/* GnuConfiguration.java -- GNU Classpath implementation of JAAS Configuration Copyright (C) 2006 Free Software Foundation, Inc. This file is part of GNU Classpath. GNU Classpath is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. GNU Classpath is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with GNU Classpath; see the file COPYING. If not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. Linking this library statically or dynamically with other modules is making a combined work based on this library. Thus, the terms and conditions of the GNU General Public License cover the whole combination. As a special exception, the copyright holders of this library give you permission to link this library with independent modules to produce an executable, regardless of the license terms of these independent modules, and to copy and distribute the resulting executable under terms of your choice, provided that you also meet, for each linked independent module, the terms and conditions of the license of that module. An independent module is a module which is not derived from or based on this library. If you modify this library, you may extend this exception to your version of the library, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ package gnu.javax.security.auth.login; import java.io.File; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; import java.net.MalformedURLException; import java.net.URL; import java.security.Security; import java.util.HashMap; import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.logging.Logger; import javax.security.auth.AuthPermission; import javax.security.auth.login.AppConfigurationEntry; import javax.security.auth.login.Configuration; /** * An implementation of the {@link Configuration} class which interprets JAAS * Login Configuration files written in the default syntax described in * the publicly available documentation of that class. A more formal definition * of this syntax is as follows: * *
* CONFIG ::= APP_OR_OTHER_ENTRY+ * APP_OR_OTHER_ENTRY ::= APP_NAME_OR_OTHER JAAS_CONFIG_BLOCK * APP_NAME_OR_OTHER ::= APP_NAME * | 'other' * JAAS_CONFIG_BLOCK ::= '{' (LOGIN_MODULE_ENTRY ';')+ '}' ';' * LOGIN_MODULE_ENTRY ::= MODULE_CLASS FLAG MODULE_OPTION* ';' * FLAG ::= 'required' * | 'requisite' * | 'sufficient' * | 'optional' * MODULE_OPTION ::= PARAM_NAME '=' PARAM_VALUE * * APP_NAME ::= JAVA_IDENTIFIER * MODULE_CLASS ::= JAVA_IDENTIFIER ('.' JAVA_IDENTIFIER)* * PARAM_NAME ::= STRING * PARAM_VALUE ::= '"' STRING '"' | ''' STRING ''' | STRING ** *
This implementation will specifically attempt to process one or more * Login Configuration files in the following locations, and when found parse * them and merge their contents. The locations, and the order in which they are * investigated, follows:
* *1
to an arbitrary number, are defined, then
* the value of each of those properties will be considered as a JAAS Login
* Configuration file written in the default syntax. This implementation will
* attempt parsing all such files.
*
* It is worth noting the following: *
If at least one of the designated Configuration files was found, and * was parsed correctly, then no other location will be inspected.
If this System property is defined, and the file it refers to was * parsed correctly, then no other location will be inspected.
Configuration
.
*
* This method causes this Configuration
object to refresh /
* reload its contents following the locations and logic described above in
* the class documentation section.
refreshLoginConfiguration
.
* @see AuthPermission
*/
public void refresh()
{
SecurityManager sm = System.getSecurityManager();
if (sm != null)
sm.checkPermission(new AuthPermission("refreshLoginConfiguration"));
loginModulesMap.clear();
init();
}
// helper methods -----------------------------------------------------------
/**
* Attempts to find and parse JAAS Login Configuration file(s) written in
* the default syntax. The locations searched are as descibed in the class
* documentation.
*/
private void init()
{
if (processSecurityProperties())
{
if (gnu.java.security.Configuration.DEBUG)
log.fine("Using login configuration defined by Security property(ies)");
}
else if (processSystemProperty())
{
if (gnu.java.security.Configuration.DEBUG)
log.fine("Using login configuration defined by System property");
}
else if (processUserHome())
{
if (gnu.java.security.Configuration.DEBUG)
log.fine("Using login configuration defined in ${user.home}");
}
else
{
if (gnu.java.security.Configuration.DEBUG)
log.fine("No login configuration file found");
}
}
/**
* Attempts to locate and parse one or more JAAS Login Configuration files
* defined as the values of the Security properties
* java.security.auth.login.config.url.N.
*
* @return true
if it succeeds, and false
* otherwsie.
*/
private boolean processSecurityProperties()
{
boolean result = false;
int counter = 0;
String s;
while (true)
try
{
counter++;
s = Security.getProperty("java.security.auth.login.config.url."
+ counter);
if (s == null)
break;
s = s.trim();
if (s.length() != 0)
{
if (gnu.java.security.Configuration.DEBUG)
log.fine("java.security.auth.login.config.url." + counter
+ " = " + s);
parseConfig(getInputStreamFromURL(s));
result = true;
}
}
catch (Throwable t)
{
if (gnu.java.security.Configuration.DEBUG)
log.fine("Exception while handling Security property at #"
+ counter + ". Continue: " + t);
}
return result;
}
/**
* Attempts to open a designated string as a well-formed {@link URL}. If a
* {@link MalformedURLException} occurs, this method then tries to open that
* string as a {@link File} (with the same name). If it succeeds, an
* {@link InputStream} is constructed and returned.
*
* @param s
* the designated name of either a {@link URL} or a {@link File}
* assumed to contain a JAAS Login Configuration in the default
* syntax.
* @return an {@link InputStream} around the data source.
* @throws IOException
* if an exception occurs during the operation.
*/
private InputStream getInputStreamFromURL(String s) throws IOException
{
InputStream result = null;
try
{
URL url = new URL(s);
result = url.openStream();
}
catch (MalformedURLException x)
{
if (gnu.java.security.Configuration.DEBUG)
log.fine("Failed opening as URL: " + s + ". Will try as File");
result = new FileInputStream(s);
}
return result;
}
/**
* Attempts to locate and parse a JAAS Login Configuration file defined as the
* value of the System property java.security.auth.login.config.
*
* @return true
if it succeeds, and false
* otherwsie.
*/
private boolean processSystemProperty()
{
boolean result = false;
try
{
String s = System.getProperty("java.security.auth.login.config");
if (s != null)
{
s = s.trim();
if (s.length() != 0)
{
if (gnu.java.security.Configuration.DEBUG)
log.fine("java.security.auth.login.config = " + s);
parseConfig(getInputStreamFromURL(s));
result = true;
}
}
}
catch (Throwable t)
{
if (gnu.java.security.Configuration.DEBUG)
log.fine("Exception while handling System property. Continue: " + t);
}
return result;
}
/**
* Attempts to locate and parse a JAAS Login Configuration file named either
* as .java.login.config or java.login.config (without the
* leading dot) in the folder referenced by the System property
* user.home
.
*
* @return true
if it succeeds, and false
* otherwsie.
*/
private boolean processUserHome()
{
boolean result = false;
try
{
File userHome = getUserHome();
if (userHome == null)
return result;
File jaasFile;
jaasFile = getConfigFromUserHome(userHome, ".java.login.config");
if (jaasFile == null)
jaasFile = getConfigFromUserHome(userHome, "java.login.config");
if (jaasFile == null)
{
if (gnu.java.security.Configuration.DEBUG)
log.fine("Login Configuration file, in " + userHome
+ ", does not exist or is inaccessible");
return result;
}
FileInputStream fis = new FileInputStream(jaasFile);
parseConfig(fis);
result = true;
}
catch (Throwable t)
{
if (gnu.java.security.Configuration.DEBUG)
log.fine("Exception (ignored) while handling ${user.home}: " + t);
}
return result;
}
private void parseConfig(InputStream configStream) throws IOException
{
cp.parse(new InputStreamReader(configStream, "UTF-8"));
Map loginModulesMap = cp.getLoginModulesMap();
mergeLoginModules(loginModulesMap);
}
private void mergeLoginModules(Map otherLoginModules)
{
if (otherLoginModules == null || otherLoginModules.size() < 1)
return;
for (Iterator it = otherLoginModules.keySet().iterator(); it.hasNext();)
{
String appName = (String) it.next();
List thatListOfACEs = (List) otherLoginModules.get(appName);
if (thatListOfACEs == null || thatListOfACEs.size() < 1)
continue;
List thisListsOfACEs = (List) loginModulesMap.get(appName);
if (thisListsOfACEs == null)
loginModulesMap.put(appName, thatListOfACEs);
else
thisListsOfACEs.addAll(thatListOfACEs);
}
}
private File getUserHome()
{
String uh = System.getProperty("user.home");
if (uh == null || uh.trim().length() == 0)
{
if (gnu.java.security.Configuration.DEBUG)
log.fine("User home path is not set or is empty");
return null;
}
uh = uh.trim();
File result = new File(uh);
if (! result.exists())
{
if (gnu.java.security.Configuration.DEBUG)
log.fine("User home '" + uh + "' does not exist");
return null;
}
if (! result.isDirectory())
{
if (gnu.java.security.Configuration.DEBUG)
log.fine("User home '" + uh + "' is not a directory");
return null;
}
if (! result.canRead())
{
if (gnu.java.security.Configuration.DEBUG)
log.fine("User home '" + uh + "' is not readable");
return null;
}
return result;
}
private File getConfigFromUserHome(File userHome, String fileName)
{
File result = new File(userHome, fileName);
if (! result.exists())
{
if (gnu.java.security.Configuration.DEBUG)
log.fine("File '" + fileName + "' does not exist in user's home");
return null;
}
if (! result.isFile())
{
if (gnu.java.security.Configuration.DEBUG)
log.fine("File '" + fileName + "' in user's home is not a file");
return null;
}
if (! result.canRead())
{
if (gnu.java.security.Configuration.DEBUG)
log.fine("File '" + fileName + "' in user's home is not readable");
return null;
}
return result;
}
}