org.argeo.cms/src/org/argeo/cms/internal/auth/EndUserLoginModule.java

   1 /*
   2  * Copyright (C) 2007-2012 Argeo GmbH
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *         http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16 package org.argeo.cms.internal.auth;
  17
  18 import java.io.IOException;
  19 import java.util.Locale;
  20
  21 import javax.security.auth.callback.Callback;
  22 import javax.security.auth.callback.CallbackHandler;
  23 import javax.security.auth.callback.NameCallback;
  24 import javax.security.auth.callback.PasswordCallback;
  25 import javax.security.auth.callback.UnsupportedCallbackException;
  26 import javax.security.auth.login.CredentialNotFoundException;
  27 import javax.security.auth.login.LoginException;
  28
  29 import org.argeo.security.NodeAuthenticationToken;
  30 import org.argeo.util.LocaleCallback;
  31 import org.argeo.util.LocaleUtils;
  32 import org.springframework.security.authentication.BadCredentialsException;
  33 import org.springframework.security.core.Authentication;
  34
  35 /** Authenticates an end user */
  36 public class EndUserLoginModule extends AbstractLoginModule {
  37         final static String NODE_REPO_URI = "argeo.node.repo.uri";
  38
  39         private Long waitBetweenFailedLoginAttempts = 5 * 1000l;
  40
  41         private Boolean remote = false;
  42         /** Comma separated list of locales */
  43         private String availableLocales = "";
  44
  45         @Override
  46         protected Authentication processLogin(CallbackHandler callbackHandler)
  47                         throws LoginException, UnsupportedCallbackException, IOException,
  48                         InterruptedException {
  49                 if (callbackHandler == null)
  50                         return null;
  51
  52                 // ask for username and password
  53                 NameCallback nameCallback = new NameCallback("User");
  54                 PasswordCallback passwordCallback = new PasswordCallback("Password",
  55                                 false);
  56                 final String defaultNodeUrl = System.getProperty(NODE_REPO_URI,
  57                                 "http://localhost:7070/org.argeo.jcr.webapp/remoting/node");
  58                 NameCallback urlCallback = new NameCallback("Site URL", defaultNodeUrl);
  59                 LocaleCallback localeCallback = new LocaleCallback(availableLocales);
  60                 // handle callbacks
  61                 if (remote)
  62                         callbackHandler.handle(new Callback[] { nameCallback,
  63                                         passwordCallback, urlCallback, localeCallback });
  64                 else
  65                         callbackHandler.handle(new Callback[] { nameCallback,
  66                                         passwordCallback, localeCallback });
  67
  68                 Locale selectedLocale = localeCallback.getSelectedLocale();
  69
  70                 // create credentials
  71                 final String username = nameCallback.getName();
  72                 if (username == null || username.trim().equals(""))
  73                         throw new CredentialNotFoundException("No credentials provided");
  74
  75                 char[] password = {};
  76                 if (passwordCallback.getPassword() != null)
  77                         password = passwordCallback.getPassword();
  78                 else
  79                         throw new CredentialNotFoundException("No credentials provided");
  80
  81                 NodeAuthenticationToken credentials;
  82                 if (remote) {
  83                         String url = urlCallback.getName();
  84                         credentials = new NodeAuthenticationToken(username, password, url);
  85                 } else {
  86                         credentials = new NodeAuthenticationToken(username, password);
  87                 }
  88
  89                 Authentication auth;
  90                 try {
  91                         auth = getAuthenticationManager().authenticate(credentials);
  92                 } catch (BadCredentialsException e) {
  93                         // wait between failed login attempts
  94                         Thread.sleep(waitBetweenFailedLoginAttempts);
  95                         throw e;
  96                 }
  97
  98                 if (selectedLocale != null)
  99                         LocaleUtils.threadLocale.set(selectedLocale);
 100
 101                 return auth;
 102         }
 103
 104         @Override
 105         public boolean commit() throws LoginException {
 106                 return super.commit();
 107         }
 108 }