/* * @(#)LoginContext.java 1.98 04/06/28 * * Copyright 2004 Sun Microsystems, Inc. All rights reserved. * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms. */ package javax.security.auth.login; import java.lang.reflect.Constructor; import java.lang.reflect.Method; import java.lang.reflect.InvocationTargetException; import java.util.LinkedList; import java.util.Map; import java.util.HashMap; import java.text.MessageFormat; import javax.security.auth.Subject; import javax.security.auth.AuthPermission; import javax.security.auth.callback.*; import java.security.AccessController; import java.security.AccessControlContext; import sun.security.util.PendingException; import sun.security.util.ResourcesMgr; /** *

The LoginContext class describes the basic methods used * to authenticate Subjects and provides a way to develop an * application independent of the underlying authentication technology. * A Configuration specifies the authentication technology, or * LoginModule, to be used with a particular application. * Different LoginModules can be plugged in under an application * without requiring any modifications to the application itself. * *

In addition to supporting pluggable authentication, this class * also supports the notion of stacked authentication. * Applications may be configured to use more than one * LoginModule. For example, one could * configure both a Kerberos LoginModule and a smart card * LoginModule under an application. * *

A typical caller instantiates a LoginContext with * a name and a CallbackHandler. * LoginContext uses the name as the index into a * Configuration to determine which LoginModules should be used, * and which ones must succeed in order for the overall authentication to * succeed. The CallbackHandler is passed to the underlying * LoginModules so they may communicate and interact with users * (prompting for a username and password via a graphical user interface, * for example). * *

Once the caller has instantiated a LoginContext, * it invokes the login method to authenticate * a Subject. The login method invokes * the configured modules to perform their respective types of authentication * (username/password, smart card pin verification, etc.). * Note that the LoginModules will not attempt authentication retries nor * introduce delays if the authentication fails. * Such tasks belong to the LoginContext caller. * *

If the login method returns without * throwing an exception, then the overall authentication succeeded. * The caller can then retrieve * the newly authenticated Subject by invoking the * getSubject method. Principals and Credentials associated * with the Subject may be retrieved by invoking the Subject's * respective getPrincipals, getPublicCredentials, * and getPrivateCredentials methods. * *

To logout the Subject, the caller calls * the logout method. As with the login * method, this logout method invokes the logout * method for the configured modules. * *

A LoginContext should not be used to authenticate * more than one Subject. A separate LoginContext * should be used to authenticate each different Subject. * *

The following documentation applies to all LoginContext constructors: *

    * *
  1. Subject * * *
  2. Configuration * * *
  3. CallbackHandler * *
* *

Note that Security Properties * (such as auth.login.defaultCallbackHandler) * can be set programmatically via the * java.security.Security class, * or statically in the Java security properties file located in the * file named <JAVA_HOME>/lib/security/java.security, * where <JAVA_HOME> refers to the directory where the JDK * was installed. * * @version 1.98, 06/28/04 * @see java.security.Security * @see javax.security.auth.AuthPermission * @see javax.security.auth.Subject * @see javax.security.auth.callback.CallbackHandler * @see javax.security.auth.login.Configuration * @see javax.security.auth.spi.LoginModule */ public class LoginContext { private static final String INIT_METHOD = "initialize"; private static final String LOGIN_METHOD = "login"; private static final String COMMIT_METHOD = "commit"; private static final String ABORT_METHOD = "abort"; private static final String LOGOUT_METHOD = "logout"; private static final String OTHER = "other"; private static final String DEFAULT_HANDLER = "auth.login.defaultCallbackHandler"; private Subject subject = null; private boolean subjectProvided = false; private boolean loginSucceeded = false; private CallbackHandler callbackHandler; private Map state = new HashMap(); private Configuration config; private boolean configProvided = false; private AccessControlContext creatorAcc = null; private ModuleInfo[] moduleStack; private ClassLoader contextClassLoader = null; private static final Class[] PARAMS = { }; // state saved in the event a user-specified asynchronous exception // was specified and thrown private int moduleIndex = 0; private LoginException firstError = null; private LoginException firstRequiredError = null; private boolean success = false; private static final sun.security.util.Debug debug = sun.security.util.Debug.getInstance("logincontext", "\t[LoginContext]"); private void init(String name) throws LoginException { SecurityManager sm = System.getSecurityManager(); if (sm != null && !configProvided) { sm.checkPermission(new AuthPermission ("createLoginContext." + name)); } if (name == null) throw new LoginException (ResourcesMgr.getString("Invalid null input: name")); // get the Configuration if (config == null) { config = (Configuration)java.security.AccessController.doPrivileged (new java.security.PrivilegedAction() { public Object run() { return Configuration.getConfiguration(); } }); } // get the LoginModules configured for this application AppConfigurationEntry[] entries = config.getAppConfigurationEntry(name); if (entries == null) { if (sm != null && !configProvided) { sm.checkPermission(new AuthPermission ("createLoginContext." + OTHER)); } entries = config.getAppConfigurationEntry(OTHER); if (entries == null) { MessageFormat form = new MessageFormat(ResourcesMgr.getString ("No LoginModules configured for name")); Object[] source = {name}; throw new LoginException(form.format(source)); } } moduleStack = new ModuleInfo[entries.length]; for (int i = 0; i < entries.length; i++) { // clone returned array moduleStack[i] = new ModuleInfo (new AppConfigurationEntry (entries[i].getLoginModuleName(), entries[i].getControlFlag(), entries[i].getOptions()), null); } contextClassLoader = (ClassLoader)java.security.AccessController.doPrivileged (new java.security.PrivilegedAction() { public Object run() { return Thread.currentThread().getContextClassLoader(); } }); } private void loadDefaultCallbackHandler() throws LoginException { // get the default handler class try { final ClassLoader finalLoader = contextClassLoader; this.callbackHandler = (CallbackHandler) java.security.AccessController.doPrivileged (new java.security.PrivilegedExceptionAction() { public Object run() throws Exception { String defaultHandler = java.security.Security.getProperty (DEFAULT_HANDLER); if (defaultHandler == null || defaultHandler.length() == 0) return null; Class c = Class.forName(defaultHandler, true, finalLoader); return c.newInstance(); } }); } catch (java.security.PrivilegedActionException pae) { throw new LoginException(pae.getException().toString()); } // secure it with the caller's ACC if (this.callbackHandler != null && !configProvided) { this.callbackHandler = new SecureCallbackHandler (java.security.AccessController.getContext(), this.callbackHandler); } } /** * Instantiate a new LoginContext object with a name. * * @param name the name used as the index into the * Configuration. * * @exception LoginException if the caller-specified name * does not appear in the Configuration * and there is no Configuration entry * for "other", or if the * auth.login.defaultCallbackHandler * security property was set, but the implementation * class could not be loaded. *

* @exception SecurityException if a SecurityManager is set and * the caller does not have * AuthPermission("createLoginContext.name"), * or if a configuration entry for name does not exist and * the caller does not additionally have * AuthPermission("createLoginContext.other") */ public LoginContext(String name) throws LoginException { init(name); loadDefaultCallbackHandler(); } /** * Instantiate a new LoginContext object with a name * and a Subject object. * *

* * @param name the name used as the index into the * Configuration.

* * @param subject the Subject to authenticate. * * @exception LoginException if the caller-specified name * does not appear in the Configuration * and there is no Configuration entry * for "other", if the caller-specified subject * is null, or if the * auth.login.defaultCallbackHandler * security property was set, but the implementation * class could not be loaded. *

* @exception SecurityException if a SecurityManager is set and * the caller does not have * AuthPermission("createLoginContext.name"), * or if a configuration entry for name does not exist and * the caller does not additionally have * AuthPermission("createLoginContext.other") */ public LoginContext(String name, Subject subject) throws LoginException { init(name); if (subject == null) throw new LoginException (ResourcesMgr.getString("invalid null Subject provided")); this.subject = subject; subjectProvided = true; loadDefaultCallbackHandler(); } /** * Instantiate a new LoginContext object with a name * and a CallbackHandler object. * *

* * @param name the name used as the index into the * Configuration.

* * @param callbackHandler the CallbackHandler object used by * LoginModules to communicate with the user. * * @exception LoginException if the caller-specified name * does not appear in the Configuration * and there is no Configuration entry * for "other", or if the caller-specified * callbackHandler is null. *

* @exception SecurityException if a SecurityManager is set and * the caller does not have * AuthPermission("createLoginContext.name"), * or if a configuration entry for name does not exist and * the caller does not additionally have * AuthPermission("createLoginContext.other") */ public LoginContext(String name, CallbackHandler callbackHandler) throws LoginException { init(name); if (callbackHandler == null) throw new LoginException(ResourcesMgr.getString ("invalid null CallbackHandler provided")); this.callbackHandler = new SecureCallbackHandler (java.security.AccessController.getContext(), callbackHandler); } /** * Instantiate a new LoginContext object with a name, * a Subject to be authenticated, and a * CallbackHandler object. * *

* * @param name the name used as the index into the * Configuration.

* * @param subject the Subject to authenticate.

* * @param callbackHandler the CallbackHandler object used by * LoginModules to communicate with the user. * * @exception LoginException if the caller-specified name * does not appear in the Configuration * and there is no Configuration entry * for "other", or if the caller-specified * subject is null, * or if the caller-specified * callbackHandler is null. *

* @exception SecurityException if a SecurityManager is set and * the caller does not have * AuthPermission("createLoginContext.name"), * or if a configuration entry for name does not exist and * the caller does not additionally have * AuthPermission("createLoginContext.other") */ public LoginContext(String name, Subject subject, CallbackHandler callbackHandler) throws LoginException { this(name, subject); if (callbackHandler == null) throw new LoginException(ResourcesMgr.getString ("invalid null CallbackHandler provided")); this.callbackHandler = new SecureCallbackHandler (java.security.AccessController.getContext(), callbackHandler); } /** * Instantiate a new LoginContext object with a name, * a Subject to be authenticated, * a CallbackHandler object, and a login * Configuration. * *

* * @param name the name used as the index into the caller-specified * Configuration.

* * @param subject the Subject to authenticate, * or null.

* * @param callbackHandler the CallbackHandler object used by * LoginModules to communicate with the user, or null. *

* * @param config the Configuration that lists the * login modules to be called to perform the authentication, * or null. * * @exception LoginException if the caller-specified name * does not appear in the Configuration * and there is no Configuration entry * for "other". *

* @exception SecurityException if a SecurityManager is set, * config is null, * and either the caller does not have * AuthPermission("createLoginContext.name"), * or if a configuration entry for name does not exist and * the caller does not additionally have * AuthPermission("createLoginContext.other") * * @since 1.5 */ public LoginContext(String name, Subject subject, CallbackHandler callbackHandler, Configuration config) throws LoginException { this.config = config; configProvided = (config != null) ? true : false; if (configProvided) { creatorAcc = java.security.AccessController.getContext(); } init(name); if (subject != null) { this.subject = subject; subjectProvided = true; } if (callbackHandler == null) { loadDefaultCallbackHandler(); } else if (!configProvided) { this.callbackHandler = new SecureCallbackHandler (java.security.AccessController.getContext(), callbackHandler); } else { this.callbackHandler = callbackHandler; } } /** * Perform the authentication. * *

This method invokes the login method for each * LoginModule configured for the name specified to the * LoginContext constructor, as determined by the login * Configuration. Each LoginModule * then performs its respective type of authentication * (username/password, smart card pin verification, etc.). * *

This method completes a 2-phase authentication process by * calling each configured LoginModule's commit method * if the overall authentication succeeded (the relevant REQUIRED, * REQUISITE, SUFFICIENT, and OPTIONAL LoginModules succeeded), * or by calling each configured LoginModule's abort method * if the overall authentication failed. If authentication succeeded, * each successful LoginModule's commit method associates * the relevant Principals and Credentials with the Subject. * If authentication failed, each LoginModule's abort method * removes/destroys any previously stored state. * *

If the commit phase of the authentication process * fails, then the overall authentication fails and this method * invokes the abort method for each configured * LoginModule. * *

If the abort phase * fails for any reason, then this method propagates the * original exception thrown either during the login phase * or the commit phase. In either case, the overall * authentication fails. * *

In the case where multiple LoginModules fail, * this method propagates the exception raised by the first * LoginModule which failed. * *

Note that if this method enters the abort phase * (either the login or commit phase failed), * this method invokes all LoginModules configured for the * application regardless of their respective Configuration * flag parameters. Essentially this means that Requisite * and Sufficient semantics are ignored during the * abort phase. This guarantees that proper cleanup * and state restoration can take place. * *

* * @exception LoginException if the authentication fails. */ public void login() throws LoginException { loginSucceeded = false; if (subject == null) { subject = new Subject(); } try { if (configProvided) { // module invoked in doPrivileged with creatorAcc invokeCreatorPriv(LOGIN_METHOD); invokeCreatorPriv(COMMIT_METHOD); } else { // module invoked in doPrivileged invokePriv(LOGIN_METHOD); invokePriv(COMMIT_METHOD); } loginSucceeded = true; } catch (LoginException le) { try { if (configProvided) { invokeCreatorPriv(ABORT_METHOD); } else { invokePriv(ABORT_METHOD); } } catch (LoginException le2) { throw le; } throw le; } } /** * Logout the Subject. * *

This method invokes the logout method for each * LoginModule configured for this LoginContext. * Each LoginModule performs its respective logout procedure * which may include removing/destroying * Principal and Credential information * from the Subject and state cleanup. * *

Note that this method invokes all LoginModules configured for the * application regardless of their respective * Configuration flag parameters. Essentially this means * that Requisite and Sufficient semantics are * ignored for this method. This guarantees that proper cleanup * and state restoration can take place. * *

* * @exception LoginException if the logout fails. */ public void logout() throws LoginException { if (subject == null) { throw new LoginException(ResourcesMgr.getString ("null subject - logout called before login")); } if (configProvided) { // module invoked in doPrivileged with creatorAcc invokeCreatorPriv(LOGOUT_METHOD); } else { // module invoked in doPrivileged invokePriv(LOGOUT_METHOD); } } /** * Return the authenticated Subject. * *

* * @return the authenticated Subject. If the caller specified a * Subject to this LoginContext's constructor, * this method returns the caller-specified Subject. * If a Subject was not specified and authentication succeeds, * this method returns the Subject instantiated and used for * authentication by this LoginContext. * If a Subject was not specified, and authentication fails or * has not been attempted, this method returns null. */ public Subject getSubject() { if (!loginSucceeded && !subjectProvided) return null; return subject; } private void clearState() { moduleIndex = 0; firstError = null; firstRequiredError = null; success = false; } private void throwException(LoginException originalError, LoginException le) throws LoginException { // first clear state clearState(); // throw the exception LoginException error = (originalError != null) ? originalError : le; throw error; } /** * Invokes the login, commit, and logout methods * from a LoginModule inside a doPrivileged block. * * This version is called if the caller did not instantiate * the LoginContext with a Configuration object. */ private void invokePriv(final String methodName) throws LoginException { try { java.security.AccessController.doPrivileged (new java.security.PrivilegedExceptionAction() { public Object run() throws LoginException { invoke(methodName); return null; } }); } catch (java.security.PrivilegedActionException pae) { throw (LoginException)pae.getException(); } } /** * Invokes the login, commit, and logout methods * from a LoginModule inside a doPrivileged block restricted * by creatorAcc * * This version is called if the caller instantiated * the LoginContext with a Configuration object. */ private void invokeCreatorPriv(final String methodName) throws LoginException { try { java.security.AccessController.doPrivileged (new java.security.PrivilegedExceptionAction() { public Object run() throws LoginException { invoke(methodName); return null; } }, creatorAcc); } catch (java.security.PrivilegedActionException pae) { throw (LoginException)pae.getException(); } } private void invoke(String methodName) throws LoginException { // start at moduleIndex // - this can only be non-zero if methodName is LOGIN_METHOD for (int i = moduleIndex; i < moduleStack.length; i++, moduleIndex++) { try { int mIndex = 0; Method[] methods = null; if (moduleStack[i].module != null) { methods = moduleStack[i].module.getClass().getMethods(); } else { // instantiate the LoginModule Class c = Class.forName (moduleStack[i].entry.getLoginModuleName(), true, contextClassLoader); Constructor constructor = c.getConstructor(PARAMS); Object[] args = { }; // allow any object to be a LoginModule // as long as it conforms to the interface moduleStack[i].module = constructor.newInstance(args); methods = moduleStack[i].module.getClass().getMethods(); // call the LoginModule's initialize method for (mIndex = 0; mIndex < methods.length; mIndex++) { if (methods[mIndex].getName().equals(INIT_METHOD)) break; } Object[] initArgs = {subject, callbackHandler, state, moduleStack[i].entry.getOptions() }; // invoke the LoginModule initialize method methods[mIndex].invoke(moduleStack[i].module, initArgs); } // find the requested method in the LoginModule for (mIndex = 0; mIndex < methods.length; mIndex++) { if (methods[mIndex].getName().equals(methodName)) break; } // set up the arguments to be passed to the LoginModule method Object[] args = { }; // invoke the LoginModule method boolean status = ((Boolean)methods[mIndex].invoke (moduleStack[i].module, args)).booleanValue(); if (status == true) { // if SUFFICIENT, return if no prior REQUIRED errors if (!methodName.equals(ABORT_METHOD) && !methodName.equals(LOGOUT_METHOD) && moduleStack[i].entry.getControlFlag() == AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT && firstRequiredError == null) { // clear state clearState(); if (debug != null) debug.println(methodName + " SUFFICIENT success"); return; } if (debug != null) debug.println(methodName + " success"); success = true; } else { if (debug != null) debug.println(methodName + " ignored"); } } catch (NoSuchMethodException nsme) { MessageFormat form = new MessageFormat(ResourcesMgr.getString ("unable to instantiate