// --- BEGIN COPYRIGHT BLOCK --- // This program is free software; you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation; version 2 of the License. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // // You should have received a copy of the GNU General Public License along // with this program; if not, write to the Free Software Foundation, Inc., // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. // // (C) 2007 Red Hat, Inc. // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.authentication; import java.util.Enumeration; import java.util.Hashtable; import java.util.Vector; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authentication.AuthManagerProxy; import com.netscape.certsrv.authentication.AuthMgrPlugin; import com.netscape.certsrv.authentication.EAuthException; import com.netscape.certsrv.authentication.EAuthMgrNotFound; import com.netscape.certsrv.authentication.EAuthMgrPluginNotFound; import com.netscape.certsrv.authentication.EInvalidCredentials; import com.netscape.certsrv.authentication.EMissingCredential; import com.netscape.certsrv.authentication.IAuthCredentials; import com.netscape.certsrv.authentication.IAuthManager; import com.netscape.certsrv.authentication.IAuthSubsystem; import com.netscape.certsrv.authentication.IAuthToken; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.base.ISubsystem; import com.netscape.certsrv.logging.ILogger; import com.netscape.cmscore.util.Debug; /** * Default authentication subsystem *
*
* @author cfu
* @author lhsiao
* @version $Revision$, $Date$
*/
public class AuthSubsystem implements IAuthSubsystem {
public static final String ID = "auths";
public Hashtable
*
* @param authCred authentication credentials subject to the
* requirements of each authentication manager
* @param authMgrName name of the authentication manager instance
* @return authentication token with individualized authenticated
* information.
* @exception EMissingCredential If a required credential for the
* authentication manager is missing.
* @exception EInvalidCredentials If the credentials cannot be authenticated
* @exception EAuthMgrNotFound The auth manager is not found.
* @exception EBaseException If an internal error occurred.
*/
public IAuthToken authenticate(
IAuthCredentials authCred, String authMgrInstName)
throws EMissingCredential, EInvalidCredentials,
EAuthMgrNotFound, EBaseException {
AuthManagerProxy proxy = mAuthMgrInsts.get(authMgrInstName);
if (proxy == null) {
throw new EAuthMgrNotFound(CMS.getUserMessage("CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", authMgrInstName));
}
if (!proxy.isEnable()) {
throw new EAuthMgrNotFound(CMS.getUserMessage("CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", authMgrInstName));
}
IAuthManager authMgrInst = proxy.getAuthManager();
if (authMgrInst == null) {
throw new EAuthMgrNotFound(CMS.getUserMessage("CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", authMgrInstName));
}
return (authMgrInst.authenticate(authCred));
}
/**
* Gets a list of required authentication credential names
* of the specified authentication manager.
*/
public String[] getRequiredCreds(String authMgrInstName)
throws EAuthMgrNotFound {
IAuthManager authMgrInst = get(authMgrInstName);
if (authMgrInst == null) {
throw new EAuthMgrNotFound(CMS.getUserMessage("CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", authMgrInstName));
}
return authMgrInst.getRequiredCreds();
}
/**
* Gets configuration parameters for the given
* authentication manager plugin.
*
* @param implName Name of the authentication plugin.
* @return Hashtable of required parameters.
*/
public String[] getConfigParams(String implName)
throws EAuthMgrPluginNotFound, EBaseException {
// is this a registered implname?
AuthMgrPlugin plugin = mAuthMgrPlugins.get(implName);
if (plugin == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_PLUGIN_NOT_FOUND", implName));
throw new EAuthMgrPluginNotFound(CMS.getUserMessage("CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implName));
}
// a temporary instance
IAuthManager authMgrInst = null;
String className = plugin.getClassPath();
try {
authMgrInst = (IAuthManager)
Class.forName(className).newInstance();
return (authMgrInst.getConfigParams());
} catch (InstantiationException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_INSTANCE_NOT_CREATED", e.toString()));
throw new EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className));
} catch (ClassNotFoundException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_INSTANCE_NOT_CREATED", e.toString()));
throw new EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className));
} catch (IllegalAccessException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_INSTANCE_NOT_CREATED", e.toString()));
throw new EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className));
}
}
/**
* Add an authentication manager instance.
*
* @param name name of the authentication manager instance
* @param authMgr the authentication manager instance to be added
*/
public void add(String name, IAuthManager authMgrInst) {
mAuthMgrInsts.put(name, new AuthManagerProxy(true, authMgrInst));
}
/*
* Removes a authentication manager instance.
* @param name name of the authentication manager
*/
public void delete(String name) {
mAuthMgrInsts.remove(name);
}
/**
* Gets the authentication manager instance of the specified name.
*
* @param name name of the authentication manager instance
* @return the named authentication manager instance
*/
public IAuthManager get(String name) {
AuthManagerProxy proxy = mAuthMgrInsts.get(name);
if (proxy == null)
return null;
return proxy.getAuthManager();
}
/**
* Enumerate all authentication manager instances.
*/
public Enumeration
* Use with caution. Should not do it when sharing with others
*
* @param id name to be applied to an authentication sybsystem
*/
public void setId(String id) throws EBaseException {
mId = id;
}
/**
* registers the administration servlet with the administration subsystem.
*/
public void startup() throws EBaseException {
//remove the log since it's already logged from S_ADMIN
//String infoMsg = "Auth subsystem administration Servlet registered";
//log(ILogger.LL_INFO, infoMsg);
}
/**
* shuts down authentication managers one by one.
*
*/
public void shutdown() {
for (Enumeration
*
* @return configuration store of this subsystem
*/
public IConfigStore getConfigStore() {
return mConfig;
}
/**
* gets the named authentication manager
*
* @param name of the authentication manager
* @return the named authentication manager
*/
public IAuthManager getAuthManager(String name) {
return get(name);
}
/**
* logs an entry in the log file.
*/
public void log(int level, String msg) {
if (mLogger == null)
return;
mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION,
level, msg);
}
}