]> git.argeo.org Git - lgpl/argeo-commons.git/blob - UserAdminLoginModule.java
projects / lgpl / argeo-commons.git / blob


ea2a6dedf6ea2877c3dcf487999420118aa9aa31
[lgpl/argeo-commons.git] / UserAdminLoginModule.java
1 package org.argeo.cms.auth;
2
3 import java.io.IOException;
4 import java.util.Iterator;
5 import java.util.Locale;
6 import java.util.Map;
7 import java.util.Set;
8
9 import javax.security.auth.Subject;
10 import javax.security.auth.callback.Callback;
11 import javax.security.auth.callback.CallbackHandler;
12 import javax.security.auth.callback.LanguageCallback;
13 import javax.security.auth.callback.NameCallback;
14 import javax.security.auth.callback.PasswordCallback;
15 import javax.security.auth.callback.UnsupportedCallbackException;
16 import javax.security.auth.login.CredentialNotFoundException;
17 import javax.security.auth.login.FailedLoginException;
18 import javax.security.auth.login.LoginException;
19 import javax.security.auth.spi.LoginModule;
20 import javax.servlet.http.HttpServletRequest;
21 import javax.servlet.http.HttpSession;
22
23 import org.argeo.ArgeoException;
24 import org.argeo.cms.internal.kernel.Activator;
25 import org.argeo.eclipse.ui.specific.UiContext;
26 import org.osgi.framework.BundleContext;
27 import org.osgi.service.http.HttpContext;
28 import org.osgi.service.useradmin.Authorization;
29 import org.osgi.service.useradmin.User;
30 import org.osgi.service.useradmin.UserAdmin;
31
32 public class UserAdminLoginModule implements LoginModule, AuthConstants {
33 private Subject subject;
34 private CallbackHandler callbackHandler;
35 private boolean isAnonymous = false;
36
37 private HttpServletRequest request = null;
38
39 @Override
40 public void initialize(Subject subject, CallbackHandler callbackHandler,
41 Map<String, ?> sharedState, Map<String, ?> options) {
42 try {
43 this.subject = subject;
44 this.callbackHandler = callbackHandler;
45 if (options.containsKey("anonymous"))
46 isAnonymous = Boolean.parseBoolean(options.get("anonymous")
47 .toString());
48 } catch (Exception e) {
49 throw new ArgeoException("Cannot initialize login module", e);
50 }
51 }
52
53 @Override
54 public boolean login() throws LoginException {
55 BundleContext bc = Activator.getBundleContext();
56 UserAdmin userAdmin = bc.getService(bc
57 .getServiceReference(UserAdmin.class));
58 Authorization authorization = null;
59 if (isAnonymous) {
60 authorization = userAdmin.getAuthorization(null);
61 } else {
62 HttpRequestCallback httpCallback = new HttpRequestCallback();
63 // ask for username and password
64 NameCallback nameCallback = new NameCallback("User");
65 PasswordCallback passwordCallback = new PasswordCallback(
66 "Password", false);
67 LanguageCallback langCallback = new LanguageCallback();
68 try {
69 callbackHandler.handle(new Callback[] { httpCallback,
70 nameCallback, passwordCallback, langCallback });
71 } catch (IOException e) {
72 throw new LoginException("Cannot handle http callback: "
73 + e.getMessage());
74 } catch (ThreadDeath e) {
75 throw new ThreadDeathLoginException(
76 "Callbackhandler thread died", e);
77 } catch (UnsupportedCallbackException e) {
78 return false;
79 }
80 request = httpCallback.getRequest();
81 if (request != null) {
82 authorization = (Authorization) request
83 .getAttribute(HttpContext.AUTHORIZATION);
84 if (authorization == null)
85 authorization = (Authorization) request.getSession()
86 .getAttribute(HttpContext.AUTHORIZATION);
87 }
88
89 // i18n
90 Locale locale = langCallback.getLocale();
91 if (locale == null)
92 locale = Locale.getDefault();
93 UiContext.setLocale(locale);
94
95 if (authorization == null) {
96 // create credentials
97 final String username = nameCallback.getName();
98 if (username == null || username.trim().equals("")) {
99 // authorization = userAdmin.getAuthorization(null);
100 throw new CredentialNotFoundException(
101 "No credentials provided");
102 } else {
103 char[] password = {};
104 if (passwordCallback.getPassword() != null)
105 password = passwordCallback.getPassword();
106 else
107 throw new CredentialNotFoundException(
108 "No credentials provided");
109
110 User user = userAdmin.getUser(null, username);
111 if (user == null)
112 throw new FailedLoginException("Invalid credentials");
113 if (!user.hasCredential(null, password))
114 throw new FailedLoginException("Invalid credentials");
115 // return false;
116 authorization = userAdmin.getAuthorization(user);
117 }
118 }
119 // } else {
120 // authorization = userAdmin.getAuthorization(null);
121 // }
122 }
123 subject.getPrivateCredentials().add(authorization);
124 return true;
125 }
126
127 @Override
128 public boolean commit() throws LoginException {
129 Authorization authorization = subject
130 .getPrivateCredentials(Authorization.class).iterator().next();
131 if (request != null && authorization.getName() != null) {
132 request.setAttribute(HttpContext.REMOTE_USER,
133 authorization.getName());
134 request.setAttribute(HttpContext.AUTHORIZATION, authorization);
135 request.getSession().setAttribute(HttpContext.AUTHORIZATION,
136 authorization);
137 subject.getPrivateCredentials().add(request.getSession());
138 }
139 return true;
140 }
141
142 @Override
143 public boolean abort() throws LoginException {
144 cleanUp();
145 return true;
146 }
147
148 @Override
149 public boolean logout() throws LoginException {
150 Set<HttpSession> httpSession = subject
151 .getPrivateCredentials(HttpSession.class);
152 Iterator<HttpSession> it = httpSession.iterator();
153 while (it.hasNext()) {
154 HttpSession sess = it.next();
155 sess.setAttribute(HttpContext.AUTHORIZATION, null);
156 // sess.setMaxInactiveInterval(1);// invalidate session
157 }
158 subject.getPrivateCredentials().removeAll(httpSession);
159 cleanUp();
160 return true;
161 }
162
163 private void cleanUp() {
164 subject.getPrivateCredentials().removeAll(
165 subject.getPrivateCredentials(Authorization.class));
166 subject = null;
167 }
168
169 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi