
* @deprecated Use getPrincipal() instead
*/
else
return null;
}
/**
* Method to get the set of <code>AuthPrincipal</code>s in the
* <code>Subject</code>.
*/
return (getSubject().getPrincipals());
}
/**
* Method to get organization name that was set during
* construction of this instance.
*
* @return organization name; <code>null</code> if it was not initialized
* during construction of this instance
*
* @supported.api
*/
if (organizationName == null) {
try {
} catch (LocalizedIllegalArgumentException e) {
throw new IllegalStateException("AuthContext.getOrganizationName: Base DN cannot be parsed", e);
}
}
return organizationName;
}
return applicationName;
}
/**
* Method to get the Single-Sign-On (SSO) Token. This
* token can be used as the authenticated token.
*
* @return single-sign-on token.
* @throws InvalidAuthContextException
*
* @supported.api
*/
return (token);
}
token = new AuthSSOToken(this);
try {
// Set Organization
if (getOrganizationName() != null) {
}
// Set Host name
if (authDebug.messageEnabled()) {
}
if (isEnableHostLookUp) {
if (authDebug.messageEnabled()) {
}
if (strHostName != null) {
}
} else {
}
}
// Set AuthType
// Set Principal
// Set Universal Identifier
// Get the username
}
// Since internal auth will be used during install time
// and during boot strap for users "dsame" and "amadmin"
// the IdType will be hardcoded to User
}
// Set AuthLevel
//Set ContextId
if (authDebug.messageEnabled()) {
+ token.getIPAddress());
+ token.getHostName());
}
} catch (Exception e) {
if (authDebug.warningEnabled()) {
}
}
return (token);
}
}