]> git.argeo.org Git - lgpl/argeo-commons.git/blob - UserAdminLoginModule.java
projects / lgpl / argeo-commons.git / blob


53b4242ef0be61043f4ec3325189af0974f5b17e
[lgpl/argeo-commons.git] / UserAdminLoginModule.java
1 package org.argeo.cms.auth;
2
3 import java.io.IOException;
4 import java.util.Iterator;
5 import java.util.Locale;
6 import java.util.Map;
7 import java.util.Set;
8
9 import javax.security.auth.Subject;
10 import javax.security.auth.callback.Callback;
11 import javax.security.auth.callback.CallbackHandler;
12 import javax.security.auth.callback.LanguageCallback;
13 import javax.security.auth.callback.NameCallback;
14 import javax.security.auth.callback.PasswordCallback;
15 import javax.security.auth.callback.UnsupportedCallbackException;
16 import javax.security.auth.login.CredentialNotFoundException;
17 import javax.security.auth.login.LoginException;
18 import javax.security.auth.spi.LoginModule;
19 import javax.servlet.http.HttpServletRequest;
20 import javax.servlet.http.HttpSession;
21
22 import org.argeo.ArgeoException;
23 import org.argeo.cms.internal.kernel.Activator;
24 import org.argeo.eclipse.ui.specific.UiContext;
25 import org.osgi.framework.BundleContext;
26 import org.osgi.service.http.HttpContext;
27 import org.osgi.service.useradmin.Authorization;
28 import org.osgi.service.useradmin.User;
29 import org.osgi.service.useradmin.UserAdmin;
30
31 public class UserAdminLoginModule implements LoginModule, AuthConstants {
32 private Subject subject;
33 private CallbackHandler callbackHandler;
34 private boolean isAnonymous = false;
35
36 private HttpServletRequest request = null;
37
38 @Override
39 public void initialize(Subject subject, CallbackHandler callbackHandler,
40 Map<String, ?> sharedState, Map<String, ?> options) {
41 try {
42 this.subject = subject;
43 this.callbackHandler = callbackHandler;
44 if (options.containsKey("anonymous"))
45 isAnonymous = Boolean.parseBoolean(options.get("anonymous")
46 .toString());
47 } catch (Exception e) {
48 throw new ArgeoException("Cannot initialize login module", e);
49 }
50 }
51
52 @Override
53 public boolean login() throws LoginException {
54 BundleContext bc = Activator.getBundleContext();
55 UserAdmin userAdmin = bc.getService(bc
56 .getServiceReference(UserAdmin.class));
57 Authorization authorization = null;
58 if (isAnonymous) {
59 authorization = userAdmin.getAuthorization(null);
60 } else {
61 HttpRequestCallback httpCallback = new HttpRequestCallback();
62 // ask for username and password
63 NameCallback nameCallback = new NameCallback("User");
64 PasswordCallback passwordCallback = new PasswordCallback(
65 "Password", false);
66 LanguageCallback langCallback = new LanguageCallback();
67 try {
68 callbackHandler.handle(new Callback[] { httpCallback,
69 nameCallback, passwordCallback, langCallback });
70 } catch (IOException e) {
71 throw new LoginException("Cannot handle http callback: "
72 + e.getMessage());
73 } catch (ThreadDeath e) {
74 throw new ThreadDeathLoginException(
75 "Callbackhandler thread died", e);
76 } catch (UnsupportedCallbackException e) {
77 return false;
78 }
79 request = httpCallback.getRequest();
80 if (request != null) {
81 authorization = (Authorization) request
82 .getAttribute(HttpContext.AUTHORIZATION);
83 if (authorization == null)
84 authorization = (Authorization) request.getSession()
85 .getAttribute(HttpContext.AUTHORIZATION);
86 }
87
88 // i18n
89 Locale locale = langCallback.getLocale();
90 if (locale == null)
91 locale = Locale.getDefault();
92 UiContext.setLocale(locale);
93
94 if (authorization == null) {
95 // create credentials
96 final String username = nameCallback.getName();
97 if (username == null || username.trim().equals("")) {
98 // authorization = userAdmin.getAuthorization(null);
99 throw new CredentialNotFoundException(
100 "No credentials provided");
101 } else {
102 char[] password = {};
103 if (passwordCallback.getPassword() != null)
104 password = passwordCallback.getPassword();
105 else
106 throw new CredentialNotFoundException(
107 "No credentials provided");
108
109 User user = userAdmin.getUser(null, username);
110 if (user == null)
111 return false;
112 if (!user.hasCredential(null, password))
113 return false;
114 authorization = userAdmin.getAuthorization(user);
115 }
116 }
117 // } else {
118 // authorization = userAdmin.getAuthorization(null);
119 // }
120 }
121 subject.getPrivateCredentials().add(authorization);
122 return true;
123 }
124
125 @Override
126 public boolean commit() throws LoginException {
127 Authorization authorization = subject
128 .getPrivateCredentials(Authorization.class).iterator().next();
129 if (request != null) {
130 request.setAttribute(HttpContext.REMOTE_USER,
131 authorization.getName());
132 request.setAttribute(HttpContext.AUTHORIZATION, authorization);
133 request.getSession().setAttribute(HttpContext.AUTHORIZATION,
134 authorization);
135 subject.getPrivateCredentials().add(request.getSession());
136 }
137 return true;
138 }
139
140 @Override
141 public boolean abort() throws LoginException {
142 cleanUp();
143 return true;
144 }
145
146 @Override
147 public boolean logout() throws LoginException {
148 Set<HttpSession> httpSession = subject
149 .getPrivateCredentials(HttpSession.class);
150 Iterator<HttpSession> it = httpSession.iterator();
151 while (it.hasNext()) {
152 HttpSession sess = it.next();
153 sess.setAttribute(HttpContext.AUTHORIZATION, null);
154 // sess.setMaxInactiveInterval(1);// invalidate session
155 }
156 subject.getPrivateCredentials().removeAll(httpSession);
157 cleanUp();
158 return true;
159 }
160
161 private void cleanUp() {
162 subject.getPrivateCredentials().removeAll(
163 subject.getPrivateCredentials(Authorization.class));
164 subject = null;
165 }
166
167 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi