]> git.argeo.org Git - lgpl/argeo-commons.git/blob - security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java
projects / lgpl / argeo-commons.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Improve RAP security
[lgpl/argeo-commons.git] / security / plugins / org.argeo.security.equinox / src / main / java / org / argeo / security / equinox / SpringLoginModule.java
1 package org.argeo.security.equinox;
2
3 import java.util.Map;
4 import java.util.concurrent.Executor;
5
6 import javax.security.auth.Subject;
7 import javax.security.auth.callback.Callback;
8 import javax.security.auth.callback.CallbackHandler;
9 import javax.security.auth.callback.NameCallback;
10 import javax.security.auth.callback.PasswordCallback;
11 import javax.security.auth.callback.TextOutputCallback;
12 import javax.security.auth.login.LoginException;
13
14 import org.argeo.security.SiteAuthenticationToken;
15 import org.springframework.security.Authentication;
16 import org.springframework.security.AuthenticationManager;
17 import org.springframework.security.BadCredentialsException;
18 import org.springframework.security.context.SecurityContextHolder;
19 import org.springframework.security.providers.jaas.SecurityContextLoginModule;
20
21 /** Login module which caches one subject per thread. */
22 public class SpringLoginModule extends SecurityContextLoginModule {
23 private AuthenticationManager authenticationManager;
24 private Executor systemExecutor;
25
26 private CallbackHandler callbackHandler;
27
28 public SpringLoginModule() {
29
30 }
31
32 @SuppressWarnings("rawtypes")
33 public void initialize(Subject subject, CallbackHandler callbackHandler,
34 Map sharedState, Map options) {
35 super.initialize(subject, callbackHandler, sharedState, options);
36 // this.subject.set(subject);
37 this.callbackHandler = callbackHandler;
38 }
39
40 public boolean login() throws LoginException {
41 // thread already logged in
42 if (SecurityContextHolder.getContext().getAuthentication() != null)
43 return super.login();
44
45 // if (getSubject().getPrincipals(Authentication.class).size() == 1) {
46 // registerAuthentication(getSubject()
47 // .getPrincipals(Authentication.class).iterator().next());
48 // return super.login();
49 // } else if (getSubject().getPrincipals(Authentication.class).size() >
50 // 1) {
51 // throw new LoginException(
52 // "Multiple Authentication principals not supported: "
53 // + getSubject().getPrincipals(Authentication.class));
54 // } else {
55 // ask for username and password
56 Callback label = new TextOutputCallback(TextOutputCallback.INFORMATION,
57 "Required login");
58 NameCallback nameCallback = new NameCallback("User");
59 PasswordCallback passwordCallback = new PasswordCallback("Password",
60 false);
61 NameCallback urlCallback = new NameCallback("Site URL");
62
63 if (callbackHandler == null) {
64 throw new LoginException("No call back handler available");
65 // return false;
66 }
67 try {
68 callbackHandler.handle(new Callback[] { label, nameCallback,
69 passwordCallback, urlCallback });
70 } catch (Exception e) {
71 LoginException le = new LoginException("Callback handling failed");
72 le.initCause(e);
73 throw le;
74 }
75
76 // Set user name and password
77 String username = nameCallback.getName();
78 String password = "";
79 if (passwordCallback.getPassword() != null) {
80 password = String.valueOf(passwordCallback.getPassword());
81 }
82 String url = urlCallback.getName();
83 // TODO: set it via system properties
84 String workspace = null;
85
86 // UsernamePasswordAuthenticationToken credentials = new
87 // UsernamePasswordAuthenticationToken(
88 // username, password);
89 SiteAuthenticationToken credentials = new SiteAuthenticationToken(
90 username, password, url, workspace);
91
92 try {
93
94 Authentication authentication = authenticationManager
95 .authenticate(credentials);
96 registerAuthentication(authentication);
97 boolean res = super.login();
98 // if (log.isDebugEnabled())
99 // log.debug("User " + username + " logged in");
100 return res;
101 } catch (BadCredentialsException bce) {
102 throw bce;
103 } catch (Exception e) {
104 LoginException loginException = new LoginException(
105 "Bad credentials");
106 loginException.initCause(e);
107 throw loginException;
108 }
109 // }
110 }
111
112 @Override
113 public boolean logout() throws LoginException {
114 return super.logout();
115 }
116
117 /**
118 * Register an {@link Authentication} in the security context.
119 *
120 * @param authentication
121 * has to implement {@link Authentication}.
122 */
123 protected void registerAuthentication(Object authentication) {
124 SecurityContextHolder.getContext().setAuthentication(
125 (Authentication) authentication);
126 }
127
128 public void setAuthenticationManager(
129 AuthenticationManager authenticationManager) {
130 this.authenticationManager = authenticationManager;
131 }
132
133 public void setSystemExecutor(Executor systemExecutor) {
134 this.systemExecutor = systemExecutor;
135 }
136
137 // protected Subject getSubject() {
138 // return subject.get();
139 // }
140
141 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi