src/java.management/share/classes/com/sun/jmx/remote/security/FileLoginModule.java

Print this page 







  48 import com.sun.jmx.remote.util.ClassLogger;
  49 import com.sun.jmx.remote.util.EnvHelp;
  50 import sun.management.jmxremote.ConnectorBootstrap;
  51 
  52 /**
  53  * This {@link LoginModule} performs file-based authentication.
  54  *
  55  * <p> A supplied username and password is verified against the
  56  * corresponding user credentials stored in a designated password file.
  57  * If successful then a new {@link JMXPrincipal} is created with the
  58  * user's name and it is associated with the current {@link Subject}.
  59  * Such principals may be identified and granted management privileges in
  60  * the access control file for JMX remote management or in a Java security
  61  * policy.
  62  *
  63  * <p> The password file comprises a list of key-value pairs as specified in
  64  * {@link Properties}. The key represents a user's name and the value is its
  65  * associated cleartext password. By default, the following password file is
  66  * used:
  67  * <pre>
  68  *     ${java.home}/lib/management/jmxremote.password
  69  * </pre>
  70  * A different password file can be specified via the <code>passwordFile</code>
  71  * configuration option.
  72  *
  73  * <p> This module recognizes the following <code>Configuration</code> options:
  74  * <dl>
  75  * <dt> <code>passwordFile</code> </dt>
  76  * <dd> the path to an alternative password file. It is used instead of
  77  *      the default password file.</dd>
  78  *
  79  * <dt> <code>useFirstPass</code> </dt>
  80  * <dd> if <code>true</code>, this module retrieves the username and password
  81  *      from the module's shared state, using "javax.security.auth.login.name"
  82  *      and "javax.security.auth.login.password" as the respective keys. The
  83  *      retrieved values are used for authentication. If authentication fails,
  84  *      no attempt for a retry is made, and the failure is reported back to
  85  *      the calling application.</dd>
  86  *
  87  * <dt> <code>tryFirstPass</code> </dt>
  88  * <dd> if <code>true</code>, this module retrieves the username and password


  96  *
  97  * <dt> <code>storePass</code> </dt>
  98  * <dd> if <code>true</code>, this module stores the username and password
  99  *      obtained from the CallbackHandler in the module's shared state, using
 100  *      "javax.security.auth.login.name" and
 101  *      "javax.security.auth.login.password" as the respective keys.  This is
 102  *      not performed if existing values already exist for the username and
 103  *      password in the shared state, or if authentication fails.</dd>
 104  *
 105  * <dt> <code>clearPass</code> </dt>
 106  * <dd> if <code>true</code>, this module clears the username and password
 107  *      stored in the module's shared state after both phases of authentication
 108  *      (login and commit) have completed.</dd>
 109  * </dl>
 110  */
 111 public class FileLoginModule implements LoginModule {
 112 
 113     // Location of the default password file
 114     private static final String DEFAULT_PASSWORD_FILE_NAME =
 115         AccessController.doPrivileged(new GetPropertyAction("java.home")) +
 116         File.separatorChar + "lib" +
 117         File.separatorChar + "management" + File.separatorChar +
 118         ConnectorBootstrap.DefaultValues.PASSWORD_FILE_NAME;
 119 
 120     // Key to retrieve the stored username
 121     private static final String USERNAME_KEY =
 122         "javax.security.auth.login.name";
 123 
 124     // Key to retrieve the stored password
 125     private static final String PASSWORD_KEY =
 126         "javax.security.auth.login.password";
 127 
 128     // Log messages
 129     private static final ClassLogger logger =
 130         new ClassLogger("javax.management.remote.misc", "FileLoginModule");
 131 
 132     // Configurable options
 133     private boolean useFirstPass = false;
 134     private boolean tryFirstPass = false;
 135     private boolean storePass = false;
 136     private boolean clearPass = false;






  48 import com.sun.jmx.remote.util.ClassLogger;
  49 import com.sun.jmx.remote.util.EnvHelp;
  50 import sun.management.jmxremote.ConnectorBootstrap;
  51 
  52 /**
  53  * This {@link LoginModule} performs file-based authentication.
  54  *
  55  * <p> A supplied username and password is verified against the
  56  * corresponding user credentials stored in a designated password file.
  57  * If successful then a new {@link JMXPrincipal} is created with the
  58  * user's name and it is associated with the current {@link Subject}.
  59  * Such principals may be identified and granted management privileges in
  60  * the access control file for JMX remote management or in a Java security
  61  * policy.
  62  *
  63  * <p> The password file comprises a list of key-value pairs as specified in
  64  * {@link Properties}. The key represents a user's name and the value is its
  65  * associated cleartext password. By default, the following password file is
  66  * used:
  67  * <pre>
  68  *     ${java.home}/conf/management/jmxremote.password
  69  * </pre>
  70  * A different password file can be specified via the <code>passwordFile</code>
  71  * configuration option.
  72  *
  73  * <p> This module recognizes the following <code>Configuration</code> options:
  74  * <dl>
  75  * <dt> <code>passwordFile</code> </dt>
  76  * <dd> the path to an alternative password file. It is used instead of
  77  *      the default password file.</dd>
  78  *
  79  * <dt> <code>useFirstPass</code> </dt>
  80  * <dd> if <code>true</code>, this module retrieves the username and password
  81  *      from the module's shared state, using "javax.security.auth.login.name"
  82  *      and "javax.security.auth.login.password" as the respective keys. The
  83  *      retrieved values are used for authentication. If authentication fails,
  84  *      no attempt for a retry is made, and the failure is reported back to
  85  *      the calling application.</dd>
  86  *
  87  * <dt> <code>tryFirstPass</code> </dt>
  88  * <dd> if <code>true</code>, this module retrieves the username and password


  96  *
  97  * <dt> <code>storePass</code> </dt>
  98  * <dd> if <code>true</code>, this module stores the username and password
  99  *      obtained from the CallbackHandler in the module's shared state, using
 100  *      "javax.security.auth.login.name" and
 101  *      "javax.security.auth.login.password" as the respective keys.  This is
 102  *      not performed if existing values already exist for the username and
 103  *      password in the shared state, or if authentication fails.</dd>
 104  *
 105  * <dt> <code>clearPass</code> </dt>
 106  * <dd> if <code>true</code>, this module clears the username and password
 107  *      stored in the module's shared state after both phases of authentication
 108  *      (login and commit) have completed.</dd>
 109  * </dl>
 110  */
 111 public class FileLoginModule implements LoginModule {
 112 
 113     // Location of the default password file
 114     private static final String DEFAULT_PASSWORD_FILE_NAME =
 115         AccessController.doPrivileged(new GetPropertyAction("java.home")) +
 116         File.separatorChar + "conf" +
 117         File.separatorChar + "management" + File.separatorChar +
 118         ConnectorBootstrap.DefaultValues.PASSWORD_FILE_NAME;
 119 
 120     // Key to retrieve the stored username
 121     private static final String USERNAME_KEY =
 122         "javax.security.auth.login.name";
 123 
 124     // Key to retrieve the stored password
 125     private static final String PASSWORD_KEY =
 126         "javax.security.auth.login.password";
 127 
 128     // Log messages
 129     private static final ClassLogger logger =
 130         new ClassLogger("javax.management.remote.misc", "FileLoginModule");
 131 
 132     // Configurable options
 133     private boolean useFirstPass = false;
 134     private boolean tryFirstPass = false;
 135     private boolean storePass = false;
 136     private boolean clearPass = false;