Commits

Anonymous committed 5000d20

Added overloaded method in authenticator to take in http req
Implemented weblogic authenticator and added it to SmartAuthenticator

Comments (0)

Files changed (8)

lib/build/weblogic-auth-stub.jar

Binary file added.

src/java/com/opensymphony/user/authenticator/AbstractAuthenticator.java

 
 import java.util.Properties;
 
+import javax.servlet.http.HttpServletRequest;
+
 
 /**
  * An abstract class which helps simplify the writing of authenticators for new app servers.
     /**
     * Implement your server specific login method here.
     */
-    public abstract boolean login(String username, String password) throws AuthenticationException;
+    public boolean login(String username, String password) throws AuthenticationException {
+        return login(username, password, null);
+    }
 }

src/java/com/opensymphony/user/authenticator/Authenticator.java

 
 import java.util.Properties;
 
+import javax.servlet.http.HttpServletRequest;
+
 
 /**
  * Interface describing how to authenicate a user.
     * @param properties Extra properties passed across by UserManager.
     */
     boolean init(Properties properties);
+
+    boolean login(String username, String password, HttpServletRequest req) throws AuthenticationException;
 }

src/java/com/opensymphony/user/authenticator/JAASCallbackHandler.java

+/*
+ * Copyright (c) 2002-2003 by OpenSymphony
+ * All rights reserved.
+ */
+package com.opensymphony.user.authenticator;
+
+import java.io.IOException;
+
+import javax.security.auth.callback.*;
+
+
+/**
+ * User: Hani Suleiman
+ * Date: Dec 23, 2003
+ * Time: 10:50:38 AM
+ */
+public class JAASCallbackHandler implements CallbackHandler {
+    //~ Instance fields ////////////////////////////////////////////////////////
+
+    private String password;
+    private String username;
+
+    //~ Constructors ///////////////////////////////////////////////////////////
+
+    public JAASCallbackHandler(String username, String password) {
+        this.username = username;
+        this.password = password;
+    }
+
+    //~ Methods ////////////////////////////////////////////////////////////////
+
+    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+        for (int i = 0; i < callbacks.length; i++) {
+            Callback callback = callbacks[i];
+
+            if (callback instanceof NameCallback) {
+                NameCallback nc = (NameCallback) callback;
+                nc.setName(username);
+            } else if (callback instanceof PasswordCallback) {
+                PasswordCallback pc = (PasswordCallback) callback;
+                pc.setPassword(password.toCharArray());
+            } else {
+                throw new UnsupportedCallbackException(callback, "Unrecognised Callback");
+            }
+        }
+    }
+}

src/java/com/opensymphony/user/authenticator/SmartAuthenticator.java

 import com.opensymphony.user.authenticator.jboss.JBossAuthenticator;
 import com.opensymphony.user.authenticator.orion.OrionAuthenticator;
 
+import javax.servlet.http.HttpServletRequest;
+
 
 /**
  * A 'smart' authenticator that will try to guess which authenticator
 
     //~ Methods ////////////////////////////////////////////////////////////////
 
-    public boolean login(String username, String password) throws AuthenticationException {
+    public boolean login(String username, String password, HttpServletRequest req) throws AuthenticationException {
         if (authenticator == null) {
             authenticator = loadOrionAuthenticator();
         }
             throw new AuthenticationException("SmartAuthenticator could not find authenticator to load");
         }
 
-        return authenticator.login(username, password);
+        return authenticator.login(username, password, req);
     }
 
     private Authenticator loadJBossAuthenticator() {
 
         return null;
     }
+
+    private Authenticator loadWeblogicAuthenticator() {
+        try {
+            Thread.currentThread().getContextClassLoader().loadClass("weblogic.servlet.security.ServletAuthentication");
+
+            Authenticator wlsAuth = new OrionAuthenticator();
+            wlsAuth.init(properties);
+
+            return wlsAuth;
+        } catch (ClassNotFoundException e) {
+        }
+
+        return null;
+    }
 }

src/java/com/opensymphony/user/authenticator/jboss/JBossAuthenticator.java

 
 import com.opensymphony.user.authenticator.AbstractAuthenticator;
 import com.opensymphony.user.authenticator.AuthenticationException;
+import com.opensymphony.user.authenticator.JAASCallbackHandler;
 
 import java.io.IOException;
 
 import javax.security.auth.login.LoginContext;
 import javax.security.auth.login.LoginException;
 
+import javax.servlet.http.HttpServletRequest;
+
 
 /**
  * Authenticate against JBoss JAAS
 public class JBossAuthenticator extends AbstractAuthenticator {
     //~ Methods ////////////////////////////////////////////////////////////////
 
-    public boolean login(String username, String password) throws AuthenticationException {
-        CallbackHandler handler = new AuthHandler(username, password);
+    public boolean login(String username, String password, HttpServletRequest req) throws AuthenticationException {
+        CallbackHandler handler = new JAASCallbackHandler(username, password);
 
         try {
             LoginContext lc = new LoginContext("osuser", handler);
         return true;
     }
 }
-
-
-class AuthHandler implements CallbackHandler {
-    //~ Instance fields ////////////////////////////////////////////////////////
-
-    private String password;
-    private String username;
-
-    //~ Constructors ///////////////////////////////////////////////////////////
-
-    public AuthHandler(String username, String password) {
-        this.username = username;
-        this.password = password;
-    }
-
-    //~ Methods ////////////////////////////////////////////////////////////////
-
-    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
-        for (int i = 0; i < callbacks.length; i++) {
-            Callback callback = callbacks[i];
-
-            if (callback instanceof NameCallback) {
-                NameCallback nc = (NameCallback) callback;
-                nc.setName(username);
-            } else if (callback instanceof PasswordCallback) {
-                PasswordCallback pc = (PasswordCallback) callback;
-                pc.setPassword(password.toCharArray());
-            } else {
-                throw new UnsupportedCallbackException(callback, "Unrecognised Callback");
-            }
-        }
-    }
-}

src/java/com/opensymphony/user/authenticator/orion/OrionAuthenticator.java

 import javax.naming.InitialContext;
 import javax.naming.NamingException;
 
+import javax.servlet.http.HttpServletRequest;
+
 
 /**
  * Authenticate against an Orion RoleManager
 public class OrionAuthenticator extends AbstractAuthenticator {
     //~ Methods ////////////////////////////////////////////////////////////////
 
-    public boolean login(String username, String password) throws AuthenticationException {
+    public boolean login(String username, String password, HttpServletRequest req) throws AuthenticationException {
         try {
             RoleManager roleManager = (RoleManager) new InitialContext().lookup("java:comp/RoleManager");
 

src/java/com/opensymphony/user/authenticator/weblogic/WeblogicAuthenticator.java

+/*
+ * Copyright (c) 2002-2003 by OpenSymphony
+ * All rights reserved.
+ */
+package com.opensymphony.user.authenticator.weblogic;
+
+import com.opensymphony.user.authenticator.AbstractAuthenticator;
+import com.opensymphony.user.authenticator.AuthenticationException;
+import com.opensymphony.user.authenticator.JAASCallbackHandler;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginException;
+
+import javax.servlet.http.HttpServletRequest;
+
+
+/**
+ * Authenticate against the Weblogic authenticator.
+ * Login the user programatically into the default realm
+ * if no realm is specified. If a realm is specified in the properties, then login
+ * using that realm.
+ */
+public class WeblogicAuthenticator extends AbstractAuthenticator {
+    //~ Static fields/initializers /////////////////////////////////////////////
+
+    private static final Log log = LogFactory.getLog(WeblogicAuthenticator.class);
+
+    //~ Methods ////////////////////////////////////////////////////////////////
+
+    public boolean login(String username, String password, HttpServletRequest req) throws AuthenticationException {
+        CallbackHandler handler = new JAASCallbackHandler(username, password);
+
+        try {
+            Subject subject;
+
+            if (properties.getProperty("realm") == null) {
+                subject = weblogic.security.services.Authentication.login(handler);
+            } else {
+                subject = weblogic.security.services.Authentication.login(properties.getProperty("realm"), handler);
+            }
+
+            weblogic.servlet.security.ServletAuthentication.runAs(subject, req);
+        } catch (LoginException e) {
+            log.warn("Error authenticating username " + username + ":" + e);
+
+            return false;
+        }
+
+        return true;
+    }
+}