org.argeo.cms/src/org/argeo/cms/internal/auth/EndUserLoginModule.java

   1 /*
   2  * Copyright (C) 2007-2012 Argeo GmbH
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *         http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16 package org.argeo.cms.internal.auth;
  17
  18 import java.io.IOException;
  19 import java.util.Locale;
  20
  21 import javax.security.auth.callback.Callback;
  22 import javax.security.auth.callback.CallbackHandler;
  23 import javax.security.auth.callback.NameCallback;
  24 import javax.security.auth.callback.PasswordCallback;
  25 import javax.security.auth.callback.UnsupportedCallbackException;
  26 import javax.security.auth.login.CredentialNotFoundException;
  27 import javax.security.auth.login.LoginException;
  28
  29 import org.argeo.security.NodeAuthenticationToken;
  30 import org.argeo.util.LocaleCallback;
  31 import org.argeo.util.LocaleUtils;
  32 import org.springframework.security.authentication.BadCredentialsException;
  33 import org.springframework.security.core.Authentication;
  34
  35 /** Authenticates an end user */
  36 public class EndUserLoginModule extends AbstractLoginModule {
  37         final static String NODE_REPO_URI = "argeo.node.repo.uri";
  38
  39         private Long waitBetweenFailedLoginAttempts = 5 * 1000l;
  40
  41         private Boolean remote = false;
  42         /** Comma separated list of locales */
  43         private String availableLocales = "";
  44
  45         @Override
  46         protected Authentication processLogin(CallbackHandler callbackHandler)
  47                         throws LoginException, UnsupportedCallbackException, IOException,
  48                         InterruptedException {
  49                 // ask for username and password
  50                 NameCallback nameCallback = new NameCallback("User");
  51                 PasswordCallback passwordCallback = new PasswordCallback("Password",
  52                                 false);
  53                 final String defaultNodeUrl = System.getProperty(NODE_REPO_URI,
  54                                 "http://localhost:7070/org.argeo.jcr.webapp/remoting/node");
  55                 NameCallback urlCallback = new NameCallback("Site URL", defaultNodeUrl);
  56                 LocaleCallback localeCallback = new LocaleCallback(availableLocales);
  57                 // handle callbacks
  58                 if (remote)
  59                         callbackHandler.handle(new Callback[] { nameCallback,
  60                                         passwordCallback, urlCallback, localeCallback });
  61                 else
  62                         callbackHandler.handle(new Callback[] { nameCallback,
  63                                         passwordCallback, localeCallback });
  64
  65                 Locale selectedLocale = localeCallback.getSelectedLocale();
  66
  67                 // create credentials
  68                 final String username = nameCallback.getName();
  69                 if (username == null || username.trim().equals(""))
  70                         throw new CredentialNotFoundException("No credentials provided");
  71
  72                 char[] password = {};
  73                 if (passwordCallback.getPassword() != null)
  74                         password = passwordCallback.getPassword();
  75                 else
  76                         throw new CredentialNotFoundException("No credentials provided");
  77
  78                 NodeAuthenticationToken credentials;
  79                 if (remote) {
  80                         String url = urlCallback.getName();
  81                         credentials = new NodeAuthenticationToken(username, password, url);
  82                 } else {
  83                         credentials = new NodeAuthenticationToken(username, password);
  84                 }
  85
  86                 Authentication auth;
  87                 try {
  88                         auth = getAuthenticationManager().authenticate(credentials);
  89                 } catch (BadCredentialsException e) {
  90                         // wait between failed login attempts
  91                         Thread.sleep(waitBetweenFailedLoginAttempts);
  92                         throw e;
  93                 }
  94
  95                 if (selectedLocale != null)
  96                         LocaleUtils.threadLocale.set(selectedLocale);
  97
  98                 return auth;
  99         }
 100
 101         @Override
 102         public boolean commit() throws LoginException {
 103                 return super.commit();
 104         }
 105 }