org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java

   1 package org.argeo.cms.auth;
   2
   3 import java.io.IOException;
   4 import java.util.Locale;
   5 import java.util.Map;
   6
   7 import javax.security.auth.Subject;
   8 import javax.security.auth.callback.Callback;
   9 import javax.security.auth.callback.CallbackHandler;
  10 import javax.security.auth.callback.LanguageCallback;
  11 import javax.security.auth.callback.NameCallback;
  12 import javax.security.auth.callback.PasswordCallback;
  13 import javax.security.auth.callback.UnsupportedCallbackException;
  14 import javax.security.auth.login.CredentialNotFoundException;
  15 import javax.security.auth.login.FailedLoginException;
  16 import javax.security.auth.login.LoginException;
  17 import javax.security.auth.spi.LoginModule;
  18
  19 import org.argeo.cms.CmsException;
  20 import org.argeo.eclipse.ui.specific.UiContext;
  21 import org.osgi.framework.BundleContext;
  22 import org.osgi.framework.FrameworkUtil;
  23 import org.osgi.service.useradmin.Authorization;
  24 import org.osgi.service.useradmin.User;
  25 import org.osgi.service.useradmin.UserAdmin;
  26
  27 public class UserAdminLoginModule implements LoginModule {
  28         private Subject subject;
  29         private CallbackHandler callbackHandler;
  30         private Map<String, Object> sharedState = null;
  31
  32         // private boolean isAnonymous = false;
  33
  34         // private state
  35         private BundleContext bc;
  36         private Authorization authorization;
  37
  38         @SuppressWarnings("unchecked")
  39         @Override
  40         public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
  41                         Map<String, ?> options) {
  42                 this.subject = subject;
  43                 try {
  44                         bc = FrameworkUtil.getBundle(UserAdminLoginModule.class).getBundleContext();
  45                         assert bc != null;
  46                         // this.subject = subject;
  47                         this.callbackHandler = callbackHandler;
  48                         this.sharedState = (Map<String, Object>) sharedState;
  49                         // if (options.containsKey("anonymous"))
  50                         // isAnonymous =
  51                         // Boolean.parseBoolean(options.get("anonymous").toString());
  52                 } catch (Exception e) {
  53                         throw new CmsException("Cannot initialize login module", e);
  54                 }
  55         }
  56
  57         @Override
  58         public boolean login() throws LoginException {
  59                 Authorization sharedAuth = (Authorization) sharedState.get(CmsAuthUtils.SHARED_STATE_AUTHORIZATION);
  60                 if (sharedAuth != null) {
  61                         if (callbackHandler == null && sharedAuth.getName() != null)
  62                                 throw new LoginException("Shared authorization should be anonymous");
  63                         return false;
  64                 }
  65                 UserAdmin userAdmin = bc.getService(bc.getServiceReference(UserAdmin.class));
  66                 if (callbackHandler == null) {// anonymous
  67                         authorization = userAdmin.getAuthorization(null);
  68                         sharedState.put(CmsAuthUtils.SHARED_STATE_AUTHORIZATION, authorization);
  69                         return true;
  70                 }
  71
  72                 final String username;
  73                 final char[] password;
  74                 if (callbackHandler == null && sharedState.containsKey(CmsAuthUtils.SHARED_STATE_NAME)
  75                                 && sharedState.containsKey(CmsAuthUtils.SHARED_STATE_PWD)) {
  76                         username = (String) sharedState.get(CmsAuthUtils.SHARED_STATE_NAME);
  77                         password = (char[]) sharedState.get(CmsAuthUtils.SHARED_STATE_PWD);
  78                         // TODO locale?