LoginModule, module, because " + "it does not provide a no-argument constructor")); Object[] source = {moduleStack[i].entry.getLoginModuleName()}; throwException(null, new LoginException(form.format(source))); } catch (InstantiationException ie) { throwException(null, new LoginException(ResourcesMgr.getString ("unable to instantiate LoginModule: ") + ie.getMessage())); } catch (ClassNotFoundException cnfe) { throwException(null, new LoginException(ResourcesMgr.getString ("unable to find LoginModule class: ") + cnfe.getMessage())); } catch (IllegalAccessException iae) { throwException(null, new LoginException(ResourcesMgr.getString ("unable to access LoginModule: ") + iae.getMessage())); } catch (InvocationTargetException ite) { // failure cases LoginException le; if (ite.getCause() instanceof PendingException && methodName.equals(LOGIN_METHOD)) { // XXX // // if a module's LOGIN_METHOD threw a PendingException // then immediately throw it. // // when LoginContext is called again, // the module that threw the exception is invoked first // (the module list is not invoked from the start). // previously thrown exception state is still present. // // it is assumed that the module which threw // the exception can have its // LOGIN_METHOD invoked twice in a row // without any commit/abort in between. // // in all cases when LoginContext returns // (either via natural return or by throwing an exception) // we need to call clearState before returning. // the only time that is not true is in this case - // do not call throwException here. throw (PendingException)ite.getCause(); } else if (ite.getCause() instanceof LoginException) { le = (LoginException)ite.getCause(); } else if (ite.getCause() instanceof SecurityException) { // do not want privacy leak // (e.g., sensitive file path in exception msg) le = new LoginException("Security Exception"); le.initCause(new SecurityException()); if (debug != null) { debug.println ("original security exception with detail msg " + "replaced by new exception with empty detail msg"); debug.println("original security exception: " + ite.getCause().toString()); } } else { // capture an unexpected LoginModule exception java.io.StringWriter sw = new java.io.StringWriter(); ite.getCause().printStackTrace (new java.io.PrintWriter(sw)); sw.flush(); le = new LoginException(sw.toString()); } if (moduleStack[i].entry.getControlFlag() == AppConfigurationEntry.LoginModuleControlFlag.REQUISITE) { if (debug != null) debug.println(methodName + " REQUISITE failure"); // if REQUISITE, then immediately throw an exception if (methodName.equals(ABORT_METHOD) || methodName.equals(LOGOUT_METHOD)) { if (firstRequiredError == null) firstRequiredError = le; } else { throwException(firstRequiredError, le); } } else if (moduleStack[i].entry.getControlFlag() == AppConfigurationEntry.LoginModuleControlFlag.REQUIRED) { if (debug != null) debug.println(methodName + " REQUIRED failure"); // mark down that a REQUIRED module failed if (firstRequiredError == null) firstRequiredError = le; } else { if (debug != null) debug.println(methodName + " OPTIONAL failure"); // mark down that an OPTIONAL module failed if (firstError == null) firstError = le; } } } // we went thru all the LoginModules. if (firstRequiredError != null) { // a REQUIRED module failed -- return the error throwException(firstRequiredError, null); } else if (success == false && firstError != null) { // no module succeeded -- return the first error throwException(firstError, null); } else if (success == false) { // no module succeeded -- all modules were IGNORED throwException(new LoginException (ResourcesMgr.getString("Login Failure: all modules ignored")), null); } else { // success clearState(); return; } } /** * Wrap the caller-specified CallbackHandler in our own * and invoke it within a privileged block, constrained by * the caller's AccessControlContext. */ private static class SecureCallbackHandler implements CallbackHandler { private final java.security.AccessControlContext acc; private final CallbackHandler ch; SecureCallbackHandler(java.security.AccessControlContext acc, CallbackHandler ch) { this.acc = acc; this.ch = ch; } public void handle(final Callback[] callbacks) throws java.io.IOException, UnsupportedCallbackException { try { java.security.AccessController.doPrivileged (new java.security.PrivilegedExceptionAction() { public Object run() throws java.io.IOException, UnsupportedCallbackException { ch.handle(callbacks); return null; } }, acc); } catch (java.security.PrivilegedActionException pae) { if (pae.getException() instanceof java.io.IOException) { throw (java.io.IOException)pae.getException(); } else { throw (UnsupportedCallbackException)pae.getException(); } } } } /** * LoginModule information - * incapsulates Configuration info and actual module instances */ private static class ModuleInfo { AppConfigurationEntry entry; Object module; ModuleInfo(AppConfigurationEntry newEntry, Object newModule) { this.entry = newEntry; this.module = newModule; } } }