security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java

   1 package org.argeo.security.equinox;
   2
   3 import java.util.Map;
   4 import java.util.Set;
   5
   6 import javax.security.auth.Subject;
   7 import javax.security.auth.callback.Callback;
   8 import javax.security.auth.callback.CallbackHandler;
   9 import javax.security.auth.callback.NameCallback;
  10 import javax.security.auth.callback.PasswordCallback;
  11 import javax.security.auth.callback.TextOutputCallback;
  12 import javax.security.auth.login.LoginException;
  13
  14 import org.apache.commons.logging.Log;
  15 import org.apache.commons.logging.LogFactory;
  16 import org.argeo.security.SiteAuthenticationToken;
  17 import org.springframework.security.Authentication;
  18 import org.springframework.security.AuthenticationManager;
  19 import org.springframework.security.BadCredentialsException;
  20 import org.springframework.security.context.SecurityContextHolder;
  21 import org.springframework.security.providers.jaas.SecurityContextLoginModule;
  22
  23 /** Login module which caches one subject per thread. */
  24 public class SpringLoginModule extends SecurityContextLoginModule {
  25         private final static Log log = LogFactory.getLog(SpringLoginModule.class);
  26
  27         private AuthenticationManager authenticationManager;
  28
  29         private CallbackHandler callbackHandler;
  30
  31         private Subject subject;
  32
  33         public SpringLoginModule() {
  34
  35         }
  36
  37         @SuppressWarnings("rawtypes")
  38         public void initialize(Subject subject, CallbackHandler callbackHandler,
  39                         Map sharedState, Map options) {
  40                 super.initialize(subject, callbackHandler, sharedState, options);
  41                 this.callbackHandler = callbackHandler;
  42                 this.subject = subject;
  43         }
  44
  45         public boolean login() throws LoginException {
  46                 // try to retrieve Authentication from Subject
  47                 Set<Authentication> auths = subject.getPrincipals(Authentication.class);
  48                 if (auths.size() > 0)
  49                         SecurityContextHolder.getContext().setAuthentication(
  50                                         auths.iterator().next());
  51
  52                 // thread already logged in
  53                 if (SecurityContextHolder.getContext().getAuthentication() != null)
  54                         return super.login();
  55
  56                 // reset all principals and credentials
  57                 if (log.isTraceEnabled())
  58                         log.trace("Resetting all principals and credentials of " + subject);
  59                 if (subject.getPrincipals() != null)
  60                         subject.getPrincipals().clear();
  61                 if (subject.getPrivateCredentials() != null)
  62                         subject.getPrivateCredentials().clear();
  63                 if (subject.getPublicCredentials() != null)
  64                         subject.getPublicCredentials().clear();
  65
  66                 // ask for username and password
  67                 Callback label = new TextOutputCallback(TextOutputCallback.INFORMATION,
  68                                 "Required login");
  69                 NameCallback nameCallback = new NameCallback("User");
  70                 PasswordCallback passwordCallback = new PasswordCallback("Password",
  71                                 false);
  72
  73                 // NameCallback urlCallback = new NameCallback("Site URL");
  74
  75                 if (callbackHandler == null) {
  76                         throw new LoginException("No call back handler available");
  77                         // return false;
  78                 }
  79                 try {
  80                         callbackHandler.handle(new Callback[] { label, nameCallback,
  81                                         passwordCallback });
  82                 } catch (Exception e) {
  83                         LoginException le = new LoginException("Callback handling failed");
  84                         le.initCause(e);
  85                         throw le;
  86                 }
  87
  88                 // Set user name and password
  89                 String username = nameCallback.getName();
  90                 String password = "";
  91                 if (passwordCallback.getPassword() != null) {
  92                         password = String.valueOf(passwordCallback.getPassword());
  93                 }
  94
  95                 // String url = urlCallback.getName();
  96                 // TODO: set it via system properties
  97                 String workspace = null;
  98
  99                 SiteAuthenticationToken credentials = new SiteAuthenticationToken(
 100                                 username, password, null, workspace);
 101
 102                 try {
 103                         Authentication authentication = authenticationManager
 104                                         .authenticate(credentials);
 105                         registerAuthentication(authentication);
 106                         boolean res = super.login();
 107                         return res;
 108                 } catch (BadCredentialsException bce) {
 109                         throw bce;
 110                 } catch (Exception e) {
 111                         LoginException loginException = new LoginException(
 112                                         "Bad credentials");
 113                         loginException.initCause(e);
 114                         throw loginException;
 115                 }
 116         }
 117
 118         @Override
 119         public boolean logout() throws LoginException {
 120                 subject.getPrincipals().clear();
 121                 return super.logout();
 122         }
 123
 124         /**
 125          * Register an {@link Authentication} in the security context.
 126          *
 127          * @param authentication
 128          *            has to implement {@link Authentication}.
 129          */
 130         protected void registerAuthentication(Object authentication) {
 131                 SecurityContextHolder.getContext().setAuthentication(
 132                                 (Authentication) authentication);
 133         }
 134
 135         public void setAuthenticationManager(
 136                         AuthenticationManager authenticationManager) {
 137                 this.authenticationManager = authenticationManager;
 138         }
 139 }