  79                         // NB: raw user name is used
  80                         AuthenticatingUser authenticatingUser = new AuthenticatingUser(username, password);
  81                         authorization = userAdmin.getAuthorization(authenticatingUser);
  82                 } else {
  83
  84                         // ask for username and password
  85                         NameCallback nameCallback = new NameCallback("User");
  86                         PasswordCallback passwordCallback = new PasswordCallback("Password", false);
  87                         LanguageCallback langCallback = new LanguageCallback();
  88                         try {
  89                                 callbackHandler.handle(new Callback[] { nameCallback, passwordCallback, langCallback });
  90                         } catch (IOException e) {
  91                                 throw new LoginException("Cannot handle callback: " + e.getMessage());
  92                                 // } catch (ThreadDeath e) {
  93                                 // throw new ThreadDeathLoginException("Callbackhandler thread
  94                                 // died", e);
  95                         } catch (UnsupportedCallbackException e) {
  96                                 return false;
  97                         }
  98
  99                         // i18n
 100                         Locale locale = langCallback.getLocale();
 101                         if (locale == null)
 102                                 locale = Locale.getDefault();
 103                         UiContext.setLocale(locale);
 104
 105                         // authorization = (Authorization)
 106                         // sharedState.get(CmsAuthUtils.SHARED_STATE_AUTHORIZATION);
 107                         //
 108                         // if (authorization == null) {
 109                         // create credentials
 110                         username = nameCallback.getName();
 111                         if (username == null || username.trim().equals("")) {
 112                                 // authorization = userAdmin.getAuthorization(null);
 113                                 throw new CredentialNotFoundException("No credentials provided");
 114                         }
 115                         // char[] password = {};
 116                         if (passwordCallback.getPassword() != null)
 117                                 password = passwordCallback.getPassword();
 118                         else
 119                                 throw new CredentialNotFoundException("No credentials provided");
 120                         // FIXME move Argeo specific convention from user admin to here
 121                         User user = userAdmin.getUser(null, username);
 122                         if (user == null)
 123                                 throw new FailedLoginException("Invalid credentials");
 124                         if (!user.hasCredential(null, password))
 125                                 throw new FailedLoginException("Invalid credentials");
 126                         // return false;
 127
 128                         // Log and monitor new login
 129                         // if (log.isDebugEnabled())
 130                         // log.debug("Logged in to CMS with username [" + username +
 131                         // "]");
 132
 133                         authorization = userAdmin.getAuthorization(user);
 134                         assert authorization != null;
 135                 }
 136
 137                 // }
 138                 // if
 139                 // (!sharedState.containsKey(CmsAuthUtils.SHARED_STATE_AUTHORIZATION))
 140                 sharedState.put(CmsAuthUtils.SHARED_STATE_AUTHORIZATION, authorization);
 141                 return authorization != null;
 142         }
 143
 144         @Override
 145         public boolean commit() throws LoginException {
 146                 // Set<KerberosPrincipal> kerberosPrincipals =
 147                 // subject.getPrincipals(KerberosPrincipal.class);
 148                 // if (kerberosPrincipals.size() != 0) {
 149                 // KerberosPrincipal kerberosPrincipal =
 150                 // kerberosPrincipals.iterator().next();
 151                 // System.out.println(kerberosPrincipal);
 152                 // UserAdmin userAdmin =
 153                 // bc.getService(bc.getServiceReference(UserAdmin.class));
 154                 // User user = userAdmin.getUser(null, kerberosPrincipal.getName());
 155                 // Authorization authorization = userAdmin.getAuthorization(user);
 156                 // sharedState.put(SHARED_STATE_AUTHORIZATION, authorization);
 157                 // }
 158                 if (authorization == null) {
 159                         return false;
 160                         // throw new LoginException("Authorization should not be null");
 161                 } else {
 162                         CmsAuthUtils.addAuthentication(subject, authorization);
 163                         return true;
 164                 }
 165         }
 166
 167         @Override
 168         public boolean abort() throws LoginException {
 169                 authorization = null;
 170                 return true;
 171         }
 172
 173         @Override
 174         public boolean logout() throws LoginException {
 175                 CmsAuthUtils.cleanUp(subject);
 176                 return true;
 177         }
 178 }