import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.io.IOException;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.security.Principal;
import java.security.PrivilegedAction;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import com.fujitsu.interstage.sso.auth.ISAuthenticationCredential;
import com.fujitsu.interstage.sso.auth.ISAuthorizationCredential;
import com.fujitsu.interstage.sso.auth.callback.ISCallbackHandler;
public class ISSsoJaas{
private Subject subject;
public ISSsoJaas(){
subject = new Subject();
}
public boolean login() throws Exception{
LoginContext loginContext = null;
BufferedReader reader = null;
reader = new BufferedReader(new InputStreamReader(System.in));
// attempt 3 times
for (int i=0 ; i<3; i++) {
// username is set from prompt
System.out.print("UserName=");
String username = reader.readLine();
// password is set from prompt
int PASSWORD_MAX_LENGTH = 128;
char[] tmp = new char[PASSWORD_MAX_LENGTH];
System.out.print("Password=");
int count = reader.read(tmp);
int lineSeparatorLength = System.getProperty("line.separator").length();
char[] password = new char[count - lineSeparatorLength];
System.arraycopy(tmp, 0, password, 0, password.length);
// callback is created here by userid and password
// CallbackHandlerのインスタンス化
CallbackHandler myHandler = new ISCallbackHandler(username, password);
// create LoginContext object
// LoginContextのインスタンス化
loginContext = new LoginContext(
"com.fujitsu.interstage.sso", subject, myHandler);
// LoginContextのloginメソッドの呼び出し
try{
loginContext.login();
return true;
}
catch(FailedLoginException ex){
System.out.println("Authenticate failed");
continue;
}
finally {
Arrays.fill(password,' ');
Arrays.fill(tmp,' ');
}
}
return false;
}
public void authorize(){
System.out.println("\n" + "*** Credential Information ***");
// get privateCredential Set
// 利用者情報の取得
Set credentials = subject.getPrivateCredentials();
// display credential information
Iterator iterator = credentials.iterator();
while (iterator.hasNext()) {
Object credential = iterator.next();
// this credential identify login user
if (credential instanceof ISAuthorizationCredential){
ISAuthorizationCredential isCredential =
(ISAuthorizationCredential) credential;
System.out.println("AuthorizationCredential=" +
isCredential.getEncryptedCredential());
System.out.println("Dn=" + isCredential.getDN());
System.out.println("Uid=" + isCredential.getUID());
Set roles = isCredential.getRoles();
if (roles != null) {
Iterator ite = roles.iterator();
while(ite.hasNext()){
System.out.println("Role=" + ite.next());
}
}
System.out.println("ClientAddress=" +
isCredential.getClientAddress());
System.out.println("AuthMethod=" +
isCredential.getAuthMethod());
System.out.println("AuthTime=" + isCredential.getAuthTime());
System.out.println("Expiration=" +
isCredential.getExpiration());
}
}
System.out.println("\n" + "*** Principals Information ***");
// display principal information
// 利用者情報の取得
Set principals = subject.getPrincipals();
iterator = principals.iterator();
while (iterator.hasNext()) {
Principal principal = (Principal)iterator.next();
System.out.println("Principal=" + principal.getName());
}
System.out.println("\n" + "*** Execute PrivilegedAction ***");
// Privileged operation execute by the attested authority.
// 認可の実行
PrivilegedAction myAction = new ISSsoAction();
subject.doAs(subject, myAction);
}
public static void main(String args[]) {
ISSsoJaas sample = new ISSsoJaas();
try{
if (sample.login()) {
sample.authorize();
}
else{
System.out.println("Login failed");
}
}
catch(Exception ex){
ex.printStackTrace();
}
}
} |
7.1.2.1 CallbackHandlerのインスタンス化