org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java

   1 package org.argeo.cms.auth;
   2
   3 import java.io.IOException;
   4 import java.util.Iterator;
   5 import java.util.Locale;
   6 import java.util.Map;
   7 import java.util.Set;
   8
   9 import javax.security.auth.Subject;
  10 import javax.security.auth.callback.Callback;
  11 import javax.security.auth.callback.CallbackHandler;
  12 import javax.security.auth.callback.LanguageCallback;
  13 import javax.security.auth.callback.NameCallback;
  14 import javax.security.auth.callback.PasswordCallback;
  15 import javax.security.auth.callback.UnsupportedCallbackException;
  16 import javax.security.auth.login.CredentialNotFoundException;
  17 import javax.security.auth.login.FailedLoginException;
  18 import javax.security.auth.login.LoginException;
  19 import javax.security.auth.spi.LoginModule;
  20 import javax.servlet.http.HttpServletRequest;
  21 import javax.servlet.http.HttpSession;
  22
  23 import org.apache.commons.logging.Log;
  24 import org.apache.commons.logging.LogFactory;
  25 import org.argeo.ArgeoException;
  26 import org.argeo.cms.internal.kernel.Activator;
  27 import org.argeo.eclipse.ui.specific.UiContext;
  28 import org.osgi.framework.BundleContext;
  29 import org.osgi.service.http.HttpContext;
  30 import org.osgi.service.useradmin.Authorization;
  31 import org.osgi.service.useradmin.User;
  32 import org.osgi.service.useradmin.UserAdmin;
  33
  34 public class UserAdminLoginModule implements LoginModule, AuthConstants {
  35         private final static Log log = LogFactory
  36                         .getLog(UserAdminLoginModule.class);
  37
  38         private Subject subject;
  39         private CallbackHandler callbackHandler;
  40         private boolean isAnonymous = false;
  41
  42         private HttpServletRequest request = null;
  43
  44         @Override
  45         public void initialize(Subject subject, CallbackHandler callbackHandler,
  46                         Map<String, ?> sharedState, Map<String, ?> options) {
  47                 try {
  48                         this.subject = subject;
  49                         this.callbackHandler = callbackHandler;
  50                         if (options.containsKey("anonymous"))
  51                                 isAnonymous = Boolean.parseBoolean(options.get("anonymous")
  52                                                 .toString());
  53                 } catch (Exception e) {
  54                         throw new ArgeoException("Cannot initialize login module", e);
  55                 }
  56         }
  57
  58         @Override
  59         public boolean login() throws LoginException {
  60                 BundleContext bc = Activator.getBundleContext();
  61                 UserAdmin userAdmin = bc.getService(bc
  62                                 .getServiceReference(UserAdmin.class));
  63                 Authorization authorization = null;
  64                 if (isAnonymous) {
  65                         authorization = userAdmin.getAuthorization(null);
  66                 } else {
  67                         HttpRequestCallback httpCallback = new HttpRequestCallback();
  68                         // ask for username and password
  69                         NameCallback nameCallback = new NameCallback("User");
  70                         PasswordCallback passwordCallback = new PasswordCallback(
  71                                         "Password", false);
  72                         LanguageCallback langCallback = new LanguageCallback();
  73                         try {
  74                                 callbackHandler.handle(new Callback[] { httpCallback,
  75                                                 nameCallback, passwordCallback, langCallback });
  76                         } catch (IOException e) {
  77                                 throw new LoginException("Cannot handle http callback: "
  78                                                 + e.getMessage());
  79                         } catch (ThreadDeath e) {
  80                                 throw new ThreadDeathLoginException(
  81                                                 "Callbackhandler thread died", e);
  82                         } catch (UnsupportedCallbackException e) {
  83                                 return false;
  84                         }
  85                         request = httpCallback.getRequest();
  86                         if (request != null) {
  87                                 authorization = (Authorization) request
  88                                                 .getAttribute(HttpContext.AUTHORIZATION);
  89                                 if (authorization == null)
  90                                         authorization = (Authorization) request.getSession()
  91                                                         .getAttribute(HttpContext.AUTHORIZATION);
  92                         }
  93
  94                         // i18n
  95                         Locale locale = langCallback.getLocale();
  96                         if (locale == null)
  97                                 locale = Locale.getDefault();
  98                         UiContext.setLocale(locale);
  99
 100                         if (authorization == null) {
 101                                 // create credentials
 102                                 final String username = nameCallback.getName();
 103                                 if (username == null || username.trim().equals("")) {
 104                                         // authorization = userAdmin.getAuthorization(null);
 105                                         throw new CredentialNotFoundException(
 106                                                         "No credentials provided");
 107                                 } else {
 108                                         char[] password = {};
 109                                         if (passwordCallback.getPassword() != null)
 110                                                 password = passwordCallback.getPassword();
 111                                         else
 112                                                 throw new CredentialNotFoundException(
 113                                                                 "No credentials provided");
 114
 115                                         User user = userAdmin.getUser(null, username);
 116                                         if (user == null)
 117                                                 throw new FailedLoginException("Invalid credentials");
 118                                         if (!user.hasCredential(null, password))
 119                                                 throw new FailedLoginException("Invalid credentials");
 120                                         // return false;
 121
 122                                         // Log and monitor new login
 123                                         if (log.isDebugEnabled())
 124                                                 log.debug("Logged in to CMS with username [" + username+"]");
 125
 126                                         authorization = userAdmin.getAuthorization(user);
 127                                 }
 128                         }
 129                         // } else {
 130                         // authorization = userAdmin.getAuthorization(null);
 131                         // }
 132                 }
 133                 subject.getPrivateCredentials().add(authorization);
 134                 return true;
 135         }
 136
 137         @Override
 138         public boolean commit() throws LoginException {
 139                 Authorization authorization = subject
 140                                 .getPrivateCredentials(Authorization.class).iterator().next();
 141                 if (request != null && authorization.getName() != null) {
 142                         request.setAttribute(HttpContext.REMOTE_USER,
 143                                         authorization.getName());
 144                         request.setAttribute(HttpContext.AUTHORIZATION, authorization);
 145                         request.getSession().setAttribute(HttpContext.AUTHORIZATION,
 146                                         authorization);
 147                         subject.getPrivateCredentials().add(request.getSession());
 148                 }
 149                 return true;
 150         }
 151
 152         @Override
 153         public boolean abort() throws LoginException {
 154                 cleanUp();
 155                 return true;
 156         }
 157
 158         @Override
 159         public boolean logout() throws LoginException {
 160                 Set<HttpSession> httpSession = subject
 161                                 .getPrivateCredentials(HttpSession.class);
 162                 Iterator<HttpSession> it = httpSession.iterator();
 163                 while (it.hasNext()) {
 164                         HttpSession sess = it.next();
 165                         sess.setAttribute(HttpContext.AUTHORIZATION, null);
 166                         // sess.setMaxInactiveInterval(1);// invalidate session
 167                 }
 168                 subject.getPrivateCredentials().removeAll(httpSession);
 169                 cleanUp();
 170                 return true;
 171         }
 172
 173         private void cleanUp() {
 174                 subject.getPrivateCredentials().removeAll(
 175                                 subject.getPrivateCredentials(Authorization.class));
 176                 subject = null;
 177         }
 178
 179 }