org.ow2.proactive.authentication

Class FileLoginModule

java.lang.Object

org.ow2.proactive.authentication.FileLoginModule

All Implemented Interfaces:

LoginModule, Loggable

Direct Known Subclasses:

KeycloakLoginModule, LDAPLoginModule, MultiLDAPLoginModule, PAMLoginModule, RMFileLoginModule

public abstract class FileLoginModule
extends Object
implements Loggable, LoginModule

Authentication based on user and group file.

Since:

ProActive Scheduling 0.9.1

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	FileLoginModule.ManageUsersException
static class	FileLoginModule.UserInfo

Field Summary

Fields

Modifier and Type	Field and Description
static File	authenticationLockFile file used to prevent concurrent modification of login.cfg or group.cfg
protected CallbackHandler	callbackHandler JAAS call back handler used to get authentication request parameters
static String	DOMAIN_SEP
static String	ENCRYPTED_DATA_SEP
protected String	groupFile The file where to store group management
static String	LOCK_FILE_NAME
protected String	loginFile The file where to store the allowed user//password
protected Subject	subject
protected String	tenantFile The file where to store tenant management

Constructor Summary

Constructors

Constructor and Description
FileLoginModule()

Method Summary

Modifier and Type	Method and Description
boolean	abort()
protected void	addShadowAccount(String domain, String username)
protected void	checkGroupFile()
protected void	checkLoginFile()
protected void	checkTenantFile()
boolean	commit()
protected void	createAndStoreCredentialFile(String domain, String username, String password, boolean isShadowAccount)
protected boolean	createOrUpdateShadowAccount(FileLoginModule.UserInfo userInfo)
protected String	generateRandomPassword()
protected abstract Set<String>	getConfiguredDomains()
protected abstract String	getGroupFileName() Defines group file name
protected abstract String	getLoginFileName() Defines login file name
protected abstract PrivateKey	getPrivateKey() Defines private key
protected abstract PublicKey	getPublicKey() Defines public key
protected abstract String	getTenantFileName() Defines tenant file name
protected void	groupMembership(String domain, String username) Return corresponding group for a user from the group file.
void	initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)
protected abstract boolean	isLegacyPasswordEncryption() Returns true if legacy password encryption is used (hybrid symetric key).
boolean	login()
boolean	logout()
protected boolean	logUser(String username, String password, String domain, boolean isNotFallbackAuthentication) First Check user and password from login file.
protected void	removeOldFailedAttempts(String username)
protected void	resetFailedAttempt(String username)
protected int	retryInHowManyMinutes(String username)
protected void	storeFailedAttempt(String username)
protected void	tenantMembership(String domain, String username) Return corresponding tenant for a user from the tenant file.
protected boolean	tooManyFailedAttempts(String username)
protected void	updateUserGroups(String login, Collection<String> groups, com.google.common.collect.Multimap<String,String> groupsMap)
protected void	updateUserPassword(PublicKey pubKey, String login, String password, Properties props)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.ow2.proactive.authentication.Loggable

getLogger

Field Detail

DOMAIN_SEP

public static String DOMAIN_SEP

ENCRYPTED_DATA_SEP

public static final String ENCRYPTED_DATA_SEP

See Also:

Constant Field Values

callbackHandler

protected CallbackHandler callbackHandler

JAAS call back handler used to get authentication request parameters

loginFile

protected String loginFile

The file where to store the allowed user//password

groupFile

protected String groupFile

The file where to store group management

tenantFile

protected String tenantFile

The file where to store tenant management

LOCK_FILE_NAME

public static final String LOCK_FILE_NAME

See Also:

Constant Field Values

authenticationLockFile

public static File authenticationLockFile

file used to prevent concurrent modification of login.cfg or group.cfg

subject

protected Subject subject

Constructor Detail

FileLoginModule

public FileLoginModule()

Method Detail

getLoginFileName

protected abstract String getLoginFileName()

Defines login file name

Returns:

the login file name

getGroupFileName

protected abstract String getGroupFileName()

Defines group file name

Returns:

the group file name

getTenantFileName

protected abstract String getTenantFileName()

Defines tenant file name

Returns:

the tenant file name

getConfiguredDomains

protected abstract Set<String> getConfiguredDomains()

getPrivateKey

protected abstract PrivateKey getPrivateKey()
                                     throws KeyException

Defines private key

Returns:

private key in use

Throws:

KeyException

getPublicKey

protected abstract PublicKey getPublicKey()
                                   throws KeyException

Defines public key

Returns:

public key in use

Throws:

KeyException

isLegacyPasswordEncryption

protected abstract boolean isLegacyPasswordEncryption()

Returns true if legacy password encryption is used (hybrid symetric key). Returns false if newer encryption is used (hash/salt based)

Returns:

initialize

public void initialize(Subject subject,
                       CallbackHandler callbackHandler,
                       Map<String,?> sharedState,
                       Map<String,?> options)

Specified by:

initialize in interface LoginModule

See Also:

LoginModule.initialize(javax.security.auth.Subject, javax.security.auth.callback.CallbackHandler, java.util.Map, java.util.Map)

checkLoginFile

protected void checkLoginFile()

checkGroupFile

protected void checkGroupFile()

checkTenantFile

protected void checkTenantFile()

login

public boolean login()
              throws LoginException

Specified by:

login in interface LoginModule

Throws:

LoginException - if userName of password are not correct

See Also:

LoginModule.login()

logUser

protected boolean logUser(String username,
                          String password,
                          String domain,
                          boolean isNotFallbackAuthentication)
                   throws LoginException

First Check user and password from login file. If user is authenticated, check group membership from group file.

Parameters:

username - user's login

password - user's password

isNotFallbackAuthentication - true if this method is not called inside a fallback mechanism

Returns:

true user login and password are correct, and requested group is authorized for the user

Throws:

LoginException - if authentication or group membership fails.

storeFailedAttempt

protected void storeFailedAttempt(String username)

resetFailedAttempt

protected void resetFailedAttempt(String username)

removeOldFailedAttempts

protected void removeOldFailedAttempts(String username)

tooManyFailedAttempts

protected boolean tooManyFailedAttempts(String username)

retryInHowManyMinutes

protected int retryInHowManyMinutes(String username)

groupMembership

protected void groupMembership(String domain,
                               String username)
                        throws LoginException

Return corresponding group for a user from the group file.

Parameters:

username - user's login

Throws:

LoginException - if group file is not found or unreadable.

tenantMembership

protected void tenantMembership(String domain,
                                String username)
                         throws LoginException

Return corresponding tenant for a user from the tenant file.

Parameters:

username - user's login

Throws:

LoginException - if tenant file is not found or unreadable.

commit

public boolean commit()
               throws LoginException

Specified by:

commit in interface LoginModule

Throws:

LoginException

See Also:

LoginModule.commit()

abort

public boolean abort()
              throws LoginException

Specified by:

abort in interface LoginModule

Throws:

LoginException

See Also:

LoginModule.abort()

logout

public boolean logout()
               throws LoginException

Specified by:

logout in interface LoginModule

Throws:

LoginException

See Also:

LoginModule.logout()

generateRandomPassword

protected String generateRandomPassword()

addShadowAccount

protected void addShadowAccount(String domain,
                                String username)
                         throws LoginException

Throws:

LoginException

createOrUpdateShadowAccount

protected boolean createOrUpdateShadowAccount(FileLoginModule.UserInfo userInfo)
                                       throws LoginException

Throws:

LoginException

updateUserPassword

protected void updateUserPassword(PublicKey pubKey,
                                  String login,
                                  String password,
                                  Properties props)
                           throws KeyException

Throws:

KeyException

createAndStoreCredentialFile

protected void createAndStoreCredentialFile(String domain,
                                            String username,
                                            String password,
                                            boolean isShadowAccount)

updateUserGroups

protected void updateUserGroups(String login,
                                Collection<String> groups,
                                com.google.common.collect.Multimap<String,String> groupsMap)