import java.io.IOException;
import java.util.Iterator;
+import java.util.Locale;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.LanguageCallback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.CredentialNotFoundException;
+import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
import org.argeo.ArgeoException;
import org.argeo.cms.internal.kernel.Activator;
+import org.argeo.eclipse.ui.specific.UiContext;
import org.osgi.framework.BundleContext;
import org.osgi.service.http.HttpContext;
import org.osgi.service.useradmin.Authorization;
import org.osgi.service.useradmin.UserAdmin;
public class UserAdminLoginModule implements LoginModule, AuthConstants {
+ private final static Log log = LogFactory
+ .getLog(UserAdminLoginModule.class);
+
private Subject subject;
private CallbackHandler callbackHandler;
private boolean isAnonymous = false;
NameCallback nameCallback = new NameCallback("User");
PasswordCallback passwordCallback = new PasswordCallback(
"Password", false);
+ LanguageCallback langCallback = new LanguageCallback();
try {
callbackHandler.handle(new Callback[] { httpCallback,
- nameCallback, passwordCallback });
+ nameCallback, passwordCallback, langCallback });
} catch (IOException e) {
throw new LoginException("Cannot handle http callback: "
+ e.getMessage());
+ } catch (ThreadDeath e) {
+ throw new ThreadDeathLoginException(
+ "Callbackhandler thread died", e);
} catch (UnsupportedCallbackException e) {
return false;
}
authorization = (Authorization) request.getSession()
.getAttribute(HttpContext.AUTHORIZATION);
}
- // if (authorization == null || authorization.getName() == null)
- // if (!isAnonymous) {
- // // ask for username and password
- // NameCallback nameCallback = new NameCallback("User");
- // PasswordCallback passwordCallback = new PasswordCallback(
- // "Password", false);
- //
- // // handle callbacks
- // try {
- // callbackHandler.handle(new Callback[] { nameCallback,
- // passwordCallback });
- // } catch (Exception e) {
- // throw new ArgeoException("Cannot handle callbacks", e);
- // }
+
+ // i18n
+ Locale locale = langCallback.getLocale();
+ if (locale == null)
+ locale = Locale.getDefault();
+ UiContext.setLocale(locale);
if (authorization == null) {
// create credentials
User user = userAdmin.getUser(null, username);
if (user == null)
- return false;
+ throw new FailedLoginException("Invalid credentials");
if (!user.hasCredential(null, password))
- return false;
+ throw new FailedLoginException("Invalid credentials");
+ // return false;
+
+ // Log and monitor new login
+ if (log.isDebugEnabled())
+ log.debug("Logged in to CMS with username [" + username+"]");
+
authorization = userAdmin.getAuthorization(user);
}
}
public boolean commit() throws LoginException {
Authorization authorization = subject
.getPrivateCredentials(Authorization.class).iterator().next();
- if (request != null) {
+ if (request != null && authorization.getName() != null) {
request.setAttribute(HttpContext.REMOTE_USER,
authorization.getName());
request.setAttribute(HttpContext.AUTHORIZATION, authorization);
projects / lgpl / argeo-commons.git / blobdiff