]> git.argeo.org Git - lgpl/argeo-commons.git/blob - org.argeo.cms/src/org/argeo/cms/internal/auth/AbstractLoginModule.java
projects / lgpl / argeo-commons.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Use message instead of label in user menu
[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / internal / auth / AbstractLoginModule.java
1 /*
2 * Copyright (C) 2007-2012 Argeo GmbH
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16 package org.argeo.cms.internal.auth;
17
18 import java.io.IOException;
19 import java.util.Map;
20
21 import javax.security.auth.Subject;
22 import javax.security.auth.callback.CallbackHandler;
23 import javax.security.auth.callback.UnsupportedCallbackException;
24 import javax.security.auth.login.LoginException;
25 import javax.security.auth.spi.LoginModule;
26 import javax.servlet.http.HttpServletRequest;
27 import javax.servlet.http.HttpSession;
28
29 import org.apache.commons.logging.Log;
30 import org.apache.commons.logging.LogFactory;
31 import org.argeo.ArgeoException;
32 import org.argeo.cms.internal.kernel.Activator;
33 import org.eclipse.rap.rwt.RWT;
34 import org.eclipse.swt.widgets.Display;
35 import org.osgi.framework.BundleContext;
36 import org.osgi.framework.ServiceReference;
37 import org.springframework.security.authentication.AuthenticationManager;
38 import org.springframework.security.core.Authentication;
39 import org.springframework.security.core.context.SecurityContext;
40 import org.springframework.security.core.context.SecurityContextHolder;
41
42 /** Login module which caches one subject per thread. */
43 public abstract class AbstractLoginModule implements LoginModule {
44 /**
45 * From org.springframework.security.context.
46 * HttpSessionContextIntegrationFilter
47 */
48 private final static String SPRING_SECURITY_CONTEXT_KEY = "SPRING_SECURITY_CONTEXT";
49
50 private final static Log log = LogFactory.getLog(AbstractLoginModule.class);
51 private CallbackHandler callbackHandler;
52 private Subject subject;
53
54 private Authentication authentication;
55
56 // state
57 private BundleContext bundleContext;
58 private ServiceReference<AuthenticationManager> authenticationManager;
59
60 protected abstract Authentication processLogin(
61 CallbackHandler callbackHandler) throws LoginException,
62 UnsupportedCallbackException, IOException, InterruptedException;
63
64 @Override
65 public void initialize(Subject subject, CallbackHandler callbackHandler,
66 Map<String, ?> sharedState, Map<String, ?> options) {
67 this.callbackHandler = callbackHandler;
68 this.subject = subject;
69 this.bundleContext = Activator.getBundleContext();
70 this.authenticationManager = bundleContext
71 .getServiceReference(AuthenticationManager.class);
72 }
73
74 @Override
75 public boolean login() throws LoginException {
76 try {
77 Authentication currentAuth = SecurityContextHolder.getContext()
78 .getAuthentication();
79
80 if (currentAuth == null) {
81 // Pre-auth
82 // TODO Do it at Spring Security level?
83 try {
84 // try to load authentication from session
85 HttpServletRequest httpRequest = RWT.getRequest();
86 HttpSession httpSession = httpRequest.getSession();
87 // log.debug(httpSession.getId());
88 Object contextFromSessionObject = httpSession
89 .getAttribute(SPRING_SECURITY_CONTEXT_KEY);
90 if (contextFromSessionObject != null) {
91 currentAuth = (Authentication) contextFromSessionObject;
92 SecurityContextHolder.getContext().setAuthentication(
93 currentAuth);
94 }
95 } catch (Exception e) {
96 if (log.isTraceEnabled())
97 log.trace("Could not get session", e);
98 // silent
99 }
100 }
101
102 // thread already logged in
103 if (currentAuth != null) {
104 if (subject.getPrincipals(Authentication.class).size() == 0) {
105 // throw new LoginException(
106 // "Security context set but not Authentication principal");
107 } else {
108 Authentication principal = subject
109 .getPrincipals(Authentication.class).iterator()
110 .next();
111 if (principal != currentAuth)
112 throw new LoginException(
113 "Already authenticated with a different auth");
114 }
115 return true;
116 }
117
118 // if (callbackHandler == null)
119 // throw new LoginException("No callback handler available");
120
121 authentication = processLogin(callbackHandler);
122 if (authentication != null) {
123 //
124 // SET THE AUTHENTICATION
125 //
126 SecurityContext securityContext = SecurityContextHolder
127 .getContext();
128 securityContext.setAuthentication(authentication);
129 try {
130 HttpServletRequest httpRequest = RWT.getRequest();
131 HttpSession httpSession = httpRequest.getSession();
132 if (httpSession.getAttribute(SPRING_SECURITY_CONTEXT_KEY) == null)
133 httpSession.setAttribute(SPRING_SECURITY_CONTEXT_KEY,
134 authentication);
135 } catch (Exception e) {
136 if (log.isTraceEnabled())
137 log.trace("Could not add security context to session",
138 e);
139 }
140 return true;
141 } else {
142 throw new LoginException("No authentication returned");
143 }
144 } catch (LoginException e) {
145 throw e;
146 } catch (ThreadDeath e) {
147 LoginException le = new LoginException(
148 "Spring Security login thread died");
149 le.initCause(e);
150 throw le;
151 } catch (Exception e) {
152 LoginException le = new LoginException(
153 "Spring Security login failed");
154 le.initCause(e);
155 throw le;
156 }
157 }
158
159 @Override
160 public boolean logout() throws LoginException {
161 SecurityContextHolder.getContext().setAuthentication(null);
162 if (Display.getCurrent() != null) {
163 HttpServletRequest httpRequest = RWT.getRequest();
164 HttpSession httpSession = httpRequest.getSession();
165 if (httpSession.getAttribute(SPRING_SECURITY_CONTEXT_KEY) != null)
166 httpSession.setAttribute(SPRING_SECURITY_CONTEXT_KEY, null);
167 // expire session
168 httpSession.setMaxInactiveInterval(0);
169 }
170 return true;
171 }
172
173 @Override
174 public boolean commit() throws LoginException {
175 return true;
176 }
177
178 @Override
179 public boolean abort() throws LoginException {
180 SecurityContextHolder.getContext().setAuthentication(null);
181 return true;
182 }
183
184 /**
185 * Return the related {@link BundleContext} (never null), or throws an
186 * Exception if the login module was not properly initialised.
187 */
188 protected BundleContext getBundleContext() {
189 if (bundleContext == null)
190 throw new ArgeoException("No bundle context provided");
191 return bundleContext;
192 }
193
194 AuthenticationManager getAuthenticationManager() {
195 BundleContext bc = getBundleContext();
196 assert authenticationManager != null;
197 return bc.getService(authenticationManager);
198 }
199
200 protected Subject getSubject() {
201 return subject;
202 }
203 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi