*/
package org.argeo.security.ui.rap;
-import static org.argeo.cms.KernelHeader.ACCESS_CONTROL_CONTEXT;
+import static org.argeo.cms.auth.AuthConstants.ACCESS_CONTROL_CONTEXT;
import java.security.AccessControlContext;
import java.security.AccessController;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.login.CredentialNotFoundException;
+import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.security.auth.x500.X500Principal;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.argeo.ArgeoException;
-import org.argeo.cms.KernelHeader;
-import org.argeo.cms.auth.ArgeoLoginContext;
+import org.argeo.cms.auth.AuthConstants;
import org.argeo.cms.widgets.auth.DefaultLoginDialog;
import org.argeo.eclipse.ui.dialogs.ErrorFeedback;
import org.argeo.util.LocaleUtils;
import org.eclipse.rap.rwt.application.EntryPoint;
import org.eclipse.swt.widgets.Display;
import org.eclipse.ui.PlatformUI;
-import org.springframework.security.authentication.BadCredentialsException;
/**
* RAP entry point with login capabilities. Once the user has been
HttpServletRequest httpRequest = RWT.getRequest();
final HttpSession httpSession = httpRequest.getSession();
AccessControlContext acc = (AccessControlContext) httpSession
- .getAttribute(KernelHeader.ACCESS_CONTROL_CONTEXT);
+ .getAttribute(AuthConstants.ACCESS_CONTROL_CONTEXT);
final Subject subject;
if (acc != null
try {
CallbackHandler callbackHandler = new DefaultLoginDialog(
display.getActiveShell());
- loginContext = new ArgeoLoginContext(
- KernelHeader.LOGIN_CONTEXT_USER, subject,
+ loginContext = new LoginContext(
+ AuthConstants.LOGIN_CONTEXT_USER, subject,
callbackHandler);
} catch (LoginException e1) {
throw new ArgeoException("Cannot initialize login context", e1);
if (log.isDebugEnabled())
log.debug("Authenticated " + subject);
+ } catch (FailedLoginException e) {
+ MessageDialog.openInformation(display.getActiveShell(),
+ "Bad Credentials", e.getMessage());
+ // retry login
+ continue tryLogin;
} catch (LoginException e) {
- BadCredentialsException bce = wasCausedByBadCredentials(e);
- if (bce != null) {
- MessageDialog.openInformation(display.getActiveShell(),
- "Bad Credentials", bce.getMessage());
- // retry login
- continue tryLogin;
- }
return processLoginDeath(display, e);
}
}
if (log.isTraceEnabled())
log.trace("Display disposed");
try {
- LoginContext loginContext = new ArgeoLoginContext(
- KernelHeader.LOGIN_CONTEXT_USER, subject);
+ LoginContext loginContext = new LoginContext(
+ AuthConstants.LOGIN_CONTEXT_USER, subject);
loginContext.logout();
} catch (LoginException e) {
log.error("Error when logging out", e);
}
- /** Recursively look for {@link BadCredentialsException} in the root causes. */
- private BadCredentialsException wasCausedByBadCredentials(Throwable t) {
- if (t instanceof BadCredentialsException)
- return (BadCredentialsException) t;
-
- if (t instanceof CredentialNotFoundException)
- return new BadCredentialsException("Login canceled");
-
- if (t.getCause() != null)
- return wasCausedByBadCredentials(t.getCause());
- else
- return null;
- }
-
/**
* If there is a {@link ThreadDeath} in the root causes, rethrow it
* (important for RAP cleaning mechanism)
private void fullLogout(Subject subject, String username) {
try {
- LoginContext loginContext = new ArgeoLoginContext(
- KernelHeader.LOGIN_CONTEXT_USER, subject);
+ LoginContext loginContext = new LoginContext(
+ AuthConstants.LOGIN_CONTEXT_USER, subject);
loginContext.logout();
HttpServletRequest httpRequest = RWT.getRequest();
HttpSession httpSession = httpRequest.getSession();